From 61f5c63922f581ed7cd2185eabb9cb540c4ca96a Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Tue, 4 Jun 2019 08:53:37 +0200 Subject: pkg/report: skip refcount_* functions These are too generic and don't point to any subsystem. Skip them. --- pkg/report/testdata/linux/report/391 | 138 +++++++++++++++++++++++++++++++++++ pkg/report/testdata/linux/report/392 | 100 +++++++++++++++++++++++++ 2 files changed, 238 insertions(+) create mode 100644 pkg/report/testdata/linux/report/391 create mode 100644 pkg/report/testdata/linux/report/392 (limited to 'pkg/report/testdata/linux') diff --git a/pkg/report/testdata/linux/report/391 b/pkg/report/testdata/linux/report/391 new file mode 100644 index 000000000..befbf0637 --- /dev/null +++ b/pkg/report/testdata/linux/report/391 @@ -0,0 +1,138 @@ +TITLE: KASAN: use-after-free Read in nr_release + +[ 334.230640][T12837] ================================================================== +[ 334.239022][T12837] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x81/0x200 +[ 334.247436][T12837] Read of size 4 at addr ffff88808bb14200 by task syz-executor.5/12837 +[ 334.255675][T12837] +[ 334.258012][T12837] CPU: 1 PID: 12837 Comm: syz-executor.5 Not tainted 5.1.0-rc5+ #72 +[ 334.265985][T12837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 334.276036][T12837] Call Trace: +[ 334.279336][T12837] dump_stack+0x172/0x1f0 +[ 334.283672][T12837] ? refcount_inc_not_zero_checked+0x81/0x200 +[ 334.289746][T12837] print_address_description.cold+0x7c/0x20d +[ 334.295757][T12837] ? refcount_inc_not_zero_checked+0x81/0x200 +[ 334.301828][T12837] ? refcount_inc_not_zero_checked+0x81/0x200 +[ 334.307919][T12837] kasan_report.cold+0x1b/0x40 +[ 334.312691][T12837] ? refcount_inc_not_zero_checked+0x81/0x200 +[ 334.318765][T12837] check_memory_region+0x123/0x190 +[ 334.323883][T12837] kasan_check_read+0x11/0x20 +[ 334.328562][T12837] refcount_inc_not_zero_checked+0x81/0x200 +[ 334.334487][T12837] ? refcount_dec_and_mutex_lock+0x90/0x90 +[ 334.340298][T12837] ? lock_acquire+0x16f/0x3f0 +[ 334.344979][T12837] refcount_inc_checked+0x17/0x70 +[ 334.350042][T12837] nr_release+0x62/0x3c0 +[ 334.354311][T12837] __sock_release+0xd3/0x2b0 +[ 334.358903][T12837] ? __sock_release+0x2b0/0x2b0 +[ 334.363756][T12837] sock_close+0x1b/0x30 +[ 334.367915][T12837] __fput+0x2e5/0x8d0 +[ 334.371901][T12837] ____fput+0x16/0x20 +[ 334.375888][T12837] task_work_run+0x14a/0x1c0 +[ 334.380502][T12837] exit_to_usermode_loop+0x273/0x2c0 +[ 334.385795][T12837] do_syscall_64+0x52d/0x610 +[ 334.390397][T12837] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 334.396381][T12837] RIP: 0033:0x4129e1 +[ 334.400278][T12837] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 +[ 334.420308][T12837] RSP: 002b:00007ffc18cd87a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 +[ 334.428897][T12837] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 00000000004129e1 +[ 334.436898][T12837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 +[ 334.444876][T12837] RBP: 000000000073c900 R08: ffffffff8132caba R09: 00000000dd5371a4 +[ 334.452853][T12837] R10: 00007ffc18cd8870 R11: 0000000000000293 R12: 0000000000000001 +[ 334.460826][T12837] R13: 000000000073c900 R14: 0000000000051747 R15: 000000000073c0ec +[ 334.468837][T12837] ? __phys_addr+0x1a/0x120 +[ 334.473346][T12837] +[ 334.475694][T12837] Allocated by task 12840: +[ 334.480117][T12837] save_stack+0x45/0xd0 +[ 334.488181][T12837] __kasan_kmalloc.constprop.0+0xcf/0xe0 +[ 334.493809][T12837] kasan_kmalloc+0x9/0x10 +[ 334.498129][T12837] __kmalloc+0x15c/0x740 +[ 334.502364][T12837] sk_prot_alloc+0x19c/0x2e0 +[ 334.506949][T12837] sk_alloc+0x39/0xf70 +[ 334.511032][T12837] nr_create+0xb9/0x5e0 +[ 334.515196][T12837] __sock_create+0x3e6/0x750 +[ 334.519786][T12837] __sys_socket+0x103/0x220 +[ 334.524281][T12837] __x64_sys_socket+0x73/0xb0 +[ 334.528955][T12837] do_syscall_64+0x103/0x610 +[ 334.533541][T12837] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 334.539416][T12837] +[ 334.541732][T12837] Freed by task 12837: +[ 334.545794][T12837] save_stack+0x45/0xd0 +[ 334.549954][T12837] __kasan_slab_free+0x102/0x150 +[ 334.554886][T12837] kasan_slab_free+0xe/0x10 +[ 334.559480][T12837] kfree+0xcf/0x230 +[ 334.563284][T12837] __sk_destruct+0x4f1/0x6d0 +[ 334.567868][T12837] sk_destruct+0x7b/0x90 +[ 334.572103][T12837] __sk_free+0xce/0x300 +[ 334.576255][T12837] sk_free+0x42/0x50 +[ 334.580159][T12837] nr_release+0x337/0x3c0 +[ 334.584485][T12837] __sock_release+0xd3/0x2b0 +[ 334.589069][T12837] sock_close+0x1b/0x30 +[ 334.593215][T12837] __fput+0x2e5/0x8d0 +[ 334.597649][T12837] ____fput+0x16/0x20 +[ 334.601626][T12837] task_work_run+0x14a/0x1c0 +[ 334.606208][T12837] exit_to_usermode_loop+0x273/0x2c0 +[ 334.611491][T12837] do_syscall_64+0x52d/0x610 +[ 334.616080][T12837] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 334.621956][T12837] +[ 334.624279][T12837] The buggy address belongs to the object at ffff88808bb14180 +[ 334.624279][T12837] which belongs to the cache kmalloc-2k of size 2048 +[ 334.638437][T12837] The buggy address is located 128 bytes inside of +[ 334.638437][T12837] 2048-byte region [ffff88808bb14180, ffff88808bb14980) +[ 334.651811][T12837] The buggy address belongs to the page: +[ 334.657467][T12837] page:ffffea00022ec500 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0xffff88808bb15280 compound_mapcount: 0 +[ 334.669439][T12837] flags: 0x1fffc0000010200(slab|head) +[ 334.674830][T12837] raw: 01fffc0000010200 ffffea00022b2908 ffffea00025fea08 ffff88812c3f0c40 +[ 334.683422][T12837] raw: ffff88808bb15280 ffff88808bb14180 0000000100000001 0000000000000000 +[ 334.692002][T12837] page dumped because: kasan: bad access detected +[ 334.698404][T12837] +[ 334.701072][T12837] Memory state around the buggy address: +[ 334.706695][T12837] ffff88808bb14100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc +[ 334.714749][T12837] ffff88808bb14180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb +[ 334.723020][T12837] >ffff88808bb14200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb +[ 334.731589][T12837] ^ +[ 334.735652][T12837] ffff88808bb14280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb +[ 334.743892][T12837] ffff88808bb14300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb +[ 334.751942][T12837] ================================================================== +[ 334.759990][T12837] Disabling lock debugging due to kernel taint +[ 334.795319][T12837] Kernel panic - not syncing: panic_on_warn set ... +[ 334.801951][T12837] CPU: 1 PID: 12837 Comm: syz-executor.5 Tainted: G B 5.1.0-rc5+ #72 +[ 334.811310][T12837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 334.821358][T12837] Call Trace: +[ 334.824661][T12837] dump_stack+0x172/0x1f0 +[ 334.829024][T12837] panic+0x2cb/0x65c +[ 334.832913][T12837] ? __warn_printk+0xf3/0xf3 +[ 334.837498][T12837] ? refcount_inc_not_zero_checked+0x81/0x200 +[ 334.843559][T12837] ? preempt_schedule+0x4b/0x60 +[ 334.848403][T12837] ? ___preempt_schedule+0x16/0x18 +[ 334.853520][T12837] ? trace_hardirqs_on+0x5e/0x230 +[ 334.858546][T12837] ? refcount_inc_not_zero_checked+0x81/0x200 +[ 334.864600][T12837] end_report+0x47/0x4f +[ 334.868748][T12837] ? refcount_inc_not_zero_checked+0x81/0x200 +[ 334.874806][T12837] kasan_report.cold+0xe/0x40 +[ 334.879481][T12837] ? refcount_inc_not_zero_checked+0x81/0x200 +[ 334.885538][T12837] check_memory_region+0x123/0x190 +[ 334.890643][T12837] kasan_check_read+0x11/0x20 +[ 334.895308][T12837] refcount_inc_not_zero_checked+0x81/0x200 +[ 334.901189][T12837] ? refcount_dec_and_mutex_lock+0x90/0x90 +[ 334.906985][T12837] ? lock_acquire+0x16f/0x3f0 +[ 334.911652][T12837] refcount_inc_checked+0x17/0x70 +[ 334.916670][T12837] nr_release+0x62/0x3c0 +[ 334.920911][T12837] __sock_release+0xd3/0x2b0 +[ 334.925491][T12837] ? __sock_release+0x2b0/0x2b0 +[ 334.930352][T12837] sock_close+0x1b/0x30 +[ 334.934501][T12837] __fput+0x2e5/0x8d0 +[ 334.938499][T12837] ____fput+0x16/0x20 +[ 334.942479][T12837] task_work_run+0x14a/0x1c0 +[ 334.947693][T12837] exit_to_usermode_loop+0x273/0x2c0 +[ 334.952991][T12837] do_syscall_64+0x52d/0x610 +[ 334.957580][T12837] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 334.963472][T12837] RIP: 0033:0x4129e1 +[ 334.967366][T12837] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 +[ 334.986969][T12837] RSP: 002b:00007ffc18cd87a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 +[ 334.995374][T12837] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 00000000004129e1 +[ 335.003342][T12837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 +[ 335.011302][T12837] RBP: 000000000073c900 R08: ffffffff8132caba R09: 00000000dd5371a4 +[ 335.019268][T12837] R10: 00007ffc18cd8870 R11: 0000000000000293 R12: 0000000000000001 +[ 335.027246][T12837] R13: 000000000073c900 R14: 0000000000051747 R15: 000000000073c0ec +[ 335.035229][T12837] ? __phys_addr+0x1a/0x120 +[ 335.040476][T12837] Kernel Offset: disabled +[ 335.044832][T12837] Rebooting in 86400 seconds.. diff --git a/pkg/report/testdata/linux/report/392 b/pkg/report/testdata/linux/report/392 new file mode 100644 index 000000000..fd1576b5d --- /dev/null +++ b/pkg/report/testdata/linux/report/392 @@ -0,0 +1,100 @@ +TITLE: general protection fault in x25_connect + +[ 2348.757430][ T1533] ================================================================== +[ 2348.763145][ T1560] kasan: GPF could be caused by NULL-ptr deref or user memory access +[ 2348.763191][ T1560] general protection fault: 0000 [#1] PREEMPT SMP KASAN +[ 2348.771271][ T1533] BUG: KASAN: null-ptr-deref in refcount_sub_and_test_checked+0x87/0x200 +[ 2348.779316][ T1560] CPU: 0 PID: 1560 Comm: syz-executor.2 Not tainted 5.2.0-rc1+ #26 +[ 2348.786230][ T1533] Read of size 4 at addr 00000000000000c8 by task syz-executor.2/1533 +[ 2348.794618][ T1560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 2348.802482][ T1533] +[ 2348.802504][ T1533] CPU: 1 PID: 1533 Comm: syz-executor.2 Not tainted 5.2.0-rc1+ #26 +[ 2348.810663][ T1560] RIP: 0010:refcount_sub_and_test_checked+0x8e/0x200 +[ 2348.820706][ T1533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +[ 2348.823036][ T1560] Code: f3 f3 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 e8 26 75 3c fe be 04 00 00 00 48 89 df e8 99 e7 74 fe 48 89 d8 48 c1 e8 03 <42> 0f b6 14 20 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 +[ 2348.830900][ T1533] Call Trace: +[ 2348.837570][ T1560] RSP: 0018:ffff888068cb7bc8 EFLAGS: 00010202 +[ 2348.847633][ T1533] dump_stack+0x172/0x1f0 +[ 2348.867226][ T1560] RAX: 0000000000000019 RBX: 00000000000000c8 RCX: ffffffff83342f57 +[ 2348.870507][ T1533] ? refcount_sub_and_test_checked+0x87/0x200 +[ 2348.876556][ T1560] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 00000000000000c8 +[ 2348.880875][ T1533] ? refcount_sub_and_test_checked+0x87/0x200 +[ 2348.888829][ T1560] RBP: ffff888068cb7c60 R08: 1ffffffff12c8ca4 R09: fffffbfff12c8ca5 +[ 2348.894905][ T1533] __kasan_report.cold+0x5/0x40 +[ 2348.902859][ T1560] R10: fffffbfff12c8ca4 R11: ffffffff89646523 R12: dffffc0000000000 +[ 2348.908925][ T1533] ? remove_wait_queue+0x70/0x190 +[ 2348.916885][ T1560] R13: 0000000000000000 R14: ffff888068cb7c38 R15: 1ffff1100d196f7b +[ 2348.921731][ T1533] ? refcount_sub_and_test_checked+0x87/0x200 +[ 2348.929682][ T1560] FS: 00007f6d5fe6f700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 +[ 2348.934699][ T1533] kasan_report+0x12/0x20 +[ 2348.942651][ T1560] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 2348.948717][ T1533] check_memory_region+0x123/0x190 +[ 2348.957627][ T1560] CR2: 0000000001572ec0 CR3: 000000006861b000 CR4: 00000000001406f0 +[ 2348.961978][ T1533] kasan_check_read+0x11/0x20 +[ 2348.968564][ T1560] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 2348.973678][ T1533] refcount_sub_and_test_checked+0x87/0x200 +[ 2348.981633][ T1560] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 2348.986303][ T1533] ? refcount_dec_not_one+0x1f0/0x1f0 +[ 2348.996757][ T1560] Call Trace: +[ 2349.002759][ T1533] ? x25_connect+0x8a8/0xea0 +[ 2349.010724][ T1560] ? refcount_dec_not_one+0x1f0/0x1f0 +[ 2349.016093][ T1533] refcount_dec_and_test_checked+0x1b/0x20 +[ 2349.019386][ T1560] ? x25_connect+0x8a8/0xea0 +[ 2349.023951][ T1533] x25_connect+0x8d8/0xea0 +[ 2349.023971][ T1533] ? x25_find_socket+0x140/0x140 +[ 2349.029338][ T1560] refcount_dec_and_test_checked+0x1b/0x20 +[ 2349.035127][ T1533] ? wake_up_q+0xf0/0xf0 +[ 2349.039695][ T1560] x25_connect+0x8d8/0xea0 +[ 2349.044098][ T1533] ? apparmor_socket_connect+0xb6/0x160 +[ 2349.049011][ T1560] ? x25_find_socket+0x140/0x140 +[ 2349.054805][ T1533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 +[ 2349.059034][ T1560] ? wake_up_q+0xf0/0xf0 +[ 2349.063438][ T1533] ? security_socket_connect+0x8d/0xc0 +[ 2349.068972][ T1560] ? apparmor_socket_connect+0xb6/0x160 +[ 2349.073899][ T1533] __sys_connect+0x264/0x330 +[ 2349.080135][ T1560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 +[ 2349.084371][ T1533] ? __ia32_sys_accept+0xb0/0xb0 +[ 2349.089824][ T1560] ? security_socket_connect+0x8d/0xc0 +[ 2349.095370][ T1533] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 +[ 2349.099954][ T1560] __sys_connect+0x264/0x330 +[ 2349.106189][ T1533] ? put_timespec64+0xda/0x140 +[ 2349.111120][ T1560] ? __ia32_sys_accept+0xb0/0xb0 +[ 2349.116584][ T1533] ? trace_hardirqs_on_thunk+0x1a/0x1c +[ 2349.122826][ T1560] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 +[ 2349.127908][ T1533] ? trace_hardirqs_on_thunk+0x1a/0x1c +[ 2349.132668][ T1560] ? put_timespec64+0xda/0x140 +[ 2349.137599][ T1533] ? do_syscall_64+0x26/0x680 +[ 2349.143054][ T1560] ? trace_hardirqs_on_thunk+0x1a/0x1c +[ 2349.149409][ T1533] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 2349.154855][ T1560] ? trace_hardirqs_on_thunk+0x1a/0x1c +[ 2349.159610][ T1533] ? do_syscall_64+0x26/0x680 +[ 2349.164275][ T1560] ? do_syscall_64+0x26/0x680 +[ 2349.169730][ T1533] __x64_sys_connect+0x73/0xb0 +[ 2349.175890][ T1560] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 2349.181340][ T1533] do_syscall_64+0xfd/0x680 +[ 2349.186004][ T1560] ? do_syscall_64+0x26/0x680 +[ 2349.190690][ T1533] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 2349.195434][ T1560] __x64_sys_connect+0x73/0xb0 +[ 2349.201488][ T1533] RIP: 0033:0x459279 +[ 2349.205994][ T1560] do_syscall_64+0xfd/0x680 +[ 2349.210653][ T1533] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 +[ 2349.216736][ T1560] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 2349.221480][ T1533] RSP: 002b:00007f6d5feb0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a +[ 2349.225395][ T1560] RIP: 0033:0x459279 +[ 2349.229887][ T1533] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279 +[ 2349.249600][ T1560] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 +[ 2349.255482][ T1533] RDX: 0000000000000012 RSI: 0000000020000000 RDI: 0000000000000004 +[ 2349.263909][ T1560] RSP: 002b:00007f6d5fe6ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a +[ 2349.267884][ T1533] RBP: 000000000075bfc0 R08: 0000000000000000 R09: 0000000000000000 +[ 2349.275858][ T1560] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279 +[ 2349.295470][ T1533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d5feb16d4 +[ 2349.303441][ T1560] RDX: 0000000000000012 RSI: 0000000020000100 RDI: 0000000000000004 +[ 2349.311941][ T1533] R13: 00000000004bf854 R14: 00000000004d0dc8 R15: 00000000ffffffff +[ 2349.319932][ T1560] RBP: 000000000075c100 R08: 0000000000000000 R09: 0000000000000000 +[ 2349.327919][ T1533] ================================================================== +[ 2349.336486][ T1560] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d5fe6f6d4 +[ 2349.344582][ T1533] Kernel panic - not syncing: panic_on_warn set ... +[ 2349.352458][ T1560] R13: 00000000004bf854 R14: 00000000004d0dc8 R15: 00000000ffffffff +[ 2349.391105][ T1560] Modules linked in: +[ 2349.396383][ T1533] Kernel Offset: disabled +[ 2349.400715][ T1533] Rebooting in 86400 seconds.. -- cgit mrf-deployment