lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 2 Mar 2020 09:22:18 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     Roberto Sassu <roberto.sassu@...wei.com>
Cc:     zohar@...ux.ibm.com, James.Bottomley@...senPartnership.com,
        jarkko.sakkinen@...ux.intel.com, linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, silviu.vlasceanu@...wei.com,
        Roberto Sassu <roberto.sassu@...wei.com>, lkp@...ts.01.org
Subject: [ima] 9165b814d2: BUG:kernel_NULL_pointer_dereference,address

FYI, we noticed the following commit (built with gcc-7):

commit: 9165b814d2bea8cfeb557505bb206396331e8192 ("[PATCH v2 8/8] ima: Use ima_hash_algo for collision detection in the measurement list")
url: https://github.com/0day-ci/linux/commits/Roberto-Sassu/ima-support-stronger-algorithms-for-attestation/20200205-233901
base: https://git.kernel.org/cgit/linux/kernel/git/zohar/linux-integrity.git next-integrity

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+---------------------------------------------+------------+------------+
|                                             | 40db98707e | 9165b814d2 |
+---------------------------------------------+------------+------------+
| boot_successes                              | 2          | 0          |
| boot_failures                               | 2          | 28         |
| INFO:rcu_sched_self-detected_stall_on_CPU   | 1          |            |
| RIP:__memcpy                                | 1          |            |
| BUG:kernel_hang_in_boot_stage               | 2          | 1          |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 27         |
| Oops:#[##]                                  | 0          | 27         |
| RIP:__kmalloc_track_caller                  | 0          | 27         |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 27         |
+---------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>


[   56.186402] BUG: kernel NULL pointer dereference, address: 0000000000000060
[   56.187923] #PF: supervisor read access in kernel mode
[   56.189324] #PF: error_code(0x0000) - not-present page
[   56.190523] PGD 0 P4D 0 
[   56.192220] Oops: 0000 [#1] SMP PTI
[   56.193127] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.5.0-rc1-00025-g9165b814d2bea #2
[   56.195007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   56.201402] RIP: 0010:__kmalloc_track_caller+0x98/0x270
[   56.202738] Code: 01 00 00 4d 8b 07 65 49 8b 50 08 65 4c 03 05 af 22 37 45 49 8b 28 48 85 ed 0f 84 9d 01 00 00 41 8b 47 20 4d 8b 07 48 8d 4a 01 <48> 8b 5c 05 00 48 89 e8 65 49 0f c7 08 0f 94 c0 84 c0 74 c5 41 8b
[   56.206775] RSP: 0018:ffffab64c0013d68 EFLAGS: 00010206
[   56.208015] RAX: 0000000000000000 RBX: 0000000000000cc0 RCX: 0000000000000b1a
[   56.209612] RDX: 0000000000000b19 RSI: 0000000000000cc0 RDI: ffff98d687c03a40
[   56.211207] RBP: 0000000000000060 R08: 0000000000031060 R09: 0000000000000001
[   56.212754] R10: ffffffffbbd6ad58 R11: 0000000000000000 R12: 0000000000000cc0
[   56.214368] R13: 000000000000000e R14: ffff98d687c03a40 R15: ffff98d687c03a40
[   56.215902] FS:  0000000000000000(0000) GS:ffff98d7bfc00000(0000) knlGS:0000000000000000
[   56.217973] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   56.219420] CR2: 0000000000000060 CR3: 00000001eac0a000 CR4: 00000000000406f0
[   56.221143] Call Trace:
[   56.234421]  ? securityfs_create_symlink+0x2a/0x80
[   56.237098]  ? set_debug_rodata+0x11/0x11
[   56.238814]  kstrdup+0x2d/0x60
[   56.240402]  securityfs_create_symlink+0x2a/0x80
[   56.242714]  ? hash_setup+0xa6/0xa6
[   56.243886]  ima_fs_init+0x45/0x1b9
[   56.246533]  ima_init+0x5f/0x72
[   56.247490]  init_ima+0x1d/0xaa
[   56.248488]  ? hash_setup+0xa6/0xa6
[   56.251412]  do_one_initcall+0x46/0x214
[   56.253215]  kernel_init_freeable+0x1c2/0x26d
[   56.256230]  ? rest_init+0xd0/0xd0
[   56.257343]  kernel_init+0xa/0x110
[   56.259701]  ret_from_fork+0x35/0x40
[   56.261256] Modules linked in:
[   56.262277] CR2: 0000000000000060
[   56.263340] ---[ end trace e6c4ee5526b448c4 ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.5.0-rc1-00025-g9165b814d2bea .config
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Rong Chen


View attachment "config-5.5.0-rc1-00025-g9165b814d2bea" of type "text/plain" (202488 bytes)

View attachment "job-script" of type "text/plain" (4639 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (12380 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ