syzbot

 sign-in | mailing list | source | docs
🐞 Open [983] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in cpuacct_account_field (2)

Status: fixed on 2018/08/07 13:43
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+4a0ca20226640acf7c0f@syzkaller.appspotmail.com
Fix commit: 99ba2b5aba24 bpf: sockhash, disallow bpf_tcp_close and update in parallel
First crash: 2105d, last: 2105d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in cpuacct_account_field (3) kernel 6 1928d 1984d 0/26 auto-closed as invalid on 2019/07/12 06:27
upstream general protection fault in cpuacct_account_field kernel C 1 2120d 2120d 0/26 closed as invalid on 2018/07/05 16:25

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
kasan: CONFIG_KASAN_INLINE enabled
CPU: 1 PID: 32698 Comm: syz-executor1 Not tainted 4.18.0-rc3+ #58
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:cpuacct_account_field+0x17b/0x3b0 kernel/sched/cpuacct.c:366
Code: 0f 84 81 00 00 
kasan: GPF could be caused by NULL-ptr deref or user memory access
00 4c 63 ad 74 ff ff ff 48 b8 00 00 00 00 00 fc ff df 49 c1 e5 03 49 8d bc 24 38 01 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 af 01 00 00 49 8b 9c 24 38 01 00 00 65 48 03 1d 
RSP: 0018:ffff8801daf078e8 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000027 RSI: 0000000000000000 RDI: 0000000000000138
RBP: ffff8801daf07978 R08: 0000000000000000 R09: 0000000000000001
R10: ffff8801daf07950 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000010 R14: 1ffff1003b5e0f1e R15: 00000000000f4240
FS:  0000000001e56940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8aa6070 CR3: 00000001a974a000 CR4: 00000000001406e0
DR0: 0000000020000080 DR1: 0000000020000080 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 cgroup_account_cputime_field include/linux/cgroup.h:739 [inline]
 task_group_account_field kernel/sched/cputime.c:108 [inline]
 account_system_index_time+0x1dc/0x5c0 kernel/sched/cputime.c:171
 account_system_time+0x7f/0xb0 kernel/sched/cputime.c:199
 account_process_tick+0x76/0x240 kernel/sched/cputime.c:498
 update_process_times+0x21/0x70 kernel/time/timer.c:1634
 tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164
 tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
 __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
 __hrtimer_run_queues+0x3eb/0x10c0 kernel/time/hrtimer.c:1460
 hrtimer_interrupt+0x2f3/0x750 kernel/time/hrtimer.c:1518
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
 smp_apic_timer_interrupt+0x165/0x730 arch/x86/kernel/apic/apic.c:1050
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
 </IRQ>
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 83a5818ae0361148 ]---
general protection fault: 0000 [#2] SMP KASAN
CPU: 0 PID: 2762 Comm: udevd Tainted: G      D           4.18.0-rc3+ #58
RIP: 0010:cpuacct_account_field+0x17b/0x3b0 kernel/sched/cpuacct.c:366
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Code: 0f 
RIP: 0010:avc_start_pgoff mm/interval_tree.c:64 [inline]
RIP: 0010:__anon_vma_interval_tree_insert mm/interval_tree.c:72 [inline]
RIP: 0010:anon_vma_interval_tree_insert+0x175/0x300 mm/interval_tree.c:83
84 
Code: 
81 00 
49 
00 
8d 
00 
7c 24 
4c 
e0 
63 
48 89 
ad 
f8 48 
74 ff 
c1 
ff 
e8 03 
ff 
42 80 
48 b8 
3c 
00 
30 00 
00 
0f 
00 00 
85 
00 
2f 01 
fc 
00 00 
ff 
4d 
df 
8b 
49 
7c 
c1 
24 
e5 
e0 49 
03 49 
8d bf 
8d 
98 
bc 24 
00 00 
38 
00 48 
01 
89 fa 
00 
48 
00 48 
c1 ea 
89 
03 
fa 
<42> 
48 
80 
c1 
3c 
ea 
32 
03 
00 0f 
<80> 
85 
3c 
07 
02 
01 
00 
00 00 
0f 85 
4d 8b 
af 01 
bf 98 
00 
00 00 
00 
00 
49 
48 
8b 
8b 
9c 
7d 
24 
d0 
38 
RSP: 0018:ffff8801b31defe0 EFLAGS: 00010202
01 
00 
RAX: 1ffff10034f94768 RBX: ffff8801cc379e40 RCX: ffffffff81a96747
00 
RDX: 0bbd462fc39b6cb3 RSI: ffffffff81a9675b RDI: 5dea317e1cdb6598
65 48 
RBP: ffff8801b31df028 R08: ffff8801b31d4100 R09: 0000000000000000
03 
R10: 0000000079489c79 R11: ffff8801dae236b3 R12: ffff8801a7ca3b60
1d 
R13: 0000000000000025 R14: dffffc0000000000 R15: 5dea317e1cdb6500
FS:  00007ff87c8ce7a0(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
RSP: 0018:ffff8801daf078e8 EFLAGS: 00010006
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff87c8d5000 CR3: 00000001b31aa000 CR4: 00000000001406f0
RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000027 RSI: 0000000000000000 RDI: 0000000000000138
DR0: 00000000200001c0 DR1: 00000000200001c0 DR2: 0000000020000000
RBP: ffff8801daf07978 R08: 0000000000000000 R09: 0000000000000001
R10: ffff8801daf07950 R11: 0000000000000000 R12: 0000000000000000
DR3: 0000000020000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
R13: 0000000000000010 R14: 1ffff1003b5e0f1e R15: 00000000000f4240
 anon_vma_chain_link mm/rmap.c:143 [inline]
 anon_vma_clone+0x2f7/0x740 mm/rmap.c:278
FS:  0000000001e56940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffde8aa6070 CR3: 00000001a974a000 CR4: 00000000001406e0
DR0: 0000000020000080 DR1: 0000000020000080 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/21 00:39 bpf-next 8ae71e76cf1f af255b09 .config console log report ci-upstream-bpf-next-kasan-gce
* Struck through repros no longer work on HEAD.