KASAN: wild-memory-access Write in kernel_sigaction
4 views
Skip to first unread message
syzbot
Sep 27, 2018, 3:14:03 PM9/27/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 6bf4ca7fbc85 Linux 4.19-rc5
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14a8d9fa400000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a62640793a83c9
dashboard link: https://syzkaller.appspot.com/bug?extid=f0dc708fdefa7b9c42ac
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ak...@linux-foundation.org anna-...@linutronix.de
chri...@brauner.io ebie...@xmission.com linux-...@vger.kernel.org
ol...@redhat.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f0dc70...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: wild-memory-access in atomic_inc
include/asm-generic/atomic-instrumented.h:109 [inline]
BUG: KASAN: wild-memory-access in __lock_acquire+0x2a1/0x4ec0
kernel/locking/lockdep.c:3303
Write of size 4 at addr 1ffff10022271100 by task kworker/u4:6/13730
CPU: 1 PID: 13730 Comm: kworker/u4:6 Not tainted 4.19.0-rc5+ #30
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ebt_limit: overflow, try lower: 0/0
Workqueue: events_unbound call_usermodehelper_exec_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
kasan_report_error mm/kasan/report.c:352 [inline]
kasan_report.cold.9+0x6d/0x309 mm/kasan/report.c:412
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278
atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
__lock_acquire+0x2a1/0x4ec0 kernel/locking/lockdep.c:3303
lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3900
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline]
_raw_spin_lock_irq+0x61/0x80 kernel/locking/spinlock.c:160
spin_lock_irq include/linux/spinlock.h:354 [inline]
kernel_sigaction+0xa9/0x270 kernel/signal.c:3396
call_usermodehelper_exec_sync kernel/umh.c:129 [inline]
call_usermodehelper_exec_work+0xb5/0x2f0 kernel/umh.c:182
process_one_work+0xc90/0x1b90 kernel/workqueue.c:2153
worker_thread+0x17f/0x1390 kernel/workqueue.c:2296
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
==================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 13730 Comm: kworker/u4:6 Tainted: G B
4.19.0-rc5+ #30
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_unbound call_usermodehelper_exec_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
kasan_end_report+0x47/0x4f mm/kasan/report.c:180
kasan_report_error mm/kasan/report.c:359 [inline]
kasan_report.cold.9+0x76/0x309 mm/kasan/report.c:412
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278
atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
__lock_acquire+0x2a1/0x4ec0 kernel/locking/lockdep.c:3303
lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3900
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline]
_raw_spin_lock_irq+0x61/0x80 kernel/locking/spinlock.c:160
spin_lock_irq include/linux/spinlock.h:354 [inline]
kernel_sigaction+0xa9/0x270 kernel/signal.c:3396
call_usermodehelper_exec_sync kernel/umh.c:129 [inline]
call_usermodehelper_exec_work+0xb5/0x2f0 kernel/umh.c:182
process_one_work+0xc90/0x1b90 kernel/workqueue.c:2153
worker_thread+0x17f/0x1390 kernel/workqueue.c:2296
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 6bf4ca7fbc85 Linux 4.19-rc5
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14a8d9fa400000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a62640793a83c9
dashboard link: https://syzkaller.appspot.com/bug?extid=f0dc708fdefa7b9c42ac
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ak...@linux-foundation.org anna-...@linutronix.de
chri...@brauner.io ebie...@xmission.com linux-...@vger.kernel.org
ol...@redhat.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f0dc70...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: wild-memory-access in atomic_inc
include/asm-generic/atomic-instrumented.h:109 [inline]
BUG: KASAN: wild-memory-access in __lock_acquire+0x2a1/0x4ec0
kernel/locking/lockdep.c:3303
Write of size 4 at addr 1ffff10022271100 by task kworker/u4:6/13730
CPU: 1 PID: 13730 Comm: kworker/u4:6 Not tainted 4.19.0-rc5+ #30
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ebt_limit: overflow, try lower: 0/0
Workqueue: events_unbound call_usermodehelper_exec_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
kasan_report_error mm/kasan/report.c:352 [inline]
kasan_report.cold.9+0x6d/0x309 mm/kasan/report.c:412
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278
atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
__lock_acquire+0x2a1/0x4ec0 kernel/locking/lockdep.c:3303
lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3900
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline]
_raw_spin_lock_irq+0x61/0x80 kernel/locking/spinlock.c:160
spin_lock_irq include/linux/spinlock.h:354 [inline]
kernel_sigaction+0xa9/0x270 kernel/signal.c:3396
call_usermodehelper_exec_sync kernel/umh.c:129 [inline]
call_usermodehelper_exec_work+0xb5/0x2f0 kernel/umh.c:182
process_one_work+0xc90/0x1b90 kernel/workqueue.c:2153
worker_thread+0x17f/0x1390 kernel/workqueue.c:2296
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
==================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 13730 Comm: kworker/u4:6 Tainted: G B
4.19.0-rc5+ #30
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events_unbound call_usermodehelper_exec_work
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
kasan_end_report+0x47/0x4f mm/kasan/report.c:180
kasan_report_error mm/kasan/report.c:359 [inline]
kasan_report.cold.9+0x76/0x309 mm/kasan/report.c:412
check_memory_region_inline mm/kasan/kasan.c:260 [inline]
check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278
atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
__lock_acquire+0x2a1/0x4ec0 kernel/locking/lockdep.c:3303
lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3900
__raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline]
_raw_spin_lock_irq+0x61/0x80 kernel/locking/spinlock.c:160
spin_lock_irq include/linux/spinlock.h:354 [inline]
kernel_sigaction+0xa9/0x270 kernel/signal.c:3396
call_usermodehelper_exec_sync kernel/umh.c:129 [inline]
call_usermodehelper_exec_work+0xb5/0x2f0 kernel/umh.c:182
process_one_work+0xc90/0x1b90 kernel/workqueue.c:2153
worker_thread+0x17f/0x1390 kernel/workqueue.c:2296
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Mar 22, 2019, 5:09:05 PM3/22/19
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages