syzbot


general protection fault in perf_tp_event (3)
Status: auto-closed as invalid on 2022/04/23 10:36
Reported-by: syzbot+f27ed6d2b22fe3b92377@syzkaller.appspotmail.com
First crash: 243d, last: 155d
similar bugs (6):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 general protection fault in perf_tp_event 1 1127d 1127d 0/1 auto-closed as invalid on 2019/10/24 06:05
upstream general protection fault in perf_tp_event (2) 109 450d 691d 0/22 auto-closed as invalid on 2021/07/02 04:41
linux-4.14 general protection fault in perf_tp_event 2 693d 731d 0/1 auto-closed as invalid on 2020/11/01 21:53
linux-4.19 general protection fault in perf_tp_event (2) 4 747d 895d 0/1 auto-closed as invalid on 2020/09/08 23:43
android-54 general protection fault in perf_tp_event 7 700d 866d 0/2 auto-closed as invalid on 2020/10/25 22:42
upstream general protection fault in perf_tp_event 423 1061d 1485d 0/22 auto-closed as invalid on 2019/10/25 14:12

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000030: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000180-0x0000000000000187]
CPU: 1 PID: 30136 Comm: syz-executor.0 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:perf_tp_event_match kernel/events/core.c:9687 [inline]
RIP: 0010:perf_tp_event+0x1d5/0xbc0 kernel/events/core.c:9738
Code: 89 85 e8 fd ff ff eb 0f e8 08 d5 e0 ff 48 83 eb 60 0f 84 4a 01 00 00 e8 f9 d4 e0 ff 48 8d bb e0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e 94 08 00 00 44 8b bb e0 01
RSP: 0018:ffffc9000554f600 EFLAGS: 00010216
RAX: 0000000000000030 RBX: ffffffffffffffa1 RCX: ffffc90002d97000
RDX: 0000000000040000 RSI: ffffffff8196d5c7 RDI: 0000000000000181
RBP: ffffc9000554f870 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff817bf44d R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880b9d34860 R14: 0000000000000001 R15: 1ffff110173a691d
FS:  00007f17f9892700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f17f9891fe8 CR3: 000000007b2fe000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 perf_trace_run_bpf_submit+0x11c/0x210 kernel/events/core.c:9713
 perf_trace_lock_acquire+0x34c/0x550 include/trace/events/lock.h:13
 trace_lock_acquire include/trace/events/lock.h:13 [inline]
 lock_acquire+0x416/0x510 kernel/locking/lockdep.c:5608
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:349 [inline]
 lockref_get_not_dead+0x14/0x80 lib/lockref.c:211
 __legitimize_path+0x7f/0x1c0 fs/namei.c:698
 legitimize_path fs/namei.c:708 [inline]
 try_to_unlazy+0x10a/0x3b0 fs/namei.c:777
 complete_walk+0x10d/0x320 fs/namei.c:883
 path_parentat+0xec/0x1c0 fs/namei.c:2498
 filename_parentat+0x1bb/0x5a0 fs/namei.c:2519
 filename_create+0xa1/0x480 fs/namei.c:3637
 do_mkdirat+0x94/0x300 fs/namei.c:3898
 __do_sys_mkdir fs/namei.c:3929 [inline]
 __se_sys_mkdir fs/namei.c:3927 [inline]
 __x64_sys_mkdir+0xf2/0x140 fs/namei.c:3927
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f17fa93cbf7
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f17f9891fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17fa93cbf7
RDX: ffffffffffffff81 RSI: 00000000000001ff RDI: 0000000020000400
RBP: 00007f17f9892040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000400 R14: 00007f17f9892000 R15: 0000000020000680
 </TASK>
Modules linked in:
----------------
Code disassembly (best guess):
   0:	89 85 e8 fd ff ff    	mov    %eax,-0x218(%rbp)
   6:	eb 0f                	jmp    0x17
   8:	e8 08 d5 e0 ff       	callq  0xffe0d515
   d:	48 83 eb 60          	sub    $0x60,%rbx
  11:	0f 84 4a 01 00 00    	je     0x161
  17:	e8 f9 d4 e0 ff       	callq  0xffe0d515
  1c:	48 8d bb e0 01 00 00 	lea    0x1e0(%rbx),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	74 08                	je     0x3b
  33:	3c 03                	cmp    $0x3,%al
  35:	0f 8e 94 08 00 00    	jle    0x8cf
  3b:	44                   	rex.R
  3c:	8b                   	.byte 0x8b
  3d:	bb                   	.byte 0xbb
  3e:	e0 01                	loopne 0x41

Crashes (9):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2021/12/04 15:54 upstream 12119cfa1052 a617004c .config log report info general protection fault in perf_tp_event
ci-upstream-kasan-gce-selinux-root 2021/11/20 17:19 upstream a90af8f15bdc 4eb20a4e .config log report info general protection fault in perf_tp_event
ci-upstream-bpf-kasan-gce 2021/12/18 23:02 bpf 819d11507f66 44068e19 .config log report info general protection fault in perf_tp_event
ci-upstream-bpf-kasan-gce 2021/12/13 21:17 bpf 0be2516f865f 49ca1f59 .config log report info general protection fault in perf_tp_event
ci-upstream-bpf-kasan-gce 2021/10/26 22:51 bpf 04f8ef5643bc d50eb50a .config log report info general protection fault in perf_tp_event
ci-upstream-bpf-kasan-gce 2021/10/12 07:55 bpf 732b74d64704 838e7e2c .config log report info general protection fault in perf_tp_event
ci-upstream-bpf-kasan-gce 2021/09/27 00:41 bpf a3debf177f21 78494d16 .config log report info general protection fault in perf_tp_event
ci-upstream-bpf-next-kasan-gce 2021/12/24 10:35 bpf-next 4b443bc1785f 6caa12e4 .config log report info general protection fault in perf_tp_event
ci-upstream-bpf-next-kasan-gce 2021/12/21 21:55 bpf-next 4b443bc1785f a938f0b8 .config log report info general protection fault in perf_tp_event