| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Dec 2020 14:23:10 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Ian Kent <raven@...maw.net>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, Fox Chen <foxhlchen@...il.com>,
Tejun Heo <tj@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Rick Lindsley <ricklind@...ux.vnet.ibm.com>,
Al Viro <viro@...IV.linux.org.uk>,
David Howells <dhowells@...hat.com>,
Miklos Szeredi <miklos@...redi.hu>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: [kernfs] ca0f27ecb7: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: ca0f27ecb7ab7278183680b79f3de35416372fa3 ("[PATCH 6/6] kernfs: add a spinlock to kernfs iattrs for inode updates")
url: https://github.com/0day-ci/linux/commits/Ian-Kent/kernfs-proposed-locking-and-concurrency-improvement/20201222-155145
base: https://git.kernel.org/cgit/linux/kernel/git/gregkh/driver-core.git accefff5b547a9a1d959c7e76ad539bf2480e78b
in testcase: locktorture
version:
with following parameters:
runtime: 300s
test: default
test-description: This torture test consists of creating a number of kernel threads which acquire the lock and hold it for specific amount of time, thus simulating different critical region behaviors.
test-url: https://www.kernel.org/doc/Documentation/locking/locktorture.txt
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------+------------+------------+
| | 51383f001c | ca0f27ecb7 |
+---------------------------------------------+------------+------------+
| boot_successes | 10 | 0 |
| boot_failures | 0 | 10 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 10 |
| Oops:#[##] | 0 | 10 |
| RIP:_raw_spin_lock | 0 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 10 |
+---------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 10.631592] BUG: kernel NULL pointer dereference, address: 0000000000000058
[ 10.633698] #PF: supervisor write access in kernel mode
[ 10.635218] #PF: error_code(0x0002) - not-present page
[ 10.636627] PGD 0 P4D 0
[ 10.637454] Oops: 0002 [#1] SMP PTI
[ 10.638451] CPU: 1 PID: 1 Comm: systemd Not tainted 5.10.0-10901-gca0f27ecb7ab #1
[ 10.640384] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 10.642512] RIP: 0010:_raw_spin_lock+0x13/0x40
[ 10.643746] Code: 33 b7 a2 58 31 c0 ba ff 00 00 00 f0 0f b1 17 75 01 c3 e9 e0 8d 55 ff 66 66 66 66 90 65 ff 05 14 b7 a2 58 31 c0 ba 01 00 00 00 <f0> 0f b1 17 75 01 c3 89 c6 e8 ff 73 55 ff 66 90 c3 66 66 2e 0f 1f
[ 10.648414] RSP: 0018:ffff967740013da0 EFLAGS: 00010246
[ 10.649743] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 10.651555] RDX: 0000000000000001 RSI: ffff8a0581d30708 RDI: 0000000000000058
[ 10.653341] RBP: ffff967740013dc8 R08: ffff8a0540232d48 R09: ffff8a0540232d48
[ 10.655161] R10: ffff8a0581d30000 R11: 0000000000000005 R12: ffff8a0581d30708
[ 10.656903] R13: ffff8a05401d5f80 R14: 0000000000000058 R15: ffff8a058739a9c0
[ 10.658737] FS: 00007f88eae95940(0000) GS:ffff8a067fd00000(0000) knlGS:0000000000000000
[ 10.660820] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 10.662400] CR2: 0000000000000058 CR3: 000000010005e000 CR4: 00000000000406e0
[ 10.664204] Call Trace:
[ 10.665010] kernfs_refresh_inode+0x26/0xc0
[ 10.667380] kernfs_get_inode+0xa0/0x120
[ 10.668556] kernfs_get_tree+0x12b/0x240
[ 10.669670] sysfs_get_tree+0x13/0x40
[ 10.670694] vfs_get_tree+0x25/0xc0
[ 10.671689] path_mount+0x43f/0x9c0
[ 10.672680] do_mount+0x75/0xa0
[ 10.673635] __x64_sys_mount+0x8e/0xe0
[ 10.674686] do_syscall_64+0x33/0x40
[ 10.675718] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 10.677137] RIP: 0033:0x7f88ec055fea
[ 10.678181] Code: 48 8b 0d a9 0e 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 76 0e 0c 00 f7 d8 64 89 01 48
[ 10.682538] RSP: 002b:00007ffcafcda3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 10.684486] RAX: ffffffffffffffda RBX: 000055e4f51178c0 RCX: 00007f88ec055fea
[ 10.686253] RDX: 000055e4f50973a9 RSI: 000055e4f50941bf RDI: 000055e4f50973a9
[ 10.688136] RBP: 0000000000000003 R08: 0000000000000000 R09: 000055e4f5d2f4e0
[ 10.689919] R10: 000000000000000e R11: 0000000000000246 R12: 0000000000000000
[ 10.691647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
[ 10.693431] Modules linked in:
[ 10.694351] CR2: 0000000000000058
[ 10.695309] ---[ end trace f3fef33fa8d30916 ]---
To reproduce:
# build kernel
cd linux
cp config-5.10.0-10901-gca0f27ecb7ab .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
Thanks,
Oliver Sang
View attachment "config-5.10.0-10901-gca0f27ecb7ab" of type "text/plain" (171970 bytes)
View attachment "job-script" of type "text/plain" (4809 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (12620 bytes)
Powered by blists - more mailing lists