| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Aug 2017 09:32:16 +0800
From: kernel test robot <xiaolong.ye@...el.com>
To: Tejun Heo <tj@...nel.org>
Cc: Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Li Zefan <lizefan@...wei.com>,
Johannes Weiner <hannes@...xchg.org>,
LKML <linux-kernel@...r.kernel.org>, Tejun Heo <tj@...nel.org>,
cgroups@...r.kernel.org, lkp@...org
Subject: [lkp-robot] [cgroup] 428ea394a7: BUG:KASAN:null-ptr-deref
FYI, we noticed the following commit:
commit: 428ea394a71d4abfbd23914d58d764ee07d36c7d ("cgroup: Implement cgroup2 basic CPU usage accounting")
https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git review-cgroup2-cpu-on-basic-acct
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -smp 2 -m 512M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------------+------------+------------+
| | 1f88d33de1 | 428ea394a7 |
+-------------------------------------------------------+------------+------------+
| boot_successes | 14 | 4 |
| boot_failures | 0 | 8 |
| BUG:KASAN:slab-out-of-bounds | 0 | 1 |
| BUG:KASAN:null-ptr-deref | 0 | 7 |
| BUG:unable_to_handle_kernel | 0 | 7 |
| Oops:#[##] | 0 | 7 |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 7 |
+-------------------------------------------------------+------------+------------+
[ 0.006666] BUG: KASAN: null-ptr-deref in task_group_account_field+0x50/0x76
[ 0.006666] Read of size 8 at addr 00000000000000b0 by task swapper/0
[ 0.006666]
[ 0.006666] CPU: 0 PID: 0 Comm: swapper Not tainted 4.13.0-rc1-00021-g428ea39 #1
[ 0.006666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 0.006666] Call Trace:
[ 0.006666] <IRQ>
[ 0.006666] dump_stack+0x19/0x1b
[ 0.006666] kasan_report+0x229/0x25f
[ 0.006666] ? task_group_account_field+0x50/0x76
[ 0.006666] ? profile_pc+0x1e/0x1e
[ 0.006666] __asan_load8+0x81/0x83
[ 0.006666] task_group_account_field+0x50/0x76
[ 0.006666] account_system_index_time+0x44/0x4b
[ 0.006666] account_system_time+0x6c/0x72
[ 0.006666] account_process_tick+0x6d/0xc3
[ 0.006666] update_process_times+0x1c/0x4d
[ 0.006666] tick_periodic+0x80/0x83
[ 0.006666] tick_handle_periodic+0x1c/0x69
[ 0.006666] timer_interrupt+0x25/0x2d
[ 0.006666] __handle_irq_event_percpu+0x6c/0x2ab
[ 0.006666] handle_irq_event_percpu+0x1d/0x63
[ 0.006666] handle_irq_event+0x4b/0x79
[ 0.006666] handle_level_irq+0xb8/0x10a
[ 0.006666] handle_irq+0x61/0x68
[ 0.006666] do_IRQ+0x49/0xb1
[ 0.006666] common_interrupt+0x87/0x87
[ 0.006666] RIP: 0010:native_irq_enable+0x6/0x7
[ 0.006666] RSP: 0000:ffffffff81e45f30 EFLAGS: 00000282 ORIG_RAX: ffffffffffffffcf
[ 0.006666] RAX: 1ffffffff03c3c00 RBX: ffffffff820d2f00 RCX: ffffffff8185f4e0
[ 0.006666] RDX: 1ffffffff03f56c1 RSI: 0000000000000007 RDI: ffffffff81e1e55c
[ 0.006666] RBP: ffffffff81e45f38 R08: dffffc0000000000 R09: 0000000000000000
[ 0.006666] R10: ffffed0003c52401 R11: ffff88001e292003 R12: ffffffff81e1e540
[ 0.006666] R13: 0000000000000030 R14: 0000000000000002 R15: 0000000000000000
[ 0.006666] ? __do_softirq+0x50/0x331
[ 0.006666] ? arch_local_irq_enable+0xb/0xd
[ 0.006666] __do_softirq+0x87/0x331
[ 0.006666] ? unmask_irq+0x68/0x75
[ 0.006666] irq_exit+0x63/0x6d
[ 0.006666] do_IRQ+0x9a/0xb1
[ 0.006666] common_interrupt+0x87/0x87
[ 0.006666] RIP: 0010:native_restore_fl+0x6/0x8
[ 0.006666] RSP: 0000:ffffffff81e07dc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffcf
[ 0.006666] RAX: 1ffff10003187400 RBX: ffffffff81e38100 RCX: ffffffff810f0081
[ 0.006666] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000246
[ 0.006666] RBP: ffffffff81e07dc8 R08: dffffc0000000000 R09: 0000000000000000
[ 0.006666] R10: ffffed000310005e R11: ffff8800188002ef R12: ffff880018c3a000
[ 0.006666] R13: ffff880018c3a000 R14: ffffffff81e3813c R15: 0000000000000000
[ 0.006666] </IRQ>
[ 0.006666] ? __setup_irq+0x79d/0x98c
[ 0.006666] arch_local_irq_restore+0xb/0xd
[ 0.006666] __setup_irq+0x7e9/0x98c
[ 0.006666] setup_irq+0x90/0xb1
[ 0.006666] hpet_time_init+0x41/0x44
[ 0.006666] x86_late_time_init+0x16/0x1d
[ 0.006666] start_kernel+0x4ac/0x52e
[ 0.006666] ? early_idt_handler_array+0x120/0x120
[ 0.006666] x86_64_start_reservations+0x2a/0x2c
[ 0.006666] x86_64_start_kernel+0x131/0x13e
[ 0.006666] secondary_startup_64+0x9f/0x9f
[ 0.006666] ==================================================================
[ 0.006666] Disabling lock debugging due to kernel taint
[ 0.006666] BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
[ 0.006666] IP: task_group_account_field+0x50/0x76
[ 0.006666] PGD 0
[ 0.006666] P4D 0
[ 0.006666]
[ 0.006666] Oops: 0000 [#1] KASAN
[ 0.006666] Modules linked in:
[ 0.006666] CPU: 0 PID: 0 Comm: swapper Tainted: G B 4.13.0-rc1-00021-g428ea39 #1
[ 0.006666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 0.006666] task: ffffffff81e1e540 task.stack: ffffffff81e00000
[ 0.006666] RIP: 0010:task_group_account_field+0x50/0x76
[ 0.006666] RSP: 0000:ffffffff81e45c40 EFLAGS: 00010056
[ 0.006666] RAX: ffffffff810d8ffc RBX: 0000000000000000 RCX: ffffffff810e390d
[ 0.006666] RDX: 0000000000000096 RSI: 0000000000000003 RDI: 0000000000000096
[ 0.006666] RBP: ffffffff81e45c58 R08: dffffc0000000000 R09: 0000000000000000
[ 0.006666] R10: fffffbfff03c8b72 R11: ffffffff820d7bba R12: 000000000032dcd5
[ 0.006666] R13: 0000000000000003 R14: ffffffff81030bd8 R15: ffffffff81e45da4
[ 0.006666] FS: 0000000000000000(0000) GS:ffffffff81e3e000(0000) knlGS:0000000000000000
[ 0.006666] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.006666] CR2: 00000000000000b0 CR3: 0000000001e17000 CR4: 00000000000006b0
[ 0.006666] Call Trace:
[ 0.006666] <IRQ>
[ 0.006666] account_system_index_time+0x44/0x4b
[ 0.006666] account_system_time+0x6c/0x72
[ 0.006666] account_process_tick+0x6d/0xc3
[ 0.006666] update_process_times+0x1c/0x4d
[ 0.006666] tick_periodic+0x80/0x83
[ 0.006666] tick_handle_periodic+0x1c/0x69
[ 0.006666] timer_interrupt+0x25/0x2d
[ 0.006666] __handle_irq_event_percpu+0x6c/0x2ab
[ 0.006666] handle_irq_event_percpu+0x1d/0x63
[ 0.006666] handle_irq_event+0x4b/0x79
[ 0.006666] handle_level_irq+0xb8/0x10a
[ 0.006666] handle_irq+0x61/0x68
[ 0.006666] do_IRQ+0x49/0xb1
[ 0.006666] common_interrupt+0x87/0x87
[ 0.006666] RIP: 0010:native_irq_enable+0x6/0x7
[ 0.006666] RSP: 0000:ffffffff81e45f30 EFLAGS: 00000282 ORIG_RAX: ffffffffffffffcf
[ 0.006666] RAX: 1ffffffff03c3c00 RBX: ffffffff820d2f00 RCX: ffffffff8185f4e0
[ 0.006666] RDX: 1ffffffff03f56c1 RSI: 0000000000000007 RDI: ffffffff81e1e55c
[ 0.006666] RBP: ffffffff81e45f38 R08: dffffc0000000000 R09: 0000000000000000
[ 0.006666] R10: ffffed0003c52401 R11: ffff88001e292003 R12: ffffffff81e1e540
[ 0.006666] R13: 0000000000000030 R14: 0000000000000002 R15: 0000000000000000
[ 0.006666] ? __do_softirq+0x50/0x331
[ 0.006666] ? arch_local_irq_enable+0xb/0xd
[ 0.006666] __do_softirq+0x87/0x331
[ 0.006666] ? unmask_irq+0x68/0x75
[ 0.006666] irq_exit+0x63/0x6d
[ 0.006666] do_IRQ+0x9a/0xb1
[ 0.006666] common_interrupt+0x87/0x87
[ 0.006666] RIP: 0010:native_restore_fl+0x6/0x8
[ 0.006666] RSP: 0000:ffffffff81e07dc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffcf
[ 0.006666] RAX: 1ffff10003187400 RBX: ffffffff81e38100 RCX: ffffffff810f0081
[ 0.006666] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000246
[ 0.006666] RBP: ffffffff81e07dc8 R08: dffffc0000000000 R09: 0000000000000000
[ 0.006666] R10: ffffed000310005e R11: ffff8800188002ef R12: ffff880018c3a000
[ 0.006666] R13: ffff880018c3a000 R14: ffffffff81e3813c R15: 0000000000000000
[ 0.006666] </IRQ>
[ 0.006666] ? __setup_irq+0x79d/0x98c
[ 0.006666] arch_local_irq_restore+0xb/0xd
[ 0.006666] __setup_irq+0x7e9/0x98c
[ 0.006666] setup_irq+0x90/0xb1
[ 0.006666] hpet_time_init+0x41/0x44
[ 0.006666] x86_late_time_init+0x16/0x1d
[ 0.006666] start_kernel+0x4ac/0x52e
[ 0.006666] ? early_idt_handler_array+0x120/0x120
[ 0.006666] x86_64_start_reservations+0x2a/0x2c
[ 0.006666] x86_64_start_kernel+0x131/0x13e
[ 0.006666] secondary_startup_64+0x9f/0x9f
[ 0.006666] Code: 8d bf 48 05 00 00 e8 ef 33 10 00 48 8b 9b 48 05 00 00 48 8d 7b 10 e8 df 33 10 00 48 8b 5b 10 48 8d bb b0 00 00 00 e8 cf 33 10 00 <48> 83 bb b0 00 00 00 00 48 8b 55 f0 8b 75 ec 75 0b ff 0d 65 40
[ 0.006666] RIP: task_group_account_field+0x50/0x76 RSP: ffffffff81e45c40
[ 0.006666] CR2: 00000000000000b0
[ 0.006666] ---[ end trace be658dd14e22cef1 ]---
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
View attachment "config-4.13.0-rc1-00021-g428ea39" of type "text/plain" (109713 bytes)
View attachment "job-script" of type "text/plain" (4099 bytes)
Download attachment "dmesg.xz" of type "application/octet-stream" (4776 bytes)
Powered by blists - more mailing lists