Thu, Dec 21, 2017 at 10:39:56AM CET, bhole_prashant...@lab.ntt.co.jp wrote: > >Hi, >Recently I tried tools/testing/selftests/net/rtnetlink.sh with KASAN enabled >and encountered following BUG. > >kernel: ================================================================== >kernel: BUG: KASAN: null-ptr-deref in tcf_block_put+0x8c/0xc0 >kernel: Read of size 8 at addr 0000000000000018 by task tc/2966 >kernel: >kernel: CPU: 0 PID: 2966 Comm: tc Not tainted 4.15.0-rc3+ #24 >kernel: Hardware name: Hewlett-Packard HP Z440 Workstation/212B, BIOS M60 >v02.34 05/18/2017 >kernel: Call Trace: >kernel: dump_stack+0xaf/0x127 >kernel: ? _atomic_dec_and_lock+0x159/0x159 >kernel: ? tcf_block_put_ext+0x215/0x270 >kernel: kasan_report+0x15f/0x360 >kernel: ? tcf_block_put+0x8c/0xc0 >kernel: tcf_block_put+0x8c/0xc0 >kernel: ? tcf_block_put_ext+0x270/0x270 >kernel: ? kfree+0x9c/0x1b0 >kernel: htb_destroy_class.isra.17+0x54/0x70 [sch_htb] >kernel: htb_destroy+0x122/0x200 [sch_htb] >kernel: qdisc_destroy+0xa4/0x2a0 >kernel: ? rtnetlink_send+0x94/0xa0 >kernel: qdisc_graft+0x530/0x650 >kernel: tc_get_qdisc+0x235/0x370 >kernel: ? tc_ctl_tclass+0x5f0/0x5f0 >kernel: ? security_capable+0x2d/0x70 >kernel: rtnetlink_rcv_msg+0x69c/0x790 >kernel: ? rtnl_calcit.isra.26+0x250/0x250 >kernel: ? depot_save_stack+0x12d/0x470 >kernel: ? save_stack+0x89/0xb0 >kernel: ? kasan_kmalloc+0xa0/0xd0 >kernel: ? __kmalloc_node_track_caller+0x192/0x2d0 >kernel: ? __kmalloc_reserve.isra.39+0x2e/0x80 >kernel: ? __alloc_skb+0xf9/0x3a0 >kernel: ? netlink_sendmsg+0x558/0x680 >kernel: ? sock_sendmsg+0x6b/0x80 >kernel: ? ___sys_sendmsg+0x49a/0x500 >kernel: ? __sys_sendmsg+0xb5/0x150 >kernel: ? entry_SYSCALL_64_fastpath+0x1a/0x7d >kernel: ? __alloc_skb+0xc9/0x3a0 >kernel: ? netlink_sendmsg+0x558/0x680 >kernel: ? sock_sendmsg+0x6b/0x80 >kernel: ? ___sys_sendmsg+0x49a/0x500 >kernel: ? __sys_sendmsg+0xb5/0x150 >kernel: ? entry_SYSCALL_64_fastpath+0x1a/0x7d >kernel: ? lru_cache_add+0x145/0x210 >kernel: ? lru_cache_add_file+0x10/0x10 >kernel: ? mem_cgroup_low+0x140/0x140 >kernel: ? netlink_compare+0x53/0x70 >kernel: ? __netlink_lookup+0x2d3/0x3e0 >kernel: ? netlink_broadcast+0x20/0x20 >kernel: ? memcg_kmem_get_cache+0x4e0/0x4e0 >kernel: ? netlink_deliver_tap+0x10b/0x530 >kernel: ? kasan_kmalloc+0xa0/0xd0 >kernel: ? netlink_has_listeners+0x170/0x170 >kernel: ? __kmalloc_node_track_caller+0x231/0x2d0 >kernel: ? iov_iter_advance+0x176/0x7a0 >kernel: netlink_rcv_skb+0x122/0x230 >kernel: ? rtnl_calcit.isra.26+0x250/0x250 >kernel: ? netlink_ack+0x4b0/0x4b0 >kernel: ? netlink_trim+0x123/0x1c0 >kernel: ? alloc_pages_vma+0x93/0x260 >kernel: netlink_unicast+0x2c2/0x360 >kernel: ? netlink_attachskb+0x3f0/0x3f0 >kernel: ? import_iovec+0x128/0x1d0 >kernel: netlink_sendmsg+0x528/0x680 >kernel: ? netlink_unicast+0x360/0x360 >kernel: ? netlink_unicast+0x360/0x360 >kernel: sock_sendmsg+0x6b/0x80 >kernel: ___sys_sendmsg+0x49a/0x500 >kernel: ? copy_msghdr_from_user+0x260/0x260 >kernel: ? netlink_sendmsg+0x2b2/0x680 >kernel: ? netlink_unicast+0x360/0x360 >kernel: ? mem_cgroup_from_task+0x9c/0xe0 >kernel: ? mem_cgroup_reset+0x190/0x190 >kernel: ? __fget_light+0x17e/0x200 >kernel: ? expand_files+0x570/0x570 >kernel: ? handle_mm_fault+0x1ca/0x380 >kernel: ? __handle_mm_fault+0x1f10/0x1f10 >kernel: ? vmacache_find+0xe6/0x110 >kernel: ? __do_page_fault+0x5c5/0x6d0 >kernel: ? __sys_sendmsg+0xb5/0x150 >kernel: __sys_sendmsg+0xb5/0x150 >kernel: ? SyS_shutdown+0x160/0x160 >kernel: ? kmem_cache_free+0x7c/0x1f0 >kernel: ? __do_page_fault+0x6d0/0x6d0 >kernel: ? do_sys_open+0x1f0/0x380 >kernel: entry_SYSCALL_64_fastpath+0x1a/0x7d > > > >After some investigation I found this commit: >[1] https://patchwork.ozlabs.org/patch/833596 which fixed this bug. > >But recently accepted commit: >[2] https://patchwork.ozlabs.org/patch/849101/ reverted it.
Oops. Sending the fix. We need to check in both. Thanks! > >So I tried same fix in [1] on top of latest net-next. The bug did not >reproduce. > > >-Prashant > >