lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 26 Oct 2019 22:58:26 +0800
From:   kernel test robot <lkp@...el.com>
To:     David Howells <dhowells@...hat.com>
Cc:     torvalds@...ux-foundation.org, dhowells@...hat.com,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        nicolas.dichtel@...nd.com, raven@...maw.net,
        Christian Brauner <christian@...uner.io>,
        keyrings@...r.kernel.org, linux-usb@...r.kernel.org,
        linux-block@...r.kernel.org, linux-security-module@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
        linux-kernel@...r.kernel.org, lkp@...ts.01.org
Subject: [pipe] 6567a02d20: BUG:kernel_NULL_pointer_dereference,address

FYI, we noticed the following commit (built with gcc-7):

commit: 6567a02d20732ad1e4f5f193f2dd59c467209a18 ("[RFC PATCH 04/10] pipe: Use head and tail pointers for the ring, not cursor and length [ver #2]")
url: https://github.com/0day-ci/linux/commits/David-Howells/pipe-Notification-queue-preparation-ver-2/20191026-015701


in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+---------------------------------------------+------------+------------+
|                                             | 485a2d006a | 6567a02d20 |
+---------------------------------------------+------------+------------+
| boot_successes                              | 4          | 0          |
| boot_failures                               | 0          | 6          |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 6          |
| Oops:#[##]                                  | 0          | 6          |
| RIP:get_page                                | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 6          |
+---------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>


[    4.869805] BUG: kernel NULL pointer dereference, address: 0000000000000008
[    4.871685] #PF: supervisor read access in kernel mode
[    4.873154] #PF: error_code(0x0000) - not-present page
[    4.874705] PGD 800000021f014067 P4D 800000021f014067 PUD 21f012067 PMD 0 
[    4.876481] Oops: 0000 [#1] SMP PTI
[    4.877769] CPU: 1 PID: 1793 Comm: cat Not tainted 5.4.0-rc4-00108-g6567a02d20732 #1
[    4.880212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[    4.882767] RIP: 0010:get_page+0x0/0x2a
[    4.884038] Code: 44 89 28 48 8b 4c 24 48 65 48 33 0c 25 28 00 00 00 48 89 e8 74 05 e8 3e 05 cb ff 48 83 c4 50 5b 5d 41 5c 41 5d 41 5e 41 5f c3 <48> 8b 47 08 a8 01 74 04 48 8d 78 ff 8b 47 34 83 c0 7f 83 f8 7f 77
[    4.890976] RSP: 0000:ffffc900000d7b70 EFLAGS: 00010286
[    4.892474] RAX: 0000000000010000 RBX: ffff88821f66d090 RCX: 0000000000000000
[    4.894293] RDX: ffff88821f6ef828 RSI: 0000000000000000 RDI: 0000000000000000
[    4.896127] RBP: 000000000000000f R08: ffffc900000d7c48 R09: 0000000000240000
[    4.898021] R10: ffffc900000d7b84 R11: 0000000000000000 R12: 000000000000e000
[    4.899905] R13: ffff88821f45b240 R14: ffffc900000d7c40 R15: 0000000000010000
[    4.901779] FS:  0000000000000000(0000) GS:ffff88823fd00000(0063) knlGS:00000000f7fd3de4
[    4.904331] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[    4.905912] CR2: 0000000000000008 CR3: 000000021f366000 CR4: 00000000000406e0
[    4.907765] Call Trace:
[    4.908816]  __pipe_get_pages+0x6a/0x86
[    4.910087]  iov_iter_get_pages_alloc+0xdc/0x380
[    4.911484]  ? ___might_sleep+0x3b/0x144
[    4.912728]  default_file_splice_read+0xa5/0x28a
[    4.914178]  ? ___might_sleep+0x3b/0x144
[    4.915467]  ? ___might_sleep+0x3b/0x144
[    4.916747]  ? _cond_resched+0x25/0x29
[    4.917990]  ? get_page_from_freelist+0x864/0xb3d
[    4.919411]  ? fast_dput+0x25/0x82
[    4.920601]  ? ___might_sleep+0x3b/0x144
[    4.921877]  ? _cond_resched+0x25/0x29
[    4.923159]  ? slab_pre_alloc_hook+0x35/0x61
[    4.924493]  ? __kmalloc+0x132/0x141
[    4.925680]  ? alloc_pipe_info+0xd7/0x15c
[    4.926983]  ? splice_direct_to_actor+0xef/0x1c8
[    4.928380]  splice_direct_to_actor+0xef/0x1c8
[    4.929740]  ? generic_file_splice_read+0x171/0x171
[    4.931236]  do_splice_direct+0x99/0xc2
[    4.932507]  do_sendfile+0x175/0x23f
[    4.933727]  __do_sys_sendfile64+0x8e/0xb2
[    4.935044]  do_int80_syscall_32+0x50/0x5d
[    4.936342]  entry_INT80_compat+0x82/0x90
[    4.937612] Modules linked in:
[    4.938739] CR2: 0000000000000008
[    4.939973] ---[ end trace a2dd9b34228ecd09 ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.4.0-rc4-00108-g6567a02d20732 .config
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp


View attachment "config-5.4.0-rc4-00108-g6567a02d20732" of type "text/plain" (114051 bytes)

View attachment "job-script" of type "text/plain" (4743 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (13124 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ