lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <59a52479.jVcclKx/ZgSsPtTp%fengguang.wu@intel.com>
Date:   Tue, 29 Aug 2017 16:23:21 +0800
From:   kernel test robot <fengguang.wu@...el.com>
To:     Sherry Yang <sherryy@...roid.com>
Cc:     LKP <lkp@...org>, linux-kernel@...r.kernel.org,
        devel@...verdev.osuosl.org,
        "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
        wfg@...ux.intel.com
Subject: 74310e06be ("android: binder: Move buffer out of area shared
 .."):  BUG: unable to handle kernel NULL pointer dereference at 00000014

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-next

commit 74310e06be4d74dcf67cd108366710dee5c576d5
Author:     Sherry Yang <sherryy@...roid.com>
AuthorDate: Wed Aug 23 08:46:41 2017 -0700
Commit:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CommitDate: Mon Aug 28 16:47:17 2017 +0200

    android: binder: Move buffer out of area shared with user space
    
    Binder driver allocates buffer meta data in a region that is mapped
    in user space. These meta data contain pointers in the kernel.
    
    This patch allocates buffer meta data on the kernel heap that is
    not mapped in user space, and uses a pointer to refer to the data mapped.
    
    Signed-off-by: Sherry Yang <sherryy@...roid.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

4175e2b46f  android: binder: Add allocator selftest
74310e06be  android: binder: Move buffer out of area shared with user space
ac317e2767  char: virtio: constify attribute_group structures.
+------------------------------------------+------------+------------+------------+
|                                          | 4175e2b46f | 74310e06be | ac317e2767 |
+------------------------------------------+------------+------------+------------+
| boot_successes                           | 623        | 211        | 40         |
| boot_failures                            | 0          | 6          | 2          |
| BUG:unable_to_handle_kernel              | 0          | 6          | 2          |
| Oops:#[##]                               | 0          | 6          | 2          |
| EIP:binder_alloc_deferred_release        | 0          | 6          | 2          |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 6          | 2          |
+------------------------------------------+------------+------------+------------+

or similar which could potentially make this machine unbootable without a firmware reset.

ctrl-c now unless you really know what you are doing.
[    5.288881] init: networking main process (377) terminated with status 1
[   13.636567] sock: process `trinity-main' is using obsolete setsockopt SO_BSDCOMPAT
[   14.977100] BUG: unable to handle kernel NULL pointer dereference at 00000014
[   14.979193] IP: binder_alloc_deferred_release+0xd3/0x270
[   14.980697] *pde = 00000000 
[   14.980698] 
[   14.981969] Oops: 0000 [#1] DEBUG_PAGEALLOC
[   14.983162] Modules linked in:
[   14.984040] CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 4.13.0-rc7-00153-g74310e0 #2
[   14.986244] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[   14.989116] Workqueue: events binder_deferred_func
[   14.990477] task: 54936880 task.stack: 54938000
[   14.991779] EIP: binder_alloc_deferred_release+0xd3/0x270
[   14.993311] EFLAGS: 00010202 CPU: 0
[   14.994308] EAX: 00000000 EBX: 00000000 ECX: 49e2fda8 EDX: 41585c49
[   14.996083] ESI: 49e2fd30 EDI: 49e2fd54 EBP: 54939ebc ESP: 54939ea4
[   14.997857]  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[   14.999383] CR0: 80050033 CR2: 00000014 CR3: 01c36000 CR4: 00000690
[   15.001161] Call Trace:
[   15.001877]  binder_proc_dec_tmpref+0xab/0xf0
[   15.003116]  binder_deferred_func+0x5e8/0x660
[   15.004362]  process_one_work+0x3af/0x7c0
[   15.005507]  worker_thread+0x353/0x640
[   15.006581]  kthread+0x104/0x110
[   15.007511]  ? process_one_work+0x7c0/0x7c0
[   15.008709]  ? kthread_create_on_node+0x20/0x20
[   15.010006]  ret_from_fork+0x19/0x30
[   15.011032] Code: 39 c1 75 24 8d 74 26 00 8b 47 68 85 c0 0f 85 d5 00 00 00 c7 45 ec 00 00 00 00 e9 76 01 00 00 89 f6 8d bc 27 00 00 00 00 8b 5f 54 <8a> 43 14 88 45 ec 89 c6 f7 d6 83 e6 01 6a 00 31 c9 89 f2 b8 b8
[   15.016895] EIP: binder_alloc_deferred_release+0xd3/0x270 SS:ESP: 0068:54939ea4
[   15.018967] CR2: 0000000000000014
[   15.019925] ---[ end trace b386b8ff60a7e4be ]---
[   15.021245] Kernel panic - not syncing: Fatal exception

                                                          # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start d39f794ae6483f48e2b30ba997731a5511616871 cc4a41fe5541a73019a864883297bd5043aa6d98 --
git bisect  bad 2c7a198a25595fe381b0c6c331f39e452974fb35  # 10:57  B     16     1    0   0  Merge 'usb/usb-testing' into devel-spot-201708290015
git bisect  bad deda0b2d240d49d23f9f74bcba1ef534a6ea5020  # 11:18  B     22     3    0   0  Merge 'linux-de/upstream/rm_cpu_eff' into devel-spot-201708290015
git bisect  bad 3d5a39f092f06fcde9cdc38edfde9302ee53a946  # 11:39  B     79     1    0   0  Merge 'linux-review/Yurii-Pavlenko/Staging-rtlwifi-efuse-fix-up-a-warning-kzalloc/20170828-232255' into devel-spot-201708290015
git bisect good 30e81e7e25330554b568ab77eb45ae5835d9aded  # 12:14  G    202     0    0   0  Merge 'driver-core/driver-core-testing' into devel-spot-201708290015
git bisect  bad 586d662c3fd5e610274f9e027b2ad66ec63130c5  # 12:31  B     12     1    0   0  Merge 'char-misc/char-misc-testing' into devel-spot-201708290015
git bisect good 27b8f6673a53a63531922bd4c96623c2b8299cc2  # 12:59  G    202     0    1   1  coresight: etm4x: Adds trace return stack option programming for ETMv4.
git bisect  bad 234b7f8d3bf2738024b155b87303ed1218e620fa  # 13:19  B      0     1   14   0  vmci: fix duplicated code for different branches
git bisect good 02729d17b1b818cc38a6b6319231a0cd86b132e4  # 13:40  G    202     0    0   0  thunderbolt: Fix reset response_type
git bisect  bad a6dacf6ad484050a5afd0cd207dda49d7ed13689  # 13:53  B      7     1    0   0  misc: ioc4: constify pci_device_id.
git bisect good 4175e2b46fd4b9021ef81f18f1be9474b2f45d4a  # 14:18  G    194     0    0   0  android: binder: Add allocator selftest
git bisect  bad e41e164c3cdff632f7e4372d1d5a0df35338c370  # 14:44  B     51     1    0   0  android: binder: Add shrinker tracepoints
git bisect  bad f2517eb76f1f2f7f89761f9db2b202e89931738c  # 15:07  B     12     1    0   0  android: binder: Add global lru shrinker to binder
git bisect  bad 74310e06be4d74dcf67cd108366710dee5c576d5  # 15:25  B      3     2    0   0  android: binder: Move buffer out of area shared with user space
# first bad commit: [74310e06be4d74dcf67cd108366710dee5c576d5] android: binder: Move buffer out of area shared with user space
git bisect good 4175e2b46fd4b9021ef81f18f1be9474b2f45d4a  # 15:53  G    619     0    0   0  android: binder: Add allocator selftest
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect  bad 74310e06be4d74dcf67cd108366710dee5c576d5  # 16:04  B      7     2    0   0  android: binder: Move buffer out of area shared with user space
# extra tests on HEAD of linux-devel/devel-spot-201708290015
git bisect  bad d39f794ae6483f48e2b30ba997731a5511616871  # 16:04  B     32     2    0   4  0day head guard for 'devel-spot-201708290015'
# extra tests on tree/branch char-misc/char-misc-next
git bisect  bad ac317e276700a613057c34f10b2dc714c17d1b15  # 16:23  B     33     1    0   0  char: virtio: constify attribute_group structures.

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-quantal-ivb41-14:20170829152849:i386-randconfig-h1-08290800:4.13.0-rc7-00153-g74310e0:2.gz" of type "application/gzip" (16674 bytes)

View attachment "reproduce-quantal-ivb41-14:20170829152849:i386-randconfig-h1-08290800:4.13.0-rc7-00153-g74310e0:2" of type "text/plain" (886 bytes)

View attachment "config-4.13.0-rc7-00153-g74310e0" of type "text/plain" (99694 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ