subject:"general protection fault in cpuacct

Re: general protection fault in cpuacct_charge

2018-07-24 Thread Dmitry Vyukov

On Tue, Jul 24, 2018 at 9:27 AM, syzbot
 wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:8ae71e76cf1f Merge branch 'bpf-offload-sharing'
> git tree:   bpf-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1645f97840
> kernel config:  https://syzkaller.appspot.com/x/.config?x=89129667b46496c3
> dashboard link: https://syzkaller.appspot.com/bug?extid=a22ee0b9ff4d252439f4
> compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+a22ee0b9ff4d25243...@syzkaller.appspotmail.com

#syz fix: bpf: sockhash, disallow bpf_tcp_close and update in parallel

> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault:  [#1] SMP KASAN
> CPU: 1 PID: 0 Comm: �G+� ���0x�� Not tainted 4.18.0-rc3+ #58
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
> RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
> RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349
> Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8
> 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85
> 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00
> RSP: 0018:8801daf072b0 EFLAGS: 00010006
> RAX: dc00 RBX: 8801c72b40c0 RCX: 
> RDX: 09f3 RSI: 8801 RDI: 4f99
> RBP: 8801daf07348 R08:  R09: 
> R10: 780baf52484d R11:  R12: 11003b5e0e5c
> R13: 4f89 R14: dc00 R15: 11003b5e0e58
> FS:  7f4ba8413700() GS:8801daf0() knlGS:
> CS:  0010 DS:  ES:  CR0: 80050033
> CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0
> DR0:  DR1:  DR2: 
> DR3:  DR6: fffe0ff0 DR7: 0400
> Call Trace:
>  
>  cgroup_account_cputime include/linux/cgroup.h:724 [inline]
>  update_curr+0x389/0xc00 kernel/sched/fair.c:832
>  enqueue_entity+0x40d/0x2130 kernel/sched/fair.c:4195
>  enqueue_task_fair+0x22d/0x910 kernel/sched/fair.c:5408
>  enqueue_task kernel/sched/core.c:751 [inline]
>  activate_task+0x123/0x2e0 kernel/sched/core.c:770
>  ttwu_activate kernel/sched/core.c:1659 [inline]
>  ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1718
>  ttwu_queue kernel/sched/core.c:1863 [inline]
>  try_to_wake_up+0x948/0x12b0 kernel/sched/core.c:2076
>  wake_up_process+0x10/0x20 kernel/sched/core.c:2149
>  hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1647
>  __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
>  __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460
>  hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518
>  local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
>  smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050
>  apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
>  
> Modules linked in:
> Dumping ftrace buffer:
>(ftrace buffer empty)
> ---[ end trace 63a513d0f55cc290 ]---
> RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
> RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
> RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349
> Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8
> 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85
> 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00
> RSP: 0018:8801daf072b0 EFLAGS: 00010006
> RAX: dc00 RBX: 8801c72b40c0 RCX: 
> RDX: 09f3 RSI: 8801 RDI: 4f99
> RBP: 8801daf07348 R08:  R09: 
> R10: 780baf52484d R11:  R12: 11003b5e0e5c
> R13: 4f89 R14: dc00 R15: 11003b5e0e58
> FS:  7f4ba8413700() GS:8801daf0() knlGS:
> CS:  0010 DS:  ES:  CR0: 80050033
> CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0
> DR0:  DR1:  DR2: 
> DR3:  DR6: fffe0ff0 DR7: 0400
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkal...@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

Re: general protection fault in cpuacct_charge

2018-07-24 Thread Dmitry Vyukov

On Tue, Jul 24, 2018 at 9:27 AM, syzbot
 wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:8ae71e76cf1f Merge branch 'bpf-offload-sharing'
> git tree:   bpf-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=1645f97840
> kernel config:  https://syzkaller.appspot.com/x/.config?x=89129667b46496c3
> dashboard link: https://syzkaller.appspot.com/bug?extid=a22ee0b9ff4d252439f4
> compiler:   gcc (GCC) 8.0.1 20180413 (experimental)
>
> Unfortunately, I don't have any reproducer for this crash yet.
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+a22ee0b9ff4d25243...@syzkaller.appspotmail.com

#syz fix: bpf: sockhash, disallow bpf_tcp_close and update in parallel

> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault:  [#1] SMP KASAN
> CPU: 1 PID: 0 Comm: �G+� ���0x�� Not tainted 4.18.0-rc3+ #58
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
> RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
> RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349
> Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8
> 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85
> 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00
> RSP: 0018:8801daf072b0 EFLAGS: 00010006
> RAX: dc00 RBX: 8801c72b40c0 RCX: 
> RDX: 09f3 RSI: 8801 RDI: 4f99
> RBP: 8801daf07348 R08:  R09: 
> R10: 780baf52484d R11:  R12: 11003b5e0e5c
> R13: 4f89 R14: dc00 R15: 11003b5e0e58
> FS:  7f4ba8413700() GS:8801daf0() knlGS:
> CS:  0010 DS:  ES:  CR0: 80050033
> CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0
> DR0:  DR1:  DR2: 
> DR3:  DR6: fffe0ff0 DR7: 0400
> Call Trace:
>  
>  cgroup_account_cputime include/linux/cgroup.h:724 [inline]
>  update_curr+0x389/0xc00 kernel/sched/fair.c:832
>  enqueue_entity+0x40d/0x2130 kernel/sched/fair.c:4195
>  enqueue_task_fair+0x22d/0x910 kernel/sched/fair.c:5408
>  enqueue_task kernel/sched/core.c:751 [inline]
>  activate_task+0x123/0x2e0 kernel/sched/core.c:770
>  ttwu_activate kernel/sched/core.c:1659 [inline]
>  ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1718
>  ttwu_queue kernel/sched/core.c:1863 [inline]
>  try_to_wake_up+0x948/0x12b0 kernel/sched/core.c:2076
>  wake_up_process+0x10/0x20 kernel/sched/core.c:2149
>  hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1647
>  __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
>  __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460
>  hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518
>  local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
>  smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050
>  apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
>  
> Modules linked in:
> Dumping ftrace buffer:
>(ftrace buffer empty)
> ---[ end trace 63a513d0f55cc290 ]---
> RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
> RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
> RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349
> Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8
> 00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85
> 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00
> RSP: 0018:8801daf072b0 EFLAGS: 00010006
> RAX: dc00 RBX: 8801c72b40c0 RCX: 
> RDX: 09f3 RSI: 8801 RDI: 4f99
> RBP: 8801daf07348 R08:  R09: 
> R10: 780baf52484d R11:  R12: 11003b5e0e5c
> R13: 4f89 R14: dc00 R15: 11003b5e0e58
> FS:  7f4ba8413700() GS:8801daf0() knlGS:
> CS:  0010 DS:  ES:  CR0: 80050033
> CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0
> DR0:  DR1:  DR2: 
> DR3:  DR6: fffe0ff0 DR7: 0400
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkal...@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

general protection fault in cpuacct_charge

2018-07-24 Thread syzbot


Hello,

syzbot found the following crash on:

HEAD commit:8ae71e76cf1f Merge branch 'bpf-offload-sharing'
git tree:   bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1645f97840
kernel config:  https://syzkaller.appspot.com/x/.config?x=89129667b46496c3
dashboard link: https://syzkaller.appspot.com/bug?extid=a22ee0b9ff4d252439f4
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a22ee0b9ff4d25243...@syzkaller.appspotmail.com

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault:  [#1] SMP KASAN
CPU: 1 PID: 0 Comm: �G+����0x�� Not tainted 4.18.0-rc3+ #58
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011

RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349
Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8  
00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f  
85 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00

RSP: 0018:8801daf072b0 EFLAGS: 00010006
RAX: dc00 RBX: 8801c72b40c0 RCX: 
RDX: 09f3 RSI: 8801 RDI: 4f99
RBP: 8801daf07348 R08:  R09: 
R10: 780baf52484d R11:  R12: 11003b5e0e5c
R13: 4f89 R14: dc00 R15: 11003b5e0e58
FS:  7f4ba8413700() GS:8801daf0() knlGS:
CS:  0010 DS:  ES:  CR0: 80050033
CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0
DR0:  DR1:  DR2: 
DR3:  DR6: fffe0ff0 DR7: 0400
Call Trace:
 
 cgroup_account_cputime include/linux/cgroup.h:724 [inline]
 update_curr+0x389/0xc00 kernel/sched/fair.c:832
 enqueue_entity+0x40d/0x2130 kernel/sched/fair.c:4195
 enqueue_task_fair+0x22d/0x910 kernel/sched/fair.c:5408
 enqueue_task kernel/sched/core.c:751 [inline]
 activate_task+0x123/0x2e0 kernel/sched/core.c:770
 ttwu_activate kernel/sched/core.c:1659 [inline]
 ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1718
 ttwu_queue kernel/sched/core.c:1863 [inline]
 try_to_wake_up+0x948/0x12b0 kernel/sched/core.c:2076
 wake_up_process+0x10/0x20 kernel/sched/core.c:2149
 hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1647
 __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
 __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460
 hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
 smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
 
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 63a513d0f55cc290 ]---
RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349
Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8  
00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f  
85 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00

RSP: 0018:8801daf072b0 EFLAGS: 00010006
RAX: dc00 RBX: 8801c72b40c0 RCX: 
RDX: 09f3 RSI: 8801 RDI: 4f99
RBP: 8801daf07348 R08:  R09: 
R10: 780baf52484d R11:  R12: 11003b5e0e5c
R13: 4f89 R14: dc00 R15: 11003b5e0e58
FS:  7f4ba8413700() GS:8801daf0() knlGS:
CS:  0010 DS:  ES:  CR0: 80050033
CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0
DR0:  DR1:  DR2: 
DR3:  DR6: fffe0ff0 DR7: 0400


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.

general protection fault in cpuacct_charge

2018-07-24 Thread syzbot


Hello,

syzbot found the following crash on:

HEAD commit:8ae71e76cf1f Merge branch 'bpf-offload-sharing'
git tree:   bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1645f97840
kernel config:  https://syzkaller.appspot.com/x/.config?x=89129667b46496c3
dashboard link: https://syzkaller.appspot.com/bug?extid=a22ee0b9ff4d252439f4
compiler:   gcc (GCC) 8.0.1 20180413 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a22ee0b9ff4d25243...@syzkaller.appspotmail.com

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault:  [#1] SMP KASAN
CPU: 1 PID: 0 Comm: �G+����0x�� Not tainted 4.18.0-rc3+ #58
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011

RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349
Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8  
00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f  
85 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00

RSP: 0018:8801daf072b0 EFLAGS: 00010006
RAX: dc00 RBX: 8801c72b40c0 RCX: 
RDX: 09f3 RSI: 8801 RDI: 4f99
RBP: 8801daf07348 R08:  R09: 
R10: 780baf52484d R11:  R12: 11003b5e0e5c
R13: 4f89 R14: dc00 R15: 11003b5e0e58
FS:  7f4ba8413700() GS:8801daf0() knlGS:
CS:  0010 DS:  ES:  CR0: 80050033
CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0
DR0:  DR1:  DR2: 
DR3:  DR6: fffe0ff0 DR7: 0400
Call Trace:
 
 cgroup_account_cputime include/linux/cgroup.h:724 [inline]
 update_curr+0x389/0xc00 kernel/sched/fair.c:832
 enqueue_entity+0x40d/0x2130 kernel/sched/fair.c:4195
 enqueue_task_fair+0x22d/0x910 kernel/sched/fair.c:5408
 enqueue_task kernel/sched/core.c:751 [inline]
 activate_task+0x123/0x2e0 kernel/sched/core.c:770
 ttwu_activate kernel/sched/core.c:1659 [inline]
 ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1718
 ttwu_queue kernel/sched/core.c:1863 [inline]
 try_to_wake_up+0x948/0x12b0 kernel/sched/core.c:2076
 wake_up_process+0x10/0x20 kernel/sched/core.c:2149
 hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1647
 __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
 __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460
 hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
 smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
 
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 63a513d0f55cc290 ]---
RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
RIP: 0010:cpuacct_charge+0x1b8/0x5d0 kernel/sched/cpuacct.c:349
Code: 68 ff ff ff 85 c0 74 0d 80 3d 45 31 3c 08 00 0f 84 04 02 00 00 48 b8  
00 00 00 00 00 fc ff df 49 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f  
85 65 03 00 00 4d 8b 65 10 4d 85 e4 0f 84 0a 01 00

RSP: 0018:8801daf072b0 EFLAGS: 00010006
RAX: dc00 RBX: 8801c72b40c0 RCX: 
RDX: 09f3 RSI: 8801 RDI: 4f99
RBP: 8801daf07348 R08:  R09: 
R10: 780baf52484d R11:  R12: 11003b5e0e5c
R13: 4f89 R14: dc00 R15: 11003b5e0e58
FS:  7f4ba8413700() GS:8801daf0() knlGS:
CS:  0010 DS:  ES:  CR0: 80050033
CR2: 2340 CR3: 0001cf0ac000 CR4: 001406e0
DR0:  DR1:  DR2: 
DR3:  DR6: fffe0ff0 DR7: 0400


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.

Re: general protection fault in cpuacct_charge

Re: general protection fault in cpuacct_charge

general protection fault in cpuacct_charge

general protection fault in cpuacct_charge

4 matches

Site Navigation

Mail list logo

Footer information