lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210627095000.GB17986@xsang-OptiPlex-9020>
Date:   Sun, 27 Jun 2021 17:50:00 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Yangbo Lu <yangbo.lu@....com>
Cc:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org, netdev@...r.kernel.org,
        Yangbo Lu <yangbo.lu@....com>, linux-kselftest@...r.kernel.org,
        mptcp@...ts.linux.dev, Richard Cochran <richardcochran@...il.com>,
        "David S . Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Mat Martineau <mathew.j.martineau@...ux.intel.com>,
        Matthieu Baerts <matthieu.baerts@...sares.net>,
        Shuah Khan <shuah@...nel.org>,
        Michal Kubecek <mkubecek@...e.cz>,
        Florian Fainelli <f.fainelli@...il.com>,
        Andrew Lunn <andrew@...n.ch>, Rui Sousa <rui.sousa@....com>,
        Sebastien Laveze <sebastien.laveze@....com>
Subject: [ptp]  d7b8e363d0: BUG:kernel_NULL_pointer_dereference,address



Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: d7b8e363d025cb61b9fbcee829ce69ff82393e78 ("[net-next, v4, 02/11] ptp: support ptp physical/virtual clocks conversion")
url: https://github.com/0day-ci/linux/commits/Yangbo-Lu/ptp-support-virtual-clocks-and-timestamping/20210625-172554


in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------+------------+------------+
|                                                 | fd3836e9bc | d7b8e363d0 |
+-------------------------------------------------+------------+------------+
| boot_successes                                  | 17         | 0          |
| BUG:kernel_NULL_pointer_dereference,address     | 0          | 35         |
| Oops:#[##]                                      | 0          | 35         |
| EIP:ptp_clock_register                          | 0          | 35         |
| Kernel_panic-not_syncing:Fatal_exception        | 0          | 35         |
+-------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[    1.357423] BUG: kernel NULL pointer dereference, address: 00000190
[    1.358353] #PF: supervisor read access in kernel mode
[    1.358353] #PF: error_code(0x0000) - not-present page
[    1.358353] *pde = 00000000
[    1.358353] Oops: 0000 [#1] SMP
[    1.358353] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.13.0-rc6-02069-gd7b8e363d025 #1
[    1.363334] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[    1.363334] EIP: ptp_clock_register (drivers/ptp/ptp_clock.c:236) 
[ 1.363334] Code: ff ff b3 34 02 00 00 68 e3 7a f9 ca 6a 00 e8 28 29 8e ff 89 83 a8 12 00 00 83 c4 14 3d 00 f0 ff ff 0f 87 07 95 36 00 8b 45 9c <8b> 80 90 01 00 00 85 c0 0f 84 33 01 00 00 8b 00 ba 9c 7a f9 ca e8
All code
========
   0:	ff                   	(bad)  
   1:	ff b3 34 02 00 00    	pushq  0x234(%rbx)
   7:	68 e3 7a f9 ca       	pushq  $0xffffffffcaf97ae3
   c:	6a 00                	pushq  $0x0
   e:	e8 28 29 8e ff       	callq  0xffffffffff8e293b
  13:	89 83 a8 12 00 00    	mov    %eax,0x12a8(%rbx)
  19:	83 c4 14             	add    $0x14,%esp
  1c:	3d 00 f0 ff ff       	cmp    $0xfffff000,%eax
  21:	0f 87 07 95 36 00    	ja     0x36952e
  27:	8b 45 9c             	mov    -0x64(%rbp),%eax
  2a:*	8b 80 90 01 00 00    	mov    0x190(%rax),%eax		<-- trapping instruction
  30:	85 c0                	test   %eax,%eax
  32:	0f 84 33 01 00 00    	je     0x16b
  38:	8b 00                	mov    (%rax),%eax
  3a:	ba 9c 7a f9 ca       	mov    $0xcaf97a9c,%edx
  3f:	e8                   	.byte 0xe8

Code starting with the faulting instruction
===========================================
   0:	8b 80 90 01 00 00    	mov    0x190(%rax),%eax
   6:	85 c0                	test   %eax,%eax
   8:	0f 84 33 01 00 00    	je     0x141
   e:	8b 00                	mov    (%rax),%eax
  10:	ba 9c 7a f9 ca       	mov    $0xcaf97a9c,%edx
  15:	e8                   	.byte 0xe8
[    1.363334] EAX: 00000000 EBX: c12bc000 ECX: 00000000 EDX: c12bd278
[    1.363334] ESI: cb67d904 EDI: 0fc00000 EBP: c10c5f1c ESP: c10c5eb4
[    1.363334] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
[    1.363334] CR0: 80050033 CR2: 00000190 CR3: 0b540000 CR4: 000406d0
[    1.363334] Call Trace:
[    1.363334] ? kobject_uevent (lib/kobject_uevent.c:643) 
[    1.363334] ? ptp_init (drivers/ptp/ptp_kvm_common.c:136) 
[    1.363334] ? slow_virt_to_phys (arch/x86/mm/pat/set_memory.c:704) 
[    1.363334] ptp_kvm_init (include/linux/err.h:31 include/linux/err.h:60 drivers/ptp/ptp_kvm_common.c:150) 
[    1.363334] ? ptp_init (drivers/ptp/ptp_kvm_common.c:136) 
[    1.363334] do_one_initcall (init/main.c:1249) 
[    1.363334] ? rdinit_setup (init/main.c:1308) 
[    1.363334] kernel_init_freeable (init/main.c:1321 init/main.c:1338 init/main.c:1358 init/main.c:1560) 
[    1.363334] ? rest_init (init/main.c:1444) 
[    1.363334] kernel_init (init/main.c:1449) 
[    1.363334] ret_from_fork (arch/x86/entry/entry_32.S:775) 
[    1.363334] Modules linked in:
[    1.363334] CR2: 0000000000000190
[    1.363334] ---[ end trace 3b8fb0506f39eed9 ]---
[    1.363334] EIP: ptp_clock_register (drivers/ptp/ptp_clock.c:236) 
[ 1.363334] Code: ff ff b3 34 02 00 00 68 e3 7a f9 ca 6a 00 e8 28 29 8e ff 89 83 a8 12 00 00 83 c4 14 3d 00 f0 ff ff 0f 87 07 95 36 00 8b 45 9c <8b> 80 90 01 00 00 85 c0 0f 84 33 01 00 00 8b 00 ba 9c 7a f9 ca e8
All code
========
   0:	ff                   	(bad)  
   1:	ff b3 34 02 00 00    	pushq  0x234(%rbx)
   7:	68 e3 7a f9 ca       	pushq  $0xffffffffcaf97ae3
   c:	6a 00                	pushq  $0x0
   e:	e8 28 29 8e ff       	callq  0xffffffffff8e293b
  13:	89 83 a8 12 00 00    	mov    %eax,0x12a8(%rbx)
  19:	83 c4 14             	add    $0x14,%esp
  1c:	3d 00 f0 ff ff       	cmp    $0xfffff000,%eax
  21:	0f 87 07 95 36 00    	ja     0x36952e
  27:	8b 45 9c             	mov    -0x64(%rbp),%eax
  2a:*	8b 80 90 01 00 00    	mov    0x190(%rax),%eax		<-- trapping instruction
  30:	85 c0                	test   %eax,%eax
  32:	0f 84 33 01 00 00    	je     0x16b
  38:	8b 00                	mov    (%rax),%eax
  3a:	ba 9c 7a f9 ca       	mov    $0xcaf97a9c,%edx
  3f:	e8                   	.byte 0xe8

Code starting with the faulting instruction
===========================================
   0:	8b 80 90 01 00 00    	mov    0x190(%rax),%eax
   6:	85 c0                	test   %eax,%eax
   8:	0f 84 33 01 00 00    	je     0x141
   e:	8b 00                	mov    (%rax),%eax
  10:	ba 9c 7a f9 ca       	mov    $0xcaf97a9c,%edx
  15:	e8                   	.byte 0xe8


To reproduce:

        # build kernel
	cd linux
	cp config-5.13.0-rc6-02069-gd7b8e363d025 .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.13.0-rc6-02069-gd7b8e363d025" of type "text/plain" (126188 bytes)

View attachment "job-script" of type "text/plain" (4472 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (9540 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ