KASAN: vmalloc-out-of-bounds Write in pcpu

Title	Replies (including bot)	Last reply
[patch 4/6] kasan: don't assume percpu shadow allocations will succeed	1 (1)	2019/12/18 04:51
[PATCH 1/3] mm: add apply_to_existing_pages helper	11 (11)	2019/12/11 01:31
KASAN: vmalloc-out-of-bounds Write in pcpu_alloc	0 (2)	2019/12/05 01:55

Created	Duration	User	Patch	Repo	Result
2019/12/05 08:32	0m	dja@axtens.net	patch	linux-next	error

Created

Duration

User

Patch

Repo

Result

2019/12/05 08:32

dja@axtens.net

patch

linux-next

error

RBP: 00007fff1c60f370 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff R13: 0000000000000003 R14: 00007fff1c60f370 R15: 0000000000000000 ================================================================== BUG: KASAN: vmalloc-out-of-bounds in memset include/linux/string.h:365 [inline] BUG: KASAN: vmalloc-out-of-bounds in pcpu_alloc+0x589/0x1380 mm/percpu.c:1734 Write of size 32768 at addr ffffe8ffff800000 by task syz-executor940/9026 CPU: 1 PID: 9026 Comm: syz-executor940 Not tainted 5.4.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x30b mm/kasan/report.c:374 __kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506 kasan_report+0x12/0x20 mm/kasan/common.c:638 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 memset+0x24/0x40 mm/kasan/common.c:107 memset include/linux/string.h:365 [inline] pcpu_alloc+0x589/0x1380 mm/percpu.c:1734 __alloc_percpu_gfp+0x28/0x30 mm/percpu.c:1783 prealloc_init kernel/bpf/hashtab.c:154 [inline] htab_map_alloc+0xdb9/0x11c0 kernel/bpf/hashtab.c:378 find_and_alloc_map kernel/bpf/syscall.c:123 [inline] map_create kernel/bpf/syscall.c:654 [inline] __do_sys_bpf+0x478/0x37b0 kernel/bpf/syscall.c:3012 __se_sys_bpf kernel/bpf/syscall.c:2989 [inline] __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:2989 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x441b99 Code: e8 ec 03 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fff1c60f318 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441b99 RDX: 000000000000003c RSI: 0000000020000380 RDI: 0000000000000000 RBP: 00007fff1c60f370 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff R13: 0000000000000003 R14: 00007fff1c60f370 R15: 0000000000000000 Memory state around the buggy address: BUG: unable to handle page fault for address: fffff91fffefffe0 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 21ffe6067 P4D 21ffe6067 PUD aa56b067 PMD aa56c067 PTE 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9026 Comm: syz-executor940 Not tainted 5.4.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:56 Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe RSP: 0018:ffffc90001fa7990 EFLAGS: 00010082 RAX: ffffc90001fa799c RBX: fffff91fffefffe0 RCX: 0000000000000010 RDX: 0000000000000010 RSI: fffff91fffefffe0 RDI: ffffc90001fa799c RBP: ffffc90001fa79f0 R08: ffff888091714400 R09: fffff520003f4f38 R10: fffff520003f4f37 R11: ffffc90001fa79be R12: fffff91ffff00000 R13: 0000200000000000 R14: 00000000fffffffe R15: ffff88821fffd100 FS: 0000000000d10880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff91fffefffe0 CR3: 0000000099ba1000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __kasan_report.cold+0x30/0x41 mm/kasan/report.c:508 kasan_report+0x12/0x20 mm/kasan/common.c:638 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x134/0x1a0 mm/kasan/generic.c:192 memset+0x24/0x40 mm/kasan/common.c:107 memset include/linux/string.h:365 [inline] pcpu_alloc+0x589/0x1380 mm/percpu.c:1734 __alloc_percpu_gfp+0x28/0x30 mm/percpu.c:1783 prealloc_init kernel/bpf/hashtab.c:154 [inline] htab_map_alloc+0xdb9/0x11c0 kernel/bpf/hashtab.c:378 find_and_alloc_map kernel/bpf/syscall.c:123 [inline] map_create kernel/bpf/syscall.c:654 [inline] __do_sys_bpf+0x478/0x37b0 kernel/bpf/syscall.c:3012 __se_sys_bpf kernel/bpf/syscall.c:2989 [inline] __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:2989 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x441b99 Code: e8 ec 03 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fff1c60f318 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441b99 RDX: 000000000000003c RSI: 0000000020000380 RDI: 0000000000000000 RBP: 00007fff1c60f370 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff R13: 0000000000000003 R14: 00007fff1c60f370 R15: 0000000000000000 Modules linked in: CR2: fffff91fffefffe0 ---[ end trace 28e1dfa4887d81a1 ]--- RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:56 Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe RSP: 0018:ffffc90001fa7990 EFLAGS: 00010082 RAX: ffffc90001fa799c RBX: fffff91fffefffe0 RCX: 0000000000000010 RDX: 0000000000000010 RSI: fffff91fffefffe0 RDI: ffffc90001fa799c RBP: ffffc90001fa79f0 R08: ffff888091714400 R09: fffff520003f4f38 R10: fffff520003f4f37 R11: ffffc90001fa79be R12: fffff91ffff00000 R13: 0000200000000000 R14: 00000000fffffffe R15: ffff88821fffd100 FS: 0000000000d10880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffff91fffefffe0 CR3: 0000000099ba1000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (31):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/12/03 19:55	bpf	b3c424eb6a1a	ae13a849	.config	console log	report	syz	C	ci-upstream-bpf-kasan-gce
2019/12/11 15:59	upstream	6794862a16ef	101194eb	.config	console log	report			ci-upstream-kasan-gce-root
2019/12/21 08:56	net-old	307201a3d494	bc586918	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/12/20 08:20	bpf	0fd260056ef8	e30cbdae	.config	console log	report			ci-upstream-bpf-kasan-gce
2019/12/18 00:23	bpf	e47304232b37	a6bc9c88	.config	console log	report			ci-upstream-bpf-kasan-gce
2019/12/16 19:19	bpf	5133498f4ad1	b80769fc	.config	console log	report			ci-upstream-bpf-kasan-gce
2019/12/13 03:41	bpf	fe3300897cbf	08003f64	.config	console log	report			ci-upstream-bpf-kasan-gce
2019/12/10 04:27	bpf	e42617b825f8	4b83c8fb	.config	console log	report			ci-upstream-bpf-kasan-gce
2019/12/09 04:06	net-old	0fc75219fe9a	1508f453	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/12/05 18:54	bpf	8f9081c92523	4fb74474	.config	console log	report			ci-upstream-bpf-kasan-gce
2019/12/05 10:40	bpf	ef8c84effce3	b2088328	.config	console log	report			ci-upstream-bpf-kasan-gce
2019/12/04 19:16	net-old	2f23cd42e19c	b2088328	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/12/03 19:28	bpf	b3c424eb6a1a	ae13a849	.config	console log	report			ci-upstream-bpf-kasan-gce
2019/12/28 08:17	bpf-next	7c8dce4b1661	be5c2c81	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/23 18:00	bpf-next	f9e6bfdbaf0c	be5c2c81	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/23 05:17	bpf-next	f9e6bfdbaf0c	8b967267	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/22 15:48	bpf-next	f9e6bfdbaf0c	8b967267	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/21 19:59	bpf-next	f9e6bfdbaf0c	bc586918	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/20 11:48	bpf-next	5bf2fc1f9c88	e30cbdae	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/19 23:41	bpf-next	a352a82496d1	36650b4b	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/18 23:08	bpf-next	58d8dc2a98f5	79b211f7	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/18 00:03	net-next-old	6f6dded1385c	a6bc9c88	.config	console log	report			ci-upstream-net-kasan-gce
2019/12/17 15:18	bpf-next	dbd8f6bae6f4	d13d7958	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/17 14:20	bpf-next	dbd8f6bae6f4	d13d7958	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/17 05:58	bpf-next	dbd8f6bae6f4	d13d7958	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/17 05:53	bpf-next	dbd8f6bae6f4	d13d7958	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/15 19:53	bpf-next	a06bf42f5a95	eef6e580	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/14 13:59	bpf-next	a06bf42f5a95	eef6e580	.config	console log	report			ci-upstream-bpf-next-kasan-gce
2019/12/11 00:07	net-next-old	08cbc75f9602	5a5826a1	.config	console log	report			ci-upstream-net-kasan-gce
2019/12/06 23:37	net-next-old	596cf45cbf6e	85f26751	.config	console log	report			ci-upstream-net-kasan-gce
2019/12/05 05:40	net-next-old	596cf45cbf6e	b2088328	.config	console log	report			ci-upstream-net-kasan-gce

Crashes (31):

Assets (help?)

2019/12/03 19:55

bpf