lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20191110031348.GE29418@shao2-debian>
Date:   Sun, 10 Nov 2019 11:13:48 +0800
From:   kernel test robot <lkp@...el.com>
To:     David Howells <dhowells@...hat.com>
Cc:     torvalds@...ux-foundation.org, dhowells@...hat.com,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        nicolas.dichtel@...nd.com, raven@...maw.net,
        Christian Brauner <christian@...uner.io>,
        keyrings@...r.kernel.org, linux-usb@...r.kernel.org,
        linux-block@...r.kernel.org, linux-security-module@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
        linux-kernel@...r.kernel.org, lkp@...ts.01.org
Subject: [pipe] d60337eff1: BUG:kernel_NULL_pointer_dereference,address

FYI, we noticed the following commit (built with gcc-7):

commit: d60337eff18a3c587832ab8053a567f1da9710d2 ("[RFC PATCH 04/11] pipe: Use head and tail pointers for the ring, not cursor and length [ver #3]")
url: https://github.com/0day-ci/linux/commits/David-Howells/pipe-Notification-queue-preparation-ver-3/20191103-044740


in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+---------------------------------------------+------------+------------+
|                                             | 77a98a59a1 | d60337eff1 |
+---------------------------------------------+------------+------------+
| boot_successes                              | 4          | 0          |
| boot_failures                               | 0          | 6          |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 6          |
| Oops:#[##]                                  | 0          | 6          |
| RIP:iov_iter_get_pages_alloc                | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 6          |
+---------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>


[    9.423019] BUG: kernel NULL pointer dereference, address: 0000000000000008
[    9.425646] #PF: supervisor read access in kernel mode
[    9.427714] #PF: error_code(0x0000) - not-present page
[    9.429851] PGD 80000001fb937067 P4D 80000001fb937067 PUD 1739e1067 PMD 0 
[    9.432468] Oops: 0000 [#1] SMP PTI
[    9.434064] CPU: 0 PID: 178 Comm: cat Not tainted 5.4.0-rc5-00353-gd60337eff18a3 #1
[    9.437139] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[    9.440439] RIP: 0010:iov_iter_get_pages_alloc+0x2a8/0x400
[    9.442643] Code: 50 48 83 ee 01 8b 54 24 0c 4c 89 c1 48 c1 ee 0c 4d 8d 4c f0 08 49 8b 77 78 44 21 f2 48 8d 14 92 48 8d 14 d6 48 8b 12 48 89 11 <48> 8b 72 08 48 8d 7e ff 83 e6 01 48 0f 45 d7 f0 ff 42 34 8b 74 24
[    9.461768] RSP: 0018:ffffb1488012fbc0 EFLAGS: 00010202
[    9.463844] RAX: 0000000000010000 RBX: 0000000000010000 RCX: ffff9650349be388
[    9.466543] RDX: 0000000000000000 RSI: ffff9650bb8c5800 RDI: dead0000000000ff
[    9.469324] RBP: ffffb1488012fc30 R08: ffff9650349be380 R09: ffff9650349be400
[    9.471927] R10: ffffe15f47ee7dc0 R11: 0000000000000000 R12: ffffb1488012fc48
[    9.474760] R13: ffffb1488012fc38 R14: 000000000000000f R15: ffff9650349ec840
[    9.477481] FS:  0000000000000000(0000) GS:ffff9650ffc00000(0063) knlGS:00000000f7f5bde4
[    9.480663] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[    9.482971] CR2: 0000000000000008 CR3: 00000001fb9fa000 CR4: 00000000000406f0
[    9.485544] Call Trace:
[    9.486800]  default_file_splice_read+0x95/0x320
[    9.488665]  ? kmem_cache_alloc_trace+0x3b/0x230
[    9.490528]  ? terminate_walk+0xd3/0xf0
[    9.492053]  ? _cond_resched+0x19/0x30
[    9.493657]  ? __inode_security_revalidate+0x73/0x90
[    9.495440]  ? splice_direct_to_actor+0xd6/0x230
[    9.497362]  splice_direct_to_actor+0xd6/0x230
[    9.499140]  ? generic_pipe_buf_nosteal+0x10/0x10
[    9.501025]  do_splice_direct+0x9a/0xd0
[    9.502757]  do_sendfile+0x1c9/0x3d0
[    9.504228]  __ia32_sys_sendfile64+0xaf/0xd0
[    9.506082]  do_fast_syscall_32+0xa9/0x330
[    9.507980]  entry_SYSENTER_compat+0x7f/0x91
[    9.509722] Modules linked in:
[    9.511134] CR2: 0000000000000008
[    9.512616] ---[ end trace 8bec6d03e0029a1e ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.4.0-rc5-00353-gd60337eff18a3 .config
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp


View attachment "config-5.4.0-rc5-00353-gd60337eff18a3" of type "text/plain" (200562 bytes)

View attachment "job-script" of type "text/plain" (4764 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (12820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ