syzbot
unread,Jun 27, 2020, 4:01:14 PM6/27/20Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to b...@alien8.de, h...@zytor.com, jmat...@google.com, jo...@8bytes.org, k...@vger.kernel.org, linux-...@vger.kernel.org, mi...@redhat.com, pbon...@redhat.com, sean.j.chr...@intel.com, syzkall...@googlegroups.com, tg...@linutronix.de, vkuz...@redhat.com, wanp...@tencent.com, x...@kernel.org
Hello,
syzbot found the following crash on:
HEAD commit: 7ae77150 Merge tag 'powerpc-5.8-1' of git://
git.kernel.org..
git tree: upstream
console output:
https://syzkaller.appspot.com/x/log.txt?x=1654e385100000
kernel config:
https://syzkaller.appspot.com/x/.config?x=be4578b3f1083656
dashboard link:
https://syzkaller.appspot.com/bug?extid=e0240f9c36530bda7130
compiler: clang version 10.0.0 (
https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=15f3abc9100000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=131b7bb5100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+e0240f...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: out-of-bounds in kvm_cpu_cap_get arch/x86/kvm/cpuid.h:292 [inline]
BUG: KASAN: out-of-bounds in kvm_cpu_cap_has arch/x86/kvm/cpuid.h:297 [inline]
BUG: KASAN: out-of-bounds in kvm_init_msr_list arch/x86/kvm/x86.c:5362 [inline]
BUG: KASAN: out-of-bounds in kvm_arch_hardware_setup+0xb05/0xf40 arch/x86/kvm/x86.c:9802
Read of size 4 at addr ffffffff896c3134 by task syz-executor614/6786
CPU: 1 PID: 6786 Comm: syz-executor614 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1e9/0x30e lib/dump_stack.c:118
print_address_description+0x66/0x5a0 mm/kasan/report.c:383
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report+0x132/0x1d0 mm/kasan/report.c:530
kvm_cpu_cap_get arch/x86/kvm/cpuid.h:292 [inline]
kvm_cpu_cap_has arch/x86/kvm/cpuid.h:297 [inline]
kvm_init_msr_list arch/x86/kvm/x86.c:5362 [inline]
kvm_arch_hardware_setup+0xb05/0xf40 arch/x86/kvm/x86.c:9802
</IRQ>
The buggy address belongs to the variable:
kvm_cpu_caps+0x24/0x50
Memory state around the buggy address:
ffffffff896c3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffff896c3080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff896c3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
ffffffff896c3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffff896c3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches