lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200809063600.GC1538@shao2-debian>
Date:   Sun, 9 Aug 2020 14:36:00 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     Richard Guy Briggs <rgb@...hat.com>
Cc:     Paul Moore <paul@...l-moore.com>,
        LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org
Subject: [audit] c4dad0aab3: canonical_address#:#[##]

Greeting,

FYI, we noticed the following commit (built with clang-12):

commit: c4dad0aab3fca0c1f0baa4cc84b6ec91b7ebf426 ("audit: tidy and extend netfilter_cfg x_tables")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master


in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+---------------------------------------------+------------+------------+
|                                             | 9d2161bed4 | c4dad0aab3 |
+---------------------------------------------+------------+------------+
| boot_successes                              | 0          | 0          |
| boot_failures                               | 8          | 8          |
| BUG:unable_to_handle_page_fault_for_address | 8          | 8          |
| Oops:#[##]                                  | 8          | 8          |
| RIP:slob_alloc                              | 8          |            |
| Kernel_panic-not_syncing:Fatal_exception    | 8          | 8          |
| canonical_address#:#[##]                    | 0          | 8          |
| RIP:copy_user_generic_unrolled              | 0          | 8          |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 8          |
+---------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>


[    3.977763] BUG: unable to handle page fault for address: ffff88842c3e6002
[    3.978199] #PF: supervisor write access in kernel mode
[    3.978520] #PF: error_code(0x0002) - not-present page
[    3.978836] PGD 6401067 P4D 6401067 PUD f000ff53f000ff53 
[    3.978846] general protection fault, probably for non-canonical address 0xa000328280002b08: 0000 [#1] DEBUG_PAGEALLOC PTI
[    3.979870] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc1-00004-gc4dad0aab3fca #1
[    3.980345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[    3.980865] RIP: 0010:copy_user_generic_unrolled+0x83/0xb0
[    3.981201] Code: 4c 8b 5e 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 <4c> 8b 06 4c 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10
[    3.982338] RSP: 0000:ffffffff838dfa88 EFLAGS: 00010002
[    3.982656] RAX: ffffffff811fa36b RBX: ffffffff83a82880 RCX: 0000000000000001
[    3.983090] RDX: 0000000000000000 RSI: a000328280002b08 RDI: ffffffff838dfac0
[    3.983537] RBP: 0000000000000093 R08: 3030306620445550 R09: 3030306633356666
[    3.983972] R10: 6633356666303030 R11: 2033356666303030 R12: ffffffff838dfac0
[    3.984406] R13: ffffffffffffffff R14: a000328280002b08 R15: 0000000000000008
[    3.984841] FS:  0000000000000000(0000) GS:ffffffff83a99000(0000) knlGS:0000000000000000
[    3.985333] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    3.985684] CR2: ffff88842c3e6002 CR3: 0000000003a7a000 CR4: 00000000000406b0
[    3.986121] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    3.986556] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    3.986996] Call Trace:
[    3.987153] Modules linked in:
[    3.987349] random: get_random_bytes called from print_oops_end_marker+0x28/0x52 with crng_init=0
[    3.987352] ---[ end trace 79cfc4eb7b4892f4 ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.7.0-rc1-00004-gc4dad0aab3fca .config
	make HOSTCC=clang-12 CC=clang-12 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Rong Chen


View attachment "config-5.7.0-rc1-00004-gc4dad0aab3fca" of type "text/plain" (136939 bytes)

View attachment "job-script" of type "text/plain" (4373 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (116088 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ