syzbot

 sign-in | mailing list | source | docs
🞠Open [142] 🞠Fixed [16] 🞠Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: using __this_cpu_add() in preemptible code in dump_stack

Status: auto-closed as invalid on 2019/02/22 15:27
First crash: 2278d, last: 2278d

Sample crash report:
BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor1/6360
caller is __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
CPU: 0 PID: 6360 Comm: syz-executor1 Not tainted 4.4.113-g962d1f3 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 8ae380315537c10d ffff8801c54bf648 ffffffff81d028ed
 0000000000000000 ffffffff839fe3a0 ffffffff83cef6a0 ffff8801d9652f80
 0000000000000003 ffff8801c54bf688 ffffffff81d62834 ffffffff810002b8
Call Trace:
 [<ffffffff81d028ed>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d028ed>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
audit: type=1401 audit(1517276841.457:24): op=fscreate invalid_context=73797374656D5F753A6F626A6563745F723A747A646174615F657865635F743A73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000audit: type=1401 audit(1517276841.457:25): op=fscreate invalid_context=73797374656D5F753A6F626A6563745F723A747A646174615F657865635F743A73300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 [<ffffffff81d62834>] check_preemption_disabled+0x1d4/0x200 lib/smp_processor_id.c:46
 [<ffffffff810002b8>] ? 0xffffffff810002b8
 [<ffffffff81d6289c>] __this_cpu_preempt_check+0x1c/0x20 lib/smp_processor_id.c:62
 [<ffffffff831289d9>] tcp_try_coalesce+0x249/0x4d0 net/ipv4/tcp_input.c:4278
 [<ffffffff83130b57>] tcp_queue_rcv+0x127/0x720 net/ipv4/tcp_input.c:4485
 [<ffffffff8314842b>] tcp_send_rcvq+0x39b/0x450 net/ipv4/tcp_input.c:4531
 [<ffffffff8311f71f>] tcp_sendmsg+0x1e8f/0x2b10 net/ipv4/tcp.c:1134
 [<ffffffff831d51fc>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:755
 [<ffffffff82dea20a>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82dea20a>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82debde1>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82dede33>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82ed7bca>] C_SYSC_sendmsg net/compat.c:720 [inline]
 [<ffffffff82ed7bca>] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:718
 [<ffffffff81006d74>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline]
 [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457
 [<ffffffff8377362a>] sysenter_flags_fixed+0xd/0x17
audit: type=1400 audit(1517276842.017:26): avc:  denied  { bind } for  pid=6414 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1517276842.047:27): avc:  denied  { ioctl } for  pid=6414 comm="syz-executor5" path="socket:[13721]" dev="sockfs" ino=13721 ioctlcmd=4c82 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1517276842.087:28): avc:  denied  { getopt } for  pid=6414 comm="syz-executor5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
binder: 6486:6496 ioctl 40044590 20a8f000 returned -22
binder: 6486:6496 ioctl 40044590 20a8f000 returned -22
audit: type=1400 audit(1517276842.577:29): avc:  denied  { write } for  pid=6584 comm="syz-executor7" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
tmpfs: No value for mount option '²Å$Fít⹦ÿís#^સ­¢ñ'
tmpfs: No value for mount option '²Å$Fít⹦ÿís#^સ­¢ñ'
netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'.
IPv4: Oversized IP packet from 127.0.0.1
IPVS: Creating netns size=2552 id=9
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 6948 Comm: syz-executor7 Not tainted 4.4.113-g962d1f3 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d72cdf00 task.stack: ffff8800b8a28000
RIP: 0010:[<ffffffff82f9b840>]  [<ffffffff82f9b840>] __read_once_size include/linux/compiler.h:218 [inline]
RIP: 0010:[<ffffffff82f9b840>]  [<ffffffff82f9b840>] nfqnl_nf_hook_drop+0x190/0x3a0 net/netfilter/nfnetlink_queue.c:879
RSP: 0018:ffff8800b8a2f920  EFLAGS: 00010202
RAX: 0000000000000007 RBX: 0000000000000003 RCX: ffffffff82f9b839
RDX: 0000000000010000 RSI: ffffc900021cb000 RDI: ffffffff847eb500
RBP: ffff8800b8a2f950 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 1ffff10017145ef0 R12: dffffc0000000000
R13: ffff8800ad077728 R14: 0000000000000038 R15: 00000000000000b8
FS:  0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f6eedb40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000020001000 CR3: 00000000b1c16000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff82f9b7b0 ffffffff83cc6560 ffff8800b7661e00 ffff8800ad077728
 ffff8800ad077728 ffff8800ad077720 ffff8800b8a2f980 ffffffff82f936fe
 ffffffff82f93640 ffffffff843e3760 ffff8800b76628b8 dffffc0000000000
Call Trace:
 [<ffffffff82f936fe>] nf_queue_nf_hook_drop+0xbe/0x1d0 net/netfilter/nf_queue.c:108
 [<ffffffff82f8f45b>] nf_unregister_net_hook+0x2ab/0x350 net/netfilter/core.c:154
 [<ffffffff82f8f5a0>] nf_unregister_hook_list net/netfilter/core.c:434 [inline]
 [<ffffffff82f8f5a0>] netfilter_net_exit+0x40/0xb0 net/netfilter/core.c:466
 [<ffffffff82e2941e>] ops_exit_list.isra.4+0xae/0x150 net/core/net_namespace.c:134
 [<ffffffff82e2b101>] setup_net+0x221/0x3e0 net/core/net_namespace.c:303
 [<ffffffff82e2c772>] copy_net_ns+0xd2/0x190 net/core/net_namespace.c:369
 [<ffffffff81192df6>] create_new_namespaces+0x2f6/0x610 kernel/nsproxy.c:95
 [<ffffffff811933a1>] copy_namespaces+0x291/0x320 kernel/nsproxy.c:150
 [<ffffffff811270d8>] copy_process+0x1d98/0x6120 kernel/fork.c:1506
 [<ffffffff8112b881>] _do_fork+0x151/0xe00 kernel/fork.c:1784
 [<ffffffff8112c607>] SYSC_clone kernel/fork.c:1893 [inline]
 [<ffffffff8112c607>] SyS_clone+0x37/0x50 kernel/fork.c:1887
 [<ffffffff81006d74>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline]
 [<ffffffff81006d74>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457
 [<ffffffff8377362a>] sysenter_flags_fixed+0xd/0x17
Code: f7 83 01 00 0f 84 d8 00 00 00 4d 8d 77 38 49 bc 00 00 00 00 00 fc ff df 49 81 c7 b8 00 00 00 e8 57 45 3c fe 4c 89 f0 48 c1 e8 03 <42> 80 3c 20 00 0f 85 f4 01 00 00 49 8b 1e e8 0d 97 2e fe 48 85 
RIP  [<ffffffff82f9b840>] __read_once_size include/linux/compiler.h:218 [inline]
RIP  [<ffffffff82f9b840>] nfqnl_nf_hook_drop+0x190/0x3a0 net/netfilter/nfnetlink_queue.c:879
 RSP <ffff8800b8a2f920>
---[ end trace b8c94f859031ea9c ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/01/30 01:47 https://android.googlesource.com/kernel/common android-4.4 962d1f3fe2f4 08d47756 .config console log report ci-android-44-kasan-gce-386
* Struck through repros no longer work on HEAD.