Add new file

b464ac2d · zhanggen · b464ac2d
Commit b464ac2d authored Mar 25, 2019 by zhanggen
Hide whitespace changes
Inline Side-by-side

Showing with 78 additions and 0 deletions

report report +78 -0

No files found.
--- a/report
+++ b/report
+BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x1403/0x19e0
+Read of size 8 at addr ffff88806d007978 by task syz-executor.0/3718
+
+CPU: 0 PID: 3718 Comm: syz-executor.0 Not tainted 5.0.4 #1
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+ <IRQ>
+ dump_stack+0xca/0x13e
+ print_address_description+0x67/0x237
+ kasan_report.cold.3+0x1a/0x3b
+ unwind_next_frame+0x1403/0x19e0
+ perf_callchain_kernel+0x400/0x5b0
+ get_perf_callchain+0x370/0x800
+ perf_callchain+0x163/0x1c0
+ perf_prepare_sample+0x88d/0x15a0
+ perf_event_output_forward+0x108/0x2a0
+ __perf_event_overflow+0x13f/0x360
+ perf_swevent_overflow+0xa7/0x140
+ perf_swevent_event+0x14d/0x2e0
+ perf_tp_event+0x26a/0x880
+ perf_trace_run_bpf_submit+0x112/0x1b0
+ perf_trace_lock_acquire+0x374/0x630
+ lock_acquire+0x1ed/0x2e0
+ __is_insn_slot_addr+0x44/0x260
+ kernel_text_address+0x7c/0x120
+ __kernel_text_address+0x9/0x30
+ unwind_get_return_address+0x5a/0xa0
+ __save_stack_trace+0x8d/0xf0
+ save_stack+0x32/0xb0
+ __kasan_slab_free+0x12e/0x180
+ kmem_cache_free+0xa0/0x2b0
+ __put_task_struct+0x140/0x340
+ delayed_put_task_struct+0x18d/0x290
+ rcu_process_callbacks+0x7fd/0x19f0
+ __do_softirq+0x20a/0x8b1
+ irq_exit+0x19d/0x1d0
+ smp_apic_timer_interrupt+0xf1/0x480
+ apic_timer_interrupt+0xf/0x20
+ </IRQ>
+RIP: 0010:_raw_spin_unlock_irqrestore+0x40/0x50
+Code: e8 25 be ad fd 48 89 ef e8 1d 70 ae fd f6 c7 02 75 11 53 9d e8 c1 e3 ca fd 65 ff 0d ca 12 8b 7c 5b 5d c3 e8 32 e7 ca fd 53 9d <eb> ed 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 53 48 89 fb 65 ff
+RSP: 0018:ffff8880657ef958 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
+RAX: 0000000000000007 RBX: 0000000000000246 RCX: 0000000000000000
+RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88805c8b37b4
+RBP: ffff88806b781f38 R08: ffff88805c8b2f80 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000000 R12: ffff88806d12b000
+R13: 000000000002b000 R14: ffff88806b7817c0 R15: 0000000000000001
+ try_to_wake_up+0xb0/0xe10
+ wake_up_q+0x9f/0xf0
+ futex_wake+0x3fc/0x4a0
+ do_futex+0x291/0x1a80
+ __x64_sys_futex+0x35b/0x4e0
+ do_syscall_64+0xbc/0x4e0
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x4589e9
+Code: 7d a6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b a6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
+RSP: 002b:00007f93ab8c8cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
+RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 00000000004589e9
+RDX: 00000000004b587f RSI: 0000000000000081 RDI: 000000000072bf0c
+RBP: 000000000072bf08 R08: 0000000000000000 R09: 00007f93ab8c9700
+R10: 0000000000000003 R11: 0000000000000246 R12: 000000000072bf0c
+R13: 0000000000000000 R14: 00007f93ab8c99c0 R15: 00007f93ab8c9700
+
+The buggy address belongs to the page:
+page:ffffea0001b401c0 count:1 mapcount:0 mapping:0000000000000000 index:0x0
+flags: 0x100000000001000(reserved)
+raw: 0100000000001000 ffffea0001b401c8 ffffea0001b401c8 0000000000000000
+raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
+page dumped because: kasan: bad access detected
+
+Memory state around the buggy address:
+ ffff88806d007800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ ffff88806d007880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+>ffff88806d007900: 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2
+                                                                ^
+ ffff88806d007980: f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00 00
+ ffff88806d007a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
\ No newline at end of file