lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CA+ydwtpMBFxuzGZqzE4On7FhEKMMPFzHhWiD1AP6+QWMSnrZbQ@mail.gmail.com>
Date:	Tue, 19 Feb 2013 19:43:06 +0200
From:	Tommi Rantala <tt.rantala@...il.com>
To:	David Airlie <airlied@...ux.ie>, dri-devel@...ts.freedesktop.org
Cc:	Dave Jones <davej@...hat.com>,
	Sasha Levin <sasha.levin@...cle.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: NULL pointer deref at drm_lock_free()

Hello,

Hit this oops a few times while fuzzing the kernel with Trinity in a
qemu virtual machine:

[  133.012360] BUG: unable to handle kernel NULL pointer dereference
at           (null)
[  133.013015] IP: [<ffffffff814424d0>] drm_lock_free+0x90/0x110
[  133.013015] PGD 2fed8067 PUD 2fed9067 PMD 0
[  133.013015] Oops: 0000 [#1] SMP
[  133.013015] CPU 0
[  133.013015] Pid: 2718, comm: trinity-child20 Not tainted 3.8.0+ #87
Bochs Bochs
[  133.013015] RIP: 0010:[<ffffffff814424d0>]  [<ffffffff814424d0>]
drm_lock_free+0x90/0x110
[  133.013015] RSP: 0018:ffff88001400fd28  EFLAGS: 00010292
[  133.013015] RAX: ffff8800140c2290 RBX: 0000000000000000 RCX: 0000000000000006
[  133.013015] RDX: 0000000000001580 RSI: ffff8800140c2960 RDI: ffff8800140c2290
[  133.013015] RBP: ffff88001400fd68 R08: 0000000000000000 R09: 0000000000000000
[  133.013015] R10: 0000000000000000 R11: 0000000000000001 R12: 000000000055f4ff
[  133.013015] R13: ffff88003b335c58 R14: ffff88003b335cc8 R15: ffff88001400fdd8
[  133.013015] FS:  00007fb6cb6b6700(0000) GS:ffff88003fc00000(0000)
knlGS:0000000000000000
[  133.013015] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  133.013015] CR2: 0000000000000000 CR3: 000000001402f000 CR4: 00000000000006f0
[  133.013015] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  133.013015] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  133.013015] Process trinity-child20 (pid: 2718, threadinfo
ffff88001400e000, task ffff8800140c2290)
[  133.013015] Stack:
[  133.013015]  2222222222222222 2222222222222222 2222222222222222
2222222222222222
[  133.013015]  ffff88003ca08000 ffff88003a9a4800 fffffffffffffff2
000000004008642b
[  133.013015]  ffff88001400fd78 ffffffff814425a2 ffff88001400fe88
ffffffff8143d710
[  133.013015] Call Trace:
[  133.013015]  [<ffffffff814425a2>] drm_unlock+0x52/0x60
[  133.013015]  [<ffffffff8143d710>] drm_ioctl+0x3d0/0x4d0
[  133.013015]  [<ffffffff81442550>] ? drm_lock_free+0x110/0x110
[  133.013015]  [<ffffffff812fb640>] ? avc_has_perm_flags+0x1d0/0x2a0
[  133.013015]  [<ffffffff812fb498>] ? avc_has_perm_flags+0x28/0x2a0
[  133.013015]  [<ffffffff810f5b18>] ? trace_hardirqs_off_caller+0x28/0xd0
[  133.013015]  [<ffffffff810f5bcd>] ? trace_hardirqs_off+0xd/0x10
[  133.013015]  [<ffffffff811b5ff2>] do_vfs_ioctl+0x532/0x580
[  133.013015]  [<ffffffff812fc7d3>] ? file_has_perm+0x83/0xa0
[  133.013015]  [<ffffffff811b609d>] sys_ioctl+0x5d/0xa0
[  133.013015]  [<ffffffff813571de>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[  133.013015]  [<ffffffff81ca07e9>] system_call_fastpath+0x16/0x1b
[  133.013015] Code: 00 00 01 00 00 00 4c 89 f7 e8 2d ce 85 00 b8 01
00 00 00 e9 82 00 00 00 0f 1f 00 4c 89 f7 e8 18 ce 85 00 0f 1f 84 00
00 00 00 00 <44> 8b 03 44 89 c1 44 89 45 cc 81 e1 ff ff ff 3f 89 4d d0
44 8b
[  133.013015] RIP  [<ffffffff814424d0>] drm_lock_free+0x90/0x110
[  133.013015]  RSP <ffff88001400fd28>
[  133.013015] CR2: 0000000000000000
[  133.062048] ---[ end trace 3d5401684feb563f ]---

Tommi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ