lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <81C9E2C1-DCC3-4DDD-8466-069893398B5B@linux.ibm.com>
Date:   Tue, 17 Oct 2023 14:46:07 +0530
From:   Sachin Sant <sachinp@...ux.ibm.com>
To:     linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>, lstoakes@...il.com
Cc:     linux-mm@...ck.org, open list <linux-kernel@...r.kernel.org>
Subject: [powerpc] Kernel crash while running LTP (bisected)

While running LTP tests (getpid02) on a Power10 server booted with
6.6.0-rc6-next-20231016 following crash was seen:

[   76.386628] Kernel attempted to read user page (d8) - exploit attempt? (uid: 0)
[   76.386649] BUG: Kernel NULL pointer dereference on read at 0x000000d8
[   76.386653] Faulting instruction address: 0xc0000000004cda90
[   76.386658] Oops: Kernel access of bad area, sig: 11 [#1]
[   76.386661] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=8192 NUMA pSeries
[   76.386667] Modules linked in: rpadlpar_io rpaphp xsk_diag nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bonding rfkill tls ip_set nf_tables nfnetlink sunrpc pseries_rng vmx_crypto aes_gcm_p10_crypto binfmt_misc xfs libcrc32c sd_mod t10_pi sr_mod cdrom crc64_rocksoft crc64 sg ibmvscsi ibmveth scsi_transport_srp fuse
[   76.386709] CPU: 22 PID: 5763 Comm: getpid02 Kdump: loaded Not tainted 6.6.0-rc6-next-20231016 #3
[   76.386713] Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1030.20 (NH1030_058) hv:phyp pSeries
[   76.386718] NIP:  c0000000004cda90 LR: c0000000004cd840 CTR: 0000000000000000
[   76.386721] REGS: c0000001f491b840 TRAP: 0300   Not tainted  (6.6.0-rc6-next-20231016)
[   76.386724] MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 48082804  XER: 00000000
[   76.386733] CFAR: c0000000004cd848 DAR: 00000000000000d8 DSISR: 40000000 IRQMASK: 0
[   76.386733] GPR00: c0000000004cd840 c0000001f491bae0 c000000001471a00 0000000000000000
[   76.386733] GPR04: 00000000000000fb 0000000000000000 0000000000000000 0000000000000001
[   76.386733] GPR08: 00000000000001c4 c0000001fb8aa830 c0000001e5140d00 c0000001eccfac00
[   76.386733] GPR12: 000000000000001f c000000e87bf7300 0000000000000000 0000000000000000
[   76.386733] GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[   76.386733] GPR20: 00007fff9944ffff 0000000000000000 c0000001e86bdd60 c0000001e86be8e0
[   76.386733] GPR24: 0000000000000001 0000000000000001 0000000000000001 0000000000000000
[   76.386733] GPR28: 00000000000000fb c0000001e5140d00 00007fff99440000 c0000001fb8aa830
[   76.386773] NIP [c0000000004cda90] mmap_region+0x8b0/0xb30
[   76.386781] LR [c0000000004cd840] mmap_region+0x660/0xb30
[   76.386784] Call Trace:
[   76.386786] [c0000001f491bae0] [c0000000004cd840] mmap_region+0x660/0xb30 (unreliable)
[   76.386791] [c0000001f491bc10] [c0000000004ce0dc] do_mmap+0x3cc/0x5c0
[   76.386794] [c0000001f491bca0] [c000000000486724] vm_mmap_pgoff+0x134/0x240
[   76.386800] [c0000001f491bd80] [c0000000004c98a8] ksys_mmap_pgoff+0x158/0x2b0
[   76.386806] [c0000001f491bdf0] [c000000000011834] do_mmap2+0x54/0xc0
[   76.386811] [c0000001f491be10] [c000000000036624] system_call_exception+0x134/0x330
[   76.386817] [c0000001f491be50] [c00000000000d6a0] system_call_common+0x160/0x2e4
[   76.386822] --- interrupt: c00 at 0x7fff9932ff68
[   76.386825] NIP:  00007fff9932ff68 LR: 0000000010005074 CTR: 0000000000000000
[   76.386828] REGS: c0000001f491be80 TRAP: 0c00   Not tainted  (6.6.0-rc6-next-20231016)
[   76.386831] MSR:  800000000280f033 <SF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE>  CR: 24002204  XER: 00000000
[   76.386840] IRQMASK: 0
[   76.386840] GPR00: 000000000000005a 00007fffd709f9f0 00007fff99407300 0000000000000000
[   76.386840] GPR04: 0000000000000004 0000000000000003 0000000000000021 ffffffffffffffff
[   76.386840] GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[   76.386840] GPR12: 0000000000000000 00007fff994ea3d0 0000000000000000 0000000000000000
[   76.386840] GPR16: ffffffffffffffff 0000000010034498 0000000010034be8 00000000100336a8
[   76.386840] GPR20: 0000000010034ba8 0000000000000001 000000001007c418 0000000010033770
[   76.386840] GPR24: 0000000000000000 0000000000000000 0000000010034bd0 000000001007c438
[   76.386840] GPR28: 0000000010061c88 00007fffd70afed5 000000001007c438 0000000010033770
[   76.386876] NIP [00007fff9932ff68] 0x7fff9932ff68
[   76.386879] LR [0000000010005074] 0x10005074
[   76.386881] --- interrupt: c00
[   76.386883] Code: 73890008 4082012c e93f0020 3b000000 fb7f0078 4bfffc74 60000000 60000000 e87f0088 3b000000 4bffff20 60000000 <e93b00d8> 39490044 7d005028 3108ffff  [   76.386896] ---[ end trace 0000000000000000 ]---
[   76.388667] pstore: backend (nvram) writing error (-1)

Git bisect points to following patch

commit 1db41d29b79ad271674081c752961edd064bbbac
    mm: perform the mapping_map_writable() check after call_mmap()

Reverting the patch allows the test to complete.

- Sachin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ