lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20201109191332.GA6810@audible.transient.net>
Date:   Mon, 9 Nov 2020 19:13:32 +0000
From:   Jamie Heilman <jamie@...ible.transient.net>
To:     Ben Gardon <bgardon@...gle.com>
Cc:     Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: null pointer deref in kvm

Everytime I try to start a guest in 5.10 I get something like the
following:

kern.alert: BUG: kernel NULL pointer dereference, address: 00000000000000a4
kern.alert: #PF: supervisor read access in kernel mode
kern.alert: #PF: error_code(0x0000) - not-present page
kern.info: PGD 0 P4D 0 
kern.warn: Oops: 0000 [#1] PREEMPT SMP PTI
kern.warn: CPU: 1 PID: 2810 Comm: qemu-system-x86 Not tainted 5.10.0-rc2-00482-g15f5d201c177 #1
kern.warn: Hardware name: Dell Inc. Precision WorkStation T3400  /0TP412, BIOS A14 04/30/2012
kern.warn: RIP: 0010:is_tdp_mmu_root+0x18/0x2e [kvm]
kern.warn: Code: 91 00 00 48 81 c7 00 91 00 00 48 39 f8 74 02 0f 0b c3 b8 f5 ff 7f 00 48 c1 ee 0c 48 c1 e0 29 48 c1 e6 06 48 8b 54 06 28 31 c0 <80> ba a4 00 00 00 00 74 09 31 c0 83 7a 50 00 0f 95 c0 83 e0 01 c3
kern.warn: RSP: 0018:ffffc90000567bf0 EFLAGS: 00010246
kern.warn: RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
kern.warn: RDX: 0000000000000000 RSI: 0000000000dc0380 RDI: ffffc900003c1000
kern.warn: RBP: 00000000000000fe R08: 00000000000000fe R09: 0000000000000000
kern.warn: R10: ffff88810b8cc980 R11: 0000000000000000 R12: 0000000000000014
kern.warn: R13: 0000000000000000 R14: ffff88810f7d0000 R15: 0000000000000001
kern.warn: FS:  00007f25b930e700(0000) GS:ffff888233d00000(0000) knlGS:0000000000000000
kern.warn: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kern.warn: CR2: 00000000000000a4 CR3: 000000011a192000 CR4: 00000000000426e0
kern.warn: Call Trace:
kern.warn:  direct_page_fault+0x93/0x5c2 [kvm]
kern.warn:  ? writeback_registers+0x18/0x52 [kvm]
kern.warn:  kvm_mmu_page_fault+0x2b7/0x3f1 [kvm]
kern.warn:  ? kvm_load_host_xsave_state+0x3b/0x82 [kvm]
kern.warn:  kvm_arch_vcpu_ioctl_run+0x1077/0x133d [kvm]
kern.warn:  kvm_vcpu_ioctl+0x1ba/0x4f6 [kvm]
kern.warn:  vfs_ioctl+0x1a/0x28
kern.warn:  __x64_sys_ioctl+0x651/0x689
kern.warn:  do_syscall_64+0x33/0x40
kern.warn:  entry_SYSCALL_64_after_hwframe+0x44/0xa9
kern.warn: RIP: 0033:0x7f25bb955c27
kern.warn: Code: 00 00 00 48 8b 05 69 92 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 39 92 0c 00 f7 d8 64 89 01 48
kern.warn: RSP: 002b:00007f25b930d588 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
kern.warn: RAX: ffffffffffffffda RBX: 000000000000ae80 RCX: 00007f25bb955c27
kern.warn: RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000012
kern.warn: RBP: 000055b3b5e45f70 R08: 000055b3b39a1410 R09: 00007f25b0003010
kern.warn: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
kern.warn: R13: 000055b3b3e2fcc0 R14: 00007f25b930d840 R15: 0000000000802000
kern.warn: Modules linked in: af_packet nfsv4 cpufreq_userspace cpufreq_powersave cpufreq_ondemand cpufreq_conservative fan autofs4 nfsd auth_rpcgss nfs lockd grace nfs_ssc fscache sunrpc bridge stp llc nhpoly1305_sse2 nhpoly1305 aes_generic libaes chacha_generic chacha_x86_64 libchacha adiantum libpoly1305 vhost_net tun vhost vhost_iotlb tap dm_crypt snd_hda_codec_analog snd_hda_codec_generic usb_storage snd_hda_intel snd_intel_dspcfg kvm_intel snd_hda_codec snd_hwdep snd_hda_core kvm irqbypass snd_pcm snd_timer dcdbas sr_mod tg3 evdev snd cdrom soundcore sg floppy xfs dm_mod raid1 md_mod psmouse
kern.warn: CR2: 00000000000000a4
kern.warn: ---[ end trace d0a7ec7b0b4dda46 ]---
kern.warn: RIP: 0010:is_tdp_mmu_root+0x18/0x2e [kvm]
kern.warn: Code: 91 00 00 48 81 c7 00 91 00 00 48 39 f8 74 02 0f 0b c3 b8 f5 ff 7f 00 48 c1 ee 0c 48 c1 e0 29 48 c1 e6 06 48 8b 54 06 28 31 c0 <80> ba a4 00 00 00 00 74 09 31 c0 83 7a 50 00 0f 95 c0 83 e0 01 c3
kern.warn: RSP: 0018:ffffc90000567bf0 EFLAGS: 00010246
kern.warn: RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
kern.warn: RDX: 0000000000000000 RSI: 0000000000dc0380 RDI: ffffc900003c1000
kern.warn: RBP: 00000000000000fe R08: 00000000000000fe R09: 0000000000000000
kern.warn: R10: ffff88810b8cc980 R11: 0000000000000000 R12: 0000000000000014
kern.warn: R13: 0000000000000000 R14: ffff88810f7d0000 R15: 0000000000000001
kern.warn: FS:  00007f25b930e700(0000) GS:ffff888233d00000(0000) knlGS:0000000000000000
kern.warn: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kern.warn: CR2: 00007f1b794e0a08 CR3: 000000011a192000 CR4: 00000000000426e0

This doens't quite bisect all the way due to a build failure, but the
last good commit is 7d94531249a54b822f1a8b20d8a8f8d59ad1d985, while
bb18842e21111a979e2e0e1c5d85c09646f18d51 fails to build and
89c0fd494af3912d32ba5765b7147f36a34d1fa3 is bad. 

My kernel config is attached.
The parent processor is a Intel Core 2 Duo CPU E8400.
The qemu command line being used is:

/usr/bin/qemu-system-x86_64 -name ruth -S \
    -machine pc-i440fx-2.1,accel=kvm,usb=off -m 2048 -realtime mlock=off \
    -smp 1,sockets=1,cores=1,threads=1 -nographic -no-user-config -nodefaults \
    -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/ruth.monitor,server,nowait
\
    -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc
    -no-shutdown -boot strict=on \
    -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 \
    -drive file=/dev/S/ruth,if=none,id=drive-virtio-disk0,format=raw,cache=none \
    -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
    -fsdev local,security_model=mapped,id=fsdev-fs0,path=/var/local/downloads \
    -device virtio-9p-pci,id=fs0,fsdev=fsdev-fs0,mount_tag=downloads,bus=pci.0,addr=0x3 \
    -netdev tap,fd=23,id=hostnet0,vhost=on,vhostfd=24 \
    -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:9a:0c:07,bus=pci.0,addr=0x4 \
    -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 \
    -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 \
    -object rng-random,id=rng0,filename=/dev/random \
    -device virtio-rng-pci,rng=rng0,max-bytes=1024,period=3000,bus=pci.0,addr=0x2 \
    -msg timestamp=on

Let me know if you need anything else.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/

View attachment "config-5.10.0-rc2-00482-g15f5d201c177" of type "text/plain" (102188 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ