lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHmME9odvKzyAG7HgzSE-1gLOfiU=HL1MB5w4z=AwOsjz9WJPA@mail.gmail.com>
Date:   Mon, 28 Sep 2020 11:39:37 +0200
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     Chris Wilson <chris@...is-wilson.co.uk>
Cc:     intel-gfx@...ts.freedesktop.org,
        "open list:DRM DRIVERS" <dri-devel@...ts.freedesktop.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: 5.9-rc7 null ptr deref in __i915_gem_userptr_get_pages_worker

Seeing a new crash in 5.9-rc7 I didn't have in 5.9-rc6:

[ 1311.596896] BUG: kernel NULL pointer dereference, address: 0000000000000064
[ 1311.596898] #PF: supervisor write access in kernel mode
[ 1311.596899] #PF: error_code(0x0002) - not-present page
[ 1311.596899] PGD 0 P4D 0
[ 1311.596901] Oops: 0002 [#1] SMP
[ 1311.596902] CPU: 10 PID: 1431 Comm: kworker/u33:1 Tainted: P S   U
   O      5.9.0-rc7+ #140
[ 1311.596903] Hardware name: LENOVO 20QTCTO1WW/20QTCTO1WW, BIOS
N2OET47W (1.34 ) 08/06/2020
[ 1311.596955] Workqueue: i915-userptr-acquire
__i915_gem_userptr_get_pages_worker [i915]
[ 1311.596959] RIP: 0010:__get_user_pages_remote+0xd7/0x310
[ 1311.596960] Code: f5 01 00 00 83 7d 00 01 0f 85 ed 01 00 00 f7 c1
00 00 04 00 0f 84 58 01 00 00 65 48 8b 04 25 00 6d 01 00 48 8b 80 40
03 00 00 <c7> 40 64 01 00 00 00 65 48 8b 04 25 00 6d 01 00 48 c7 44 24
18 00
[ 1311.596961] RSP: 0018:ffff888fdfe47de0 EFLAGS: 00010206
[ 1311.596962] RAX: 0000000000000000 RBX: 00007fe188531000 RCX: 0000000000040001
[ 1311.596962] RDX: 0000000000000001 RSI: 00007fe188531000 RDI: ffff888ff0748f00
[ 1311.596963] RBP: ffff888fdfe47e54 R08: ffff888fedc7d7c8 R09: 0000000000000000
[ 1311.596963] R10: 0000000000000018 R11: fefefefefefefeff R12: ffff888ff0748f00
[ 1311.596963] R13: ffff888fedc7d7c8 R14: ffff888f81fe3a40 R15: 0000000000042003
[ 1311.596964] FS:  0000000000000000(0000) GS:ffff888ffc480000(0000)
knlGS:0000000000000000
[ 1311.596965] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1311.596965] CR2: 0000000000000064 CR3: 0000000002009003 CR4: 00000000003706e0
[ 1311.596966] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1311.596966] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1311.596967] Call Trace:
[ 1311.596993]  __i915_gem_userptr_get_pages_worker+0xc8/0x260 [i915]
[ 1311.596996]  process_one_work+0x1ca/0x390
[ 1311.596997]  worker_thread+0x48/0x3c0
[ 1311.596998]  ? rescuer_thread+0x3d0/0x3d0
[ 1311.597000]  kthread+0x114/0x130
[ 1311.597001]  ? kthread_create_worker_on_cpu+0x40/0x40
[ 1311.597003]  ret_from_fork+0x1f/0x30
[ 1311.597031] CR2: 0000000000000064
[ 1311.597033] ---[ end trace e2b8ddde994a6f6d ]---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ