syzbot


KASAN: stack-out-of-bounds Read in corrupted (3)

Status: closed as dup on 2019/01/04 11:23
Subsystems: acpica
[Documentation on labels]
Reported-by: syzbot+2ab493acb9d8329345a3@syzkaller.appspotmail.com
First crash: 2185d, last: 2173d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
kernel panic: stack is corrupted in udp4_lib_lookup2 net 11 2187d 2184d
Discussions (1)
Title Replies (including bot) Last reply
KASAN: stack-out-of-bounds Read in corrupted (3) 1 (2) 2019/01/04 11:23
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: stack-out-of-bounds Read in corrupted kernel C 1 2366d 2366d 0/28 closed as invalid on 2018/07/05 16:25
upstream KASAN: stack-out-of-bounds Read in corrupted (2) kernel C 1 2364d 2364d 0/28 closed as invalid on 2018/07/07 22:18

Sample crash report:
==================================================================
BUG: KASAN: stack-out-of-bounds in debug_lockdep_rcu_enabled.part.0+0x50/0x60 kernel/rcu/update.c:249
Read of size 4 at addr ffff8880a94c8cbc by task č¤<‰’’’’0k’’’’ȋL©€ˆ’’^9h’’’’³ŠµA/-2123883558

CPU: 1 PID: -2123883558 Comm: ’O2ń’’’żO2ń’ū’’ Not tainted 5.0.0-rc1+ #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:

Allocated by task 0:
 save_stack+0x45/0xd0 mm/kasan/common.c:73
 set_track mm/kasan/common.c:85 [inline]
 kasan_kmalloc mm/kasan/common.c:482 [inline]
 kasan_kmalloc+0xcf/0xe0 mm/kasan/common.c:455
 __do_kmalloc_node mm/slab.c:3671 [inline]
 __kmalloc_node+0x4e/0x70 mm/slab.c:3678
 kmalloc_node include/linux/slab.h:588 [inline]
 alloc_arraycache mm/slab.c:575 [inline]
 setup_kmem_cache_node+0x12a/0x420 mm/slab.c:916
 setup_kmem_cache_nodes mm/slab.c:3819 [inline]
 __do_tune_cpucache+0x161/0x220 mm/slab.c:3889
 do_tune_cpucache+0x25/0xd0 mm/slab.c:3898
 enable_cpucache+0x3e/0xd0 mm/slab.c:3979
 setup_cpu_cache+0xd4/0x1e0 mm/slab.c:1821
 __kmem_cache_create+0x1bb/0x270 mm/slab.c:2134
 create_cache+0xd4/0x200 mm/slab_common.c:391
 kmem_cache_create_usercopy+0x1a5/0x260 mm/slab_common.c:489
 kmem_cache_create+0x11/0x20 mm/slab_common.c:548
 acpi_os_create_cache+0x2c/0x70 drivers/acpi/osl.c:1630
 acpi_ut_create_caches+0xfc/0x10b drivers/acpi/acpica/utalloc.c:104
 acpi_ut_init_globals+0x15/0xbcd drivers/acpi/acpica/utinit.c:94
 acpi_initialize_subsystem+0x82/0x155 drivers/acpi/acpica/utxfinit.c:57
 acpi_early_init+0x170/0x44f drivers/acpi/bus.c:1050
 start_kernel+0x795/0x8bd init/main.c:702
 x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:470
 x86_64_start_kernel+0x77/0x7b arch/x86/kernel/head64.c:451
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243

Freed by task 2558069632:
------------[ cut here ]------------
Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLAB object 'task_struct' (offset 600, size 1)!
------------[ cut here ]------------
kernel BUG at mm/slab.c:4412!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: -1454601544 Comm: Ē÷q®€ˆ’’ų>Īķ’’ł>Ī Not tainted 5.0.0-rc1+ #14
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__check_heap_object+0xa5/0xb3 mm/slab.c:4412
Code: 2b 48 c7 c7 95 a0 3c 89 e8 08 65 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 bd 48 01 d0 48 29 c8 4c 39 c0 72 b2 c3 <0f> 0b 48 c7 c7 95 a0 3c 89 e8 67 6d 0a 00 44 89 e9 48 c7 c7 50 a1
RSP: 0018:ffff8880a94c8150 EFLAGS: 00010093
RAX: 00000000000a57eb RBX: 1ffff11015299030 RCX: 000000000000000c
RDX: ffff8880a94c8440 RSI: 0000000000000000 RDI: ffff8880a94c82b0
RBP: ffff8880a94c8248 R08: 0000000000000002 R09: ffff8880aa13d900
R10: 000000004afd6990 R11: 0000000000000001 R12: ffff8880a94c82b0
R13: 0000000000000002 R14: 0000000000000001 R15: ffff8880a94c82b2
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff8cf149c0 CR3: 0000000009871000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
---[ end trace d5d897f565186508 ]---
RIP: 0010:__check_heap_object+0xa5/0xb3 mm/slab.c:4412
Code: 2b 48 c7 c7 95 a0 3c 89 e8 08 65 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 bd 48 01 d0 48 29 c8 4c 39 c0 72 b2 c3 <0f> 0b 48 c7 c7 95 a0 3c 89 e8 67 6d 0a 00 44 89 e9 48 c7 c7 50 a1
RSP: 0018:ffff8880a94c8150 EFLAGS: 00010093
RAX: 00000000000a57eb RBX: 1ffff11015299030 RCX: 000000000000000c
RDX: ffff8880a94c8440 RSI: 0000000000000000 RDI: ffff8880a94c82b0
RBP: ffff8880a94c8248 R08: 0000000000000002 R09: ffff8880aa13d900
R10: 000000004afd6990 R11: 0000000000000001 R12: ffff8880a94c82b0
R13: 0000000000000002 R14: 0000000000000001 R15: ffff8880a94c82b2
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff8cf149c0 CR3: 0000000009871000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/01/07 18:48 upstream 3bd6e94bec12 69d69aa9 .config console log report syz C ci-upstream-kasan-gce-root
2019/01/07 18:45 upstream 3bd6e94bec12 69d69aa9 .config console log report syz C ci-upstream-kasan-gce
2019/01/07 18:46 upstream 3bd6e94bec12 69d69aa9 .config console log report syz C ci-upstream-kasan-gce-386
2019/01/14 12:28 net-next-old b71acb0e3721 95485883 .config console log report syz C ci-upstream-net-kasan-gce
2019/01/02 10:24 upstream 28e8c4bc8eb4 3d85f48c .config console log report syz ci-upstream-kasan-gce-root
* Struck through repros no longer work on HEAD.