lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20200224085715.GA6548@shao2-debian>
Date:   Mon, 24 Feb 2020 16:57:15 +0800
From:   kernel test robot <lkp@...el.com>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
Cc:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org
Subject: [proc] 83f86f3919: BUG:kernel_NULL_pointer_dereference,address

FYI, we noticed the following commit (built with gcc-7):

commit: 83f86f39191e05612725cdfa0f9718e2c077cee6 ("proc: Use a list of inodes to flush from proc")
https://github.com/0day-ci/linux/commits/Eric-W-Biederman/proc-Dentry-flushing-without-proc_mnt/20200222-080739

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+---------------------------------------------+------------+------------+
|                                             | 789fb5277a | 83f86f3919 |
+---------------------------------------------+------------+------------+
| boot_successes                              | 12         | 0          |
| boot_failures                               | 0          | 12         |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 8          |
| Oops:#[##]                                  | 0          | 10         |
| RIP:proc_invalidate_siblings_dcache         | 0          | 9          |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 12         |
| general_protection_fault:#[##]              | 0          | 3          |
| BUG:unable_to_handle_page_fault_for_address | 0          | 4          |
| RIP:proc_pid_make_inode                     | 0          | 3          |
+---------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>


[    9.506457] BUG: kernel NULL pointer dereference, address: 0000000000000009
[    9.507980] #PF: supervisor write access in kernel mode
[    9.507981] #PF: error_code(0x0002) - not-present page
[    9.507986] Oops: 0002 [#1] SMP PTI
[    9.507989] CPU: 1 PID: 1797 Comm: systemd-cgroups Not tainted 5.5.0-rc6-00054-g83f86f39191e0 #1
[    9.507990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[    9.508006] RIP: 0010:proc_pid_make_inode+0xad/0xea
[    9.508008] Code: 3a 48 8d 78 30 e8 1e 4a 79 00 49 8b 44 24 28 49 8d 4c 24 28 48 8d 53 e8 48 89 4b f0 48 89 43 e8 48 85 c0 49 89 54 24 28 74 04 <48> 89 50 08 41 c6 44 24 30 00 65 ff 0d 90 97 dc 7e 48 8d 4b 08 48

[    9.508009] RSP: 0000:ffffc90000123b78 EFLAGS: 00010202
[    9.508011] RAX: 0000000000000001 RBX: ffff88820a4ab238 RCX: ffff88820b22c428
[    9.508013] RDX: ffff88820a4ab220 RSI: ffffc90000123b5c RDI: ffff88820b22c430
[    9.508014] RBP: ffffc90000123ba0 R08: ffff88823fd2fb00 R09: ffff88820a447bb0
[    9.508014] R10: 0000000000000000 R11: ffffffff8224d608 R12: ffff88820b22c400
[    9.508016] R13: 0000000000004000 R14: ffff88820b248000 R15: ffffc90000123e00
[    9.508018] FS:  0000000000000000(0000) GS:ffff88823fd00000(0063) knlGS:00000000f7964f40
[    9.508022] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[    9.509959] random: fast init done
[    9.510349] CR2: 0000000000000009 CR3: 000000020ad06000 CR4: 00000000000406e0
[    9.552943] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    9.552944] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    9.552947] Call Trace:
[    9.552993]  proc_pid_instantiate+0x1d/0x80
[    9.552996]  proc_pid_lookup+0x65/0x79
[    9.552999]  proc_root_lookup+0x1d/0x3a
[    9.553015]  __lookup_slow+0xbe/0x100
[    9.553026]  walk_component+0xa3/0x12b
[    9.553031]  link_path_walk+0x10e/0x45d
[    9.553034]  ? path_init+0xfc/0x265
[    9.553036]  path_openat+0x18d/0xa97
[    9.553047]  ? xas_find+0x92/0x107
[    9.553057]  ? filemap_map_pages+0x237/0x24b
[    9.553059]  do_filp_open+0x5c/0xc6
[    9.553066]  ? simple_attr_release+0x14/0x14
[    9.553070]  ? slab_pre_alloc_hook+0x35/0x61
[    9.553074]  ? kmem_cache_alloc+0xd5/0x159
[    9.553079]  ? do_sys_open+0x71/0xea
[    9.553081]  do_sys_open+0x71/0xea
[    9.553086]  do_int80_syscall_32+0x50/0x5d
[    9.553103]  entry_INT80_compat+0x82/0x90
[    9.553116] Modules linked in:
[    9.553121] CR2: 0000000000000009
[    9.553128] ---[ end trace 71dcc8bdc10fba6c ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.5.0-rc6-00054-g83f86f39191e0 .config
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp


View attachment "config-5.5.0-rc6-00054-g83f86f39191e0" of type "text/plain" (114438 bytes)

View attachment "job-script" of type "text/plain" (4614 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (13160 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ