lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 8 Jun 2021 18:45:46 +0000
From:   Martin Raiber <martin@...ackup.org>
To:     Minchan Kim <minchan@...nel.org>, Nitin Gupta <ngupta@...are.org>,
        linux-kernel@...r.kernel.org
Subject: zram: NULL pointer dereference in zs_malloc 5.10.y

Hi,

just saw this again on 5.10.y, seems to be present since a while (see 
https://bugzilla.kernel.org/show_bug.cgi?id=209153 but ignore the 
unrelated btrfs issues):

Jun  8 04:15:40  kernel: [3557647.536760] BUG: kernel NULL pointer 
dereference, address: 0000000000000000
Jun  8 04:15:40  kernel: [3557647.536785] #PF: supervisor read access in 
kernel mode
Jun  8 04:15:40  kernel: [3557647.536797] #PF: error_code(0x0000) - 
not-present page
Jun  8 04:15:40  kernel: [3557647.536809] PGD 0 P4D 0
Jun  8 04:15:40  kernel: [3557647.536818] Oops: 0000 [#1] SMP PTI
Jun  8 04:15:40  kernel: [3557647.536828] CPU: 0 PID: 3448227 Comm: 
kworker/u256:13 Not tainted 5.10.26 #1
Jun  8 04:15:40  kernel: [3557647.536843] Hardware name: Microsoft 
Corporation Virtual Machine/Virtual Machine, BIOS 090007 05/18/2018
Jun  8 04:15:40  kernel: [3557647.536867] Workqueue: writeback wb_workfn 
(flush-252:1)
Jun  8 04:15:40  kernel: [3557647.537416] RIP: 0010:obj_malloc+0x35/0xf0
Jun  8 04:15:40  kernel: [3557647.537953] Code: 49 89 f1 48 83 ca 01 41 
8b 48 48 49 8b 41 10 49 89 d2 0f af cf 89 ce 41 89 cb c1 fe 0c 41 81 e$
Jun  8 04:15:40  kernel: [3557647.538562] RSP: 0018:ffffc9003a16b830 
EFLAGS: 00010206
Jun  8 04:15:40  kernel: [3557647.538562] RAX: 0000000000000000 RBX: 
ffff88817a6df000 RCX: 02ffff8000000000
Jun  8 04:15:40  kernel: [3557647.538562] RDX: 0000000000000001 RSI: 
000000000003f085 RDI: 000000000fb67d15
Jun  8 04:15:40  kernel: [3557647.538562] RBP: ffff888105d27380 R08: 
ffff888136079680 R09: ffff8881bb656d80
Jun  8 04:15:40  kernel: [3557647.538562] R10: ffff888105d27381 R11: 
0000000000000720 R12: 000000000000280a
Jun  8 04:15:40  kernel: [3557647.538562] R13: ffff888136079680 R14: 
0000000000002800 R15: ffff8881bb656d80
Jun  8 04:15:40  kernel: [3557647.538562] FS: 0000000000000000(0000) 
GS:ffff8897c5e00000(0000) knlGS:0000000000000000
Jun  8 04:15:40  kernel: [3557647.538562] CS:  0010 DS: 0000 ES: 0000 
CR0: 0000000080050033
Jun  8 04:15:40  kernel: [3557647.538562] CR2: 0000000000000000 CR3: 
0000000141d6c004 CR4: 00000000001706f0
Jun  8 04:15:40  kernel: [3557647.538562] Call Trace:
Jun  8 04:15:40  kernel: [3557647.538562]  zs_malloc+0x1d0/0x440
Jun  8 04:15:40  kernel: [3557647.538562] 
zram_bvec_rw.constprop.0.isra.0+0x363/0x610 [zram]
Jun  8 04:15:40  kernel: [3557647.549338] zram_submit_bio+0x199/0x351 [zram]
Jun  8 04:15:40  kernel: [3557647.549637] submit_bio_noacct+0x116/0x4e0
Jun  8 04:15:40  kernel: [3557647.549637] ext4_io_submit+0x49/0x60
Jun  8 04:15:40  kernel: [3557647.549637] ext4_writepages+0x562/0xfc0
Jun  8 04:15:40  kernel: [3557647.549637]  ? 
pagevec_lookup_range_tag+0x24/0x30
Jun  8 04:15:40  kernel: [3557647.549637]  ? write_cache_pages+0xaf/0x3d0
Jun  8 04:15:40  kernel: [3557647.549637]  ? __wb_calc_thresh+0x120/0x120
Jun  8 04:15:40  kernel: [3557647.549637]  ? 
change_mnt_propagation+0x80/0x2b0
Jun  8 04:15:40  kernel: [3557647.554585]  do_writepages+0x34/0xc0
Jun  8 04:15:40  kernel: [3557647.555157]  ? ext4_write_inode+0x13d/0x1c0
Jun  8 04:15:40  kernel: [3557647.555157] 
__writeback_single_inode+0x39/0x2a0
Jun  8 04:15:40  kernel: [3557647.555157] writeback_sb_inodes+0x200/0x470
Jun  8 04:15:40  kernel: [3557647.555157] __writeback_inodes_wb+0x4c/0xe0
Jun  8 04:15:40  kernel: [3557647.555157] wb_writeback+0x1d8/0x290
Jun  8 04:15:40  kernel: [3557647.555157]  wb_workfn+0x2d5/0x4d0
Jun  8 04:15:40  kernel: [3557647.555157]  ? check_preempt_curr+0x4f/0x60
Jun  8 04:15:40  kernel: [3557647.555157]  ? ttwu_do_wakeup+0x17/0x130
Jun  8 04:15:40  kernel: [3557647.555157] process_one_work+0x1b6/0x350
Jun  8 04:15:40  kernel: [3557647.555157] worker_thread+0x53/0x3e0
Jun  8 04:15:40  kernel: [3557647.555157]  ? process_one_work+0x350/0x350
Jun  8 04:15:40  kernel: [3557647.555157]  kthread+0x11b/0x140
Jun  8 04:15:40  kernel: [3557647.555157]  ? __kthread_bind_mask+0x60/0x60
Jun  8 04:15:40  kernel: [3557647.555157]  ret_from_fork+0x22/0x30
Jun  8 04:15:40  kernel: [3557647.562581] Modules linked in: bcache 
crc64 zram dm_cache_smq dm_cache dm_persistent_data dm_bio_prison dm_bufio$
Jun  8 04:15:40  kernel: [3557647.566578] CR2: 0000000000000000
Jun  8 04:15:40  kernel: [3557647.566578] ---[ end trace 
13a49464a5440b1a ]---

No idea how to reproduce -- occurs very rarely.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ