lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 22 Feb 2013 09:29:04 -0500
From:	Sasha Levin <sasha.levin@...cle.com>
To:	dougthompson@...ssion.com
CC:	linux-edac@...r.kernel.org, Dave Jones <davej@...hat.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: edac: NULL deref when handling sysfs write

Hi all,

While fuzzing with trinity inside a KVM tools guest running latest -next kernel
I've stumbled on the following spew:


[ 2060.023557] Invalid bank value!
[ 2060.029076] [Hardware Error]: MC0 Error:
[ 2060.030515] BUG: unable to handle kernel NULL pointer dereference at           (null)
[ 2060.032038] IP: [<          (null)>]           (null)
[ 2060.034697] PGD 5e08b067 PUD b46cc067 PMD 650d3067 PTE 63b1225
[ 2060.036896] Oops: 0003 [#2] PREEMPT SMP DEBUG_PAGEALLOC
[ 2060.037985] Modules linked in:
[ 2060.039759] CPU 1
[ 2060.040113] Pid: 3347, comm: trinity Tainted: G      D W    3.8.0-next-20130221-sasha-00038-g655a782-dirty #9
[ 2060.040311] RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
[ 2060.040311] RSP: 0018:ffff88005ed57af0  EFLAGS: 00010287
[ 2060.040311] RAX: 0000000000000000 RBX: ffffffff87141d20 RCX: 000000002c052c04
[ 2060.040311] RDX: ffff880061d78000 RSI: 0000000000000000 RDI: 0000000000000000
[ 2060.040311] RBP: ffff88005ed57b78 R08: 0000000000000002 R09: 0000000000000000
[ 2060.040311] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000001d6680
[ 2060.040311] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8800bb600000
[ 2060.040311] FS:  00007f42a4a20700(0000) GS:ffff8800bb800000(0000) knlGS:0000000000000000
[ 2060.040311] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2060.040311] CR2: 0000000000000000 CR3: 00000000920f2000 CR4: 00000000000406e0
[ 2060.040311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2060.040311] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 2060.040311] Process trinity (pid: 3347, threadinfo ffff88005ed56000, task ffff880061d78000)
[ 2060.079801] can: request_module (can-proto-3) failed.
[ 2060.040311] Stack:
[ 2060.040311]  ffffffff83394f95 0000000000000002 0000000000000000 ffff88005ed57b88
[ 2060.040311]  0000000000000286 ffff880065031000 ffff88005ed57b90 ffff88005ed57c70
[ 2060.040311]  ffff88005ed57b68 ffffffff81a3568c 0000000a00000286 0000000022222222
[ 2060.040311] Call Trace:
[ 2060.040311]  [<ffffffff83394f95>] ? amd_decode_mce+0xf5/0x880
[ 2060.040311]  [<ffffffff81a3568c>] ? _kstrtoull+0x2c/0x90
[ 2060.040311]  [<ffffffff833942b7>] edac_inject_bank_store+0x87/0xa0
[ 2060.040311]  [<ffffffff8130e21b>] ? sysfs_write_file+0xeb/0x150
[ 2060.040311]  [<ffffffff81a238cf>] kobj_attr_store+0xf/0x20
[ 2060.040311]  [<ffffffff8130e233>] sysfs_write_file+0x103/0x150
[ 2060.040311]  [<ffffffff81296e6e>] ? alloc_pipe_info+0x3e/0xa0
[ 2060.040311]  [<ffffffff8128d970>] vfs_write+0xb0/0x180
[ 2060.040311]  [<ffffffff812c012f>] write_pipe_buf+0x6f/0xb0
[ 2060.040311]  [<ffffffff812c00c0>] ? do_splice_to+0xb0/0xb0
[ 2060.040311]  [<ffffffff812bfa5c>] splice_from_pipe_feed+0x7c/0x120
[ 2060.040311]  [<ffffffff812c00c0>] ? do_splice_to+0xb0/0xb0
[ 2060.040311]  [<ffffffff812bff05>] __splice_from_pipe+0x45/0x80
[ 2060.040311]  [<ffffffff812c00c0>] ? do_splice_to+0xb0/0xb0
[ 2060.040311]  [<ffffffff812c19dc>] splice_from_pipe+0x4c/0x70
[ 2060.040311]  [<ffffffff812c1a18>] default_file_splice_write+0x18/0x30
[ 2060.040311]  [<ffffffff812bffc3>] do_splice_from+0x83/0xb0
[ 2060.040311]  [<ffffffff812c000e>] direct_splice_actor+0x1e/0x20
[ 2060.040311]  [<ffffffff812c0747>] splice_direct_to_actor+0xe7/0x200
[ 2060.040311]  [<ffffffff812bfff0>] ? do_splice_from+0xb0/0xb0
[ 2060.040311]  [<ffffffff812c1a9c>] do_splice_direct+0x4c/0x70
[ 2060.040311]  [<ffffffff8128e829>] do_sendfile+0x179/0x310
[ 2060.040311]  [<ffffffff8128ead4>] sys_sendfile64+0x64/0xb0
[ 2060.040311]  [<ffffffff83db10d8>] tracesys+0xe1/0xe6
[ 2060.040311] Code:  Bad RIP value.
[ 2060.040311] RIP  [<          (null)>]           (null)
[ 2060.040311]  RSP <ffff88005ed57af0>
[ 2060.040311] CR2: 0000000000000000
[ 2060.176086] ---[ end trace d40d4e0b7f844b95 ]---


Thanks,
Sasha
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ