| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220519135945.GB1907@xsang-OptiPlex-9020>
Date: Thu, 19 May 2022 21:59:45 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Chris Down <chris@...isdown.name>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, Petr Mladek <pmladek@...e.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
kernel-team@...com
Subject: [printk] 6f922c8d53: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 6f922c8d53bf824736b3e481e7b80e8b31d84678 ("[RFC PATCH] printk: console: Allow each console to have its own loglevel")
url: https://github.com/intel-lab-lkp/linux/commits/Chris-Down/printk-console-Allow-each-console-to-have-its-own-loglevel/20220518-222756
patch link: https://lore.kernel.org/lkml/YoUBh5BSsURDO71Z@chrisdown.name
in testcase: boot
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------+------------+------------+
| | 3ef4ea3d84 | 6f922c8d53 |
+---------------------------------------------+------------+------------+
| boot_successes | 10 | 0 |
| boot_failures | 0 | 10 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 10 |
| Oops:#[##] | 0 | 10 |
| EIP:device_del | 0 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 10 |
+---------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 0.587557][ T0] BUG: kernel NULL pointer dereference, address: 00000068
[ 0.587561][ T0] #PF: supervisor read access in kernel mode
[ 0.587563][ T0] #PF: error_code(0x0000) - not-present page
[ 0.587565][ T0] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
[ 0.587571][ T0] Oops: 0000 [#1] SMP PTI
[ 0.587576][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.17.0-02191-g6f922c8d53bf #1
[ 0.587580][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 0.587582][ T0] EIP: device_del (??:?)
[ 0.587592][ T0] Code: 74 26 00 55 89 e5 57 56 53 89 c3 8d 73 44 83 ec 1c 64 a1 d8 a6 1c d4 89 45 f0 8b 43 24 89 45 dc 89 f0 e8 97 0e 36 00 8b 53 28 <0f> b6 42 68 a8 01 75 06 83 c8 01 88 42 68 89 f0 e8 7f 07 36 00 8b
All code
========
0: 74 26 je 0x28
2: 00 55 89 add %dl,-0x77(%rbp)
5: e5 57 in $0x57,%eax
7: 56 push %rsi
8: 53 push %rbx
9: 89 c3 mov %eax,%ebx
b: 8d 73 44 lea 0x44(%rbx),%esi
e: 83 ec 1c sub $0x1c,%esp
11: 64 a1 d8 a6 1c d4 89 movabs %fs:0x8bf04589d41ca6d8,%eax
18: 45 f0 8b
1b: 43 24 89 rex.XB and $0x89,%al
1e:* 45 dc 89 f0 e8 97 0e rex.RB fmull 0xe97e8f0(%r9) <-- trapping instruction
25: 36 00 8b 53 28 0f b6 add %cl,%ss:-0x49f0d7ad(%rbx)
2c: 42 68 a8 01 75 06 rex.X pushq $0x67501a8
32: 83 c8 01 or $0x1,%eax
35: 88 42 68 mov %al,0x68(%rdx)
38: 89 f0 mov %esi,%eax
3a: e8 7f 07 36 00 callq 0x3607be
3f: 8b .byte 0x8b
Code starting with the faulting instruction
===========================================
0: 0f b6 42 68 movzbl 0x68(%rdx),%eax
4: a8 01 test $0x1,%al
6: 75 06 jne 0xe
8: 83 c8 01 or $0x1,%eax
b: 88 42 68 mov %al,0x68(%rdx)
e: 89 f0 mov %esi,%eax
10: e8 7f 07 36 00 callq 0x360794
15: 8b .byte 0x8b
[ 0.587595][ T0] EAX: 00000000 EBX: d3cecb68 ECX: 00000000 EDX: 00000000
[ 0.587598][ T0] ESI: d3cecbac EDI: d3cecb20 EBP: d3cd9f30 ESP: d3cd9f08
[ 0.587601][ T0] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00210246
[ 0.587609][ T0] CR0: 80050033 CR2: 00000068 CR3: 141e2000 CR4: 000406b0
[ 0.587612][ T0] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 0.587614][ T0] DR6: fffe0ff0 DR7: 00000400
[ 0.587616][ T0] Call Trace:
[ 0.587620][ T0] ? __raw_callee_save___native_queued_spin_unlock (??:?)
[ 0.587628][ T0] device_unregister (??:?)
[ 0.587634][ T0] unregister_console (??:?)
[ 0.587640][ T0] register_console.cold+0x35/0x57
[ 0.587643][ T0] ? serial8250_isa_init_ports (8250_core.c:?)
[ 0.587651][ T0] register_console (??:?)
[ 0.587657][ T0] univ8250_console_init (8250_core.c:?)
[ 0.587661][ T0] console_init (??:?)
[ 0.587665][ T0] start_kernel (??:?)
[ 0.587670][ T0] i386_start_kernel (??:?)
[ 0.587673][ T0] startup_32_smp (arch/x86/kernel/head_32.S:328)
[ 0.587677][ T0] Modules linked in:
[ 0.587681][ T0] CR2: 0000000000000068
[ 0.587684][ T0] ---[ end trace 0000000000000000 ]---
[ 0.587686][ T0] EIP: device_del (??:?)
[ 0.587691][ T0] Code: 74 26 00 55 89 e5 57 56 53 89 c3 8d 73 44 83 ec 1c 64 a1 d8 a6 1c d4 89 45 f0 8b 43 24 89 45 dc 89 f0 e8 97 0e 36 00 8b 53 28 <0f> b6 42 68 a8 01 75 06 83 c8 01 88 42 68 89 f0 e8 7f 07 36 00 8b
All code
========
0: 74 26 je 0x28
2: 00 55 89 add %dl,-0x77(%rbp)
5: e5 57 in $0x57,%eax
7: 56 push %rsi
8: 53 push %rbx
9: 89 c3 mov %eax,%ebx
b: 8d 73 44 lea 0x44(%rbx),%esi
e: 83 ec 1c sub $0x1c,%esp
11: 64 a1 d8 a6 1c d4 89 movabs %fs:0x8bf04589d41ca6d8,%eax
18: 45 f0 8b
1b: 43 24 89 rex.XB and $0x89,%al
1e:* 45 dc 89 f0 e8 97 0e rex.RB fmull 0xe97e8f0(%r9) <-- trapping instruction
25: 36 00 8b 53 28 0f b6 add %cl,%ss:-0x49f0d7ad(%rbx)
2c: 42 68 a8 01 75 06 rex.X pushq $0x67501a8
32: 83 c8 01 or $0x1,%eax
35: 88 42 68 mov %al,0x68(%rdx)
38: 89 f0 mov %esi,%eax
3a: e8 7f 07 36 00 callq 0x3607be
3f: 8b .byte 0x8b
Code starting with the faulting instruction
===========================================
0: 0f b6 42 68 movzbl 0x68(%rdx),%eax
4: a8 01 test $0x1,%al
6: 75 06 jne 0xe
8: 83 c8 01 or $0x1,%eax
b: 88 42 68 mov %al,0x68(%rdx)
e: 89 f0 mov %esi,%eax
10: e8 7f 07 36 00 callq 0x360794
15: 8b .byte 0x8b
To reproduce:
# build kernel
cd linux
cp config-5.17.0-02191-g6f922c8d53bf .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.17.0-02191-g6f922c8d53bf" of type "text/plain" (141303 bytes)
View attachment "job-script" of type "text/plain" (4856 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (5432 bytes)
Powered by blists - more mailing lists