lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <25d7e982-f959-d86c-a6e7-5efd1db1e75c@posteo.de>
Date:   Wed,  2 Nov 2022 15:57:56 +0000
From:   postix@...teo.eu
To:     rostedt@...dmis.org
Cc:     linux-kernel@...r.kernel.org, regressions@...ts.linux.dev,
        tiwai@...e.de
Subject: Re: Fwd: [REGRESSION 6.0.x / 6.1.x] NULL dereferencing at tracing

Hello everyone,

I have added lot's of debug printk's to see what's happening and I found 
that the "cpu" counter, which is used to access the buffer's array 
elements (cpu_buffer = buffer->buffers[cpu]) in the ring_buffer_wake_waiters
function, exceeds the maximum number of total of total cores, namely in 
my case 24, which means, it should only run from 0..23. However, upon 
debugging, it runs up to 31, and thus causing a NULL pointer dereference 
(&cpu_buffer->irq_work).

After adding a return statement in case cpu > 24, the bug is no longer 
reproducible.

You can find the diff between v6.1-rc2 and the patched version with 
added debug log in [1].
The corresponding dmesg output can be found in [2].

I hope this gives you a good hint to find the root cause!

[1] https://paste.opensuse.org/e60601aa
[2] https://paste.opensuse.org/bf1398ce


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ