lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 22 May 2016 16:06:21 +0800
From:	Wanpeng Li <kernellwp@...il.com>
To:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Cc:	Thomas Gleixner <tglx@...utronix.de>
Subject: modify_irte NULL pointer

[   39.977778] BUG: unable to handle kernel NULL pointer dereference
at           (null)
[   39.988494] IP: [<ffffffff81560598>] modify_irte+0x58/0x140
[   39.996939] PGD cede3067 PUD 2d790067 PMD 0
[   40.004087] Oops: 0000 [#1] SMP
[   40.010025] Modules linked in: snd_hda_codec_hdmi i915 ip6t_REJECT
nf_reject_ipv6 nf_log_ipv6 xt_hl rpcsec_gss_krb5 ip6t_rt nfsv4
openvswitch ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG
nf_conntrack_ipv6 xt_limit nf_nat_ipv6 xt_tcpudp nf_nat_ipv4
nf_defrag_ipv6 xt_addrtype libcrc32c intel_rapl nfsd
snd_hda_codec_realtek x86_pkg_temp_thermal nf_conntrack_ipv4
snd_hda_codec_generic nf_defrag_ipv4 intel_powerclamp xt_conntrack
snd_hda_intel coretemp snd_hda_codec ip6table_filter snd_hda_core
ip6_tables kvm_intel drm_kms_helper nf_conntrack_netbios_ns
nf_conntrack_broadcast nf_nat_ftp nf_nat kvm snd_hwdep snd_pcm
auth_rpcgss nf_conntrack_ftp nf_conntrack nfs_acl snd_seq_midi nfs drm
snd_seq_midi_event snd_rawmidi snd_seq irqbypass mei_me
crct10dif_pclmul lockd crc32_pclmul iptable_filter ip_tables
snd_seq_device snd_timer snd x_tables rfcomm bnep mei
ghash_clmulni_intel aesni_intel grace bluetooth aes_x86_64 lrw
i2c_algo_bit sunrpc dcdbas soundcore shpchp fb_sys_fops syscopyarea
sysfillrect sysimgblt gf128mul glue_helper serio_raw ablk_helper
cryptd lpc_ich mac_hid video parport_pc ppdev fscache lp parport
hid_generic usbhid psmouse hid e1000e ahci libahci ptp pps_core
[   40.137290] CPU: 3 PID: 1231 Comm: irqbalance Not tainted 4.6.0+ #21
[   40.147361] Hardware name: Dell Inc. OptiPlex 7020/0F5C5X, BIOS A03
01/08/2015
[   40.158333] task: ffff880203671ac0 ti: ffff8800da89c000 task.ti:
ffff8800da89c000
[   40.169601] RIP: 0010:[<ffffffff81560598>]  [<ffffffff81560598>]
modify_irte+0x58/0x140
[   40.181463] RSP: 0018:ffff8800da89fc78  EFLAGS: 00010002
[   40.190621] RAX: 0000000000000000 RBX: ffff8801ffce4080 RCX: 0000000000000003
[   40.201651] RDX: 0000000000000000 RSI: ffff8801ffce4118 RDI: ffff8802036723d0
[   40.212653] RBP: ffff8800da89fcb8 R08: 0000000000000002 R09: 0000000000000001
[   40.223649] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000020
[   40.234627] R13: ffff8801ffce4100 R14: 0000000000000096 R15: ffff88021588f600
[   40.245587] FS:  00007f6b0c95b780(0000) GS:ffff880216200000(0000)
knlGS:0000000000000000
[   40.257515] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.267127] CR2: 0000000000000000 CR3: 00000000da3f8000 CR4: 00000000001406e0
[   40.278158] Stack:
[   40.284056]  ffff8801ffce4118 ffff8800da89fdb0 0000000000000000
ffff8801ffce4080
[   40.284069]  ffff8801ffce4100 ffff880214253cc0 ffff8800da89fdb0
0000000000000000
[   40.284073]  ffff8800da89fcf0 ffffffff81560813 ffff8800da89fdb0
ffff8801ffd7e038
[   40.284074] Call Trace:
[   40.284086]  [<ffffffff81560813>] intel_ir_set_affinity+0xa3/0xb0
[   40.284093]  [<ffffffff810ea991>] msi_domain_set_affinity+0x21/0x70
[   40.284099]  [<ffffffff810e38a4>] ? __irq_set_affinity+0x34/0x70
[   40.284104]  [<ffffffff810e363d>] irq_do_set_affinity+0x1d/0x70
[   40.284109]  [<ffffffff810e3832>] irq_set_affinity_locked+0xc2/0x100
[   40.284114]  [<ffffffff810e38b7>] __irq_set_affinity+0x47/0x70
[   40.284119]  [<ffffffff810e988c>] write_irq_affinity.isra.8+0xcc/0xf0
[   40.284123]  [<ffffffff810e98e9>] irq_affinity_proc_write+0x19/0x20
[   40.284128]  [<ffffffff812a35cd>] proc_reg_write+0x3d/0x70
[   40.284133]  [<ffffffff810eb75f>] ? rcu_sync_lockdep_assert+0x2f/0x60
[   40.284140]  [<ffffffff8122e2d8>] __vfs_write+0x28/0x120
[   40.284148]  [<ffffffff810c630c>] ? percpu_down_read+0x5c/0xa0
[   40.284152]  [<ffffffff81231cba>] ? __sb_start_write+0xca/0xe0
[   40.284154]  [<ffffffff81231cba>] ? __sb_start_write+0xca/0xe0
[   40.284159]  [<ffffffff8122e9f5>] vfs_write+0xa5/0x1a0
[   40.284163]  [<ffffffff8124fe76>] ? __fget_light+0x66/0x90
[   40.284168]  [<ffffffff8122fd79>] SyS_write+0x49/0xa0
[   40.284173]  [<ffffffff81002bb8>] do_syscall_64+0x68/0x180
[   40.284180]  [<ffffffff8185f21e>] entry_SYSCALL64_slow_path+0x25/0x25
[   40.284228] Code: e8 be e1 2f 00 45 0f b7 45 08 49 89 c6 41 0f b7
45 0a 4d 8b 7d 00 48 8b 75 c0 41 01 c0 49 8b 87 20 01 00 00 4d 63 e0
49 c1 e4 04 <4c> 03 20 41 80 7c 24 01 00 79 7b 49 8b 04 24 48 8b 1e 48
8b 4e
[   40.284234] RIP  [<ffffffff81560598>] modify_irte+0x58/0x140
[   40.284235]  RSP <ffff8800da89fc78>
[   40.284237] CR2: 0000000000000000
[   40.284241] ---[ end trace ac9b4632347a0d74 ]---
[   40.284245] BUG: sleeping function called from invalid context at
include/linux/sched.h:2925
[   40.284248] in_atomic(): 1, irqs_disabled(): 1, pid: 1231, name: irqbalance
[   40.284249] INFO: lockdep is turned off.
[   40.284251] irq event stamp: 9302
[   40.284255] hardirqs last  enabled at (9301): [<ffffffff81002b76>]
do_syscall_64+0x26/0x180
[   40.284260] hardirqs last disabled at (9302): [<ffffffff8185e74e>]
_raw_spin_lock_irqsave+0x1e/0x90
[   40.284268] softirqs last  enabled at (6608): [<ffffffff81861f1a>]
__do_softirq+0x32a/0x4c4
[   40.284275] softirqs last disabled at (6603): [<ffffffff81074920>]
irq_exit+0xe0/0xf0
[   40.284279] CPU: 3 PID: 1231 Comm: irqbalance Tainted: G      D
    4.6.0+ #21
[   40.284281] Hardware name: Dell Inc. OptiPlex 7020/0F5C5X, BIOS A03
01/08/2015
[   40.284286]  0000000000000000 ffff8800da89f968 ffffffff81410e7e
ffff880203671ac0
[   40.284290]  ffffffff81c739d6 ffff8800da89f990 ffffffff8109b1b6
ffffffff81c739d6
[   40.284294]  0000000000000b6d 0000000000000000 ffff8800da89f9b8
ffffffff8109b2b9
[   40.284295] Call Trace:
[   40.284304]  [<ffffffff81410e7e>] dump_stack+0x67/0x99
[   40.284310]  [<ffffffff8109b1b6>] ___might_sleep+0x176/0x230
[   40.284315]  [<ffffffff8109b2b9>] __might_sleep+0x49/0x80
[   40.284320]  [<ffffffff81081334>] exit_signals+0x24/0x130
[   40.284323]  [<ffffffff81072188>] do_exit+0xb8/0xc50
[   40.284329]  [<ffffffff810e1169>] ? kmsg_dump+0x109/0x180
[   40.284336]  [<ffffffff81020f89>] oops_end+0x89/0xc0
[   40.284343]  [<ffffffff81056fce>] no_context+0x10e/0x380
[   40.284348]  [<ffffffff81057353>] __bad_area_nosemaphore+0x113/0x210
[   40.284354]  [<ffffffff81057464>] bad_area_nosemaphore+0x14/0x20
[   40.284359]  [<ffffffff8105750e>] __do_page_fault+0x9e/0x510
[   40.284364]  [<ffffffff810579a1>] do_page_fault+0x21/0x70
[   40.284370]  [<ffffffff81861012>] page_fault+0x22/0x30
[   40.284376]  [<ffffffff81560598>] ? modify_irte+0x58/0x140
[   40.284380]  [<ffffffff81560572>] ? modify_irte+0x32/0x140
[   40.284385]  [<ffffffff81560813>] intel_ir_set_affinity+0xa3/0xb0
[   40.284391]  [<ffffffff810ea991>] msi_domain_set_affinity+0x21/0x70
[   40.284396]  [<ffffffff810e38a4>] ? __irq_set_affinity+0x34/0x70
[   40.284401]  [<ffffffff810e363d>] irq_do_set_affinity+0x1d/0x70
[   40.284407]  [<ffffffff810e3832>] irq_set_affinity_locked+0xc2/0x100
[   40.284412]  [<ffffffff810e38b7>] __irq_set_affinity+0x47/0x70
[   40.284416]  [<ffffffff810e988c>] write_irq_affinity.isra.8+0xcc/0xf0
[   40.284420]  [<ffffffff810e98e9>] irq_affinity_proc_write+0x19/0x20
[   40.284423]  [<ffffffff812a35cd>] proc_reg_write+0x3d/0x70
[   40.284428]  [<ffffffff810eb75f>] ? rcu_sync_lockdep_assert+0x2f/0x60
[   40.284432]  [<ffffffff8122e2d8>] __vfs_write+0x28/0x120
[   40.284438]  [<ffffffff810c630c>] ? percpu_down_read+0x5c/0xa0
[   40.284441]  [<ffffffff81231cba>] ? __sb_start_write+0xca/0xe0
[   40.284444]  [<ffffffff81231cba>] ? __sb_start_write+0xca/0xe0
[   40.284449]  [<ffffffff8122e9f5>] vfs_write+0xa5/0x1a0
[   40.284452]  [<ffffffff8124fe76>] ? __fget_light+0x66/0x90
[   40.284456]  [<ffffffff8122fd79>] SyS_write+0x49/0xa0
[   40.284460]  [<ffffffff81002bb8>] do_syscall_64+0x68/0x180
[   40.284465]  [<ffffffff8185f21e>] entry_SYSCALL64_slow_path+0x25/0x25
[   40.284470] note: irqbalance[1231] exited with preempt_count 2
[   40.832290] init: irqbalance main process (1231) killed by KILL signal


This can be reproduced by adding noapic boot parameter.

Regards,
Wanpeng Li

Powered by blists - more mailing lists