general protection fault in perf_iterate_sb
15 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:01:03 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b7e40c3d Merge 4.14.75 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=108b896e400000
kernel config: https://syzkaller.appspot.com/x/.config?x=83372ecdbe063bdb
dashboard link: https://syzkaller.appspot.com/bug?extid=4e7686e9c673887cd7ce
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12544841400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a10359400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4e7686...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI
Modules linked in:
CPU: 0 PID: 1892 Comm: syz-executor964 Not tainted 4.14.75+ #18
task: ffff8801c9972f00 task.stack: ffff8801c9fa0000
RIP: 0010:__pmu_filter_match kernel/events/core.c:1805 [inline]
RIP: 0010:pmu_filter_match kernel/events/core.c:1822 [inline]
RIP: 0010:event_filter_match kernel/events/core.c:1833 [inline]
RIP: 0010:perf_iterate_sb_cpu kernel/events/core.c:6364 [inline]
RIP: 0010:perf_iterate_sb+0x369/0x5d0 kernel/events/core.c:6396
RSP: 0018:ffff8801c9fa7b10 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8801c71f8000 RCX: dffffc0000000000
RDX: 00000000000006ef RSI: dffffc0000000000 RDI: 000000000000377b
RBP: ffff8801c9fa7b48 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8801c9973730 R11: 0000000000000001 R12: ffff8801db82e8d0
R13: ffff8801c71f8020 R14: ffffffff881ecfb0 R15: 0000000000003683
FS: 0000000001cb4880(0000) GS:ffff8801db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdd9427874 CR3: 00000001c9fb6002 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
perf_event_task+0xe3/0x140 kernel/events/core.c:6634
perf_event_fork+0x18/0x40 kernel/events/core.c:6641
copy_process.part.6+0x33bd/0x6530 kernel/fork.c:1936
copy_process kernel/fork.c:1573 [inline]
_do_fork+0x1c2/0xd50 kernel/fork.c:2054
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x43f9da
RSP: 002b:00007ffdd9427840 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f9da
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffdd9427860 R08: 0000000000000764 R09: 0000000001cb4880
R10: 0000000001cb4b50 R11: 0000000000000246 R12: 0000000000000764
R13: 0000000000401f40 R14: 0000000000000000 R15: 0000000000000000
Code: 48 c1 e8 03 80 3c 30 00 0f 85 e2 01 00 00 48 b8 00 00 00 00 00 fc ff
df 4d 8b 7c 24 78 49 8d bf f8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00
0f 85 c5 01 00 00 4d 8b bf f8 00 00 00 4d 85 ff 74
RIP: __pmu_filter_match kernel/events/core.c:1805 [inline] RSP:
ffff8801c9fa7b10
RIP: pmu_filter_match kernel/events/core.c:1822 [inline] RSP:
ffff8801c9fa7b10
RIP: event_filter_match kernel/events/core.c:1833 [inline] RSP:
ffff8801c9fa7b10
RIP: perf_iterate_sb_cpu kernel/events/core.c:6364 [inline] RSP:
ffff8801c9fa7b10
RIP: perf_iterate_sb+0x369/0x5d0 kernel/events/core.c:6396 RSP:
ffff8801c9fa7b10
---[ end trace d83f470b3167ea2e ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: b7e40c3d Merge 4.14.75 into android-4.14
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=108b896e400000
kernel config: https://syzkaller.appspot.com/x/.config?x=83372ecdbe063bdb
dashboard link: https://syzkaller.appspot.com/bug?extid=4e7686e9c673887cd7ce
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12544841400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a10359400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+4e7686...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN NOPTI
Modules linked in:
CPU: 0 PID: 1892 Comm: syz-executor964 Not tainted 4.14.75+ #18
task: ffff8801c9972f00 task.stack: ffff8801c9fa0000
RIP: 0010:__pmu_filter_match kernel/events/core.c:1805 [inline]
RIP: 0010:pmu_filter_match kernel/events/core.c:1822 [inline]
RIP: 0010:event_filter_match kernel/events/core.c:1833 [inline]
RIP: 0010:perf_iterate_sb_cpu kernel/events/core.c:6364 [inline]
RIP: 0010:perf_iterate_sb+0x369/0x5d0 kernel/events/core.c:6396
RSP: 0018:ffff8801c9fa7b10 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8801c71f8000 RCX: dffffc0000000000
RDX: 00000000000006ef RSI: dffffc0000000000 RDI: 000000000000377b
RBP: ffff8801c9fa7b48 R08: 0000000000000000 R09: 0000000000000000
R10: ffff8801c9973730 R11: 0000000000000001 R12: ffff8801db82e8d0
R13: ffff8801c71f8020 R14: ffffffff881ecfb0 R15: 0000000000003683
FS: 0000000001cb4880(0000) GS:ffff8801db800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdd9427874 CR3: 00000001c9fb6002 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
perf_event_task+0xe3/0x140 kernel/events/core.c:6634
perf_event_fork+0x18/0x40 kernel/events/core.c:6641
copy_process.part.6+0x33bd/0x6530 kernel/fork.c:1936
copy_process kernel/fork.c:1573 [inline]
_do_fork+0x1c2/0xd50 kernel/fork.c:2054
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x43f9da
RSP: 002b:00007ffdd9427840 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f9da
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffdd9427860 R08: 0000000000000764 R09: 0000000001cb4880
R10: 0000000001cb4b50 R11: 0000000000000246 R12: 0000000000000764
R13: 0000000000401f40 R14: 0000000000000000 R15: 0000000000000000
Code: 48 c1 e8 03 80 3c 30 00 0f 85 e2 01 00 00 48 b8 00 00 00 00 00 fc ff
df 4d 8b 7c 24 78 49 8d bf f8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00
0f 85 c5 01 00 00 4d 8b bf f8 00 00 00 4d 85 ff 74
RIP: __pmu_filter_match kernel/events/core.c:1805 [inline] RSP:
ffff8801c9fa7b10
RIP: pmu_filter_match kernel/events/core.c:1822 [inline] RSP:
ffff8801c9fa7b10
RIP: event_filter_match kernel/events/core.c:1833 [inline] RSP:
ffff8801c9fa7b10
RIP: perf_iterate_sb_cpu kernel/events/core.c:6364 [inline] RSP:
ffff8801c9fa7b10
RIP: perf_iterate_sb+0x369/0x5d0 kernel/events/core.c:6396 RSP:
ffff8801c9fa7b10
---[ end trace d83f470b3167ea2e ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 14, 2019, 4:51:33 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 38f2b4a8 Merge 4.9.132 into android-4.9
syzbot found the following crash on:
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1799e77e400000
kernel config: https://syzkaller.appspot.com/x/.config?x=912079d9e892f390
dashboard link: https://syzkaller.appspot.com/bug?extid=6b9f4012d763fabbdddd
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14559b4e400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1120d34e400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 2118 Comm: syz-executor080 Not tainted 4.9.132+ #51
task: ffff8801cc5c8000 task.stack: ffff8801c4ad0000
RIP: 0010:[<ffffffff813bc513>] [<ffffffff813bc513>] __pmu_filter_match
kernel/events/core.c:1770 [inline]
RIP: 0010:[<ffffffff813bc513>] [<ffffffff813bc513>] pmu_filter_match
kernel/events/core.c:1787 [inline]
RIP: 0010:[<ffffffff813bc513>] [<ffffffff813bc513>] event_filter_match
kernel/events/core.c:1798 [inline]
RIP: 0010:[<ffffffff813bc513>] [<ffffffff813bc513>] perf_iterate_sb_cpu
kernel/events/core.c:6189 [inline]
RIP: 0010:[<ffffffff813bc513>] [<ffffffff813bc513>]
perf_iterate_sb+0x323/0x580 kernel/events/core.c:6221
RSP: 0018:ffff8801c4ad7af0 EFLAGS: 00010203
RAX: 1ffff1003b6c4943 RBX: ffff8801c6a09100 RCX: 1ffffffff05ce880
RDX: 0000000000001786 RSI: ffffffff813bc4eb RDI: 000000000000bc37
RBP: ffff8801c4ad7b38 R08: ffff8801cc5c88d0 R09: 446e255216117b2e
R10: ffff8801cc5c8000 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff8801db6249a0 R14: ffff8801c6a09120 R15: 000000000000bb37
FS: 000000000111e880(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cc150 CR3: 00000001cbb92000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
ffffffff813bc1f0 ffff8801db61e0f8 ffff8801c4ad7b68 ffffffff813c46d0
ffff8801c4ad7bc8 1ffff1003895af69 0000000000000007 0000000000000000
ffff8801c6f00000 ffff8801c4ad7bf0 ffffffff813bc865 0000000041b58ab3
Call Trace:
[<ffffffff813bc865>] perf_event_task+0xf5/0x160 kernel/events/core.c:6459
[<ffffffff813e0c9c>] perf_event_fork+0x1c/0x20 kernel/events/core.c:6466
[<ffffffff810d6746>] copy_process.part.8+0x37a6/0x6a10 kernel/fork.c:1857
[<ffffffff810d9e32>] copy_process kernel/fork.c:1505 [inline]
[<ffffffff810d9e32>] _do_fork+0x1b2/0xd30 kernel/fork.c:1972
[<ffffffff810daa87>] SYSC_clone kernel/fork.c:2084 [inline]
[<ffffffff810daa87>] SyS_clone+0x37/0x50 kernel/fork.c:2078
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff82803953>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: f1 f5 ff 49 8d 7d 78 48 89 f8 48 c1 e8 03 42 80 3c 20 00 0f 85 cd 01
00 00 4d 8b 7d 78 49 8d bf 00 01 00 00 48 89 fa 48 c1 ea 03 <42> 80 3c 22
00 0f 85 ba 01 00 00 4d 8b bf 00 01 00 00 4d 85 ff
RIP [<ffffffff813bc513>] __pmu_filter_match kernel/events/core.c:1770
[inline]
RIP [<ffffffff813bc513>] pmu_filter_match kernel/events/core.c:1787
[inline]
RIP [<ffffffff813bc513>] event_filter_match kernel/events/core.c:1798
[inline]
RIP [<ffffffff813bc513>] perf_iterate_sb_cpu kernel/events/core.c:6189
[inline]
RIP [<ffffffff813bc513>] perf_iterate_sb+0x323/0x580
kernel/events/core.c:6221
RSP <ffff8801c4ad7af0>
---[ end trace e0ca98c959887acb ]---
Reply all
Reply to author
Forward
0 new messages