lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 19 Sep 2018 11:16:30 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     Xin Lin <18650033736@....com>
Cc:     linux-kernel@...r.kernel.org, Xin Lin <18650033736@....com>,
        lkp@...org
Subject: [LKP] [kernel] 7b00cf1438: BUG:unable_to_handle_kernel

FYI, we noticed the following commit (built with gcc-7):

commit: 7b00cf1438939b7138bff621ebd908adb97a7e9a ("[PATCH] kernel: prevent submission of creds with higher privileges inside container")
url: https://github.com/0day-ci/linux/commits/My-Name/kernel-prevent-submission-of-creds-with-higher-privileges-inside-container/20180915-051650


in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -m 256M

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+----------------------------------------------------+------------+------------+
|                                                    | f3c0b8ce48 | 7b00cf1438 |
+----------------------------------------------------+------------+------------+
| boot_successes                                     | 0          | 0          |
| boot_failures                                      | 11         | 10         |
| WARNING:at_mm/page_alloc.c:#__alloc_pages_nodemask | 11         | 10         |
| RIP:__alloc_pages_nodemask                         | 11         | 10         |
| Mem-Info                                           | 11         | 10         |
| WARNING:at_lib/debugobjects.c:#__debug_object_init | 11         | 10         |
| RIP:__debug_object_init                            | 11         | 10         |
| BUG:unable_to_handle_kernel                        | 0          | 10         |
| Oops:#[##]                                         | 0          | 10         |
| RIP:commit_creds                                   | 0          | 10         |
| Kernel_panic-not_syncing:Fatal_exception           | 0          | 10         |
+----------------------------------------------------+------------+------------+



[   18.834644] BUG: unable to handle kernel NULL pointer dereference at 0000000000000858
[   18.835981] PGD 0 P4D 0 
[   18.836440] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[   18.837332] CPU: 0 PID: 1 Comm: init Tainted: G        W         4.19.0-rc3-00248-g7b00cf1 #1
[   18.838783] RIP: 0010:commit_creds+0x86/0x3b5
[   18.839543] Code: b8 b0 01 00 00 fe ff ff ef 74 16 e8 6d 1e 08 00 8b 43 14 39 45 14 0f 83 a7 00 00 00 e9 25 03 00 00 e8 57 1e 08 00 49 8b 45 10 <81> b8 58 08 00 00 ff ff ff ef 75 d5 e8 42 1e 08 00 49 8b 45 18 81
[   18.842689] RSP: 0000:ffff88000ec37cf8 EFLAGS: 00010293
[   18.843585] RAX: 0000000000000000 RBX: ffff88000ec23600 RCX: ffff88000ec30000
[   18.844795] RDX: 0000000000000001 RSI: ffffffff810f8280 RDI: 0000000000000246
[   18.846006] RBP: ffff88000df90b40 R08: ffff88000ec30b80 R09: 00000000e7627858
[   18.847215] R10: 00000000ccc7e984 R11: 000000003a478b6c R12: ffff88000ec30000
[   18.848431] R13: ffffffff82847080 R14: 0000000000000008 R15: 0000000000000000
[   18.849643] FS:  0000000000000000(0000) GS:ffff88000f000000(0000) knlGS:0000000000000000
[   18.851012] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   18.851995] CR2: 0000000000000858 CR3: 000000000ca60000 CR4: 00000000000406f0
[   18.853211] Call Trace:
[   18.853655]  install_exec_creds+0x15/0x6d
[   18.854346]  load_elf_binary+0x428/0x1288
[   18.855042]  ? kvm_sched_clock_read+0x5/0xd
[   18.855773]  ? check_preemption_disabled+0x10d/0x116
[   18.856625]  search_binary_handler+0x6f/0xfe
[   18.857364]  load_script+0x24d/0x263
[   18.857987]  search_binary_handler+0x6f/0xfe
[   18.858727]  __do_execve_file+0x66a/0x87f
[   18.859529]  do_execve+0x30/0x37
[   18.860090]  kernel_init+0x6d/0x13d
[   18.860698]  ? rest_init+0x14e/0x14e
[   18.861317]  ret_from_fork+0x1f/0x30
[   18.861940] CR2: 0000000000000858
[   18.862625] ---[ end trace ec415db54a2fdc9c ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Rong Chen

View attachment "config-4.19.0-rc3-00248-g7b00cf1" of type "text/plain" (126372 bytes)

View attachment "job-script" of type "text/plain" (3972 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (17572 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ