| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 4 Jul 2021 18:25:25 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Yangbo Lu <yangbo.lu@....com>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, netdev@...r.kernel.org,
Yangbo Lu <yangbo.lu@....com>, linux-kselftest@...r.kernel.org,
mptcp@...ts.linux.dev, Richard Cochran <richardcochran@...il.com>,
"David S . Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Mat Martineau <mathew.j.martineau@...ux.intel.com>,
Matthieu Baerts <matthieu.baerts@...sares.net>,
Shuah Khan <shuah@...nel.org>,
Michal Kubecek <mkubecek@...e.cz>,
Florian Fainelli <f.fainelli@...il.com>,
Andrew Lunn <andrew@...n.ch>, Rui Sousa <rui.sousa@....com>,
Sebastien Laveze <sebastien.laveze@....com>
Subject: [ptp] becdd56786: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: becdd56786002a908afd8a62f68976ed78572413 ("[net-next, v5, 02/11] ptp: support ptp physical/virtual clocks conversion")
url: https://github.com/0day-ci/linux/commits/Yangbo-Lu/ptp-support-virtual-clocks-and-timestamping/20210630-160348
in testcase: trinity
version: trinity-i386
with following parameters:
number: 99999
group: group-03
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 139.958903] BUG: kernel NULL pointer dereference, address: 00000304
[ 139.960977] #PF: supervisor read access in kernel mode
[ 139.962097] #PF: error_code(0x0000) - not-present page
[ 139.962097] *pde = 00000000
[ 139.962097] Oops: 0000 [#1] SMP
[ 139.962097] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G S 5.13.0-rc6-02622-gbecdd5678600 #1
[ 139.962097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 139.962097] EIP: ptp_clock_register (drivers/ptp/ptp_clock.c:237)
[ 139.962097] Code: 6a 00 e8 1f 1d 83 fc 89 83 44 15 00 00 83 c4 14 3d 00 f0 ff ff 0f 87 03 4f 9b 01 8b 83 f4 03 00 00 89 98 e0 00 00 00 8b 45 9c <8b> 80 04 03 00 00 85 c0 74 18 8b 00 85 c0 74 12 ba 7a e3 19 da e8
All code
========
0: 6a 00 pushq $0x0
2: e8 1f 1d 83 fc callq 0xfffffffffc831d26
7: 89 83 44 15 00 00 mov %eax,0x1544(%rbx)
d: 83 c4 14 add $0x14,%esp
10: 3d 00 f0 ff ff cmp $0xfffff000,%eax
15: 0f 87 03 4f 9b 01 ja 0x19b4f1e
1b: 8b 83 f4 03 00 00 mov 0x3f4(%rbx),%eax
21: 89 98 e0 00 00 00 mov %ebx,0xe0(%rax)
27: 8b 45 9c mov -0x64(%rbp),%eax
2a:* 8b 80 04 03 00 00 mov 0x304(%rax),%eax <-- trapping instruction
30: 85 c0 test %eax,%eax
32: 74 18 je 0x4c
34: 8b 00 mov (%rax),%eax
36: 85 c0 test %eax,%eax
38: 74 12 je 0x4c
3a: ba 7a e3 19 da mov $0xda19e37a,%edx
3f: e8 .byte 0xe8
Code starting with the faulting instruction
===========================================
0: 8b 80 04 03 00 00 mov 0x304(%rax),%eax
6: 85 c0 test %eax,%eax
8: 74 18 je 0x22
a: 8b 00 mov (%rax),%eax
c: 85 c0 test %eax,%eax
e: 74 12 je 0x22
10: ba 7a e3 19 da mov $0xda19e37a,%edx
15: e8 .byte 0xe8
[ 139.962097] EAX: 00000000 EBX: c98ba000 ECX: 00000002 EDX: da436e01
[ 139.962097] ESI: dc3727a4 EDI: 00000000 EBP: c1c71f14 ESP: c1c71ea0
[ 139.962097] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
[ 139.962097] CR0: 80050033 CR2: 00000304 CR3: 1b9ef000 CR4: 000406d0
[ 139.962097] Call Trace:
[ 139.962097] ? kobject_uevent_env (lib/kobject_uevent.c:628)
[ 139.962097] ? ptp_pch_init (drivers/ptp/ptp_kvm_common.c:136)
[ 139.962097] ? slow_virt_to_phys (arch/x86/mm/pat/set_memory.c:704)
[ 139.962097] ptp_kvm_init (include/linux/err.h:31 include/linux/err.h:60 drivers/ptp/ptp_kvm_common.c:150)
[ 139.962097] ? ptp_pch_init (drivers/ptp/ptp_kvm_common.c:136)
[ 139.962097] do_one_initcall (init/main.c:1249)
[ 139.962097] ? kernel_init_freeable (include/linux/compiler.h:234 include/linux/init.h:124 init/main.c:1322 init/main.c:1338 init/main.c:1358 init/main.c:1560)
[ 139.962097] kernel_init_freeable (init/main.c:1321 init/main.c:1338 init/main.c:1358 init/main.c:1560)
[ 139.962097] ? rest_init (init/main.c:1444)
[ 140.005239] kernel_init (init/main.c:1449)
[ 140.005239] ret_from_fork (arch/x86/entry/entry_32.S:775)
[ 140.005239] Modules linked in:
[ 140.005239] CR2: 0000000000000304
[ 140.005239] _warn_unseeded_randomness: 9 callbacks suppressed
[ 140.005239] random: get_random_bytes called from init_oops_id+0x42/0x60 with crng_init=0
[ 140.005239] ---[ end trace 739df3099651fd35 ]---
[ 140.005239] EIP: ptp_clock_register (drivers/ptp/ptp_clock.c:237)
[ 140.005239] Code: 6a 00 e8 1f 1d 83 fc 89 83 44 15 00 00 83 c4 14 3d 00 f0 ff ff 0f 87 03 4f 9b 01 8b 83 f4 03 00 00 89 98 e0 00 00 00 8b 45 9c <8b> 80 04 03 00 00 85 c0 74 18 8b 00 85 c0 74 12 ba 7a e3 19 da e8
All code
========
0: 6a 00 pushq $0x0
2: e8 1f 1d 83 fc callq 0xfffffffffc831d26
7: 89 83 44 15 00 00 mov %eax,0x1544(%rbx)
d: 83 c4 14 add $0x14,%esp
10: 3d 00 f0 ff ff cmp $0xfffff000,%eax
15: 0f 87 03 4f 9b 01 ja 0x19b4f1e
1b: 8b 83 f4 03 00 00 mov 0x3f4(%rbx),%eax
21: 89 98 e0 00 00 00 mov %ebx,0xe0(%rax)
27: 8b 45 9c mov -0x64(%rbp),%eax
2a:* 8b 80 04 03 00 00 mov 0x304(%rax),%eax <-- trapping instruction
30: 85 c0 test %eax,%eax
32: 74 18 je 0x4c
34: 8b 00 mov (%rax),%eax
36: 85 c0 test %eax,%eax
38: 74 12 je 0x4c
3a: ba 7a e3 19 da mov $0xda19e37a,%edx
3f: e8 .byte 0xe8
Code starting with the faulting instruction
===========================================
0: 8b 80 04 03 00 00 mov 0x304(%rax),%eax
6: 85 c0 test %eax,%eax
8: 74 18 je 0x22
a: 8b 00 mov (%rax),%eax
c: 85 c0 test %eax,%eax
e: 74 12 je 0x22
10: ba 7a e3 19 da mov $0xda19e37a,%edx
15: e8 .byte 0xe8
To reproduce:
# build kernel
cd linux
cp config-5.13.0-rc6-02622-gbecdd5678600 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.13.0-rc6-02622-gbecdd5678600" of type "text/plain" (270790 bytes)
View attachment "job-script" of type "text/plain" (4088 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (36404 bytes)
Powered by blists - more mailing lists