syzbot

 sign-in | mailing list | source | docs
🐞 Open [1436]
Subsystems
🐞 Fixed [6755]
🐞 Invalid [17405]
Missing Backports [222]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: vmalloc-out-of-bounds Read in run_irq_workd

Status: upstream: reported C repro on 2025/08/31 00:33
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+2617fc732430968b45d2@syzkaller.appspotmail.com
Fix commit: 4e9077638301 bpf: Sync pending IRQ work before freeing ring buffer
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci-upstream-rust-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu-native-arm64-kvm ci2-upstream-usb]
First crash: 90d, last: 23d
Cause bisection: failed (error log, bisect log)
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH] bpf: sync pending IRQ work before freeing ring buffer 6 (6) 2025/10/21 17:10
[PATCH] bpf: sync pending IRQ work before freeing ring buffer 1 (2) 2025/10/17 21:22
[syzbot] [kernel?] KASAN: vmalloc-out-of-bounds Read in run_irq_workd 0 (2) 2025/10/09 15:12
Last patch testing requests (2)
Created Duration User Patch Repo Result
2025/10/17 20:56 25m nooraineqbal@gmail.com patch upstream OK log
2025/09/24 16:03 22m retest repro upstream report log

Sample crash report:
==================================================================
BUG: KASAN: vmalloc-out-of-bounds in irq_work_run_list kernel/irq_work.c:251 [inline]
BUG: KASAN: vmalloc-out-of-bounds in run_irq_workd+0x116/0x190 kernel/irq_work.c:305
Read of size 8 at addr ffffc9000cc08090 by task irq_work/1/26

CPU: 1 UID: 0 PID: 26 Comm: irq_work/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xca/0x240 mm/kasan/report.c:482
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 irq_work_run_list kernel/irq_work.c:251 [inline]
 run_irq_workd+0x116/0x190 kernel/irq_work.c:305
 smpboot_thread_fn+0x53f/0xa60 kernel/smpboot.c:160
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4b9/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

The buggy address belongs to a vmalloc virtual mapping
Memory state around the buggy address:
 ffffc9000cc07f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9000cc08000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>ffffc9000cc08080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
                         ^
 ffffc9000cc08100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
 ffffc9000cc08180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==================================================================

Crashes (225):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/09 15:11 upstream ec714e371f22 7e2882b3 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/08/27 18:31 upstream fab1beda7597 e12e5ba4 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/11/01 09:14 upstream b909d77359b8 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/11/01 02:31 upstream b909d77359b8 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/11/01 00:32 upstream b909d77359b8 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/31 22:17 upstream b909d77359b8 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/31 01:56 upstream e53642b87a4f 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/31 01:40 upstream e53642b87a4f 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/30 03:43 upstream e53642b87a4f fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/28 23:20 upstream fd57572253bc fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/28 21:14 upstream fd57572253bc fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/28 16:28 upstream fd57572253bc fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/28 15:09 upstream fd57572253bc fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/28 04:58 upstream dcb6fa37fd7b fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/28 00:37 upstream dcb6fa37fd7b fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/27 19:26 upstream dcb6fa37fd7b fd2207e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/27 12:04 upstream dcb6fa37fd7b c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/27 08:41 upstream 4bb1f7e19c4a c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/26 13:02 upstream 72761a7e3122 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/26 08:35 upstream 72761a7e3122 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/26 06:27 upstream 9bb956508c9d c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/26 05:43 upstream 9bb956508c9d c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/26 04:10 upstream 9bb956508c9d c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/25 14:11 upstream 566771afc7a8 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/25 12:36 upstream 566771afc7a8 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/25 11:24 upstream 566771afc7a8 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/25 05:37 upstream 566771afc7a8 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/24 22:46 upstream 6fab32bb6508 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/24 12:33 upstream 266ee584e55e c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/24 09:18 upstream 266ee584e55e c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/24 08:11 upstream 266ee584e55e c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/23 22:54 upstream 43e9ad0c55a3 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/23 07:25 upstream dd72c8fcf6d3 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/23 01:17 upstream dd72c8fcf6d3 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/22 22:45 upstream dd72c8fcf6d3 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/22 21:33 upstream dd72c8fcf6d3 c0460fcd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/22 13:59 upstream 552c50713f27 252fbbad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/22 06:52 upstream 552c50713f27 252fbbad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/22 04:14 upstream 552c50713f27 252fbbad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/21 23:05 upstream 6548d364a3e8 9832ed61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/21 18:57 upstream 6548d364a3e8 9832ed61 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/20 17:58 upstream 211ddde0823f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/20 16:12 upstream 211ddde0823f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/20 13:49 upstream 211ddde0823f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/20 08:09 upstream 211ddde0823f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/19 08:22 upstream 1c64efcb083c 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/19 01:39 upstream f406055cb18c 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
2025/10/18 07:03 upstream cf1ea8854e4f 1c8c8cd8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: vmalloc-out-of-bounds Read in run_irq_workd
* Struck through repros no longer work on HEAD.