lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <86f16af9-961f-5057-6596-c95c0316f7da@codeaurora.org>
Date:   Tue, 2 Apr 2019 20:53:42 +0530
From:   Mukesh Ojha <mojha@...eaurora.org>
To:     kernel test robot <lkp@...el.com>,
        Alexey Dobriyan <adobriyan@...il.com>
Cc:     LKP <lkp@...org>, linux-kernel@...r.kernel.org,
        linux-fsdevel@...r.kernel.org,
        Linux Memory Management List <linux-mm@...ck.org>,
        Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: b050de0f98 ("fs/binfmt_elf.c: free PT_INTERP filename ASAP"):
 BUG: KASAN: null-ptr-deref in allow_write_access

I think, this may fix the problem.

https://patchwork.kernel.org/patch/10878501/


Thanks,
Mukesh

On 4/2/2019 8:24 PM, kernel test robot wrote:
> Greetings,
>
> 0day kernel testing robot got the below dmesg and the first bad commit is
>
> https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
>
> commit b050de0f986606011986698de504c0dbc12c40dc
> Author:     Alexey Dobriyan <adobriyan@...il.com>
> AuthorDate: Fri Mar 29 10:02:05 2019 +1100
> Commit:     Stephen Rothwell <sfr@...b.auug.org.au>
> CommitDate: Sat Mar 30 16:09:51 2019 +1100
>
>      fs/binfmt_elf.c: free PT_INTERP filename ASAP
>      
>      There is no reason for PT_INTERP filename to linger till the end of
>      the whole loading process.
>      
>      Link: http://lkml.kernel.org/r/20190314204953.GD18143@avx2
>      Signed-off-by: Alexey Dobriyan <adobriyan@...il.com>
>      Reviewed-by: Andrew Morton <akpm@...ux-foundation.org>
>      Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
>      Signed-off-by: Stephen Rothwell <sfr@...b.auug.org.au>
>
> 46238614d8  fs/binfmt_elf.c: make scope of "pos" variable smaller
> b050de0f98  fs/binfmt_elf.c: free PT_INTERP filename ASAP
> 05d08e2995  Add linux-next specific files for 20190402
> +---------------------------------------------------------------+------------+------------+---------------+
> |                                                               | 46238614d8 | b050de0f98 | next-20190402 |
> +---------------------------------------------------------------+------------+------------+---------------+
> | boot_successes                                                | 7          | 0          | 0             |
> | boot_failures                                                 | 10         | 12         | 13            |
> | invoked_oom-killer:gfp_mask=0x                                | 2          |            |               |
> | Mem-Info                                                      | 2          |            |               |
> | BUG:KASAN:slab-out-of-bounds_in_d                             | 1          |            |               |
> | PANIC:double_fault                                            | 1          |            |               |
> | WARNING:stack_going_in_the_wrong_direction?ip=double_fault/0x | 1          |            |               |
> | RIP:lockdep_hardirqs_off                                      | 1          |            |               |
> | Kernel_panic-not_syncing:Machine_halted                       | 1          |            |               |
> | RIP:perf_trace_x86_exceptions                                 | 1          |            |               |
> | BUG:soft_lockup-CPU##stuck_for#s                              | 7          | 6          | 3             |
> | RIP:__slab_alloc                                              | 3          | 0          | 1             |
> | Kernel_panic-not_syncing:softlockup:hung_tasks                | 7          | 6          | 3             |
> | RIP:_raw_spin_unlock_irqrestore                               | 3          | 1          |               |
> | RIP:__asan_load8                                              | 1          | 3          |               |
> | RIP:copy_user_generic_unrolled                                | 1          |            |               |
> | Out_of_memory_and_no_killable_processes                       | 1          |            |               |
> | Kernel_panic-not_syncing:System_is_deadlocked_on_memory       | 1          |            |               |
> | BUG:KASAN:null-ptr-deref_in_a                                 | 0          | 6          | 10            |
> | BUG:unable_to_handle_kernel                                   | 0          | 6          | 10            |
> | Oops:#[##]                                                    | 0          | 6          | 10            |
> | RIP:allow_write_access                                        | 0          | 6          | 10            |
> | Kernel_panic-not_syncing:Fatal_exception                      | 0          | 6          | 10            |
> | RIP:__orc_find                                                | 0          | 1          | 1             |
> | RIP:arch_local_irq_save                                       | 0          | 1          |               |
> | RIP:__asan_load1                                              | 0          | 0          | 1             |
> +---------------------------------------------------------------+------------+------------+---------------+
>
> /etc/rcS.d/S00fbsetup: line 3: /sbin/modprobe: not found
> Starting udev
> [   43.717047] gfs2: path_lookup on rootfs returned error -2
> Kernel tests: Boot OK!
> [   45.270185] ==================================================================
> [   45.277229] BUG: KASAN: null-ptr-deref in allow_write_access+0x12/0x30
> [   45.281161] Read of size 8 at addr 000000000000001e by task 90-trinity/625
> [   45.284197]
> [   45.285252] CPU: 0 PID: 625 Comm: 90-trinity Not tainted 5.1.0-rc2-00406-gb050de0 #1
> [   45.287960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
> [   45.288419] BUG: unable to handle kernel NULL pointer dereference at 000000000000001e
> [   45.297363] Call Trace:
> [   45.297376]  dump_stack+0x74/0xb0
> [   45.300404] #PF error: [normal kernel read fault]
> [   45.301648]  ? allow_write_access+0x12/0x30
> [   45.303103] PGD 800000000af92067 P4D 800000000af92067 PUD 9870067 PMD 0
> [   45.303117] Oops: 0000 [#1] SMP KASAN PTI
> [   45.303124] CPU: 1 PID: 626 Comm: 90-trinity Not tainted 5.1.0-rc2-00406-gb050de0 #1
> [   45.303128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
> [   45.303137] RIP: 0010:allow_write_access+0x12/0x30
> [   45.303145] Code: 01 c5 31 c0 48 89 ef f3 ab 48 83 c4 60 89 d0 5b 5d 41 5c 41 5d 41 5e c3 48 85 ff 74 2a 53 48 89 fb 48 8d 7f 20 e8 7d 89 f6 ff <48> 8b 5b 20 be 04 00 00 00 48 8d bb d0 01 00 00 e8 00 6e f6 ff f0
> [   45.303149] RSP: 0000:ffff888009ad7c68 EFLAGS: 00010247
> [   45.303155] RAX: 0000000000000001 RBX: fffffffffffffffe RCX: ffffffff81307b8f
> [   45.303158] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000001e
> [   45.303162] RBP: ffff88800a1410a3 R08: 0000000000000007 R09: 0000000000000007
> [   45.303167] R10: ffffed1001d656f7 R11: 0000000000000000 R12: 0000000000000000
> [   45.303171] R13: ffff88800a141088 R14: ffff88800de7d140 R15: ffff88800b2352c8
> [   45.303177] FS:  00007f4f532d6700(0000) GS:ffff88800eb00000(0000) knlGS:0000000000000000
> [   45.303181] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   45.303185] CR2: 000000000000001e CR3: 000000000a030004 CR4: 00000000003606e0
> [   45.303191] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [   45.303195] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [   45.303198] Call Trace:
> [   45.303208]  load_elf_binary+0x1548/0x15ae
> [   45.303215]  ? load_misc_binary+0x2aa/0x68c
> [   45.303223]  ? mark_held_locks+0x83/0x83
> [   45.303230]  ? match_held_lock+0x18/0xf8
> [   45.303237]  ? set_fs+0x29/0x29
> [   45.303246]  ? cpumask_test_cpu+0x28/0x28
> [   45.303255]  search_binary_handler+0xa2/0x20d
> [   45.303263]  __do_execve_file+0xa3d/0xe66
> [   45.303270]  ? open_exec+0x34/0x34
> [   45.303277]  ? strncpy_from_user+0xd9/0x18c
> [   45.303284]  do_execve+0x1c/0x1f
> [   45.303291]  __x64_sys_execve+0x41/0x48
> [   45.303299]  do_syscall_64+0x69/0x85
> [   45.303308]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
> [   45.303314] RIP: 0033:0x7f4f52ddb807
> [   45.303321] Code: 77 19 f4 48 89 d7 44 89 c0 0f 05 48 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 f7 d8 64 41 89 01 eb df b8 3b 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 00 a6 2d 00 f7 d8 64 89 02
> [   45.303324] RSP: 002b:00007ffc2f1cae88 EFLAGS: 00000206 ORIG_RAX: 000000000000003b
> [   45.303331] RAX: ffffffffffffffda RBX: 00000000006925d8 RCX: 00007f4f52ddb807
> [   45.303335] RDX: 0000000000692620 RSI: 00000000006925d8 RDI: 00000000006914d8
> [   45.303339] RBP: 0000000000691010 R08: 00000000006914d0 R09: 0101010101010101
> [   45.303343] R10: 00007ffc2f1cac10 R11: 0000000000000206 R12: 00000000006914d8
> [   45.303347] R13: 0000000000692620 R14: 0000000000692620 R15: 00007ffc2f1ccf60
> [   45.303351] Modules linked in:
> [   45.303357] CR2: 000000000000001e
> [   45.303367] ---[ end trace bbce985a62ebde0d ]---
> [   45.303373] RIP: 0010:allow_write_access+0x12/0x30
>
>                                                            # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
> git bisect start 05d08e2995cbe6efdb993482ee0d38a77040861a 79a3aaa7b82e3106be97842dedfd8429248896e6 --
> git bisect good 2dbd2d8f2c2ccd640f9cb6462e23f0a5ac67e1a2  # 18:33  G     11     0   11  11  Merge remote-tracking branch 'net-next/master'
> git bisect good d177ed11c13c43e0f5a289727c0237b9141ca458  # 18:45  G     12     0   11  11  Merge remote-tracking branch 'kvm-arm/next'
> git bisect good a1a606c7831374d6ef20ed04c16a76b44f79bcab  # 18:58  G     12     0   11  11  Merge remote-tracking branch 'rpmsg/for-next'
> git bisect good f2ea30d060707080d2d5f8532f0efebfa3a04302  # 19:21  G     12     0   11  11  Merge remote-tracking branch 'nvdimm/libnvdimm-for-next'
> git bisect good e006c7613228cfa7abefd1c5175e171e6ae2c4b7  # 19:34  G     12     0   11  11  Merge remote-tracking branch 'xarray/xarray'
> git bisect good 046b78627faba9a4b85c9f7a0bba764bbbbe76ff  # 19:49  G     12     0   12  12  Merge remote-tracking branch 'devfreq/for-next'
> git bisect  bad 1999d633921bdbbf76c7f1065d15ec237a977c02  # 20:05  B      0     9   24   0  Merge branch 'akpm-current/current'
> git bisect good 4aa445a97c1da9d169f63377262709254e496f65  # 20:18  G     11     0   10  10  mm: introduce put_user_page*(), placeholder versions
> git bisect good f6e06951c4f5f330471530bd12a2b75ed5326005  # 20:37  G     11     0   11  11  lib/plist: rename DEBUG_PI_LIST to DEBUG_PLIST
> git bisect  bad ffbb2d4bbda0f0e82531b4a839cee3e6db0eb09f  # 20:52  B      1     6    1   1  autofs: fix some word usage oddities in autofs.txt
> git bisect good bc341e1f87c0f100165c5fd2a693d2c90477e322  # 21:21  G     11     0   10  10  lib/test_bitmap.c: switch test_bitmap_parselist to ktime_get()
> git bisect good 11d2673e0f90086825df35385fc52d4cc9015c21  # 21:35  G     12     0   11  11  checkpatch: fix something
> git bisect good 46238614d8a1a3cde66abc7fd8c4b75c9e4793f3  # 21:51  G     12     0   10  10  fs/binfmt_elf.c: make scope of "pos" variable smaller
> git bisect  bad 42d4a144a5a5b05b981beb57b5f0891b2eb85b78  # 22:04  B      0    10   25   0  fs/binfmt_elf.c: delete trailing "return;" in functions returning "void"
> git bisect  bad b050de0f986606011986698de504c0dbc12c40dc  # 22:21  B      0     1   16   0  fs/binfmt_elf.c: free PT_INTERP filename ASAP
> # first bad commit: [b050de0f986606011986698de504c0dbc12c40dc] fs/binfmt_elf.c: free PT_INTERP filename ASAP
> git bisect good 46238614d8a1a3cde66abc7fd8c4b75c9e4793f3  # 22:24  G     34     0   27  37  fs/binfmt_elf.c: make scope of "pos" variable smaller
> # extra tests with debug options
> git bisect  bad b050de0f986606011986698de504c0dbc12c40dc  # 22:34  B      4     8    4   4  fs/binfmt_elf.c: free PT_INTERP filename ASAP
> # extra tests on HEAD of linux-next/master
> git bisect  bad 05d08e2995cbe6efdb993482ee0d38a77040861a  # 22:34  B      0    10   31   3  Add linux-next specific files for 20190402
> # extra tests on tree/branch linux-next/master
> git bisect  bad 05d08e2995cbe6efdb993482ee0d38a77040861a  # 22:35  B      0    10   31   3  Add linux-next specific files for 20190402
> # extra tests with first bad commit reverted
> git bisect good 150238fdb7cd7234ce95fb083866dbf5f70082c9  # 22:53  G     13     0   11  11  Revert "fs/binfmt_elf.c: free PT_INTERP filename ASAP"
>
> ---
> 0-DAY kernel test infrastructure                Open Source Technology Center
> https://lists.01.org/pipermail/lkp                          Intel Corporation

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ