lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 25 Nov 2019 17:17:34 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     jouni.hogander@...kie.com
Cc:     netdev@...r.kernel.org, Jouni Hogander <jouni.hogander@...kie.com>,
        David Miller <davem@...emloft.net>,
        Lukas Bulwahn <lukas.bulwahn@...il.com>, lkp@...ts.01.org
Subject: [net] b5c318e8c0: BUG:kernel_NULL_pointer_dereference,address

FYI, we noticed the following commit (built with gcc-7):

commit: b5c318e8c056e859a1c4419ee4ca8c0c41563fbb ("[PATCH] net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject")
url: https://github.com/0day-ci/linux/commits/jouni-hogander-unikie-com/net-sysfs-Fix-reference-count-leak-in-rx-netdev_queue_add_kobject/20191120-193417


in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+---------------------------------------------+------------+------------+
|                                             | 6e4ff1c94a | b5c318e8c0 |
+---------------------------------------------+------------+------------+
| boot_successes                              | 7          | 0          |
| boot_failures                               | 0          | 6          |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 6          |
| Oops:#[##]                                  | 0          | 6          |
| RIP:kernfs_find_ns                          | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 6          |
+---------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>


[  217.986175] BUG: kernel NULL pointer dereference, address: 0000000000000070
[  217.995090] #PF: supervisor read access in kernel mode
[  217.999613] #PF: error_code(0x0000) - not-present page
[  218.003387] PGD 0 P4D 0 
[  218.007840] Oops: 0000 [#1] SMP PTI
[  218.022522] CPU: 0 PID: 2254 Comm: kworker/u4:10 Not tainted 5.4.0-rc7-00241-gb5c318e8c056e #1
[  218.033466] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[  218.043511] Workqueue: netns cleanup_net
[  218.054911] RIP: 0010:kernfs_find_ns+0x11/0xb0
[  218.062762] Code: f3 c3 48 c7 c6 00 8f 50 96 48 89 c7 e8 28 8a 70 00 f3 c3 66 0f 1f 44 00 00 66 66 66 66 90 41 55 41 54 48 85 d2 55 53 0f 95 c1 <0f> b7 47 70 49 89 d4 49 89 f5 48 8b 5f 48 66 83 e0 20 0f 95 c2 38
[  218.080002] RSP: 0018:ffffbf59c046bc80 EFLAGS: 00010246
[  218.083740] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000082000100
[  218.087819] RDX: 0000000000000000 RSI: ffffffff965bf986 RDI: 0000000000000000
[  218.092265] RBP: ffffffff965bf986 R08: 0000000000000000 R09: ffffffff95af2300
[  218.096761] R10: ffff9d9ba9b99ab0 R11: 0000000000000001 R12: 0000000000000000
[  218.101307] R13: ffffffff9630a9a0 R14: 0000000000000000 R15: ffffbf59c046bdd0
[  218.106121] FS:  0000000000000000(0000) GS:ffff9d9c7fc00000(0000) knlGS:0000000000000000
[  218.113695] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  218.129167] CR2: 0000000000000070 CR3: 0000000168ab8000 CR4: 00000000000406f0
[  218.142025] Call Trace:
[  218.182294]  kernfs_find_and_get_ns+0x2c/0x50
[  218.185955]  sysfs_remove_group+0x25/0x80
[  218.189209]  netdev_queue_update_kobjects+0xbe/0x150
[  218.192873]  netdev_unregister_kobject+0x54/0x80
[  218.196413]  rollback_registered_many+0x274/0x550
[  218.199900]  unregister_netdevice_many+0xf/0x70
[  218.203406]  default_device_exit_batch+0x14f/0x180
[  218.207657]  ? do_wait_intr_irq+0xc0/0xc0
[  218.214187]  cleanup_net+0x219/0x330
[  218.221053]  process_one_work+0x1ae/0x3d0
[  218.227098]  worker_thread+0x3c/0x3b0
[  218.238175]  ? process_one_work+0x3d0/0x3d0
[  218.243650]  kthread+0x11e/0x140
[  218.251127]  ? kthread_park+0x90/0x90
[  218.261095]  ret_from_fork+0x35/0x40
[  218.268028] Modules linked in: sr_mod cdrom sd_mod intel_rapl_msr sg ppdev intel_rapl_common crct10dif_pclmul crc32_pclmul ghash_clmulni_intel bochs_drm drm_vram_helper aesni_intel ttm crypto_simd ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ata_generic cryptd joydev glue_helper drm_kms_helper pata_acpi syscopyarea sysfillrect sysimgblt serio_raw pcspkr fb_sys_fops parport_pc parport drm ata_piix floppy libata i2c_piix4 virtio_scsi ip_set nfnetlink ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c crc32c_intel iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables
[  218.308714] CR2: 0000000000000070
[  218.316662] ---[ end trace 1f1d17731668296d ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.4.0-rc7-00241-gb5c318e8c056e .config
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Rong Chen


View attachment "config-5.4.0-rc7-00241-gb5c318e8c056e" of type "text/plain" (200680 bytes)

View attachment "job-script" of type "text/plain" (4844 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (16020 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ