lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 24 May 2023 13:12:00 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     LKML <linux-kernel@...r.kernel.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Sebastian Reichel <sre@...nel.org>,
        Linus Walleij <linus.walleij@...aro.org>,
        Matti Vaittinen <mazziesaccount@...il.com>,
        linux-pm@...r.kernel.org
Subject: [BUG 6.4-rc3] BUG: kernel NULL pointer dereference in __dev_fwnode

I started adding fixes to my urgent branch rebased on top of v6.4-rc3
and ran my tests. Unfortunately they crashed on unrelated code.

Here's the dump:

 BUG: kernel NULL pointer dereference, address: 00000000000003e8
 #PF: supervisor read access in kernel mode
 #PF: error_code(0x0000) - not-present page
 PGD 0 P4D 0 
 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
 CPU: 0 PID: 1 Comm: swapper/0 Tainted: G                 N 6.3.0-rc1-test-00011-g27a2195efa8d #49
 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
 RIP: 0010:__dev_fwnode+0x9/0x2a
 Code: ff 85 c0 78 16 48 8b 3c 24 89 c6 59 e9 e0 f7 ff ff b8 ea ff ff ff c3 cc cc cc cc 5a c3 cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 <48> 8b 87 e8 03 00 00 48 
 83 c0 18 c3 cc cc cc cc 48
 RSP: 0000:ffffc90000013d88 EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffff88810b7a8800 RCX: 0000000000000000
 RDX: 0000000000000000 RSI: ffff88810b7a8e20 RDI: 0000000000000000
 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88810b7a8800
 R13: 0000000000000000 R14: 0000000000000001 R15: 0000000fffffffe0
 FS:  0000000000000000(0000) GS:ffff88817ae00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00000000000003e8 CR3: 000000000221a001 CR4: 0000000000170eb0
 Call Trace:
  <TASK>
  power_supply_get_battery_info+0x9d/0x6c7
  ? preempt_count_sub+0x13/0x20
  ? _raw_spin_unlock_irqrestore+0x3d/0x54
  __power_supply_register+0x32f/0x48b
  test_power_init+0x29/0xa0
  ? axp20x_usb_power_driver_init+0x17/0x17
  do_one_initcall+0x105/0x28f
  kernel_init_freeable+0x19e/0x1f2
  ? rest_init+0x14e/0x14e
  kernel_init+0x1a/0x127
  ret_from_fork+0x22/0x30
  </TASK>
 Modules linked in:
 CR2: 00000000000003e8
 ---[ end trace 0000000000000000 ]---

Attached is the config.  I ran a bisect and it found it to be this commit:

27a2195efa8d2 ("power: supply: core: auto-exposure of simple-battery data")

I checked out that commit and tested it, and it crashed. I then
reverted that commit, and the crash goes away.

The crash also goes away by reverting that commit on v6.4-rc3.

-- Steve

Download attachment "config-bad" of type "application/octet-stream" (182803 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ