Re: general protection fault in cpuacct_charge
On Tue, Jul 24, 2018 at 9:27 AM, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit:8ae71e76cf1f Merge branch 'bpf-offload-sharing' > git tree: bpf-next > console output: https://syzkaller.appspot.com/x/log.txt?x=1645f97840 > kernel config: https://syzkaller.appspot.com/x/.config?x=89129667b46496c3 > dashboard link: https://syzkaller.appspot.com/bug?extid=a22ee0b9ff4d252439f4 > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > > Unfortunately, I don't have any reproducer for this crash yet. > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+a22ee0b9ff4d25243...@syzkaller.appspotmail.com #syz fix: bpf: sockhash, disallow bpf_tcp_close and update in parallel > kasan: CONFIG_KASAN_INLINE enabled > kasan: GPF could be caused by NULL-ptr deref or user memory access > general protection fault: [#1] SMP KASAN > CPU: 1 PID: 0 Comm: �G+� ���0x�� Not tainted 4.18.0-rc3+ #58 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > RIP: 0010:task_css include/linux/cgroup.h:477 [inline] > RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline] > RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349 > Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8 > 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 > 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00 > RSP: 0018:8801daf072b0 EFLAGS: 00010006 > RAX: dc00 RBX: 8801c72b40c0 RCX: > RDX: 09f3 RSI: 8801 RDI: 4f99 > RBP: 8801daf07348 R08: R09: > R10: 780baf52484d R11: R12: 11003b5e0e5c > R13: 4f89 R14: dc00 R15: 11003b5e0e58 > FS: 7f4ba8413700() GS:8801daf0() knlGS: > CS: 0010 DS: ES: CR0: 80050033 > CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0 > DR0: DR1: DR2: > DR3: DR6: fffe0ff0 DR7: 0400 > Call Trace: > > cgroup_account_cputime include/linux/cgroup.h:724 [inline] > update_curr+0x389/0xc00 kernel/sched/fair.c:832 > enqueue_entity+0x40d/0x2130 kernel/sched/fair.c:4195 > enqueue_task_fair+0x22d/0x910 kernel/sched/fair.c:5408 > enqueue_task kernel/sched/core.c:751 [inline] > activate_task+0x123/0x2e0 kernel/sched/core.c:770 > ttwu_activate kernel/sched/core.c:1659 [inline] > ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1718 > ttwu_queue kernel/sched/core.c:1863 [inline] > try_to_wake_up+0x948/0x12b0 kernel/sched/core.c:2076 > wake_up_process+0x10/0x20 kernel/sched/core.c:2149 > hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1647 > __run_hrtimer kernel/time/hrtimer.c:1398 [inline] > __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460 > hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518 > local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline] > smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 > > Modules linked in: > Dumping ftrace buffer: >(ftrace buffer empty) > ---[ end trace 63a513d0f55cc290 ]--- > RIP: 0010:task_css include/linux/cgroup.h:477 [inline] > RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline] > RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349 > Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8 > 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 > 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00 > RSP: 0018:8801daf072b0 EFLAGS: 00010006 > RAX: dc00 RBX: 8801c72b40c0 RCX: > RDX: 09f3 RSI: 8801 RDI: 4f99 > RBP: 8801daf07348 R08: R09: > R10: 780baf52484d R11: R12: 11003b5e0e5c > R13: 4f89 R14: dc00 R15: 11003b5e0e58 > FS: 7f4ba8413700() GS:8801daf0() knlGS: > CS: 0010 DS: ES: CR0: 80050033 > CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0 > DR0: DR1: DR2: > DR3: DR6: fffe0ff0 DR7: 0400 > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkal...@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with > syzbot. > > -- > You received this message because you are subscribed to the Google Groups > "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to
Re: general protection fault in cpuacct_charge
On Tue, Jul 24, 2018 at 9:27 AM, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit:8ae71e76cf1f Merge branch 'bpf-offload-sharing' > git tree: bpf-next > console output: https://syzkaller.appspot.com/x/log.txt?x=1645f97840 > kernel config: https://syzkaller.appspot.com/x/.config?x=89129667b46496c3 > dashboard link: https://syzkaller.appspot.com/bug?extid=a22ee0b9ff4d252439f4 > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > > Unfortunately, I don't have any reproducer for this crash yet. > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+a22ee0b9ff4d25243...@syzkaller.appspotmail.com #syz fix: bpf: sockhash, disallow bpf_tcp_close and update in parallel > kasan: CONFIG_KASAN_INLINE enabled > kasan: GPF could be caused by NULL-ptr deref or user memory access > general protection fault: [#1] SMP KASAN > CPU: 1 PID: 0 Comm: �G+� ���0x�� Not tainted 4.18.0-rc3+ #58 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > RIP: 0010:task_css include/linux/cgroup.h:477 [inline] > RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline] > RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349 > Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8 > 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 > 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00 > RSP: 0018:8801daf072b0 EFLAGS: 00010006 > RAX: dc00 RBX: 8801c72b40c0 RCX: > RDX: 09f3 RSI: 8801 RDI: 4f99 > RBP: 8801daf07348 R08: R09: > R10: 780baf52484d R11: R12: 11003b5e0e5c > R13: 4f89 R14: dc00 R15: 11003b5e0e58 > FS: 7f4ba8413700() GS:8801daf0() knlGS: > CS: 0010 DS: ES: CR0: 80050033 > CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0 > DR0: DR1: DR2: > DR3: DR6: fffe0ff0 DR7: 0400 > Call Trace: > > cgroup_account_cputime include/linux/cgroup.h:724 [inline] > update_curr+0x389/0xc00 kernel/sched/fair.c:832 > enqueue_entity+0x40d/0x2130 kernel/sched/fair.c:4195 > enqueue_task_fair+0x22d/0x910 kernel/sched/fair.c:5408 > enqueue_task kernel/sched/core.c:751 [inline] > activate_task+0x123/0x2e0 kernel/sched/core.c:770 > ttwu_activate kernel/sched/core.c:1659 [inline] > ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1718 > ttwu_queue kernel/sched/core.c:1863 [inline] > try_to_wake_up+0x948/0x12b0 kernel/sched/core.c:2076 > wake_up_process+0x10/0x20 kernel/sched/core.c:2149 > hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1647 > __run_hrtimer kernel/time/hrtimer.c:1398 [inline] > __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460 > hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518 > local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline] > smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050 > apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 > > Modules linked in: > Dumping ftrace buffer: >(ftrace buffer empty) > ---[ end trace 63a513d0f55cc290 ]--- > RIP: 0010:task_css include/linux/cgroup.h:477 [inline] > RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline] > RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349 > Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8 > 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 > 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00 > RSP: 0018:8801daf072b0 EFLAGS: 00010006 > RAX: dc00 RBX: 8801c72b40c0 RCX: > RDX: 09f3 RSI: 8801 RDI: 4f99 > RBP: 8801daf07348 R08: R09: > R10: 780baf52484d R11: R12: 11003b5e0e5c > R13: 4f89 R14: dc00 R15: 11003b5e0e58 > FS: 7f4ba8413700() GS:8801daf0() knlGS: > CS: 0010 DS: ES: CR0: 80050033 > CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0 > DR0: DR1: DR2: > DR3: DR6: fffe0ff0 DR7: 0400 > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkal...@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with > syzbot. > > -- > You received this message because you are subscribed to the Google Groups > "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to
general protection fault in cpuacct_charge
Hello, syzbot found the following crash on: HEAD commit:8ae71e76cf1f Merge branch 'bpf-offload-sharing' git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=1645f97840 kernel config: https://syzkaller.appspot.com/x/.config?x=89129667b46496c3 dashboard link: https://syzkaller.appspot.com/bug?extid=a22ee0b9ff4d252439f4 compiler: gcc (GCC) 8.0.1 20180413 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+a22ee0b9ff4d25243...@syzkaller.appspotmail.com kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: [#1] SMP KASAN CPU: 1 PID: 0 Comm: �G+����0x�� Not tainted 4.18.0-rc3+ #58 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:task_css include/linux/cgroup.h:477 [inline] RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline] RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349 Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00 RSP: 0018:8801daf072b0 EFLAGS: 00010006 RAX: dc00 RBX: 8801c72b40c0 RCX: RDX: 09f3 RSI: 8801 RDI: 4f99 RBP: 8801daf07348 R08: R09: R10: 780baf52484d R11: R12: 11003b5e0e5c R13: 4f89 R14: dc00 R15: 11003b5e0e58 FS: 7f4ba8413700() GS:8801daf0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: cgroup_account_cputime include/linux/cgroup.h:724 [inline] update_curr+0x389/0xc00 kernel/sched/fair.c:832 enqueue_entity+0x40d/0x2130 kernel/sched/fair.c:4195 enqueue_task_fair+0x22d/0x910 kernel/sched/fair.c:5408 enqueue_task kernel/sched/core.c:751 [inline] activate_task+0x123/0x2e0 kernel/sched/core.c:770 ttwu_activate kernel/sched/core.c:1659 [inline] ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1718 ttwu_queue kernel/sched/core.c:1863 [inline] try_to_wake_up+0x948/0x12b0 kernel/sched/core.c:2076 wake_up_process+0x10/0x20 kernel/sched/core.c:2149 hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1647 __run_hrtimer kernel/time/hrtimer.c:1398 [inline] __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460 hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline] smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) ---[ end trace 63a513d0f55cc290 ]--- RIP: 0010:task_css include/linux/cgroup.h:477 [inline] RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline] RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349 Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00 RSP: 0018:8801daf072b0 EFLAGS: 00010006 RAX: dc00 RBX: 8801c72b40c0 RCX: RDX: 09f3 RSI: 8801 RDI: 4f99 RBP: 8801daf07348 R08: R09: R10: 780baf52484d R11: R12: 11003b5e0e5c R13: 4f89 R14: dc00 R15: 11003b5e0e58 FS: 7f4ba8413700() GS:8801daf0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot.
general protection fault in cpuacct_charge
Hello, syzbot found the following crash on: HEAD commit:8ae71e76cf1f Merge branch 'bpf-offload-sharing' git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=1645f97840 kernel config: https://syzkaller.appspot.com/x/.config?x=89129667b46496c3 dashboard link: https://syzkaller.appspot.com/bug?extid=a22ee0b9ff4d252439f4 compiler: gcc (GCC) 8.0.1 20180413 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+a22ee0b9ff4d25243...@syzkaller.appspotmail.com kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: [#1] SMP KASAN CPU: 1 PID: 0 Comm: �G+����0x�� Not tainted 4.18.0-rc3+ #58 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:task_css include/linux/cgroup.h:477 [inline] RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline] RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349 Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00 RSP: 0018:8801daf072b0 EFLAGS: 00010006 RAX: dc00 RBX: 8801c72b40c0 RCX: RDX: 09f3 RSI: 8801 RDI: 4f99 RBP: 8801daf07348 R08: R09: R10: 780baf52484d R11: R12: 11003b5e0e5c R13: 4f89 R14: dc00 R15: 11003b5e0e58 FS: 7f4ba8413700() GS:8801daf0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: cgroup_account_cputime include/linux/cgroup.h:724 [inline] update_curr+0x389/0xc00 kernel/sched/fair.c:832 enqueue_entity+0x40d/0x2130 kernel/sched/fair.c:4195 enqueue_task_fair+0x22d/0x910 kernel/sched/fair.c:5408 enqueue_task kernel/sched/core.c:751 [inline] activate_task+0x123/0x2e0 kernel/sched/core.c:770 ttwu_activate kernel/sched/core.c:1659 [inline] ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1718 ttwu_queue kernel/sched/core.c:1863 [inline] try_to_wake_up+0x948/0x12b0 kernel/sched/core.c:2076 wake_up_process+0x10/0x20 kernel/sched/core.c:2149 hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1647 __run_hrtimer kernel/time/hrtimer.c:1398 [inline] __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460 hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline] smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) ---[ end trace 63a513d0f55cc290 ]--- RIP: 0010:task_css include/linux/cgroup.h:477 [inline] RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline] RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349 Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00 RSP: 0018:8801daf072b0 EFLAGS: 00010006 RAX: dc00 RBX: 8801c72b40c0 RCX: RDX: 09f3 RSI: 8801 RDI: 4f99 RBP: 8801daf07348 R08: R09: R10: 780baf52484d R11: R12: 11003b5e0e5c R13: 4f89 R14: dc00 R15: 11003b5e0e58 FS: 7f4ba8413700() GS:8801daf0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot.