lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20141130185019.GA12359@wfg-t540p.sh.intel.com>
Date:	Sun, 30 Nov 2014 10:50:19 -0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Kyle Chamberlin <kylechamberlin@...ject20million.org>
Cc:	Takashi Iwai <tiwai@...e.de>, LKP <lkp@...org>,
	alsa-devel@...a-project.org, linux-kernel@...r.kernel.org
Subject: [alsa/virmidi] BUG: unable to handle kernel NULL pointer dereference
 at 000002a0

Hi Kyle,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git for-next

commit 316638a5030a04bb3259dcbca0632281001a4b24
Author:     Kyle Chamberlin <kylechamberlin@...ject20million.org>
AuthorDate: Fri Nov 28 13:59:56 2014 -0500
Commit:     Takashi Iwai <tiwai@...e.de>
CommitDate: Sat Nov 29 21:34:47 2014 +0100

    ALSA: virmidi: fixed code style issues
    
    Fixed some minor code style issues and also removed some
    assignments inside of if conditionals.
    
    Signed-off-by: Kyle Chamberlin <kylechamberlin@...ject20million.org>
    Signed-off-by: Takashi Iwai <tiwai@...e.de>

In particular, this chunk introduced the behavior change:

-       if ((err = snd_card_register(card)) == 0) {
+       err = snd_card_register(card);
+       if (err) {

+-------------------------------------------------+------------+------------+------------+
|                                                 | 31514bfb4a | 316638a503 | 795172aaa6 |
+-------------------------------------------------+------------+------------+------------+
| boot_successes                                  | 67         | 0          | 0          |
| boot_failures                                   | 13         | 20         | 14         |
| BUG:kernel_early_hang_without_any_printk_output | 13         | 0          | 2          |
| BUG:unable_to_handle_kernel                     | 0          | 20         | 12         |
| Oops                                            | 0          | 20         | 12         |
| EIP_is_at_snd_card_free                         | 0          | 20         | 12         |
| Kernel_panic-not_syncing:Fatal_exception        | 0          | 20         | 12         |
| backtrace:platform_device_unregister            | 0          | 20         | 12         |
| backtrace:alsa_card_virmidi_init                | 0          | 20         | 12         |
| backtrace:kernel_init_freeable                  | 0          | 20         | 12         |
+-------------------------------------------------+------------+------------+------------+

[    1.688337] usbcore: registered new interface driver line6usb
[    1.689386] dgap: dgap-1.3-16, Digi International Part Number 40002347_C
[    1.690258] dgap: For the tools package please visit http://www.digi.com
[    1.694793] BUG: unable to handle kernel NULL pointer dereference at 000002a0
[    1.695739] IP: [<7940555f>] snd_card_free+0x36/0x7f
[    1.696409] *pde = 00000000 
[    1.696686] Oops: 0002 [#1] 
[    1.696686] Modules linked in:
[    1.696686] CPU: 0 PID: 1 Comm: swapper Not tainted 3.18.0-rc5-00179-g316638a #101
[    1.696686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[    1.696686] task: 8a068000 ti: 8a064000 task.ti: 8a064000
[    1.696686] EIP: 0060:[<7940555f>] EFLAGS: 00010246 CPU: 0
[    1.696686] EIP is at snd_card_free+0x36/0x7f
[    1.696686] EAX: 00000000 EBX: 8a065e04 ECX: 7a354880 EDX: 798a5d21
[    1.696686] ESI: 00000000 EDI: 00000000 EBP: 8a065e44 ESP: 8a065e04
[    1.696686]  DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068
[    1.696686] CR0: 8005003b CR2: 000002a0 CR3: 01d49000 CR4: 000006d0
[    1.696686] Stack:
[    1.696686]  00000000 00000001 dead4ead ffffffff ffffffff 7a354880 00000000 00000000
[    1.696686]  798a5d21 00000000 00000000 8a065e30 8a065e30 006d61bc 7808440c 00000001
[    1.696686]  8a065e4c 7943d967 8a065e54 792c0e93 8a065e68 792befa9 78084440 7808440c
[    1.696686] Call Trace:
[    1.696686]  [<7943d967>] snd_virmidi_remove+0x13/0x17
[    1.696686]  [<792c0e93>] platform_drv_remove+0x14/0x16
[    1.696686]  [<792befa9>] __device_release_driver+0xc1/0x121
[    1.696686]  [<792bf028>] device_release_driver+0x1f/0x2a
[    1.696686]  [<792be929>] bus_remove_device+0x166/0x17d
[    1.696686]  [<792bb4ad>] device_del+0x14b/0x1d8
[    1.696686]  [<792bb4ad>] ? device_del+0x14b/0x1d8
[    1.696686]  [<792c1407>] platform_device_del+0x32/0xa3
[    1.696686]  [<792c1488>] platform_device_unregister+0x10/0x1a
[    1.696686]  [<79cee7bf>] alsa_card_virmidi_init+0xd1/0x118
[    1.696686]  [<79cee6ee>] ? alsa_seq_midi_init+0x34/0x34
[    1.696686]  [<79000551>] do_one_initcall+0x186/0x288
[    1.696686]  [<79cb4400>] ? rdinit_setup+0x18/0x22
[    1.696686]  [<79060c87>] ? parse_args+0x4a6/0x579
[    1.696686]  [<7906be5f>] ? local_clock+0x2b/0x35
[    1.696686]  [<79cb44f6>] ? do_early_param+0xac/0xac
[    1.696686]  [<79cb4f46>] kernel_init_freeable+0xfd/0x1bd
[    1.696686]  [<79cb4f46>] ? kernel_init_freeable+0xfd/0x1bd
[    1.696686]  [<7959bbfc>] kernel_init+0xe/0x13c
[    1.696686]  [<795a7cc0>] ret_from_kernel_thread+0x20/0x30
[    1.696686]  [<7959bbee>] ? rest_init+0xa7/0xa7
[    1.696686] Code: 26 00 89 c6 65 a1 14 00 00 00 89 45 f4 31 c0 c7 45 c0 00 00 00 00 8d 5d c0 b9 80 48 35 7a ba 21 5d 8a 79 8d 45 c4 e8 bc b2 c6 ff <89> 9e a0 02 00 00 89 f0 e8 80 fe ff ff 85 c0 0f 95 c2 0f b6 f2
[    1.696686] EIP: [<7940555f>] snd_card_free+0x36/0x7f SS:ESP 0068:8a065e04
[    1.696686] CR2: 00000000000002a0
[    1.696686] ---[ end trace bc9b8dd3625e806d ]---
[    1.696686] Kernel panic - not syncing: Fatal exception

git bisect start 795172aaa6701c4b66b449e79b49c41e044156c6 5d01410fe4d92081f349b013a2e7a95429e4f2c9 --
git bisect  bad 5d81516a74d44d9301e140ff97e06b37eaf5831d  # 06:13      0-     13  Merge 'luto/userns/setgroups' into devel-lkp-hsx01-smoke-201411300558
git bisect good b5675b9e191a3981a38f5c94b6dd8b6fa4ba8091  # 06:23     20+      3  0day base guard for 'devel-lkp-hsx01-smoke-201411300558'
git bisect  bad e929ef74cdd822177ad2322514a40127ad1e696c  # 06:31      0-      4  Merge 'sound/for-next' into devel-lkp-hsx01-smoke-201411300558
git bisect good 2603fe21b764eb7412598c8c6cd6199fb8b1d9c5  # 06:41     20+     10  ALSA: es18xx: Add GPO controls
git bisect good 2bfb14c3b8fbc787ff4478f9d77ecee78cb922fe  # 06:51     20+      0  ALSA: usb-audio: Add Xonar U1 resume support
git bisect good 37e661ee10c6d0d1310c62b3d29ae9a63073ac5d  # 06:58     20+      5  ALSA: hda - Add AZX_DCAPS_SNOOP_OFF (and refactor snoop setup)
git bisect good 6eb6c81eee2a6270b39ca02a446f3ccece24b6f8  # 07:16     20+      0  ALSA: dice: Split stream functionality into a file
git bisect good 8832c5a74ba3506c51b6637ac78941fcd21afbef  # 07:25     20+      0  ALSA: speakers: Rename to oxfw and rename some members
git bisect good 3713d93a6a12f8629c2660bb4a30d48b98105fca  # 07:32     20+      4  ALSA: oxfw: Split PCM functionality to a new file
git bisect  bad 316638a5030a04bb3259dcbca0632281001a4b24  # 07:40      0-     17  ALSA: virmidi: fixed code style issues
git bisect good 31514bfb4ab8ba6f93b5ce5fcc543cb2ac4f96e5  # 07:46     20+      1  ALSA: oxfw: Split control functionality to a new file
# first bad commit: [316638a5030a04bb3259dcbca0632281001a4b24] ALSA: virmidi: fixed code style issues
git bisect good 31514bfb4ab8ba6f93b5ce5fcc543cb2ac4f96e5  # 07:48     60+     13  ALSA: oxfw: Split control functionality to a new file
# extra tests on HEAD of linux-devel/devel-lkp-hsx01-smoke-201411300558
git bisect  bad 795172aaa6701c4b66b449e79b49c41e044156c6  # 07:48      0-     14  0day head guard for 'devel-lkp-hsx01-smoke-201411300558'
# extra tests on tree/branch sound/for-next
git bisect  bad 316638a5030a04bb3259dcbca0632281001a4b24  # 07:49      0-     20  ALSA: virmidi: fixed code style issues
# extra tests on tree/branch linus/master
git bisect good 7a5a4f978750756755dc839014e13d1b088ccc8e  # 07:51     60+     10  Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
# extra tests on tree/branch next/master
git bisect good 29340b8ee0b4def844aa8d6b09babcede80993d2  # 07:54     60+     80  Add linux-next specific files for 20141128


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=quantal-core-i386.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-cpu kvm64
	-enable-kvm
	-kernel $kernel
	-initrd $initrd
	-m 320
	-smp 2
	-net nic,vlan=1,model=e1000
	-net user,vlan=1
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-quantal-client7-19:20141130074018:i386-randconfig-hsxa0-11300550:3.18.0-rc5-00179-g316638a:101" of type "text/plain" (33385 bytes)

View attachment "config-3.18.0-rc5-00179-g316638a" of type "text/plain" (84536 bytes)

_______________________________________________
LKP mailing list
LKP@...ux.intel.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ