syzbot

 sign-in | mailing list | source | docs
🐞 Open [985] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12474] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks

Status: auto-obsoleted due to no activity on 2023/04/13 14:21
Reported-by: syzbot+e8574d6a7b2172d6d2a6@syzkaller.appspotmail.com
First crash: 1581d, last: 1369d
Cause bisection: introduced by (bisect log) :
commit 9121923c457d1d8667a6e3a67302c29e5c5add6b
Author: Jim Mattson <jmattson@google.com>
Date: Thu Oct 24 23:03:26 2019 +0000

  kvm: Allocate memslots and buses before calling kvm_arch_init_vm

Crash: general protection fault in kvm_coalesced_mmio_init (log)
Repro: syz .config
  
Fix bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks 0 (1) 2019/12/23 14:45
Last patch testing requests (10)
Created Duration User Patch Repo Result
2023/04/13 13:11 19m retest repro linux-next OK log
2022/12/29 09:31 7m retest repro linux-next error OK
2022/09/22 02:29 15m retest repro upstream OK log
2022/09/22 00:29 15m retest repro upstream OK log
2022/09/21 21:29 16m retest repro upstream OK log
2022/09/19 23:29 10m retest repro linux-next report log
2022/09/19 09:29 16m retest repro upstream OK log
2022/09/18 08:29 16m retest repro upstream OK log
2022/09/18 06:29 17m retest repro upstream OK log
2022/09/11 22:27 16m retest repro upstream OK log

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in rcu_seq_current kernel/rcu/rcu.h:99 [inline]
BUG: KASAN: vmalloc-out-of-bounds in srcu_invoke_callbacks+0x35b/0x3a0 kernel/rcu/srcutree.c:1185
Read of size 8 at addr ffffc9000272ee30 by task kworker/1:2/8085

CPU: 1 PID: 8085 Comm: kworker/1:2 Not tainted 5.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: rcu_gp srcu_invoke_callbacks
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x436 mm/kasan/report.c:383
 __kasan_report mm/kasan/report.c:513 [inline]
 kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
 rcu_seq_current kernel/rcu/rcu.h:99 [inline]
 srcu_invoke_callbacks+0x35b/0x3a0 kernel/rcu/srcutree.c:1185
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:291
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293


Memory state around the buggy address:
 ffffc9000272ed00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc9000272ed80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
>ffffc9000272ee00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
                                     ^
 ffffc9000272ee80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffc9000272ef00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/07 08:25 upstream 7cc2a8ea1048 51095195 .config console log report syz ci-upstream-kasan-gce
2020/03/10 19:33 upstream 30bb5572ce7a 35f53e45 .config console log report syz ci-upstream-kasan-gce-smack-root
2020/03/06 05:07 upstream 63623fd44972 c88c7b75 .config console log report syz ci-upstream-kasan-gce-root
2020/03/04 00:15 upstream 63623fd44972 c88c7b75 .config console log report syz ci-upstream-kasan-gce-smack-root
2020/01/11 16:03 upstream bef1d88263ff 4c04afaa .config console log report syz ci-upstream-kasan-gce-selinux-root
2020/01/04 19:59 upstream 3a562aee727a 68256974 .config console log report syz ci-upstream-kasan-gce
2020/01/02 11:27 upstream 738d2902773e 25a0186e .config console log report syz ci-upstream-kasan-gce-root
2019/12/21 03:13 upstream 6398b9fc818e bc586918 .config console log report syz ci-upstream-kasan-gce-root
2020/03/19 20:35 linux-next 770fbb32d34e 2c31c529 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2020/07/20 19:42 upstream 5714ee50bb43 4285ffa3 .config console log report ci-upstream-kasan-gce-selinux-root
2020/07/05 01:13 upstream 7cc2a8ea1048 51095195 .config console log report ci-upstream-kasan-gce-selinux-root
2020/07/02 15:08 upstream cd77006e01b3 bed10395 .config console log report ci-upstream-kasan-gce-selinux-root
2020/05/30 03:16 upstream 75caf310d16c 3905eaae .config console log report ci-upstream-kasan-gce-root
2020/03/31 06:59 upstream 673b41e04a03 c8d1cc20 .config console log report ci-upstream-kasan-gce
2020/03/17 06:23 upstream fb33c6510d55 749688d2 .config console log report ci-upstream-kasan-gce-selinux-root
2020/02/10 04:00 upstream d1ea35f4cdd4 35f5e45e .config console log report ci-upstream-kasan-gce-smack-root
2020/01/31 08:58 upstream 9f68e3655aae 5ed23f9a .config console log report ci-upstream-kasan-gce
2020/01/25 02:39 upstream 6381b442836e 2e95ab33 .config console log report ci-upstream-kasan-gce-root
2020/01/15 01:59 upstream e033e7d4a808 fa12bd3c .config console log report ci-upstream-kasan-gce-smack-root
2020/01/15 14:20 upstream 95e20af9fb9c fa12bd3c .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.