| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 May 2020 19:30:41 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: Luis Chamberlain <mcgrof@...nel.org>
Cc: axboe@...nel.dk, viro@...iv.linux.org.uk, bvanassche@....org,
gregkh@...uxfoundation.org, rostedt@...dmis.org, mingo@...hat.com,
jack@...e.cz, ming.lei@...hat.com, nstange@...e.de,
akpm@...ux-foundation.org, mhocko@...e.com, yukuai3@...wei.com,
linux-block@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Luis Chamberlain <mcgrof@...nel.org>,
Omar Sandoval <osandov@...com>,
Hannes Reinecke <hare@...e.com>,
Michal Hocko <mhocko@...nel.org>,
syzbot+603294af2d01acfdd6da@...kaller.appspotmail.com,
lkp@...ts.01.org
Subject: [blktrace] d106a3fdba: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-7):
commit: d106a3fdbac9d93aec07a533059439de56c0216b ("[PATCH v3 4/6] blktrace: fix debugfs use after free")
url: https://github.com/0day-ci/linux/commits/Luis-Chamberlain/block-fix-blktrace-debugfs-use-after-free/20200429-175619
base: https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git for-next
in testcase: blktests
with following parameters:
disk: 1SSD
test: block-group1
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>
[ 24.328966] BUG: kernel NULL pointer dereference, address: 00000000000000a0
[ 24.330808] #PF: supervisor write access in kernel mode
[ 24.332468] #PF: error_code(0x0002) - not-present page
[ 24.334138] PGD 8000000117ff4067 P4D 8000000117ff4067 PUD 1bc789067 PMD 0
[ 24.336046] Oops: 0002 [#1] SMP PTI
[ 24.341721] CPU: 0 PID: 1019 Comm: check Not tainted 5.7.0-rc2-00034-gd106a3fdbac9d #1
[ 24.343858] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 24.346026] RIP: 0010:down_write+0x28/0x50
[ 24.347665] Code: 5d ff 66 66 66 66 90 53 31 d2 be fa 05 00 00 48 89 fb 48 c7 c7 b0 fe 73 ad e8 04 41 60 ff e8 9f d6 ff ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 0f 65 48 8b 04 25 c0 8b 01 00 48 89 43 08 5b c3
[ 24.352502] RSP: 0000:ffffa03100877d58 EFLAGS: 00010246
[ 24.354357] RAX: 0000000000000000 RBX: 00000000000000a0 RCX: ffffff8100000000
[ 24.356428] RDX: 0000000000000001 RSI: 00000000000005fa RDI: ffffffffad73feb0
[ 24.358407] RBP: ffffa03100877db8 R08: 0000000000000064 R09: 0000000000000001
[ 24.360462] R10: ffffa03100877e18 R11: 0000000000000335 R12: 0000000000000000
[ 24.364395] R13: ffff8be7bc5480a8 R14: 0000000000000001 R15: ffff8be7cec98e60
[ 24.366404] FS: 00007f23b0625740(0000) GS:ffff8be83fc00000(0000) knlGS:0000000000000000
[ 24.368469] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 24.370360] CR2: 00000000000000a0 CR3: 00000001bff04000 CR4: 00000000000406f0
[ 24.372338] Call Trace:
[ 24.377936] simple_recursive_removal+0x4f/0x2d0
[ 24.379620] ? debugfs_remove+0x60/0x60
[ 24.381070] debugfs_remove+0x40/0x60
[ 24.382528] blk_mq_debugfs_unregister_hctx+0x15/0x30
[ 24.384095] blk_mq_exit_queue+0xd0/0x110
[ 24.385561] blk_cleanup_queue+0x94/0xe0
[ 24.386958] __scsi_remove_device+0x66/0x150
[ 24.388384] scsi_remove_device+0x21/0x30
[ 24.389788] sdev_store_delete+0x4f/0x90
[ 24.391127] kernfs_fop_write+0x124/0x1b0
[ 24.392485] vfs_write+0xbe/0x1d0
[ 24.393732] ksys_write+0xa1/0xe0
[ 24.395028] do_syscall_64+0x5b/0x1f0
[ 24.396341] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 24.418166] RIP: 0033:0x7f23b0716643
[ 24.419487] Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18
[ 24.423748] RSP: 002b:00007ffd535d5cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 24.425787] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f23b0716643
[ 24.427710] RDX: 0000000000000002 RSI: 0000000001aa6a08 RDI: 0000000000000001
[ 24.429674] RBP: 0000000001aa6a08 R08: 000000000000000a R09: 0000000000000001
[ 24.431601] R10: 0000000001b7d5e8 R11: 0000000000000246 R12: 0000000000000002
[ 24.433531] R13: 00007f23b07e56a0 R14: 0000000000000002 R15: 00007f23b07e58a0
[ 24.435466] Modules linked in: scsi_debug loop dm_multipath dm_mod intel_rapl_msr intel_rapl_common crct10dif_pclmul bochs_drm crc32_pclmul drm_vram_helper crc32c_intel drm_ttm_helper ghash_clmulni_intel ttm sd_mod t10_pi sg ppdev drm_kms_helper snd_pcm ata_generic pata_acpi syscopyarea sysfillrect snd_timer sysimgblt fb_sys_fops snd aesni_intel crypto_simd drm cryptd glue_helper ata_piix soundcore libata pcspkr joydev serio_raw parport_pc virtio_scsi i2c_piix4 parport floppy ip_tables
[ 24.445381] CR2: 00000000000000a0
[ 24.447202] ---[ end trace 83e08183a0d38f71 ]---
To reproduce:
# build kernel
cd linux
cp config-5.7.0-rc2-00034-gd106a3fdbac9d .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
View attachment "config-5.7.0-rc2-00034-gd106a3fdbac9d" of type "text/plain" (206529 bytes)
View attachment "job-script" of type "text/plain" (5477 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (15968 bytes)
Powered by blists - more mailing lists