lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 9 May 2022 11:10:32 +0530
From:   Naresh Kamboju <naresh.kamboju@...aro.org>
To:     "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>,
        "open list:GPIO SUBSYSTEM" <linux-gpio@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        lkft-triage@...ts.linaro.org
Cc:     Jon Hunter <jonathanh@...dia.com>,
        Justin Chen <justinpopo6@...il.com>,
        Shuah Khan <shuah@...nel.org>, Mark Brown <broonie@...nel.org>,
        brgl@...ev.pl, Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        andrei.lalaev@...id.com, Linus Walleij <linus.walleij@...aro.org>,
        u.kleine-koenig@...gutronix.de,
        Raghuram Thammiraju <raghuram.thammiraju@....com>,
        Florian Fainelli <f.fainelli@...il.com>,
        Marc Zyngier <maz@...nel.org>,
        Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@...hiba.co.jp>
Subject: [next] gpio: gpio-sim.sh: Unable to handle kernel NULL pointer
 dereference at virtual address 0000000000000008

Following kernel crash noticed while running kselftest gpio gpio-sim.sh on
qemu_arm64 with Linux next-20220506 kernel [1] & [2].

Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>

# selftests: gpio: gpio-sim.sh
# 1. chip_name and dev_name attributes
# 1.1. Chip name is communicated to user
# 1.2. chip_name returns 'none' if the chip is still pending
# 1.3. Device name is communicated to user
# 2. Creating and configuring simulated chips
# 2.1. Default number of lines is 1
# 2.2. Number of lines can be specified
# 2.3. Label can be set
# 2.4. Label can be left empty
# 2.5. Line names can be configured
# 2.6. Line config can remain unused if offset is greater than number of lines
# 2.7. Line configfs directory names are sanitized
# 2.8. Multiple chips can be created
# 2.9. Can't modify settings when chip is live
# 2.10. Can't create line items when chip is live
# 2.11. Probe errors are propagated to user-space
[  218.163457] gpio gpiochip1: (gpio-sim.0-node0): line cnt 34463 is
greater than fast path cnt 512
[  218.163739] gpiochip_find_base: cannot find free range
[  218.164216] gpiochip_add_data_with_key: GPIOs 0..34462
(gpio-sim.0-node0) failed to register, -28
[  218.164503] gpio-sim: probe of gpio-sim.0 failed with error -28
# 2.12. Cannot enable a chip without any GPIO banks
# 2.13. Duplicate chip labels are not allowed
# 2.14. Lines can be hogged
[  223.754983] gpio-2036 (?): hogged as input
[  224.231594] Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000008
[  224.233378] Mem abort info:
[  224.233719]   ESR = 0x0000000096000006
[  224.234076]   EC = 0x25: DABT (current EL), IL = 32 bits
[  224.235432]   SET = 0, FnV = 0
[  224.235790]   EA = 0, S1PTW = 0
[  224.236146]   FSC = 0x06: level 2 translation fault
[  224.236592] Data abort info:
[  224.236926]   ISV = 0, ISS = 0x00000006
[  224.237300]   CM = 0, WnR = 0
[  224.237738] user pgtable: 4k pages, 48-bit VAs, pgdp=000000010ab2b000
[  224.238785] [0000000000000008] pgd=080000010b9c4003,
p4d=080000010b9c4003, pud=080000010b990003, pmd=0000000000000000
[  224.240838] Internal error: Oops: 96000006 [#1] PREEMPT SMP
[  224.241509] Modules linked in: gpio_sim rfkill crct10dif_ce sm3_ce
sm3 sha3_ce sha512_ce sha512_arm64 fuse [last unloaded: gpio_mockup]
[  224.242848] CPU: 2 PID: 1105 Comm: gpio-mockup-cde Not tainted
5.18.0-rc5-next-20220506 #1
[  224.243548] Hardware name: linux,dummy-virt (DT)
[  224.244109] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  224.244643] pc : linereq_free+0xb0/0x120
[  224.245515] lr : linereq_create+0x548/0x640
[  224.245797] sp : ffff8000089eb870
[  224.246065] x29: ffff8000089eb870 x28: ffffd5cd009d5cd8 x27: ffff0000c32da0c0
[  224.246795] x26: ffffd5ccfeb521c8 x25: 0000000000000000 x24: ffff0000c60d1d20
[  224.247318] x23: ffff0000c60d1c00 x22: 0000000000000000 x21: 0000000000000118
[  224.247843] x20: 0000000000000001 x19: ffff0000c60d1c00 x18: 0000000000000000
[  224.248352] x17: ffffd5ccfcc2c288 x16: ffffd5ccfd019804 x15: ffffd5ccfd468a48
[  224.248875] x14: ffffd5ccfd4686c0 x13: ffffd5ccfcc11d48 x12: ffffd5ccfe224eec
[  224.249307] x11: ffffd5ccfe223b88 x10: ffffd5ccfcc2c4e8 x9 : ffffd5ccfd4688c8
[  224.249840] x8 : ffff0000c32e6108 x7 : bbbbbbbbbbbbbbbb x6 : 0000000000000001
[  224.250418] x5 : ffffd5ccff965000 x4 : ffffd5ccff9654f0 x3 : 0000000000000000
[  224.251050] x2 : ffff0000c33e5080 x1 : 0000000000000000 x0 : 0000000000000000
[  224.251741] Call trace:
[  224.251998]  linereq_free+0xb0/0x120
[  224.252315]  linereq_create+0x548/0x640
[  224.252571]  gpio_ioctl+0x88/0x754
[  224.252808]  __arm64_sys_ioctl+0xb4/0x100
[  224.253103]  invoke_syscall+0x78/0x100
[  224.253342]  el0_svc_common.constprop.0+0x104/0x124
[  224.253680]  do_el0_svc+0xb4/0xcc
[  224.253922]  el0_svc+0x68/0x160
[  224.254173]  el0t_64_sync_handler+0xbc/0x140
[  224.254504]  el0t_64_sync+0x18c/0x190
[  224.254929] Code: cb160273 8b130ef3 f9409261 b9413260 (f9400422)
[  224.255783] ---[ end trace 0000000000000000 ]---
# ./gpio-sim.sh: line 318:  1105 Segmentation fault
$BASE_DIR/gpio-mockup-cdev -s 1 /dev/`configfs_chip_name chip bank` 4
2> /dev/null

Broadcast message from systemd-journald@...o (Fri 2022-05-06 09:51:02 UTC):

kernel[304]: [  224.240838] Internal error: Oops: 96000006 [#1] PREEMPT SMP


Broadcast message from systemd-journald@...o (Fri 2022-05-06 09:51:02 UTC):

kernel[304]: [  224.254929] Code: cb160273 8b130ef3 f9409261 b9413260 (f9400422)

# 3. Controlling simulated chips
# 3.1. Pull can be set over sysfs
#
not ok 2 selftests: gpio: gpio-sim.sh # TIMEOUT 45 seconds

metadata:
  git_ref: master
  git_repo: ''
  git_sha: 38a288f5941ef03752887ad86f2d85442358c99a
  git_describe: next-20220506
  kernel_version: 5.18.0-rc5
  kernel-config: https://builds.tuxbuild.com/28mio5DFBEfnEtkiTLdPb9tTWVa/config
  build-url: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next/-/pipelines/532821646
  artifact-location: https://builds.tuxbuild.com/28mio5DFBEfnEtkiTLdPb9tTWVa
  toolchain: gcc-11

Steps to reproduce:
# cd /opt/kselftests/default-in-kernel/gpio
# ./gpio-sim.sh

Full test logs.
[1] https://lkft.validation.linaro.org/scheduler/job/4994124#L1108
[2] https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20220506/testrun/9366936/suite/linux-log-parser/test/check-kernel-oops-4994124/log

--
Linaro LKFT
https://lkft.linaro.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ