From: syzbot <syzbot+b17d3e853d5dce65f981@syzkaller.appspotmail.com>
To: 0x7f454c46@gmail.com, bp@alien8.de, chang.seok.bae@intel.com,
dave.hansen@linux.intel.com, glider@google.com, hpa@zytor.com,
krisman@collabora.com, linux-kernel@vger.kernel.org,
luto@kernel.org, masahiroy@kernel.org, mingo@redhat.com,
rajatasthana4@gmail.com, sashal@kernel.org,
syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
x86@kernel.org
Subject: Re: [syzbot] KASAN: stack-out-of-bounds Read in __show_regs
Date: Tue, 14 Jun 2022 12:05:35 -0700 [thread overview]
Message-ID: <000000000000ebb59305e16d1627@google.com> (raw)
In-Reply-To: <000000000000cb8e3a05c4ed84bb@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 2f3064574275 README.md: ORC is no more a problem
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=169a2310080000
kernel config: https://syzkaller.appspot.com/x/.config?x=8e6293529531e9ca
dashboard link: https://syzkaller.appspot.com/bug?extid=b17d3e853d5dce65f981
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project.git 9ffb5944a699b6a0d69c169ceff97636395ee30f), GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14917c2ff00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1303752ff00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b17d3e853d5dce65f981@syzkaller.appspotmail.com
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:j1939_session_deactivate net/can/j1939/transport.c:1090 [inline]
RIP: 0010:j1939_session_deactivate_activate_next+0x271/0x480 net/can/j1939/transport.c:1100
Code: f4 e9 ed fd ff ff 8b 7d d4 e8 fb 31 13 f4 e9 24 fe ff ff 44 89 ff e8 ee 31 13 f4 41 83 fc 02 0f 83 68 fe ff ff e8 df 70 82 f3 <0f> 0b e9 61 fe ff ff 8b 7d d4 e8 d0 31 13 f4 e9 68 fe ff ff 44 89
RSP: 0018:ffff888102e3f5c8 EFLAGS: 00010246
=====================================================
BUG: KMSAN: uninit-value in __show_regs+0xe6/0x1040 arch/x86/kernel/process_64.c:76
__show_regs+0xe6/0x1040 arch/x86/kernel/process_64.c:76
show_regs+0xc0/0x160 arch/x86/kernel/dumpstack.c:463
__warn+0x3c2/0x730 kernel/panic.c:596
report_bug+0x8eb/0xae0 lib/bug.c:199
handle_bug+0x41/0x70 arch/x86/kernel/traps.c:315
exc_invalid_op+0x1b/0x50 arch/x86/kernel/traps.c:335
asm_exc_invalid_op+0x12/0x20
j1939_session_deactivate_activate_next+0x271/0x480 net/can/j1939/transport.c:1100
j1939_xtp_rx_abort_one+0x861/0x900 net/can/j1939/transport.c:1340
j1939_xtp_rx_abort net/can/j1939/transport.c:1351 [inline]
j1939_tp_cmd_recv net/can/j1939/transport.c:2100 [inline]
j1939_tp_recv+0x1534/0x1cd0 net/can/j1939/transport.c:2133
j1939_can_recv+0xed0/0x1070 net/can/j1939/main.c:108
deliver net/can/af_can.c:574 [inline]
can_rcv_filter+0x74b/0x1110 net/can/af_can.c:608
can_receive+0x4fb/0x6d0 net/can/af_can.c:665
can_rcv+0x1f0/0x490 net/can/af_can.c:696
__netif_receive_skb_one_core net/core/dev.c:5405 [inline]
__netif_receive_skb+0x1f1/0x640 net/core/dev.c:5519
process_backlog+0x4e7/0xb50 net/core/dev.c:5847
__napi_poll+0x14e/0xb80 net/core/dev.c:6413
napi_poll net/core/dev.c:6480 [inline]
net_rx_action+0x7e8/0x1830 net/core/dev.c:6567
__do_softirq+0x206/0x809 kernel/softirq.c:558
run_ksoftirqd+0x37/0x50 kernel/softirq.c:921
smpboot_thread_fn+0x626/0xbf0 kernel/smpboot.c:164
kthread+0x3c7/0x500 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
Local variable mic created at:
ieee80211_rx_h_michael_mic_verify+0x54/0x10f0 net/mac80211/wpa.c:100
ieee80211_rx_handlers+0x2d31/0xf170 net/mac80211/rx.c:3929
CPU: 0 PID: 13 Comm: ksoftirqd/0 Not tainted 5.18.0-syzkaller-16253-g2f3064574275 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
=====================================================
next prev parent reply other threads:[~2022-06-14 19:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-17 3:08 [syzbot] KASAN: stack-out-of-bounds Read in __show_regs syzbot
2022-06-14 19:05 ` syzbot [this message]
2022-06-14 19:53 ` Pavel Skripkin
2022-06-14 20:01 ` syzbot
[not found] <20220615130208.2209-1-hdanton@sina.com>
2022-06-15 13:02 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000ebb59305e16d1627@google.com \
--to=syzbot+b17d3e853d5dce65f981@syzkaller.appspotmail.com \
--cc=0x7f454c46@gmail.com \
--cc=bp@alien8.de \
--cc=chang.seok.bae@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=krisman@collabora.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=masahiroy@kernel.org \
--cc=mingo@redhat.com \
--cc=rajatasthana4@gmail.com \
--cc=sashal@kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.