lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 1 Jun 2018 14:17:09 +0800
From:   kernel test robot <xiaolong.ye@...el.com>
To:     ufo19890607 <ufo19890607@...il.com>
Cc:     akpm@...ux-foundation.org, mhocko@...e.com, rientjes@...gle.com,
        kirill.shutemov@...ux.intel.com, aarcange@...hat.com,
        penguin-kernel@...ove.SAKURA.ne.jp, guro@...com,
        yang.s@...baba-inc.com, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, ufo19890607 <ufo19890607@...il.com>,
        lkp@...org
Subject: [lkp-robot] 6c2f089158: BUG:KASAN:null-ptr-deref_in_m


FYI, we noticed the following commit (built with gcc-6):

commit: 6c2f08915886cda1668ace606660f72917ce1f71 ("Refactor part of the oom report in dump_header")
ERROR# 1:

in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 1G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------------------------------+------------+------------+
|                                                                  | bee797529d | 6c2f089158 |
+------------------------------------------------------------------+------------+------------+
| boot_successes                                                   | 4          | 3          |
| boot_failures                                                    | 12         | 13         |
| invoked_oom-killer:gfp_mask=0x                                   | 12         | 12         |
| Mem-Info                                                         | 12         | 1          |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 12         |            |
| BUG:KASAN:null-ptr-deref_in_m                                    | 0          | 12         |
| BUG:unable_to_handle_kernel                                      | 0          | 12         |
| Oops:#[##]                                                       | 0          | 12         |
| RIP:mem_cgroup_print_oom_context                                 | 0          | 12         |
| Kernel_panic-not_syncing:Fatal_exception                         | 0          | 12         |
| Out_of_memory:Kill_process                                       | 0          | 1          |
+------------------------------------------------------------------+------------+------------+



[   43.710081] BUG: KASAN: null-ptr-deref in mem_cgroup_print_oom_context+0x90/0x203
[   43.710674] Read of size 8 at addr 0000000000000710 by task swapper/0/1
[   43.713611] 
[   43.713611] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.17.0-rc6-00159-g6c2f089 #1
[   43.713611] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   43.713611] Call Trace:
[   43.713611]  show_stack+0x6e/0x71
[   43.713611]  dump_stack+0x133/0x1c8
[   43.713611]  ? mem_cgroup_print_oom_context+0x90/0x203
[   43.713611]  kasan_report+0x313/0x35d
[   43.713611]  __asan_load8+0x7f/0x81
[   43.723539]  mem_cgroup_print_oom_context+0x90/0x203
[   43.723539]  dump_header+0x149/0x4cc
[   43.723539]  out_of_memory+0x5a1/0x665
[   43.723539]  ? unregister_oom_notifier+0x1a/0x1a
[   43.723539]  ? __alloc_pages_slowpath+0x119c/0x184f
[   43.723539]  __alloc_pages_slowpath+0x13dc/0x184f
[   43.723539]  ? get_page_from_freelist+0x17ba/0x18cf
[   43.723539]  ? __alloc_pages_cpuset_fallback+0x74/0x74
[   43.733564]  ? __asan_loadN+0xf/0x11
[   43.733564]  __alloc_pages_nodemask+0x384/0x560
[   43.733564]  ? __alloc_pages_slowpath+0x184f/0x184f
[   43.733564]  ? _find_next_bit+0x12f/0x1be
[   43.733564]  ? __asan_loadN+0xf/0x11
[   43.733564]  ? trace_irq_enable_rcuidle+0x3a/0x117
[   43.733564]  cache_grow_begin+0xe0/0x45e
[   43.733564]  fallback_alloc+0x1f3/0x27d
[   43.733564]  ____cache_alloc_node+0x16e/0x17b
[   43.743553]  kmem_cache_alloc_trace+0xe7/0x20f
[   43.743553]  maybe_link+0x1ff/0x307
[   43.743553]  do_name+0x10a/0x507
[   43.743553]  ? write_buffer+0x31/0x4c
[   43.743553]  write_buffer+0x39/0x4c
[   43.743553]  flush_buffer+0x63/0x143
[   43.743553]  __gunzip+0x65a/0x82e
[   43.743553]  ? decompress_method+0x147/0x147
[   43.743553]  ? error+0x51/0x51
[   43.753558]  gunzip+0x11/0x13
[   43.753558]  ? do_start+0x23/0x23
[   43.753558]  unpack_to_rootfs+0x2d8/0x5b5
[   43.753558]  ? do_start+0x23/0x23
[   43.753558]  ? printk+0x3a/0xc3
[   43.753558]  ? __gunzip+0x82e/0x82e
[   43.753558]  ? do_collect+0xc7/0xc7
[   43.753558]  populate_rootfs+0xf4/0x2fd
[   43.753558]  ? unpack_to_rootfs+0x5b5/0x5b5
[   43.763573]  do_one_initcall+0x1bf/0x47d
[   43.763573]  ? start_kernel+0x7f2/0x7f2
[   43.763573]  ? __asan_loadN+0xf/0x11
[   43.763573]  ? __asan_loadN+0xf/0x11
[   43.763573]  ? do_early_param+0x119/0x119
[   43.763573]  kernel_init_freeable+0x1d4/0x2e7
[   43.763573]  ? rest_init+0xdd/0xdd
[   43.763573]  kernel_init+0x11/0x20e
[   43.773471]  ? rest_init+0xdd/0xdd
[   43.773566]  ret_from_fork+0x24/0x30
[   43.773566] ==================================================================
[   43.773566] Disabling lock debugging due to kernel taint
[   43.780696] BUG: unable to handle kernel NULL pointer dereference at 0000000000000710
[   43.782654] PGD 0 P4D 0 
[   43.783382] Oops: 0000 [#1] SMP KASAN PTI
[   43.783737] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G    B             4.17.0-rc6-00159-g6c2f089 #1
[   43.783737] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   43.783737] RIP: 0010:mem_cgroup_print_oom_context+0x90/0x203
[   43.783737] RSP: 0000:ffff88000f4d7648 EFLAGS: 00010296
[   43.793615] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff812d6701
[   43.793615] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000246
[   43.793615] RBP: ffff88000f4d7678 R08: fffffbfff0f2c7e4 R09: fffffbfff0f2c7e3
[   43.793615] R10: 0000000000000000 R11: ffffffff87963f1f R12: 0000000000000000
[   43.793615] R13: 0000000000000002 R14: 0000000000000000 R15: 0000000000000000
[   43.793615] FS:  0000000000000000(0000) GS:ffff88002cd00000(0000) knlGS:0000000000000000
[   43.803595] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.803595] CR2: 0000000000000710 CR3: 0000000006236000 CR4: 00000000000006e0
[   43.803595] Call Trace:
[   43.803595]  dump_header+0x149/0x4cc
[   43.803595]  out_of_memory+0x5a1/0x665
[   43.803595]  ? unregister_oom_notifier+0x1a/0x1a
[   43.803595]  ? __alloc_pages_slowpath+0x119c/0x184f
[   43.803595]  __alloc_pages_slowpath+0x13dc/0x184f
[   43.803595]  ? get_page_from_freelist+0x17ba/0x18cf
[   43.813619]  ? __alloc_pages_cpuset_fallback+0x74/0x74
[   43.813619]  ? __asan_loadN+0xf/0x11
[   43.813619]  __alloc_pages_nodemask+0x384/0x560
[   43.813619]  ? __alloc_pages_slowpath+0x184f/0x184f
[   43.813619]  ? _find_next_bit+0x12f/0x1be
[   43.813619]  ? __asan_loadN+0xf/0x11
[   43.813619]  ? trace_irq_enable_rcuidle+0x3a/0x117
[   43.813619]  cache_grow_begin+0xe0/0x45e
[   43.813619]  fallback_alloc+0x1f3/0x27d
[   43.813619]  ____cache_alloc_node+0x16e/0x17b
[   43.823627]  kmem_cache_alloc_trace+0xe7/0x20f
[   43.823627]  maybe_link+0x1ff/0x307
[   43.823627]  do_name+0x10a/0x507
[   43.823627]  ? write_buffer+0x31/0x4c
[   43.823627]  write_buffer+0x39/0x4c
[   43.823627]  flush_buffer+0x63/0x143
[   43.823627]  __gunzip+0x65a/0x82e
[   43.823627]  ? decompress_method+0x147/0x147
[   43.823627]  ? error+0x51/0x51
[   43.823627]  gunzip+0x11/0x13
[   43.833595]  ? do_start+0x23/0x23
[   43.833595]  unpack_to_rootfs+0x2d8/0x5b5
[   43.833595]  ? do_start+0x23/0x23
[   43.833595]  ? printk+0x3a/0xc3
[   43.833595]  ? __gunzip+0x82e/0x82e
[   43.833595]  ? do_collect+0xc7/0xc7
[   43.833595]  populate_rootfs+0xf4/0x2fd
[   43.833595]  ? unpack_to_rootfs+0x5b5/0x5b5
[   43.833595]  do_one_initcall+0x1bf/0x47d
[   43.833595]  ? start_kernel+0x7f2/0x7f2
[   43.833595]  ? __asan_loadN+0xf/0x11
[   43.843603]  ? __asan_loadN+0xf/0x11
[   43.843603]  ? do_early_param+0x119/0x119
[   43.843603]  kernel_init_freeable+0x1d4/0x2e7
[   43.843603]  ? rest_init+0xdd/0xdd
[   43.843603]  kernel_init+0x11/0x20e
[   43.843603]  ? rest_init+0xdd/0xdd
[   43.843603]  ret_from_fork+0x24/0x30
[   43.843603] Code: e8 45 33 ff ff 49 8b bd 10 01 00 00 b9 00 10 00 00 48 c7 c2 c0 c8 a8 88 31 f6 e8 3b 69 12 00 48 8d bb 10 07 00 00 e8 1f 33 ff ff <4c> 8b ab 10 07 00 00 49 8d 7d 10 e8 0f 33 ff ff 4d 8b 6d 10 4c 
[   43.853611] RIP: mem_cgroup_print_oom_context+0x90/0x203 RSP: ffff88000f4d7648
[   43.853611] CR2: 0000000000000710
[   43.853611] random: get_random_bytes called from init_oops_id+0x51/0x64 with crng_init=0
[   43.853611] ---[ end trace 0d0e0f91afa36bfe ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Xiaolong

View attachment "config-4.17.0-rc6-00159-g6c2f089" of type "text/plain" (131082 bytes)

View attachment "job-script" of type "text/plain" (3960 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (9144 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ