| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jul 2020 14:04:55 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: "Paul E. McKenney" <paulmck@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org
Subject: [rcutorture] 5155be9994: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 5155be9994e557618a8312389fb4e52dfbf28a3c ("rcutorture: Dynamically allocate rcu_fwds structure")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-----------------------------------------------------------+------------+------------+
| | 6764100bd2 | 5155be9994 |
+-----------------------------------------------------------+------------+------------+
| boot_successes | 13 | 13 |
| boot_failures | 9 | 9 |
| WARNING:at_kernel/rcu/rcutorture.c:#rcutorture_oom_notify | 9 | 9 |
| EIP:rcutorture_oom_notify | 9 | 9 |
| invoked_oom-killer:gfp_mask=0x | 3 | |
| Mem-Info | 3 | |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 9 |
| Oops:#[##] | 0 | 9 |
| EIP:rcu_torture_fwd_cb_hist | 0 | 9 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 9 |
+-----------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>
[ 302.904422] BUG: kernel NULL pointer dereference, address: 00000518
[ 302.907072] #PF: supervisor read access in kernel mode
[ 302.909349] #PF: error_code(0x0000) - not-present page
[ 302.911551] *pde = 00000000
[ 302.913241] Oops: 0000 [#1] PREEMPT SMP
[ 302.915132] CPU: 1 PID: 2502 Comm: trinity-c2 Tainted: G W 5.5.0-rc1-00010-g5155be9994e55 #2
[ 302.918950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 302.922720] EIP: rcu_torture_fwd_cb_hist+0x27/0x40
[ 302.924791] Code: 00 66 90 66 66 66 66 90 55 89 e5 57 56 89 c6 53 bb 9f 00 00 00 83 ec 1c eb 10 8d b4 26 00 00 00 00 66 90 4b 0f 84 3a 1e 00 00 <8b> 44 de 20 85 c0 0f 8f 2e 1e 00 00 eb eb 8d b4 26 00 00 00 00 8d
[ 302.931874] EAX: 00000000 EBX: 0000009f ECX: 00000001 EDX: 00000000
[ 302.934067] ESI: 00000000 EDI: 00000000 EBP: f3df3b60 ESP: f3df3b38
[ 302.936360] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010292
[ 302.939000] CR0: 80050033 CR2: 00000518 CR3: 33c8d000 CR4: 000006d0
[ 302.941310] Call Trace:
[ 302.942731] ? rcutorture_oom_notify+0x44/0x120
[ 302.944700] ? note_page+0x608/0x6f0
[ 302.946568] rcutorture_oom_notify+0x63/0x120
[ 302.948530] notifier_call_chain+0x42/0xf0
[ 302.950508] blocking_notifier_call_chain+0x58/0x70
[ 302.952662] out_of_memory+0x20f/0x5b0
[ 302.954345] __alloc_pages_slowpath+0x1038/0x1200
[ 302.956250] __alloc_pages_nodemask+0x3d5/0x430
[ 302.958249] shmem_alloc_and_acct_page+0x77/0x230
[ 302.960224] ? find_get_entry+0x197/0x2b0
[ 302.961944] ? _raw_spin_unlock_irq+0x21/0x80
[ 302.963776] ? find_lock_entry+0x1d/0x150
[ 302.965625] shmem_getpage_gfp+0x191/0xcd0
[ 302.967366] ? restore_all_kernel+0x29/0xe7
[ 302.969059] ? ftrace_likely_update+0x70/0x1c0
[ 302.970765] ? ftrace_likely_update+0x70/0x1c0
[ 302.972608] ? ftrace_likely_update+0x13/0x1c0
[ 302.974510] ? __set_page_dirty_no_writeback+0x75/0xa0
[ 302.976687] shmem_fallocate+0x3cf/0x650
[ 302.978451] ? __sb_start_write+0x77/0x1a0
[ 302.980141] ? __sb_start_write+0x77/0x1a0
[ 302.982067] ? __sb_start_write+0xe3/0x1a0
[ 302.983803] vfs_fallocate+0x1ad/0x2e0
[ 302.985599] ksys_fallocate+0x4a/0x90
[ 302.986994] sys_fallocate+0x31/0x40
[ 302.993755] do_fast_syscall_32+0xcd/0x3fc
[ 302.995723] entry_SYSENTER_32+0xb8/0x11e
[ 302.997579] EIP: 0xb7f2aa99
[ 302.999132] Code: 5d c3 8d b4 26 00 00 00 00 b8 d5 dc 32 00 eb b4 8b 04 24 c3 8b 14 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
[ 303.005843] EAX: ffffffda EBX: 00000116 ECX: 00000000 EDX: 00000001
[ 303.008193] ESI: 00000000 EDI: 650a7d1b EBP: 00000000 ESP: bfbcd41c
[ 303.010606] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000296
[ 303.013156] Modules linked in:
[ 303.014890] CR2: 0000000000000518
[ 303.139099] ---[ end trace 6e649de7c1005318 ]---
To reproduce:
# build kernel
cd linux
cp config-5.5.0-rc1-00010-g5155be9994e55 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
View attachment "config-5.5.0-rc1-00010-g5155be9994e55" of type "text/plain" (119320 bytes)
View attachment "job-script" of type "text/plain" (4259 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (23484 bytes)
Powered by blists - more mailing lists