| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210903090250.GC29784@xsang-OptiPlex-9020>
Date: Fri, 3 Sep 2021 17:02:50 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Luiz Augusto von Dentz <luiz.dentz@...il.com>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, linux-bluetooth@...r.kernel.org
Subject: [Bluetooth] e1ce6a3427: BUG:unable_to_handle_page_fault_for_address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: e1ce6a3427fad2e3ecfdab087d93e13fc72599a3 ("[PATCH 4/4] Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg")
url: https://github.com/0day-ci/linux/commits/Luiz-Augusto-von-Dentz/Bluetooth-Add-bt_skb_sendmsg-helper/20210901-082811
base: https://git.kernel.org/cgit/linux/kernel/git/bluetooth/bluetooth-next.git master
in testcase: trinity
version: trinity-x86_64-b1a0aef9-1_20210901
with following parameters:
ucode: 0xe2
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz with 32G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------+------------+------------+
| | 0eab6ff3b3 | e1ce6a3427 |
+---------------------------------------------+------------+------------+
| boot_failures | 0 | 13 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 13 |
| Oops:#[##] | 0 | 13 |
| RIP:skb_release_data | 0 | 13 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 13 |
+---------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 32.034956][ T1099] BUG: unable to handle page fault for address: fffffffffffffff2
[ 32.042483][ T1099] #PF: supervisor read access in kernel mode
[ 32.048278][ T1099] #PF: error_code(0x0000) - not-present page
[ 32.054075][ T1099] PGD 870c13067 P4D 870c13067 PUD 870c15067 PMD 0
[ 32.060389][ T1099] Oops: 0000 [#1] SMP PTI
[ 32.064545][ T1099] CPU: 3 PID: 1099 Comm: trinity-c0 Tainted: G I 5.14.0-rc7-01825-ge1ce6a3427fa #1
[ 32.074916][ T1099] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.1.1 10/07/2015
[ 32.082955][ T1099] RIP: 0010:skb_release_data+0x119/0x180
[ 32.088411][ T1099] Code: 90 f0 ff 4d 34 75 bd 48 89 ef 48 83 c3 01 e8 7e b3 85 ff 41 0f b6 44 24 02 39 d8 7f b5 49 8b 5c 24 08 48 85 db 74 10 48 89 d
f <48> 8b 1b e8 df fd ff ff 48 85 db 75 f0 4c 89 ef e8 52 c8 ff ff 41
[ 32.107756][ T1099] RSP: 0018:ffffc9000098fd38 EFLAGS: 00010282
[ 32.113637][ T1099] RAX: ffff88886e564701 RBX: fffffffffffffff2 RCX: ffffffff8262ef08
[ 32.121429][ T1099] RDX: 0000000000000b59 RSI: ffffffff81a67fe1 RDI: fffffffffffffff2
[ 32.129222][ T1099] RBP: ffff88886e564c00 R08: 0000000000000001 R09: ffffffff81a67f00
[ 32.137000][ T1099] R10: ffff888100ee2800 R11: 0000000000000001 R12: ffff888100ee0ec0
[ 32.144783][ T1099] R13: ffff88886e564c00 R14: 000000000000007f R15: ffff88886e564f00
[ 32.152576][ T1099] FS: 00007f0b2ec5e740(0000) GS:ffff888841580000(0000) knlGS:0000000000000000
[ 32.161304][ T1099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.167701][ T1099] CR2: fffffffffffffff2 CR3: 000000086dbe0006 CR4: 00000000003706e0
[ 32.175481][ T1099] DR0: 00007f0b2cd44000 DR1: 00007f0b2cdb6000 DR2: 00007f0b2cdbb000
[ 32.183259][ T1099] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 32.191038][ T1099] Call Trace:
[ 32.194161][ T1099] kfree_skb+0x2c/0xc0
[ 32.198064][ T1099] rfcomm_sock_sendmsg+0x368/0x4c0 [rfcomm]
[ 32.203776][ T1099] sock_sendmsg+0x5e/0x80
[ 32.207939][ T1099] __sys_sendto+0xee/0x180
[ 32.212193][ T1099] __x64_sys_sendto+0x25/0x40
[ 32.216700][ T1099] do_syscall_64+0x3b/0xc0
[ 32.220951][ T1099] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 32.226667][ T1099] RIP: 0033:0x7f0b2ed75f59
[ 32.230917][ T1099] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 07 6f 0c 00 f7 d8 64 89 01 48
[ 32.250266][ T1099] RSP: 002b:00007fff1c21ba78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 32.258477][ T1099] RAX: ffffffffffffffda RBX: 000000000000002c RCX: 00007f0b2ed75f59
[ 32.266255][ T1099] RDX: 0000000000000677 RSI: 0000562987640980 RDI: 000000000000016b
[ 32.274034][ T1099] RBP: 000000000000002c R08: 0000562987640900 R09: 000000000000006e
[ 32.281812][ T1099] R10: 00000000800067b8 R11: 0000000000000246 R12: 0000000000000002
[ 32.289607][ T1099] R13: 00007f0b2d728058 R14: 00007f0b2ec5e6c0 R15: 00007f0b2d728000
[ 32.297401][ T1099] Modules linked in: mpls_router ip_tunnel vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vmw_vmci ieee802154_socket ieee802154 af_key hidp bnep rfcomm bluetooth ecdh_generic ecc rfkill can_bcm can_raw can crypto_user ib_core nfnetlink scsi_transport_iscsi atm sctp ip6_udp_tunnel udp_tunnel xfs btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c ipmi_devintf ipmi_msghandler sd_mod t10_pi sg intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp i915 kvm_intel kvm intel_gtt irqbypass ttm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel drm_kms_helper rapl syscopyarea mei_wdt intel_cstate sysfillrect wmi_bmof sysimgblt intel_uncore fb_sys_fops ahci mei_me libahci drm libata intel_pch_thermal mei wmi video intel_pmc_core acpi_pad ip_tables
[ 32.370652][ T1099] CR2: fffffffffffffff2
[ 32.374635][ T1099] ---[ end trace 618f0f6fd7095aea ]---
[ 32.379926][ T1099] RIP: 0010:skb_release_data+0x119/0x180
[ 32.385378][ T1099] Code: 90 f0 ff 4d 34 75 bd 48 89 ef 48 83 c3 01 e8 7e b3 85 ff 41 0f b6 44 24 02 39 d8 7f b5 49 8b 5c 24 08 48 85 db 74 10 48 89 df <48> 8b 1b e8 df fd ff ff 48 85 db 75 f0 4c 89 ef e8 52 c8 ff ff 41
[ 32.404720][ T1099] RSP: 0018:ffffc9000098fd38 EFLAGS: 00010282
[ 32.410602][ T1099] RAX: ffff88886e564701 RBX: fffffffffffffff2 RCX: ffffffff8262ef08
[ 32.418396][ T1099] RDX: 0000000000000b59 RSI: ffffffff81a67fe1 RDI: fffffffffffffff2
[ 32.426175][ T1099] RBP: ffff88886e564c00 R08: 0000000000000001 R09: ffffffff81a67f00
[ 32.433952][ T1099] R10: ffff888100ee2800 R11: 0000000000000001 R12: ffff888100ee0ec0
[ 32.441732][ T1099] R13: ffff88886e564c00 R14: 000000000000007f R15: ffff88886e564f00
[ 32.449533][ T1099] FS: 00007f0b2ec5e740(0000) GS:ffff888841580000(0000) knlGS:0000000000000000
[ 32.458273][ T1099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 32.464683][ T1099] CR2: fffffffffffffff2 CR3: 000000086dbe0006 CR4: 00000000003706e0
[ 32.472474][ T1099] DR0: 00007f0b2cd44000 DR1: 00007f0b2cdb6000 DR2: 00007f0b2cdbb000
[ 32.480256][ T1099] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 32.488037][ T1099] Kernel panic - not syncing: Fatal exception
[ 32.493954][ T1099] Kernel Offset: disabled
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
bin/lkp run generated-yaml-file
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.14.0-rc7-01825-ge1ce6a3427fa" of type "text/plain" (175661 bytes)
View attachment "job-script" of type "text/plain" (5130 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (22240 bytes)
View attachment "job.yaml" of type "text/plain" (3958 bytes)
Powered by blists - more mailing lists