general protection fault in perf_iterate_sb
7 views
Skip to first unread message
syzbot
Aug 18, 2019, 5:36:05 PM8/18/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 45f092f9 Linux 4.14.139
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=173037ee600000
kernel config: https://syzkaller.appspot.com/x/.config?x=56ab4cf14cc8892d
dashboard link: https://syzkaller.appspot.com/bug?extid=b764b6656e0466fc179f
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d51f02600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b764b6...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
8021q: adding VLAN 0 to HW filter on device batadv0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 9566 Comm: syz-executor.1 Not tainted 4.14.139 #35
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88808d3425c0 task.stack: ffff888092038000
RIP: 0010:__pmu_filter_match kernel/events/core.c:1800 [inline]
RIP: 0010:pmu_filter_match kernel/events/core.c:1817 [inline]
RIP: 0010:event_filter_match kernel/events/core.c:1828 [inline]
RIP: 0010:event_filter_match kernel/events/core.c:1825 [inline]
RIP: 0010:perf_iterate_sb_cpu kernel/events/core.c:6373 [inline]
RIP: 0010:perf_iterate_sb+0x556/0x8b0 kernel/events/core.c:6405
RSP: 0018:ffff88809203fbd0 EFLAGS: 00010202
RAX: 0000000000000aa0 RBX: dffffc0000000000 RCX: 1ffff11011a685c6
RDX: 0000000000000173 RSI: ffffffff869d2b40 RDI: 0000000000000b98
RBP: ffff88809203fc10 R08: ffff88808d3425c0 R09: 0000000000000001
R10: ffff88809203f900 R11: ffff88808d3425c0 R12: ffff88808bb5ccc0
R13: ffffe8ffffc12a70 R14: ffffffff816b1ea0 R15: ffff88809203fc50
FS: 0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000938fa000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
perf_event_task+0xee/0x140 kernel/events/core.c:6643
perf_event_exit_task+0x7af/0xa80 kernel/events/core.c:10732
do_exit+0x7ef/0x2c10 kernel/exit.c:883
do_group_exit+0x111/0x330 kernel/exit.c:977
SYSC_exit_group kernel/exit.c:988 [inline]
SyS_exit_group+0x1d/0x20 kernel/exit.c:986
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007fffd1c5fa68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459829
RDX: 0000000000413511 RSI: fffffffffffffff7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffff R09: 00007fffd1c5fac0
R10: 0000000000763238 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fffd1c5fac0 R14: 0000000000000000 R15: 00007fffd1c5fad0
Code: f1 30 f1 ff 49 8d 7d 78 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 1a 02
00 00 49 8b 45 78 48 8d b8 f8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 1a 00
0f 85 08 02 00 00 48 8b 80 f8 00 00 00 48 85 c0 74
RIP: __pmu_filter_match kernel/events/core.c:1800 [inline] RSP:
ffff88809203fbd0
RIP: pmu_filter_match kernel/events/core.c:1817 [inline] RSP:
ffff88809203fbd0
RIP: event_filter_match kernel/events/core.c:1828 [inline] RSP:
ffff88809203fbd0
RIP: event_filter_match kernel/events/core.c:1825 [inline] RSP:
ffff88809203fbd0
RIP: perf_iterate_sb_cpu kernel/events/core.c:6373 [inline] RSP:
ffff88809203fbd0
RIP: perf_iterate_sb+0x556/0x8b0 kernel/events/core.c:6405 RSP:
ffff88809203fbd0
---[ end trace 790e3252f7f7f320 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 45f092f9 Linux 4.14.139
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=173037ee600000
kernel config: https://syzkaller.appspot.com/x/.config?x=56ab4cf14cc8892d
dashboard link: https://syzkaller.appspot.com/bug?extid=b764b6656e0466fc179f
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d51f02600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b764b6...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
8021q: adding VLAN 0 to HW filter on device batadv0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 9566 Comm: syz-executor.1 Not tainted 4.14.139 #35
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88808d3425c0 task.stack: ffff888092038000
RIP: 0010:__pmu_filter_match kernel/events/core.c:1800 [inline]
RIP: 0010:pmu_filter_match kernel/events/core.c:1817 [inline]
RIP: 0010:event_filter_match kernel/events/core.c:1828 [inline]
RIP: 0010:event_filter_match kernel/events/core.c:1825 [inline]
RIP: 0010:perf_iterate_sb_cpu kernel/events/core.c:6373 [inline]
RIP: 0010:perf_iterate_sb+0x556/0x8b0 kernel/events/core.c:6405
RSP: 0018:ffff88809203fbd0 EFLAGS: 00010202
RAX: 0000000000000aa0 RBX: dffffc0000000000 RCX: 1ffff11011a685c6
RDX: 0000000000000173 RSI: ffffffff869d2b40 RDI: 0000000000000b98
RBP: ffff88809203fc10 R08: ffff88808d3425c0 R09: 0000000000000001
R10: ffff88809203f900 R11: ffff88808d3425c0 R12: ffff88808bb5ccc0
R13: ffffe8ffffc12a70 R14: ffffffff816b1ea0 R15: ffff88809203fc50
FS: 0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000938fa000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
perf_event_task+0xee/0x140 kernel/events/core.c:6643
perf_event_exit_task+0x7af/0xa80 kernel/events/core.c:10732
do_exit+0x7ef/0x2c10 kernel/exit.c:883
do_group_exit+0x111/0x330 kernel/exit.c:977
SYSC_exit_group kernel/exit.c:988 [inline]
SyS_exit_group+0x1d/0x20 kernel/exit.c:986
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459829
RSP: 002b:00007fffd1c5fa68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459829
RDX: 0000000000413511 RSI: fffffffffffffff7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffff R09: 00007fffd1c5fac0
R10: 0000000000763238 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fffd1c5fac0 R14: 0000000000000000 R15: 00007fffd1c5fad0
Code: f1 30 f1 ff 49 8d 7d 78 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 1a 02
00 00 49 8b 45 78 48 8d b8 f8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 1a 00
0f 85 08 02 00 00 48 8b 80 f8 00 00 00 48 85 c0 74
RIP: __pmu_filter_match kernel/events/core.c:1800 [inline] RSP:
ffff88809203fbd0
RIP: pmu_filter_match kernel/events/core.c:1817 [inline] RSP:
ffff88809203fbd0
RIP: event_filter_match kernel/events/core.c:1828 [inline] RSP:
ffff88809203fbd0
RIP: event_filter_match kernel/events/core.c:1825 [inline] RSP:
ffff88809203fbd0
RIP: perf_iterate_sb_cpu kernel/events/core.c:6373 [inline] RSP:
ffff88809203fbd0
RIP: perf_iterate_sb+0x556/0x8b0 kernel/events/core.c:6405 RSP:
ffff88809203fbd0
---[ end trace 790e3252f7f7f320 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages