lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 16 Jun 2020 15:40:59 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     Jack Wang <jinpu.wang@...ud.ionos.com>
Cc:     Jason Gunthorpe <jgg@...lanox.com>,
        Danil Kipnis <danil.kipnis@...ud.ionos.com>,
        Bart Van Assche <bvanassche@....org>,
        Jens Axboe <axboe@...nel.dk>,
        LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org
Subject: [block/rnbd] bc01885342: EIP:xas_start

Greeting,

FYI, we noticed the following commit (built with gcc-7):

commit: bc01885342e193e7943d86ccbd7bc3e8fee50a68 ("block/rnbd: include client and server modules into kernel compilation")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+--------------------------------------------------------------------+------------+------------+
|                                                                    | 8cee532f46 | bc01885342 |
+--------------------------------------------------------------------+------------+------------+
| boot_successes                                                     | 0          | 0          |
| boot_failures                                                      | 26         | 26         |
| BUG:kernel_NULL_pointer_dereference,address                        | 26         | 26         |
| Oops:#[##]                                                         | 26         | 26         |
| EIP:__list_add_valid                                               | 26         |            |
| Kernel_panic-not_syncing:Fatal_exception                           | 26         | 26         |
| page_allocation_failure:order:#,mode:#(GFP_KERNEL),nodemask=(null) | 4          |            |
| Mem-Info                                                           | 4          |            |
| EIP:xas_start                                                      | 0          | 26         |
+--------------------------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>


[   19.333429] BUG: kernel NULL pointer dereference, address: 00000011
[   19.338873] #PF: supervisor read access in kernel mode
[   19.340175] #PF: error_code(0x0000) - not-present page
[   19.341501] *pde = 00000000 
[   19.341993] Oops: 0000 [#1] PREEMPT
[   19.341993] CPU: 0 PID: 1 Comm: swapper Not tainted 5.7.0-rc1-00196-gbc01885342e19 #1
[   19.341993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[   19.341993] EIP: xas_start+0x7e/0xf9
[   19.341993] Code: 15 14 d1 af d5 00 e9 94 00 00 00 83 05 08 d1 af d5 01 83 15 0c d1 af d5 00 89 c3 89 d0 31 f6 e8 cf fe ff ff 85 c0 75 77 8b 03 <8b> 70 04 89 f0 e8 0c fc ff ff 84 c0 75 1d 83 7b 04 00 74 4c 83 05
[   19.341993] EAX: 0000000d EBX: ea2c7e28 ECX: 000004d2 EDX: 00000003
[   19.341993] ESI: 00000000 EDI: f61b04d2 EBP: ea2c7e10 ESP: ea2c7e08
[   19.341993] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010246
[   19.341993] CR0: 80050033 CR2: 00000011 CR3: 155aa000 CR4: 00000690
[   19.341993] Call Trace:
[   19.341993]  xas_load+0x1a/0x90
[   19.341993]  xa_load+0x52/0xbe
[   19.341993]  cma_ps_find+0x33/0x44
[   19.341993]  cma_get_port+0x5fc/0x6b3
[   19.341993]  ? preempt_latency_stop+0x55/0x65
[   19.341993]  ? preempt_count_sub+0x178/0x193
[   19.341993]  rdma_bind_addr+0x24c/0x2db
[   19.341993]  rtrs_srv_cm_init+0x84/0x12a
[   19.341993]  rtrs_srv_open+0x115/0x1d9
[   19.341993]  ? put_dev_pagemap+0x7a/0x10e
[   19.341993]  ? set_page_address+0xf6/0x4c9
[   19.341993]  ? rsxx_core_init+0xe1/0xe1
[   19.341993]  rnbd_srv_init_module+0x3c/0xe2
[   19.341993]  do_one_initcall+0x153/0x3eb
[   19.341993]  ? parse_args+0x386/0x58c
[   19.341993]  ? do_initcalls+0x117/0x1a1
[   19.341993]  do_initcalls+0x144/0x1a1
[   19.341993]  kernel_init_freeable+0x1cb/0x289
[   19.341993]  ? rest_init+0x1c9/0x1c9
[   19.341993]  kernel_init+0x1b/0x260
[   19.341993]  ret_from_fork+0x2e/0x40
[   19.341993] Modules linked in:
[   19.341993] CR2: 0000000000000011
[   19.341993] random: get_random_bytes called from init_oops_id+0x36/0x6a with crng_init=0
[   19.341993] ---[ end trace e98e2bac0a74e3e3 ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.7.0-rc1-00196-gbc01885342e19 .config
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=i386 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Rong Chen


View attachment "config-5.7.0-rc1-00196-gbc01885342e19" of type "text/plain" (146541 bytes)

View attachment "job-script" of type "text/plain" (4336 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (11332 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ