lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 12 Sep 2018 08:38:25 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     My Name <18650033736@....com>
Cc:     linux-kernel@...r.kernel.org, Xin Lin <18650033736@....com>,
        lkp@...org
Subject: [LKP] [kernel]  92114220fe: BUG:unable_to_handle_kernel

FYI, we noticed the following commit (built with gcc-6):

commit: 92114220fe6a374172e99261b6451c515d29c8dc ("[PATCH] kernel: prevent submission of creds with higher privileges inside container")
url: https://github.com/0day-ci/linux/commits/My-Name/kernel-prevent-submission-of-creds-with-higher-privileges-inside-container/20180911-162532


in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -m 256M

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------+-----------+------------+
|                                          | v4.19-rc3 | 92114220fe |
+------------------------------------------+-----------+------------+
| boot_successes                           | 8         | 0          |
| boot_failures                            | 0         | 6          |
| BUG:unable_to_handle_kernel              | 0         | 6          |
| Oops:#[##]                               | 0         | 6          |
| RIP:commit_creds                         | 0         | 6          |
| Kernel_panic-not_syncing:Fatal_exception | 0         | 6          |
+------------------------------------------+-----------+------------+



[   53.586547] BUG: unable to handle kernel NULL pointer dereference at 00000000000006c0
[   53.588054] PGD 0 P4D 0 
[   53.588564] Oops: 0000 [#1] PTI
[   53.589180] CPU: 0 PID: 1 Comm: init Not tainted 4.19.0-rc3-00001-g9211422 #1
[   53.590544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   53.592139] RIP: 0010:commit_creds+0x51/0x410
[   53.592988] Code: 08 81 ba b0 01 00 00 fe ff ff ef 74 11 8b 43 04 39 47 04 0f 83 9c 00 00 00 e9 c2 03 00 00 48 8b 50 10 48 83 05 67 82 5a 02 01 <81> ba c0 06 00 00 ff ff ff ef 75 d7 48 8b 50 18 48 83 05 57 82 5a
[   53.596525] RSP: 0000:ffffc9000000bd10 EFLAGS: 00010202
[   53.597526] RAX: ffffffff82ca3060 RBX: ffff88000f02eb40 RCX: ffff88000f0399c8
[   53.598883] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88000b2a53c0
[   53.600235] RBP: ffff88000bd66800 R08: ffff88000f030740 R09: 00000000008fb60c
[   53.601587] R10: 00000000e0098d8b R11: 0000000010c12b46 R12: ffff88000f030040
[   53.602936] R13: ffffc90000008000 R14: ffff88000cd07500 R15: 0000000000000001
[   53.604285] FS:  0000000000000000(0000) GS:ffffffff82c5b000(0000) knlGS:0000000000000000
[   53.605813] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.606906] CR2: 00000000000006c0 CR3: 000000000c6f6000 CR4: 00000000000406b0
[   53.608264] Call Trace:
[   53.608762]  install_exec_creds+0x25/0xa0
[   53.609544]  load_elf_binary+0x544/0x1e72
[   53.610324]  ? __lock_acquire+0xdbb/0x1030
[   53.611234]  ? find_held_lock+0x35/0xd0
[   53.611982]  ? __lock_acquire+0xdbb/0x1030
[   53.612891]  ? find_held_lock+0x35/0xd0
[   53.613639]  ? search_binary_handler+0x83/0x180
[   53.614512]  search_binary_handler+0x98/0x180
[   53.615356]  load_script+0x348/0x370
[   53.616058]  search_binary_handler+0x98/0x180
[   53.616906]  __do_execve_file+0x7d3/0xaa0
[   53.617804]  do_execve+0x24/0x30
[   53.618439]  run_init_process+0x50/0x60
[   53.619184]  ? rest_init+0x1a0/0x1a0
[   53.619885]  kernel_init+0xca/0x1e0
[   53.620573]  ret_from_fork+0x35/0x40
[   53.621264] CR2: 00000000000006c0
[   53.621969] ---[ end trace 3c2bcf9b443a9ddd ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp

View attachment "config-4.19.0-rc3-00001-g9211422" of type "text/plain" (112030 bytes)

View attachment "job-script" of type "text/plain" (3986 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (14024 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ