BUG: using smp_processor_id() in preemptible [ADDR] code: syz-executor
7 views
Skip to first unread message
syzbot
Feb 4, 2020, 9:46:13 PM2/4/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 9fa690a2 Linux 4.14.169
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1609d595e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=eb55b601e76e3476
dashboard link: https://syzkaller.appspot.com/bug?extid=2836a8b6c02393a157d1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2836a8...@syzkaller.appspotmail.com
bond191: Enslaving gretap60 as a backup interface with an up link
8021q: adding VLAN 0 to HW filter on device bond192
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.1/16673
==================================================================
BUG: KASAN: use-after-free in vsnprintf+0x137f/0x1560 lib/vsprintf.c:2254
Write of size 1 at addr ffff88807fd97dd0 by task syz-executor.1/16673
CPU: 0 PID: 16673 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Allocated by task 2198756764:
BUG: unable to handle kernel paging request at ffffffff8b456318
IP: depot_fetch_stack+0x10/0x30 lib/stackdepot.c:189
PGD 7e6d067 P4D 7e6d067 PUD 7e6e063 PMD 0
Thread overran stack, or stack corrupted
Oops: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 16673 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888051210500 task.stack: ffff88807fd98000
RIP: 0010:depot_fetch_stack+0x10/0x30 lib/stackdepot.c:189
RSP: 0018:ffff88807fd97a78 EFLAGS: 00010006
RAX: 00000000001fffff RBX: ffff88807fd97f44 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffff88807fd97a80 RDI: 0000000000003ff0
RBP: ffff88807fd97aa0 R08: 000000000000001d R09: 0000000000000002
R10: 0000000000000000 R11: ffff888051210500 R12: ffffea0001ff65c0
R13: ffff88807fd97dd0 R14: ffff8880aa800940 R15: ffff88807fd97f40
FS: 00007ff540826700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff8b456318 CR3: 00000000882f9000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Code: ff ff 4c 89 ff e8 61 82 69 fe e9 05 fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 20 63 45 8a 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00
RIP: depot_fetch_stack+0x10/0x30 lib/stackdepot.c:189 RSP: ffff88807fd97a78
CR2: ffffffff8b456318
---[ end trace 4e0567e07df3f9fc ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 9fa690a2 Linux 4.14.169
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1609d595e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=eb55b601e76e3476
dashboard link: https://syzkaller.appspot.com/bug?extid=2836a8b6c02393a157d1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2836a8...@syzkaller.appspotmail.com
bond191: Enslaving gretap60 as a backup interface with an up link
8021q: adding VLAN 0 to HW filter on device bond192
BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.1/16673
==================================================================
BUG: KASAN: use-after-free in vsnprintf+0x137f/0x1560 lib/vsprintf.c:2254
Write of size 1 at addr ffff88807fd97dd0 by task syz-executor.1/16673
CPU: 0 PID: 16673 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Allocated by task 2198756764:
BUG: unable to handle kernel paging request at ffffffff8b456318
IP: depot_fetch_stack+0x10/0x30 lib/stackdepot.c:189
PGD 7e6d067 P4D 7e6d067 PUD 7e6e063 PMD 0
Thread overran stack, or stack corrupted
Oops: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 16673 Comm: syz-executor.1 Not tainted 4.14.169-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888051210500 task.stack: ffff88807fd98000
RIP: 0010:depot_fetch_stack+0x10/0x30 lib/stackdepot.c:189
RSP: 0018:ffff88807fd97a78 EFLAGS: 00010006
RAX: 00000000001fffff RBX: ffff88807fd97f44 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffff88807fd97a80 RDI: 0000000000003ff0
RBP: ffff88807fd97aa0 R08: 000000000000001d R09: 0000000000000002
R10: 0000000000000000 R11: ffff888051210500 R12: ffffea0001ff65c0
R13: ffff88807fd97dd0 R14: ffff8880aa800940 R15: ffff88807fd97f40
FS: 00007ff540826700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff8b456318 CR3: 00000000882f9000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Code: ff ff 4c 89 ff e8 61 82 69 fe e9 05 fe ff ff 90 90 90 90 90 90 90 90 90 90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 20 63 45 8a 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00
RIP: depot_fetch_stack+0x10/0x30 lib/stackdepot.c:189 RSP: ffff88807fd97a78
CR2: ffffffff8b456318
---[ end trace 4e0567e07df3f9fc ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 30, 2020, 1:27:16 PM9/30/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages