syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12492] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in propagate_entity_cfs_rq

Status: fixed on 2019/11/07 18:45
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+2e37f794f31be5667a88@syzkaller.appspotmail.com
Fix commit: bab2c80e5a6c nsh: set mac len based on inner packet
First crash: 2111d, last: 2111d
Fix bisection: fixed by (bisect log) :
commit bab2c80e5a6c855657482eac9e97f5f3eedb509a
Author: Willem de Bruijn <willemb@google.com>
Date: Wed Jul 11 16:00:44 2018 +0000

  nsh: set mac len based on inner packet

  
Discussions (1)
Title Replies (including bot) Last reply
general protection fault in propagate_entity_cfs_rq 2 (4) 2019/11/07 15:16

Sample crash report:
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.18.0-rc3+ #51
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:propagate_entity_cfs_rq.isra.70+0x199/0x20c0 kernel/sched/fair.c:10039
Code: 0d 02 00 00 48 c7 c0 60 70 2a 89 48 89 f9 48 c1 e8 03 48 01 d8 48 89 85 28 fb ff ff 4c 8d a9 58 01 00 00 4c 89 e8 48 c1 e8 03 <80> 3c 18 00 0f 85 5e 11 00 00 4c 8b a1 58 01 00 00 0f 1f 44 00 00 
RSP: 0018:ffff8801daf06c90 EFLAGS: 00010003
RAX: 03fffe20074fc1d0 RBX: dffffc0000000000 RCX: 1ffff1003a7e0d2c
RDX: 1ffff1003a7e0d2a RSI: 1ffff1003b5e0e7f RDI: 1ffff1003a7e0d2c
RBP: ffff8801daf071a0 R08: ffff8801dae2cbc0 R09: 1ffffffff11a25cc
R10: 00000000019d6e0b R11: 0000000000000000 R12: 1ffff1003b5e0e3b
R13: 1ffff1003a7e0e84 R14: ffff8801d3f06800 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1b24d7e78 CR3: 00000001ab04b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 detach_entity_cfs_rq+0x6e3/0xf50 kernel/sched/fair.c:10059
 migrate_task_rq_fair+0xba/0x290 kernel/sched/fair.c:6709
 set_task_cpu+0x131/0x770 kernel/sched/core.c:1194
 detach_task.isra.89+0xdb/0x150 kernel/sched/fair.c:7438
 detach_tasks kernel/sched/fair.c:7525 [inline]
 load_balance+0xf0b/0x3640 kernel/sched/fair.c:8884
 rebalance_domains+0x82a/0xd90 kernel/sched/fair.c:9262
 run_rebalance_domains+0x365/0x4c0 kernel/sched/fair.c:9884
 __do_softirq+0x2e8/0xb17 kernel/softirq.c:288
 invoke_softirq kernel/softirq.c:368 [inline]
 irq_exit+0x1d1/0x200 kernel/softirq.c:408
 exiting_irq arch/x86/include/asm/apic.h:527 [inline]
 smp_apic_timer_interrupt+0x186/0x730 arch/x86/kernel/apic/apic.c:1052
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
 </IRQ>
RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54
Code: c7 48 89 45 d8 e8 5a 04 24 fa 48 8b 45 d8 e9 d2 fe ff ff 48 89 df e8 49 04 24 fa eb 8a 90 90 90 90 90 90 90 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 
RSP: 0018:ffff8801d9af7c38 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 1ffff1003b35ef8a RCX: ffffffff81667982
RDX: 1ffffffff11e3610 RSI: 0000000000000004 RDI: ffffffff88f1b080
RBP: ffff8801d9af7c38 R08: ffffed003b5e46d7 R09: ffffed003b5e46d6
R10: ffffed003b5e46d6 R11: ffff8801daf236b3 R12: 0000000000000001
R13: ffff8801d9af7cf0 R14: ffffffff899edd20 R15: 0000000000000000
 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
 default_idle+0xc7/0x450 arch/x86/kernel/process.c:500
 arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:491
 default_idle_call+0x6d/0x90 kernel/sched/idle.c:93
 cpuidle_idle_call kernel/sched/idle.c:153 [inline]
 do_idle+0x3aa/0x570 kernel/sched/idle.c:262
 cpu_startup_entry+0x10c/0x120 kernel/sched/idle.c:368
 start_secondary+0x433/0x5d0 arch/x86/kernel/smpboot.c:265
 secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:242
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace cb0cd83b57bb4bba ]---
RIP: 0010:propagate_entity_cfs_rq.isra.70+0x199/0x20c0 kernel/sched/fair.c:10039
Code: 0d 02 00 00 48 c7 c0 60 70 2a 89 48 89 f9 48 c1 e8 03 48 01 d8 48 89 85 28 fb ff ff 4c 8d a9 58 01 00 00 4c 89 e8 48 c1 e8 03 <80> 3c 18 00 0f 85 5e 11 00 00 4c 8b a1 58 01 00 00 0f 1f 44 00 00 
RSP: 0018:ffff8801daf06c90 EFLAGS: 00010003
RAX: 03fffe20074fc1d0 RBX: dffffc0000000000 RCX: 1ffff1003a7e0d2c
RDX: 1ffff1003a7e0d2a RSI: 1ffff1003b5e0e7f RDI: 1ffff1003a7e0d2c
RBP: ffff8801daf071a0 R08: ffff8801dae2cbc0 R09: 1ffffffff11a25cc
R10: 00000000019d6e0b R11: 0000000000000000 R12: 1ffff1003b5e0e3b
R13: 1ffff1003a7e0e84 R14: ffff8801d3f06800 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1b24d7e78 CR3: 00000001ab04b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/13 01:06 bpf-next 6fd066604123 06c33b3a .config console log report syz C ci-upstream-bpf-next-kasan-gce
* Struck through repros no longer work on HEAD.