From: syzbot <syzbot+832ccf42c61e3c63654e@syzkaller.appspotmail.com>
To: acme@kernel.org, alexander.shishkin@linux.intel.com,
bp@alien8.de, hpa@zytor.com, jolsa@redhat.com,
linux-kernel@vger.kernel.org, mark.rutland@arm.com,
mingo@redhat.com, namhyung@kernel.org, peterz@infradead.org,
syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
x86@kernel.org
Subject: KASAN: null-ptr-deref Read in uncore_pmu_event_add
Date: Mon, 04 May 2020 17:56:17 -0700 [thread overview]
Message-ID: <0000000000006ea42405a4dc1d45@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: ac935d22 Add linux-next specific files for 20200415
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17f5743fe00000
kernel config: https://syzkaller.appspot.com/x/.config?x=bc498783097e9019
dashboard link: https://syzkaller.appspot.com/bug?extid=832ccf42c61e3c63654e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10fa7d40100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17bfa540100000
Bisection is inconclusive: the bug happens on the oldest tested release.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16b06540100000
final crash: https://syzkaller.appspot.com/x/report.txt?x=15b06540100000
console output: https://syzkaller.appspot.com/x/log.txt?x=11b06540100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+832ccf42c61e3c63654e@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:56 [inline]
BUG: KASAN: null-ptr-deref in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
BUG: KASAN: null-ptr-deref in uncore_msr_perf_ctr arch/x86/events/intel/uncore.h:335 [inline]
BUG: KASAN: null-ptr-deref in uncore_perf_ctr arch/x86/events/intel/uncore.h:378 [inline]
BUG: KASAN: null-ptr-deref in uncore_assign_hw_event arch/x86/events/intel/uncore.c:230 [inline]
BUG: KASAN: null-ptr-deref in uncore_pmu_event_add+0xa25/0x16d0 arch/x86/events/intel/uncore.c:602
Read of size 8 at addr 0000000000000000 by task syz-executor764/7073
CPU: 0 PID: 7073 Comm: syz-executor764 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
__kasan_report.cold+0x5/0x4d mm/kasan/report.c:515
kasan_report+0x33/0x50 mm/kasan/common.c:625
check_memory_region_inline mm/kasan/generic.c:187 [inline]
check_memory_region+0x141/0x190 mm/kasan/generic.c:193
instrument_atomic_read include/linux/instrumented.h:56 [inline]
test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
uncore_msr_perf_ctr arch/x86/events/intel/uncore.h:335 [inline]
uncore_perf_ctr arch/x86/events/intel/uncore.h:378 [inline]
uncore_assign_hw_event arch/x86/events/intel/uncore.c:230 [inline]
uncore_pmu_event_add+0xa25/0x16d0 arch/x86/events/intel/uncore.c:602
</IRQ>
==================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 7073 Comm: syz-executor764 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
end_report+0x4d/0x53 mm/kasan/report.c:103
__kasan_report.cold+0xd/0x4d mm/kasan/report.c:518
kasan_report+0x33/0x50 mm/kasan/common.c:625
check_memory_region_inline mm/kasan/generic.c:187 [inline]
check_memory_region+0x141/0x190 mm/kasan/generic.c:193
instrument_atomic_read include/linux/instrumented.h:56 [inline]
test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
uncore_msr_perf_ctr arch/x86/events/intel/uncore.h:335 [inline]
uncore_perf_ctr arch/x86/events/intel/uncore.h:378 [inline]
uncore_assign_hw_event arch/x86/events/intel/uncore.c:230 [inline]
uncore_pmu_event_add+0xa25/0x16d0 arch/x86/events/intel/uncore.c:602
</IRQ>
Shutting down cpus with NMI
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
reply other threads:[~2020-05-05 0:56 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000006ea42405a4dc1d45@google.com \
--to=syzbot+832ccf42c61e3c63654e@syzkaller.appspotmail.com \
--cc=acme@kernel.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jolsa@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=namhyung@kernel.org \
--cc=peterz@infradead.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.