lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 29 Nov 2018 15:31:25 +0800
From:   kernel test robot <lkp@...el.com>
To:     Willem de Bruijn <willemdebruijn.kernel@...il.com>
Cc:     netdev@...r.kernel.org, davem@...emloft.net,
        Willem de Bruijn <willemb@...gle.com>, lkp@...org
Subject: [udp]  a4a142d3d7: WARNING:at_lib/refcount.c:#refcount_inc_checked

FYI, we noticed the following commit (built with gcc-6):

commit: a4a142d3d7ae19345838dabbf6aaa504dcc70021 ("[PATCH net-next v2 1/2] udp: msg_zerocopy")
url: https://github.com/0day-ci/linux/commits/Willem-de-Bruijn/udp-msg_zerocopy/20181127-021130


in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+----------------------------------------------------------+------------+------------+
|                                                          | 358be65640 | a4a142d3d7 |
+----------------------------------------------------------+------------+------------+
| boot_successes                                           | 190        | 68         |
| boot_failures                                            | 12         | 25         |
| Mem-Info                                                 | 12         |            |
| invoked_oom-killer:gfp_mask=0x                           | 3          |            |
| RIP:strnlen_user                                         | 1          |            |
| RIP:__put_user_4                                         | 1          |            |
| RIP:copy_user_enhanced_fast_string                       | 1          |            |
| Out_of_memory:Kill_process                               | 1          |            |
| Out_of_memory_and_no_killable_processes                  | 1          |            |
| Kernel_panic-not_syncing:System_is_deadlocked_on_memory  | 1          |            |
| RIP:iov_iter_fault_in_readable                           | 1          |            |
| WARNING:at_lib/refcount.c:#refcount_inc_checked          | 0          | 25         |
| RIP:refcount_inc_checked                                 | 0          | 25         |
| WARNING:at_lib/refcount.c:#refcount_sub_and_test_checked | 0          | 25         |
| RIP:refcount_sub_and_test_checked                        | 0          | 25         |
+----------------------------------------------------------+------------+------------+



[  255.028826] WARNING: CPU: 0 PID: 1255 at lib/refcount.c:153 refcount_inc_checked+0x41/0x50
[  255.031189] Modules linked in:
[  255.032022] CPU: 0 PID: 1255 Comm: trinity-c2 Not tainted 4.20.0-rc3-00915-ga4a142d #1
[  255.033900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[  255.037952] RIP: 0010:refcount_inc_checked+0x41/0x50
[  255.039161] Code: 75 1f 5a ff e8 70 1f 5a ff 80 3d 57 60 29 02 00 75 ec e8 62 1f 5a ff 48 c7 c7 00 d8 81 bc c6 05 42 60 29 02 01 e8 ff 62 3e ff <0f> 0b eb d0 90 66 2e 0f 1f 84 00 00 00 00 00 41 56 41 55 41 89 fd
[  255.043305] RSP: 0018:ffff8880447bf4a0 EFLAGS: 00010282
[  255.044553] RAX: 000000000000002b RBX: ffff88804b0dcd00 RCX: ffffffffba60489b
[  255.046179] RDX: ffff88807e48a680 RSI: 0000000000000004 RDI: ffffffffbd3d7008
[  255.047798] RBP: ffff88804b0dd6c0 R08: fffffbfff7a7ae02 R09: fffffbfff7a7ae01
[  255.049425] R10: ffff88804b0dcd03 R11: fffffbfff7a7ae02 R12: 000000000000001c
[  255.051064] R13: ffff88804b0dd778 R14: ffff88804b0dd774 R15: 0000000000000000
[  255.052689] FS:  00007f1cf848cb40(0000) GS:ffffffffbce79000(0000) knlGS:0000000000000000
[  255.054612] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  255.055965] CR2: 000055e15adc6fa0 CR3: 000000004e12a000 CR4: 00000000000406f0
[  255.057601] DR0: 00007f1cf8367000 DR1: 0000000000000000 DR2: 0000000000000000
[  255.059231] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  255.060859] Call Trace:
[  255.061577]  __ip_append_data+0x19ad/0x2980
[  255.062757]  ? udp_lib_close+0x20/0x20
[  255.063730]  ? rt_cache_valid+0x11f/0x170
[  255.064739]  ? ip_generic_getfrag+0x1c0/0x1c0
[  255.065822]  ? ipv4_mtu+0x23e/0x2c0
[  255.066800]  ip_make_skb+0x20e/0x280
[  255.067725]  ? udp_lib_close+0x20/0x20
[  255.068697]  ? ip_flush_pending_frames+0x30/0x30
[  255.069838]  udp_sendmsg+0xeda/0x1e80
[  255.070784]  ? udp_lib_close+0x20/0x20
[  255.071752]  ? udp_push_pending_frames+0xe0/0xe0
[  255.072910]  ? __lock_acquire+0x4c8/0x3010
[  255.073952]  ? __might_fault+0x105/0x1b0
[  255.074953]  ? rw_copy_check_uvector+0x1cf/0x2b0
[  255.076089]  ? import_iovec+0x202/0x390
[  255.077084]  ? _copy_from_user+0x92/0x100
[  255.078108]  ? move_addr_to_kernel+0x50/0x50
[  255.079299]  ? inet_sendmsg+0x106/0x1c0
[  255.080294]  ? udp_sendmsg+0x5/0x1e80
[  255.081243]  inet_sendmsg+0x106/0x1c0
[  255.082186]  ___sys_sendmsg+0x454/0x8f0
[  255.083167]  ? copy_msghdr_from_user+0x380/0x380
[  255.084314]  ? __lock_acquire+0x4c8/0x3010
[  255.085353]  ? hrtimer_start_range_ns+0x327/0x560
[  255.086506]  ? __fget_light+0xad/0x200
[  255.087470]  ? __sys_sendmsg+0xd2/0x170
[  255.088456]  ? ___sys_sendmsg+0x5/0x8f0
[  255.089438]  __sys_sendmsg+0xd2/0x170
[  255.090380]  ? __x64_sys_shutdown+0x80/0x80
[  255.091430]  ? perf_syscall_exit+0x286/0x4b0
[  255.092500]  ? ftrace_syscall_exit+0x520/0x520
[  255.093601]  ? lock_downgrade+0x570/0x570
[  255.094616]  do_syscall_64+0xdd/0xbc0
[  255.095568]  ? syscall_return_slowpath+0x320/0x320
[  255.096746]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  255.097972] RIP: 0033:0x7f1cf7daf229
[  255.098905] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3f 4c 2b 00 f7 d8 64 89 01 48
[  255.103014] RSP: 002b:00007ffff99ba758 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  255.104834] RAX: ffffffffffffffda RBX: 000000000000002e RCX: 00007f1cf7daf229
[  255.106464] RDX: 0000000064010860 RSI: 000055e15af397d0 RDI: 0000000000000163
[  255.108098] RBP: 00007ffff99ba800 R08: ffffffff9d472af1 R09: 00000000dcdcdcdc
[  255.109725] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000002
[  255.111359] R13: 00007f1cf8477058 R14: 00007f1cf848cad8 R15: 00007f1cf8477000
[  255.112992] irq event stamp: 118226
[  255.113916] hardirqs last  enabled at (118225): [<ffffffffba5ffe5c>] console_unlock+0x63c/0xa00
[  255.115961] hardirqs last disabled at (118226): [<ffffffffba40375d>] trace_hardirqs_off_thunk+0x1a/0x1c
[  255.118150] softirqs last  enabled at (114672): [<ffffffffbbd53c55>] tcp_recvmsg+0xfb5/0x2770
[  255.120149] softirqs last disabled at (114670): [<ffffffffbbbd17b0>] release_sock+0x20/0x1b0
[  255.122147] ---[ end trace ff7f08ca16c230bf ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp

View attachment "config-4.20.0-rc3-00915-ga4a142d" of type "text/plain" (120928 bytes)

View attachment "job-script" of type "text/plain" (4181 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (19044 bytes)

View attachment "trinity" of type "text/plain" (22856 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ