syzbot

 sign-in | mailing list | source | docs
🐞 Open [1608]
Subsystems
🐞 Fixed [5937]
🐞 Invalid [14469]
Missing Backports [106]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

KASAN: stack-out-of-bounds Read in smp_call_function_single

Status: closed as dup on 2020/07/08 07:31
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+3cccb88dea31a838d622@syzkaller.appspotmail.com
First crash: 1632d, last: 1632d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
KASAN: stack-out-of-bounds Read in csd_lock_record kernel C 226 1631d 1636d

Sample crash report:
==================================================================
BUG: KASAN: stack-out-of-bounds in csd_lock_wait_toolong kernel/smp.c:184 [inline]
BUG: KASAN: stack-out-of-bounds in csd_lock_wait kernel/smp.c:221 [inline]
BUG: KASAN: stack-out-of-bounds in smp_call_function_single+0x106c/0x1080 kernel/smp.c:507
Read of size 8 at addr ffffc900051b7bd8 by task syz-executor.2/28239

CPU: 0 PID: 28239 Comm: syz-executor.2 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x18f/0x20d lib/dump_stack.c:118
 print_address_description.constprop.0.cold+0x5/0x436 mm/kasan/report.c:383
 __kasan_report mm/kasan/report.c:513 [inline]
 kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
 csd_lock_wait_toolong kernel/smp.c:184 [inline]
 csd_lock_wait kernel/smp.c:221 [inline]
 smp_call_function_single+0x106c/0x1080 kernel/smp.c:507
 smp_call_function_many_cond+0x1aa/0x1540 kernel/smp.c:643
 smp_call_function_many kernel/smp.c:706 [inline]
 smp_call_function kernel/smp.c:728 [inline]
 on_each_cpu+0x4a/0x240 kernel/smp.c:828
 clock_was_set+0x18/0x20 kernel/time/hrtimer.c:872
 do_settimeofday64 kernel/time/timekeeping.c:1257 [inline]
 do_settimeofday64+0x350/0x4e0 kernel/time/timekeeping.c:1223
 do_sys_settimeofday64 kernel/time/time.c:195 [inline]
 do_sys_settimeofday64+0x1de/0x260 kernel/time/time.c:169
 __do_sys_clock_settime kernel/time/posix-timers.c:1079 [inline]
 __se_sys_clock_settime kernel/time/posix-timers.c:1067 [inline]
 __x64_sys_clock_settime+0x197/0x260 kernel/time/posix-timers.c:1067
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cb29
Code: Bad RIP value.
RSP: 002b:00007f5f70bb4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3
RAX: ffffffffffffffda RBX: 00000000004db560 RCX: 000000000045cb29
RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000000
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000007b R14: 00000000004c34ac R15: 00007f5f70bb56d4


Memory state around the buggy address:
 ffffc900051b7a80: 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00
 ffffc900051b7b00: 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00
>ffffc900051b7b80: 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00
                                                    ^
 ffffc900051b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc900051b7c80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
==================================================================

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/07 20:27 linux-next 9e50b94b3eb0 51095195 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.