BUG: object ADDR is on stack ADDR, but NOT annotated.
5 views
Skip to first unread message
syzbot
Apr 14, 2019, 5:30:22 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4ba3f691 UPSTREAM: xfrm: fix ptr_ret.cocci warnings
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1062e183400000
kernel config: https://syzkaller.appspot.com/x/.config?x=13558268b29d9d4a
dashboard link: https://syzkaller.appspot.com/bug?extid=cda1f204ba0ff6b88b2f
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cda1f2...@syzkaller.appspotmail.com
audit: type=1400 audit(2000000187.480:3307): avc: denied { wake_alarm }
for pid=14568 comm="syz-executor4" capability=35
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2
permissive=1
ODEBUG: object ffff8801c8077d70 is on stack ffff8801c8070000, but NOT
annotated.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 14603 at lib/debugobjects.c:303
debug_object_is_on_stack lib/debugobjects.c:303 [inline]
WARNING: CPU: 0 PID: 14603 at lib/debugobjects.c:303
__debug_object_init.cold.8+0x6b/0x258 lib/debugobjects.c:329
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 14603 Comm: syz-executor4 Not tainted 4.9.135+ #61
ffff8801c8077ac8 ffffffff81b36bf9 ffffffff82a38ba0 00000000ffffffff
0000000000000000 0000000000000000 000000000000012f ffff8801c8077b88
ffffffff813f6aa5 0000000041b58ab3 ffffffff82e2a6e3 ffffffff813f68e6
Call Trace:
[<ffffffff81b36bf9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b36bf9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff813f6aa5>] panic+0x1bf/0x39f kernel/panic.c:179
[<ffffffff813f6d74>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff810dbe2c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff81bdc2f1>] debug_object_is_on_stack lib/debugobjects.c:303
[inline]
[<ffffffff81bdc2f1>] __debug_object_init.cold.8+0x6b/0x258
lib/debugobjects.c:329
[<ffffffff81b9d666>] debug_object_init+0x16/0x20 lib/debugobjects.c:366
[<ffffffff812685fa>] debug_hrtimer_init kernel/time/hrtimer.c:393 [inline]
[<ffffffff812685fa>] debug_init kernel/time/hrtimer.c:438 [inline]
[<ffffffff812685fa>] hrtimer_init+0x2a/0x2e0 kernel/time/hrtimer.c:1165
[<ffffffff8128ca6d>] alarm_init kernel/time/alarmtimer.c:321 [inline]
[<ffffffff8128ca6d>] alarm_timer_nsleep+0x14d/0x4d0
kernel/time/alarmtimer.c:783
[<ffffffff81273e99>] SYSC_clock_nanosleep kernel/time/posix-timers.c:1119
[inline]
[<ffffffff81273e99>] SyS_clock_nanosleep+0x1b9/0x270
kernel/time/posix-timers.c:1101
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff8280ac13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
------------[ cut here ]------------
WARNING: CPU: 1 PID: 14575 at lib/debugobjects.c:303
debug_object_is_on_stack lib/debugobjects.c:303 [inline]
WARNING: CPU: 1 PID: 14575 at lib/debugobjects.c:303
__debug_object_init.cold.8+0x6b/0x258 lib/debugobjects.c:329
Modules linked in:
CPU: 1 PID: 14575 Comm: syz-executor4 Not tainted 4.9.135+ #61
ffff8801d4547b88 ffffffff81b36bf9 ffffffff82b44120 0000000000000000
0000000000000000 ffffffff81bdc2f1 000000000000012f ffff8801d4547bd0
ffffffff813f6df0 0000000000000000 0000000900000001 ffffffff82b44120
Call Trace:
[<ffffffff81b36bf9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b36bf9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff813f6df0>] __warn.cold.9+0x13d/0x17f kernel/panic.c:550
[<ffffffff810dbe2c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff81bdc2f1>] debug_object_is_on_stack lib/debugobjects.c:303
[inline]
[<ffffffff81bdc2f1>] __debug_object_init.cold.8+0x6b/0x258
lib/debugobjects.c:329
[<ffffffff81b9d666>] debug_object_init+0x16/0x20 lib/debugobjects.c:366
[<ffffffff812685fa>] debug_hrtimer_init kernel/time/hrtimer.c:393 [inline]
[<ffffffff812685fa>] debug_init kernel/time/hrtimer.c:438 [inline]
[<ffffffff812685fa>] hrtimer_init+0x2a/0x2e0 kernel/time/hrtimer.c:1165
[<ffffffff8128ca6d>] alarm_init kernel/time/alarmtimer.c:321 [inline]
[<ffffffff8128ca6d>] alarm_timer_nsleep+0x14d/0x4d0
kernel/time/alarmtimer.c:783
[<ffffffff81273e99>] SYSC_clock_nanosleep kernel/time/posix-timers.c:1119
[inline]
[<ffffffff81273e99>] SyS_clock_nanosleep+0x1b9/0x270
kernel/time/posix-timers.c:1101
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff8280ac13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
---[ end trace a7bff20feb188d20 ]---
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 4ba3f691 UPSTREAM: xfrm: fix ptr_ret.cocci warnings
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1062e183400000
kernel config: https://syzkaller.appspot.com/x/.config?x=13558268b29d9d4a
dashboard link: https://syzkaller.appspot.com/bug?extid=cda1f204ba0ff6b88b2f
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cda1f2...@syzkaller.appspotmail.com
audit: type=1400 audit(2000000187.480:3307): avc: denied { wake_alarm }
for pid=14568 comm="syz-executor4" capability=35
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2
permissive=1
ODEBUG: object ffff8801c8077d70 is on stack ffff8801c8070000, but NOT
annotated.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 14603 at lib/debugobjects.c:303
debug_object_is_on_stack lib/debugobjects.c:303 [inline]
WARNING: CPU: 0 PID: 14603 at lib/debugobjects.c:303
__debug_object_init.cold.8+0x6b/0x258 lib/debugobjects.c:329
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 14603 Comm: syz-executor4 Not tainted 4.9.135+ #61
ffff8801c8077ac8 ffffffff81b36bf9 ffffffff82a38ba0 00000000ffffffff
0000000000000000 0000000000000000 000000000000012f ffff8801c8077b88
ffffffff813f6aa5 0000000041b58ab3 ffffffff82e2a6e3 ffffffff813f68e6
Call Trace:
[<ffffffff81b36bf9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b36bf9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff813f6aa5>] panic+0x1bf/0x39f kernel/panic.c:179
[<ffffffff813f6d74>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff810dbe2c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff81bdc2f1>] debug_object_is_on_stack lib/debugobjects.c:303
[inline]
[<ffffffff81bdc2f1>] __debug_object_init.cold.8+0x6b/0x258
lib/debugobjects.c:329
[<ffffffff81b9d666>] debug_object_init+0x16/0x20 lib/debugobjects.c:366
[<ffffffff812685fa>] debug_hrtimer_init kernel/time/hrtimer.c:393 [inline]
[<ffffffff812685fa>] debug_init kernel/time/hrtimer.c:438 [inline]
[<ffffffff812685fa>] hrtimer_init+0x2a/0x2e0 kernel/time/hrtimer.c:1165
[<ffffffff8128ca6d>] alarm_init kernel/time/alarmtimer.c:321 [inline]
[<ffffffff8128ca6d>] alarm_timer_nsleep+0x14d/0x4d0
kernel/time/alarmtimer.c:783
[<ffffffff81273e99>] SYSC_clock_nanosleep kernel/time/posix-timers.c:1119
[inline]
[<ffffffff81273e99>] SyS_clock_nanosleep+0x1b9/0x270
kernel/time/posix-timers.c:1101
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff8280ac13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
------------[ cut here ]------------
WARNING: CPU: 1 PID: 14575 at lib/debugobjects.c:303
debug_object_is_on_stack lib/debugobjects.c:303 [inline]
WARNING: CPU: 1 PID: 14575 at lib/debugobjects.c:303
__debug_object_init.cold.8+0x6b/0x258 lib/debugobjects.c:329
Modules linked in:
CPU: 1 PID: 14575 Comm: syz-executor4 Not tainted 4.9.135+ #61
ffff8801d4547b88 ffffffff81b36bf9 ffffffff82b44120 0000000000000000
0000000000000000 ffffffff81bdc2f1 000000000000012f ffff8801d4547bd0
ffffffff813f6df0 0000000000000000 0000000900000001 ffffffff82b44120
Call Trace:
[<ffffffff81b36bf9>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81b36bf9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff813f6df0>] __warn.cold.9+0x13d/0x17f kernel/panic.c:550
[<ffffffff810dbe2c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff81bdc2f1>] debug_object_is_on_stack lib/debugobjects.c:303
[inline]
[<ffffffff81bdc2f1>] __debug_object_init.cold.8+0x6b/0x258
lib/debugobjects.c:329
[<ffffffff81b9d666>] debug_object_init+0x16/0x20 lib/debugobjects.c:366
[<ffffffff812685fa>] debug_hrtimer_init kernel/time/hrtimer.c:393 [inline]
[<ffffffff812685fa>] debug_init kernel/time/hrtimer.c:438 [inline]
[<ffffffff812685fa>] hrtimer_init+0x2a/0x2e0 kernel/time/hrtimer.c:1165
[<ffffffff8128ca6d>] alarm_init kernel/time/alarmtimer.c:321 [inline]
[<ffffffff8128ca6d>] alarm_timer_nsleep+0x14d/0x4d0
kernel/time/alarmtimer.c:783
[<ffffffff81273e99>] SYSC_clock_nanosleep kernel/time/posix-timers.c:1119
[inline]
[<ffffffff81273e99>] SyS_clock_nanosleep+0x1b9/0x270
kernel/time/posix-timers.c:1101
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff8280ac13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
---[ end trace a7bff20feb188d20 ]---
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 28, 2019, 5:31:03 AM4/28/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages