syzbot


general protection fault in cgroup_fd_array_put_ptr

Status: fixed on 2018/01/22 13:19
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+b0efb8e572d01bce1ae0@syzkaller.appspotmail.com
Fix commit: bbeb6e4323da bpf, array: fix overflow in max_entries and undefined behavior in index_mask
First crash: 2270d, last: 2263d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.4 00/87] 4.4.112-stable review 103 (103) 2018/02/14 16:43
[PATCH 4.9 00/96] 4.9.77-stable review 111 (111) 2018/01/21 16:03
[PATCH 4.14 000/118] 4.14.14-stable review 139 (139) 2018/01/16 20:50
[PATCH 4.4-stable 0/6] bpf: prevent out-of-bounds speculation 11 (11) 2018/01/13 19:49
[PATCH bpf] bpf, array: fix overflow in max_entries and undefined behavior in index_mask 2 (2) 2018/01/10 22:58
general protection fault in cgroup_fd_array_put_ptr 2 (3) 2018/01/10 16:23

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 1549 Comm: kworker/0:2 Not tainted 4.15.0-rc8+ #264
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events bpf_map_free_deferred
RIP: 0010:css_put include/linux/cgroup.h:386 [inline]
RIP: 0010:cgroup_put include/linux/cgroup.h:415 [inline]
RIP: 0010:cgroup_fd_array_put_ptr+0x71/0x2a0 kernel/bpf/arraymap.c:573
RSP: 0018:ffff8801d35af490 EFLAGS: 00010a02
RAX: 10f40039400001e5 RBX: 1ffff1003a6b5e92 RCX: ffffffff8180f5a5
RDX: 0000000000000000 RSI: ffff8801d8b55464 RDI: 87a001ca00000f2b
RBP: ffff8801d35af518 R08: 1ffff1003a6b5e70 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 87a001ca00000ebf
R13: ffff8801d35af4f0 R14: dffffc0000000000 R15: 87a001ca00000ebf
FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000203e2fe4 CR3: 0000000006822003 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 fd_array_map_delete_elem kernel/bpf/arraymap.c:420 [inline]
 bpf_fd_array_map_clear kernel/bpf/arraymap.c:461 [inline]
 cgroup_fd_array_free+0xd2/0x150 kernel/bpf/arraymap.c:578
 bpf_map_free_deferred+0xb0/0xe0 kernel/bpf/syscall.c:217
 process_one_work+0xbbf/0x1b10 kernel/workqueue.c:2112
 worker_thread+0x223/0x1990 kernel/workqueue.c:2246
 kthread+0x33c/0x400 kernel/kthread.c:238
 ret_from_fork+0x37/0x50 arch/x86/entry/entry_64.S:530
Code: 45 88 40 f5 80 81 c7 00 f1 f1 f1 f1 c7 40 04 00 f2 f2 f2 c7 40 08 f3 f3 f3 f3 e8 1b 22 ef ff 49 8d 7c 24 6c 48 89 f8 48 c1 e8 03 <42> 0f b6 14 30 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 
RIP: css_put include/linux/cgroup.h:386 [inline] RSP: ffff8801d35af490
RIP: cgroup_put include/linux/cgroup.h:415 [inline] RSP: ffff8801d35af490
RIP: cgroup_fd_array_put_ptr+0x71/0x2a0 kernel/bpf/arraymap.c:573 RSP: ffff8801d35af490
---[ end trace b83cbbb5164d5c72 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (219):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/01/17 00:37 upstream 41aa5e5d712b a46e5318 .config console log report syz C ci-upstream-kasan-gce
2018/01/16 20:49 upstream a8750ddca918 a46e5318 .config console log report syz C ci-upstream-kasan-gce
2018/01/15 14:22 upstream a8750ddca918 66d492a6 .config console log report syz C ci-upstream-kasan-gce
2018/01/14 20:13 upstream 9443c168505d 66d492a6 .config console log report syz C ci-upstream-kasan-gce
2018/01/14 12:25 upstream 2c1cfa499018 c9e7aeae .config console log report syz C ci-upstream-kasan-gce
2018/01/12 19:53 upstream 1545dec46db3 9dc808a6 .config console log report syz C ci-upstream-kasan-gce
2018/01/17 01:50 upstream 41aa5e5d712b a46e5318 .config console log report syz C ci-upstream-kasan-gce-386
2018/01/16 21:42 upstream 41aa5e5d712b a46e5318 .config console log report syz C ci-upstream-kasan-gce-386
2018/01/15 14:23 upstream a8750ddca918 66d492a6 .config console log report syz C ci-upstream-kasan-gce-386
2018/01/14 12:14 upstream 2c1cfa499018 c9e7aeae .config console log report syz C ci-upstream-kasan-gce-386
2018/01/12 19:52 upstream 1545dec46db3 9dc808a6 .config console log report syz C ci-upstream-kasan-gce-386
2018/01/16 23:01 net-next-old e02f08a07098 a46e5318 .config console log report syz C ci-upstream-net-kasan-gce
2018/01/16 19:34 net-next-old 79d891c1bbb6 4198e588 .config console log report syz C ci-upstream-net-kasan-gce
2018/01/15 14:12 net-next-old 564737f981fb 66d492a6 .config console log report syz C ci-upstream-net-kasan-gce
2018/01/14 19:51 net-next-old 1988c7957881 66d492a6 .config console log report syz C ci-upstream-net-kasan-gce
2018/01/14 12:01 net-next-old 6bd39bc3da0f c9e7aeae .config console log report syz C ci-upstream-net-kasan-gce
2018/01/12 19:42 net-next-old 19d28fbd306e 9dc808a6 .config console log report syz C ci-upstream-net-kasan-gce
2018/01/12 19:52 mmots 2c405fa05106 9dc808a6 .config console log report syz C ci-upstream-mmots-kasan-gce
2018/01/11 07:28 linux-next 8418f8876404 02a19b64 .config console log report syz C ci-upstream-next-kasan-gce
2018/01/11 07:15 mmots 4147d50978df 02a19b64 .config console log report syz C ci-upstream-mmots-kasan-gce
2018/01/10 07:50 linux-next b4464bcab38d 1f60c828 .config console log report syz C ci-upstream-next-kasan-gce
2018/01/17 07:06 upstream 41aa5e5d712b a46e5318 .config console log report ci-upstream-kasan-gce
2018/01/16 20:19 upstream a8750ddca918 a46e5318 .config console log report ci-upstream-kasan-gce
2018/01/16 19:03 upstream a8750ddca918 4198e588 .config console log report ci-upstream-kasan-gce
2018/01/16 17:58 upstream a8750ddca918 4198e588 .config console log report ci-upstream-kasan-gce
2018/01/17 08:15 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 08:00 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 06:52 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 06:10 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 05:54 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 05:51 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 05:35 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 05:33 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 05:17 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 04:25 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 04:18 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 04:09 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 04:07 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 03:58 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 02:08 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 01:27 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 01:15 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/17 01:13 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 23:49 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 23:16 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 23:11 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 22:20 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 21:25 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 21:15 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 20:16 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 20:11 net-next-old e02f08a07098 a46e5318 .config console log report ci-upstream-net-kasan-gce
2018/01/16 19:36 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 19:35 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 19:12 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 18:46 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 18:36 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 18:17 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 16:16 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 15:56 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 15:44 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
2018/01/16 15:05 net-next-old 79d891c1bbb6 4198e588 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.