lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 8 Nov 2017 14:26:34 +0100
From:   Rasmus Villemoes <rasmus.villemoes@...vas.dk>
To:     <linux-kernel@...r.kernel.org>
CC:     <linux-watchdog@...r.kernel.org>,
        Guenter Roeck <linux@...ck-us.net>
Subject: oops with 4.14-rc8 when opening and closing /dev/watchdog0

Running current master (4.14.0-rc8-00009-gfbc3edf) I can reproduce the
below quite consistently, though there are some variations in the stack
trace. It happens when I start and stop busybox watchdog on
/dev/watchdog0 a few times (sometimes on start, sometimes on stop,
almost always after at most 3 starts/stops). watchdog0 is a gpio
watchdog with the below DT entry.

        gpio-wdt {
                status = "okay";
                compatible = "linux,wdt-gpio";
                hw_margin_ms = <0xfa>;
                hw_algo = "toggle";
                gpios = <0x15 0x19 0x0>;
                always-running;
        };

The 6b6b6b6b suggests some kind of use-after-free, I think.

This is a ARM board based on LS1021A. Unfortunately, I hit this in the
process of starting to use a mainline-based kernel for the board, so I
don't have any previous known-working kernel to start a bisection from.
I'll try to see if I can get a 4.13 one to boot with the same .dtb and
.config, but in the meantime perhaps someone can see something obvious.

Thanks,
Rasmus


Unable to handle kernel paging request at virtual address 6b6b6d3b
pgd = 80003000
[6b6b6d3b] *pgd=80000080005003, *pmd=00000000
Internal error: Oops: 206 [#1] SMP ARM
Modules linked in: bridge stp llc
CPU: 0 PID: 1931 Comm: watchdog Not tainted 4.14.0-rc8-00009-gfbc3edf #1
Hardware name: Freescale LS1021A
task: be4a8d40 task.stack: bd1d4000
PC is at module_put+0x8/0x68
LR is at __fput+0x108/0x1b0
pc : [<8027f090>]    lr : [<802ef898>]    psr: 200d0013
sp : bd1d5f20  ip : 00000000  fp : 00000000
r10: bf0877c8  r9 : be805608  r8 : be04ccd0
r7 : be3f57c8  r6 : 00000008  r5 : bf0877c8  r4 : be3f57c0
r3 : bf2241a0  r2 : 6b6b6b6a  r1 : 00000000  r0 : 6b6b6b6b
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: bd189340  DAC: fffffffd
Process watchdog (pid: 1931, stack limit = 0xbd1d4210)
Stack: (0xbd1d5f20 to 0xbd1d6000)
5f20: 00000000 00000000 0000002b be4a917c be4a8d40 be412b80 81055310
be49897c
5f40: 00000000 0000044c 00000000 80235014 be4a8d40 be498940 bd1d4000
bd1d5f70
5f60: be49897c 80220a10 00000000 be4a9068 be4a8d40 be4a9068 bd80c5c0
000000f8
5f80: 00000000 80220fe8 000f4240 7ed9bccc 0007a154 000000f8 80207544
80220ffc
5fa0: 000f4240 80207380 000f4240 7ed9bccc 00000000 000874fe 00000001
00000000
5fc0: 000f4240 7ed9bccc 0007a154 000000f8 00000f00 00000000 76f89000
00000000
5fe0: 76eb87e0 7ed9b9b4 00021c9c 76eb87f0 600d0010 00000000 00000000
00000000
[<8027f090>] (module_put) from [<00000000>] (  (null))
Code: e3a00001 e12fff1e e3500000 012fff1e (e59021d0)
---[ end trace d8b636b1833a6c9e ]---
Kernel panic - not syncing: Fatal exception
CPU1: stopping
CPU: 1 PID: 64 Comm: kworker/u4:1 Tainted: G      D
4.14.0-rc8-00009-gfbc3edf #1
Hardware name: Freescale LS1021A
Workqueue: events_unbound flush_to_ldisc
[<8020c8e8>] (unwind_backtrace) from [<8020a728>] (show_stack+0x10/0x14)
[<8020a728>] (show_stack) from [<80661704>] (dump_stack+0x7c/0x98)
[<80661704>] (dump_stack) from [<8020bc24>] (handle_IPI+0xdc/0x184)
[<8020bc24>] (handle_IPI) from [<802013ac>] (gic_handle_irq+0x70/0x78)
[<802013ac>] (gic_handle_irq) from [<806776f8>] (__irq_svc+0x58/0x74)
Exception stack(0xbe0d1e58 to 0xbe0d1ea0)
1e40:                                                       00000000
000000fd
1e60: 00000000 00000ff8 be18ca40 00000000 00000000 c08a3000 bdb09c5b
bdb09c5b
1e80: 00000052 00000000 be18cbbc be0d1ea8 802502c0 8045cd2c 60010013
ffffffff
[<806776f8>] (__irq_svc) from [<8045cd2c>]
(n_tty_receive_buf_common+0x804/0x8bc)
[<8045cd2c>] (n_tty_receive_buf_common) from [<8045cdf4>]
(n_tty_receive_buf2+0x10/0x18)
[<8045cdf4>] (n_tty_receive_buf2) from [<8045f374>]
(tty_port_default_receive_buf+0x44/0x54)
[<8045f374>] (tty_port_default_receive_buf) from [<8045ebfc>]
(flush_to_ldisc+0x8c/0xac)
[<8045ebfc>] (flush_to_ldisc) from [<80231224>]
(process_one_work+0x1b0/0x314)
[<80231224>] (process_one_work) from [<80232118>]
(worker_thread+0x2cc/0x424)
[<80232118>] (worker_thread) from [<80236598>] (kthread+0x130/0x148)
[<80236598>] (kthread) from [<80207440>] (ret_from_fork+0x14/0x34)

Powered by blists - more mailing lists