* general protection fault in propagate_entity_cfs_rq
@ 2018-07-13 2:59 syzbot
2019-11-07 13:42 ` syzbot
0 siblings, 1 reply; 4+ messages in thread
From: syzbot @ 2018-07-13 2:59 UTC (permalink / raw)
To: andy.shevchenko, douly.fnst, hpa, jgross, linux-kernel, mingo,
syzkaller-bugs, tglx, ville.syrjala, x86
Hello,
syzbot found the following crash on:
HEAD commit: 6fd066604123 Merge branch 'bpf-arm-jit-improvements'
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11e92678400000
kernel config: https://syzkaller.appspot.com/x/.config?x=a501a01deaf0fe9
dashboard link: https://syzkaller.appspot.com/bug?extid=2e37f794f31be5667a88
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=1014db94400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11f81e78400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2e37f794f31be5667a88@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.18.0-rc3+ #51
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:propagate_entity_cfs_rq.isra.70+0x199/0x20c0
kernel/sched/fair.c:10039
Code: 0d 02 00 00 48 c7 c0 60 70 2a 89 48 89 f9 48 c1 e8 03 48 01 d8 48 89
85 28 fb ff ff 4c 8d a9 58 01 00 00 4c 89 e8 48 c1 e8 03 <80> 3c 18 00 0f
85 5e 11 00 00 4c 8b a1 58 01 00 00 0f 1f 44 00 00
RSP: 0018:ffff8801daf06c90 EFLAGS: 00010003
RAX: 03fffe20074fc1d0 RBX: dffffc0000000000 RCX: 1ffff1003a7e0d2c
RDX: 1ffff1003a7e0d2a RSI: 1ffff1003b5e0e7f RDI: 1ffff1003a7e0d2c
RBP: ffff8801daf071a0 R08: ffff8801dae2cbc0 R09: 1ffffffff11a25cc
R10: 00000000019d6e0b R11: 0000000000000000 R12: 1ffff1003b5e0e3b
R13: 1ffff1003a7e0e84 R14: ffff8801d3f06800 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1b24d7e78 CR3: 00000001ab04b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
detach_entity_cfs_rq+0x6e3/0xf50 kernel/sched/fair.c:10059
migrate_task_rq_fair+0xba/0x290 kernel/sched/fair.c:6709
set_task_cpu+0x131/0x770 kernel/sched/core.c:1194
detach_task.isra.89+0xdb/0x150 kernel/sched/fair.c:7438
detach_tasks kernel/sched/fair.c:7525 [inline]
load_balance+0xf0b/0x3640 kernel/sched/fair.c:8884
rebalance_domains+0x82a/0xd90 kernel/sched/fair.c:9262
run_rebalance_domains+0x365/0x4c0 kernel/sched/fair.c:9884
__do_softirq+0x2e8/0xb17 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x1d1/0x200 kernel/softirq.c:408
exiting_irq arch/x86/include/asm/apic.h:527 [inline]
smp_apic_timer_interrupt+0x186/0x730 arch/x86/kernel/apic/apic.c:1052
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
</IRQ>
RIP: 0010:native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:54
Code: c7 48 89 45 d8 e8 5a 04 24 fa 48 8b 45 d8 e9 d2 fe ff ff 48 89 df e8
49 04 24 fa eb 8a 90 90 90 90 90 90 90 55 48 89 e5 fb f4 <5d> c3 0f 1f 84
00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90
RSP: 0018:ffff8801d9af7c38 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: 1ffff1003b35ef8a RCX: ffffffff81667982
RDX: 1ffffffff11e3610 RSI: 0000000000000004 RDI: ffffffff88f1b080
RBP: ffff8801d9af7c38 R08: ffffed003b5e46d7 R09: ffffed003b5e46d6
R10: ffffed003b5e46d6 R11: ffff8801daf236b3 R12: 0000000000000001
R13: ffff8801d9af7cf0 R14: ffffffff899edd20 R15: 0000000000000000
arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]
default_idle+0xc7/0x450 arch/x86/kernel/process.c:500
arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:491
default_idle_call+0x6d/0x90 kernel/sched/idle.c:93
cpuidle_idle_call kernel/sched/idle.c:153 [inline]
do_idle+0x3aa/0x570 kernel/sched/idle.c:262
cpu_startup_entry+0x10c/0x120 kernel/sched/idle.c:368
start_secondary+0x433/0x5d0 arch/x86/kernel/smpboot.c:265
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:242
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
---[ end trace cb0cd83b57bb4bba ]---
RIP: 0010:propagate_entity_cfs_rq.isra.70+0x199/0x20c0
kernel/sched/fair.c:10039
Code: 0d 02 00 00 48 c7 c0 60 70 2a 89 48 89 f9 48 c1 e8 03 48 01 d8 48 89
85 28 fb ff ff 4c 8d a9 58 01 00 00 4c 89 e8 48 c1 e8 03 <80> 3c 18 00 0f
85 5e 11 00 00 4c 8b a1 58 01 00 00 0f 1f 44 00 00
RSP: 0018:ffff8801daf06c90 EFLAGS: 00010003
RAX: 03fffe20074fc1d0 RBX: dffffc0000000000 RCX: 1ffff1003a7e0d2c
RDX: 1ffff1003a7e0d2a RSI: 1ffff1003b5e0e7f RDI: 1ffff1003a7e0d2c
RBP: ffff8801daf071a0 R08: ffff8801dae2cbc0 R09: 1ffffffff11a25cc
R10: 00000000019d6e0b R11: 0000000000000000 R12: 1ffff1003b5e0e3b
R13: 1ffff1003a7e0e84 R14: ffff8801d3f06800 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb1b24d7e78 CR3: 00000001ab04b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: general protection fault in propagate_entity_cfs_rq
2018-07-13 2:59 general protection fault in propagate_entity_cfs_rq syzbot
@ 2019-11-07 13:42 ` syzbot
2019-11-07 14:58 ` Willem de Bruijn
0 siblings, 1 reply; 4+ messages in thread
From: syzbot @ 2019-11-07 13:42 UTC (permalink / raw)
To: allison, andy.shevchenko, davem, douly.fnst, gregkh, hpa, info,
jbenc, jgross, kstewart, linux-kernel, mingo, netdev,
syzkaller-bugs, tglx, ville.syrjala, willemb, x86
syzbot suspects this bug was fixed by commit:
commit bab2c80e5a6c855657482eac9e97f5f3eedb509a
Author: Willem de Bruijn <willemb@google.com>
Date: Wed Jul 11 16:00:44 2018 +0000
nsh: set mac len based on inner packet
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=170cc89c600000
start commit: 6fd06660 Merge branch 'bpf-arm-jit-improvements'
git tree: bpf-next
kernel config: https://syzkaller.appspot.com/x/.config?x=a501a01deaf0fe9
dashboard link: https://syzkaller.appspot.com/bug?extid=2e37f794f31be5667a88
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1014db94400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11f81e78400000
If the result looks correct, please mark the bug fixed by replying with:
#syz fix: nsh: set mac len based on inner packet
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: general protection fault in propagate_entity_cfs_rq
2019-11-07 13:42 ` syzbot
@ 2019-11-07 14:58 ` Willem de Bruijn
2019-11-07 15:16 ` Willem de Bruijn
0 siblings, 1 reply; 4+ messages in thread
From: Willem de Bruijn @ 2019-11-07 14:58 UTC (permalink / raw)
To: syzbot
Cc: allison, andy.shevchenko, David Miller, douly.fnst,
Greg Kroah-Hartman, HPA, info, Jiri Benc, jgross, kstewart,
linux-kernel, mingo, Network Development, syzkaller-bugs, tglx,
ville.syrjala, x86
On Thu, Nov 7, 2019 at 8:42 AM syzbot
<syzbot+2e37f794f31be5667a88@syzkaller.appspotmail.com> wrote:
>
> syzbot suspects this bug was fixed by commit:
>
> commit bab2c80e5a6c855657482eac9e97f5f3eedb509a
> Author: Willem de Bruijn <willemb@google.com>
> Date: Wed Jul 11 16:00:44 2018 +0000
>
> nsh: set mac len based on inner packet
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=170cc89c600000
> start commit: 6fd06660 Merge branch 'bpf-arm-jit-improvements'
> git tree: bpf-next
> kernel config: https://syzkaller.appspot.com/x/.config?x=a501a01deaf0fe9
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e37f794f31be5667a88
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1014db94400000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11f81e78400000
>
> If the result looks correct, please mark the bug fixed by replying with:
>
> #syz fix: nsh: set mac len based on inner packet
#syz fix: nsh: set mac len based on inner packet
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: general protection fault in propagate_entity_cfs_rq
2019-11-07 14:58 ` Willem de Bruijn
@ 2019-11-07 15:16 ` Willem de Bruijn
0 siblings, 0 replies; 4+ messages in thread
From: Willem de Bruijn @ 2019-11-07 15:16 UTC (permalink / raw)
To: Willem de Bruijn
Cc: syzbot, allison, andy.shevchenko, David Miller, douly.fnst,
Greg Kroah-Hartman, HPA, info, Jiri Benc, jgross, Kate Stewart,
linux-kernel, mingo, Network Development, syzkaller-bugs, tglx,
ville.syrjala, x86
On Thu, Nov 7, 2019 at 9:58 AM Willem de Bruijn
<willemdebruijn.kernel@gmail.com> wrote:
>
> On Thu, Nov 7, 2019 at 8:42 AM syzbot
> <syzbot+2e37f794f31be5667a88@syzkaller.appspotmail.com> wrote:
> >
> > syzbot suspects this bug was fixed by commit:
> >
> > commit bab2c80e5a6c855657482eac9e97f5f3eedb509a
> > Author: Willem de Bruijn <willemb@google.com>
> > Date: Wed Jul 11 16:00:44 2018 +0000
> >
> > nsh: set mac len based on inner packet
> >
> > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=170cc89c600000
> > start commit: 6fd06660 Merge branch 'bpf-arm-jit-improvements'
> > git tree: bpf-next
> > kernel config: https://syzkaller.appspot.com/x/.config?x=a501a01deaf0fe9
> > dashboard link: https://syzkaller.appspot.com/bug?extid=2e37f794f31be5667a88
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1014db94400000
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11f81e78400000
> >
> > If the result looks correct, please mark the bug fixed by replying with:
> >
> > #syz fix: nsh: set mac len based on inner packet
>
> #syz fix: nsh: set mac len based on inner packet
The stack traces in both the bisection log and my manual run, when
running the linked reproducer, differ from the one in the dashboard.
Those more obviously include nsh functions. The trace in the dashboard
does not and sees a GPF in propagate_entity_cfs_rq, which does not
immediately appear related. That said, it is reported only once over a
year ago, so probably still preferable to close. A new report will be
opened if incorrect.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-07 15:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-13 2:59 general protection fault in propagate_entity_cfs_rq syzbot
2019-11-07 13:42 ` syzbot
2019-11-07 14:58 ` Willem de Bruijn
2019-11-07 15:16 ` Willem de Bruijn
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).