syzbot


KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks
Status: upstream: reported syz repro on 2019/12/23 14:45
Reported-by: syzbot+e8574d6a7b2172d6d2a6@syzkaller.appspotmail.com
First crash: 889d, last: 677d

Cause bisection: introduced by (bisect log) :
commit 9121923c457d1d8667a6e3a67302c29e5c5add6b
Author: Jim Mattson <jmattson@google.com>
Date: Thu Oct 24 23:03:26 2019 +0000

  kvm: Allocate memslots and buses before calling kvm_arch_init_vm

Crash: general protection fault in kvm_coalesced_mmio_init (log)
Repro: syz .config

Fix bisection: failed (bisect log)

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in rcu_seq_current kernel/rcu/rcu.h:99 [inline]
BUG: KASAN: vmalloc-out-of-bounds in srcu_invoke_callbacks+0x35b/0x3a0 kernel/rcu/srcutree.c:1185
Read of size 8 at addr ffffc9000272ee30 by task kworker/1:2/8085

CPU: 1 PID: 8085 Comm: kworker/1:2 Not tainted 5.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: rcu_gp srcu_invoke_callbacks
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x436 mm/kasan/report.c:383
 __kasan_report mm/kasan/report.c:513 [inline]
 kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
 rcu_seq_current kernel/rcu/rcu.h:99 [inline]
 srcu_invoke_callbacks+0x35b/0x3a0 kernel/rcu/srcutree.c:1185
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:291
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293


Memory state around the buggy address:
 ffffc9000272ed00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc9000272ed80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
>ffffc9000272ee00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
                                     ^
 ffffc9000272ee80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc9000272ef00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================

Crashes (20):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2020/07/07 08:25 upstream 7cc2a8ea1048 51095195 .config log report syz
ci-upstream-kasan-gce-smack-root 2020/03/10 19:33 upstream 30bb5572ce7a 35f53e45 .config log report syz
ci-upstream-kasan-gce-root 2020/03/06 05:07 upstream 63623fd44972 c88c7b75 .config log report syz
ci-upstream-kasan-gce-smack-root 2020/03/04 00:15 upstream 63623fd44972 c88c7b75 .config log report syz
ci-upstream-kasan-gce-selinux-root 2020/01/11 16:03 upstream bef1d88263ff 4c04afaa .config log report syz
ci-upstream-kasan-gce 2020/01/04 19:59 upstream 3a562aee727a 68256974 .config log report syz
ci-upstream-kasan-gce-root 2020/01/02 11:27 upstream 738d2902773e 25a0186e .config log report syz
ci-upstream-kasan-gce-root 2019/12/21 03:13 upstream 6398b9fc818e bc586918 .config log report syz
ci-upstream-linux-next-kasan-gce-root 2020/03/19 20:35 linux-next 770fbb32d34e 2c31c529 .config log report syz
ci-upstream-kasan-gce-selinux-root 2020/07/20 19:42 upstream 5714ee50bb43 4285ffa3 .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/05 01:13 upstream 7cc2a8ea1048 51095195 .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/02 15:08 upstream cd77006e01b3 bed10395 .config log report
ci-upstream-kasan-gce-root 2020/05/30 03:16 upstream 75caf310d16c 3905eaae .config log report
ci-upstream-kasan-gce 2020/03/31 06:59 upstream 673b41e04a03 c8d1cc20 .config log report
ci-upstream-kasan-gce-selinux-root 2020/03/17 06:23 upstream fb33c6510d55 749688d2 .config log report
ci-upstream-kasan-gce-smack-root 2020/02/10 04:00 upstream d1ea35f4cdd4 35f5e45e .config log report
ci-upstream-kasan-gce 2020/01/31 08:58 upstream 9f68e3655aae 5ed23f9a .config log report
ci-upstream-kasan-gce-root 2020/01/25 02:39 upstream 6381b442836e 2e95ab33 .config log report
ci-upstream-kasan-gce-smack-root 2020/01/15 01:59 upstream e033e7d4a808 fa12bd3c .config log report
ci-upstream-kasan-gce-386 2020/01/15 14:20 upstream 95e20af9fb9c fa12bd3c .config log report