| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 26 Oct 2019 22:57:47 +0800
From: kernel test robot <lkp@...el.com>
To: Michal Suchanek <msuchanek@...e.de>
Cc: linux-scsi@...r.kernel.org, Michal Suchanek <msuchanek@...e.de>,
Jonathan Corbet <corbet@....net>, Jens Axboe <axboe@...nel.dk>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
Eric Biggers <ebiggers@...gle.com>,
"J. Bruce Fields" <bfields@...hat.com>,
Benjamin Coddington <bcodding@...hat.com>,
Hannes Reinecke <hare@...e.com>,
Omar Sandoval <osandov@...com>, Ming Lei <ming.lei@...hat.com>,
Damien Le Moal <damien.lemoal@....com>,
Bart Van Assche <bvanassche@....org>,
Tejun Heo <tj@...nel.org>, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
lkp@...ts.01.org
Subject: [scsi] 9ed2563662: BUG:kernel_NULL_pointer_dereference,address
FYI, we noticed the following commit (built with gcc-7):
commit: 9ed2563662a7eccd0dd3e4cfcaa58c776effe8cc ("[PATCH v2 8/8] scsi: sr: wait for the medium to become ready")
url: https://github.com/0day-ci/linux/commits/Michal-Suchanek/Fix-cdrom-autoclose/20191025-100818
in testcase: blktests
with following parameters:
disk: 1SSD
test: block-group1
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+--------------------------------------------------------------------------+------------+------------+
| | 71afe2ff77 | 9ed2563662 |
+--------------------------------------------------------------------------+------------+------------+
| boot_successes | 8 | 0 |
| boot_failures | 0 | 232 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 220 |
| Oops:#[##] | 0 | 223 |
| RIP:cdrom_release[cdrom] | 0 | 208 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 225 |
| WARNING:at_fs/kernfs/dir.c:#kernfs_remove_by_name_ns | 0 | 49 |
| RIP:kernfs_remove_by_name_ns | 0 | 49 |
| WARNING:at_kernel/module.c:#module_put | 0 | 46 |
| RIP:module_put | 0 | 46 |
| RIP:__pm_runtime_resume | 0 | 8 |
| RIP:kobject_uevent_env | 0 | 12 |
| WARNING:at_lib/list_debug.c:#__list_del_entry_valid | 0 | 5 |
| RIP:__list_del_entry_valid | 0 | 9 |
| WARNING:at_net/sched/sch_generic.c:#dev_watchdog | 0 | 1 |
| RIP:dev_watchdog | 0 | 1 |
| RIP:native_safe_halt | 0 | 1 |
| BUG:soft_lockup-CPU##stuck_for#s | 0 | 5 |
| RIP:_raw_spin_unlock_irqrestore | 0 | 1 |
| Kernel_panic-not_syncing:softlockup:hung_tasks | 0 | 5 |
| BUG:kernel_hang_in_boot_stage | 0 | 1 |
| WARNING:at_fs/sysfs/group.c:#internal_create_group | 0 | 5 |
| RIP:internal_create_group | 0 | 5 |
| WARNING:at_fs/sysfs/file.c:#sysfs_create_file_ns | 0 | 5 |
| RIP:sysfs_create_file_ns | 0 | 5 |
| RIP:smp_call_function_single | 0 | 4 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 7 |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 1 |
| RIP:device_del | 0 | 1 |
| WARNING:at_lib/kobject.c:#kobject_put | 0 | 2 |
| RIP:kobject_put | 0 | 2 |
| WARNING:at_block/genhd.c:#__device_add_disk | 0 | 6 |
| RIP:__device_add_disk | 0 | 6 |
| BUG:sleeping_function_called_from_invalid_context_at_arch/x86/mm/fault.c | 0 | 1 |
| RIP:rpm_resume | 0 | 1 |
| general_protection_fault:#[##] | 0 | 3 |
| RIP:sysfs_remove_groups | 0 | 2 |
| RIP:driver_deferred_probe_del | 0 | 3 |
| INFO:rcu_sched_self-detected_stall_on_CPU | 0 | 1 |
| RIP:console_unlock | 0 | 1 |
| RIP:kernfs_find_ns | 0 | 1 |
+--------------------------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>
[ 36.496568] BUG: kernel NULL pointer dereference, address: 0000000000000038
[ 36.498508] #PF: supervisor read access in kernel mode
[ 36.499995] #PF: error_code(0x0000) - not-present page
[ 36.500181] sr 6:0:0:0: Attached scsi CD-ROM sr3
[ 36.501914] PGD 0 P4D 0
[ 36.501919] Oops: 0000 [#1] SMP PTI
[ 36.501922] CPU: 0 PID: 2604 Comm: scsi_id Not tainted 5.4.0-rc4-00112-g9ed2563662a7e #1
[ 36.501924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 36.503631] sr 6:0:0:0: Attached scsi generic sg13 type 5
[ 36.504444] RIP: 0010:cdrom_release+0x19/0x2b0 [cdrom]
[ 36.504446] Code: e8 dc 3a 18 f2 8b 44 24 04 eb 99 e8 b1 f4 d8 f1 90 66 66 66 66 90 41 57 41 56 41 55 41 54 41 89 f4 55 53 48 89 fb 48 83 ec 48 <48> 8b 2f 65 48 8b 04 25 28 00 00 00 48 89 44 24 40 31 c0 80 3d 4b
[ 36.504447] RSP: 0018:ffffaf2c4035fb68 EFLAGS: 00010292
[ 36.504448] RAX: 0000000000000000 RBX: 0000000000000038 RCX: 0000000000000000
[ 36.504449] RDX: ffff9f59418e0000 RSI: 000000000800005d RDI: 0000000000000038
[ 36.504450] RBP: 000000000800005d R08: 0000000000000001 R09: ffff9f58c1464cf0
[ 36.504450] R10: 0000000000000001 R11: 0000000000327273 R12: 000000000800005d
[ 36.504451] R13: ffff9f594277e000 R14: ffff9f58878123c0 R15: ffff9f5887812498
[ 36.504452] FS: 00007fc6049f0740(0000) GS:ffff9f59bfc00000(0000) knlGS:0000000000000000
[ 36.504454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 36.540978] CR2: 0000000000000038 CR3: 00000001c2860000 CR4: 00000000000406f0
[ 36.543223] Call Trace:
[ 36.544362] ? del_timer+0x53/0x80
[ 36.545695] ? lock_timer_base+0x67/0x80
[ 36.547100] sr_block_release+0x27/0x40 [sr_mod]
[ 36.548940] __blkdev_put+0x192/0x1e0
[ 36.551285] __blkdev_get+0x28b/0x630
[ 36.553191] ? bd_acquire+0xe0/0xe0
[ 36.555268] do_dentry_open+0x1ce/0x380
[ 36.557160] path_openat+0x2e5/0x1550
[ 36.558524] ? __get_locked_pte+0x1c7/0x260
[ 36.559951] do_filp_open+0x9b/0x110
[ 36.561452] ? __check_object_size+0xd4/0x1a0
[ 36.563651] ? do_sys_open+0x1bd/0x250
[ 36.565807] do_sys_open+0x1bd/0x250
[ 36.567814] do_syscall_64+0x5b/0x1d0
[ 36.569951] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 36.572287] RIP: 0033:0x7fc604bc5c8b
[ 36.574365] Code: 4e 89 f0 25 00 00 41 00 3d 00 00 41 00 74 40 8b 05 ca e7 00 00 85 c0 75 61 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 0f 87 99 00 00 00 48 8b 4c 24 28 64 48 33 0c 25
[ 36.581602] RSP: 002b:00007ffd8656b750 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 36.584113] RAX: ffffffffffffffda RBX: 000055fd844820d0 RCX: 00007fc604bc5c8b
[ 36.586157] RDX: 0000000000080800 RSI: 00007ffd8656b930 RDI: 00000000ffffff9c
[ 36.588165] RBP: 00007ffd8656b930 R08: 00007fc604bae1d0 R09: 00007fc604bae240
[ 36.590203] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd8656bb30
[ 36.592218] R13: 00007ffd8656b820 R14: 0000000000000014 R15: 0000000000000064
[ 36.594430] Modules linked in: scsi_debug loop intel_rapl_msr sr_mod intel_rapl_common cdrom crct10dif_pclmul sd_mod crc32_pclmul sg crc32c_intel ghash_clmulni_intel ppdev bochs_drm ata_generic pata_acpi drm_vram_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops snd_pcm aesni_intel drm crypto_simd snd_timer snd cryptd glue_helper ata_piix libata soundcore joydev pcspkr serio_raw virtio_scsi i2c_piix4 floppy parport_pc parport ip_tables [last unloaded: scsi_debug]
[ 36.606610] CR2: 0000000000000038
[ 36.669085] ---[ end trace 716cd1ac8d8f8945 ]---
To reproduce:
# build kernel
cd linux
cp config-5.4.0-rc4-00112-g9ed2563662a7e .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
View attachment "config-5.4.0-rc4-00112-g9ed2563662a7e" of type "text/plain" (200562 bytes)
View attachment "job-script" of type "text/plain" (5231 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (38772 bytes)
Powered by blists - more mailing lists