Re: b050de0f98 ("fs/binfmt_elf.c: free PT_INTERP filename ASAP"): BUG: KASAN: null-ptr-deref in allow_write_access
From: Mukesh Ojha
Date: Tue Apr 02 2019 - 11:23:55 EST
I think, this may fix the problem.
https://patchwork.kernel.org/patch/10878501/
Thanks,
Mukesh
On 4/2/2019 8:24 PM, kernel test robot wrote:
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
commit b050de0f986606011986698de504c0dbc12c40dc
Author: Alexey Dobriyan <adobriyan@xxxxxxxxx>
AuthorDate: Fri Mar 29 10:02:05 2019 +1100
Commit: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
CommitDate: Sat Mar 30 16:09:51 2019 +1100
fs/binfmt_elf.c: free PT_INTERP filename ASAP
There is no reason for PT_INTERP filename to linger till the end of
the whole loading process.
Link: http://lkml.kernel.org/r/20190314204953.GD18143@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Reviewed-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
46238614d8 fs/binfmt_elf.c: make scope of "pos" variable smaller
b050de0f98 fs/binfmt_elf.c: free PT_INTERP filename ASAP
05d08e2995 Add linux-next specific files for 20190402
+---------------------------------------------------------------+------------+------------+---------------+
| | 46238614d8 | b050de0f98 | next-20190402 |
+---------------------------------------------------------------+------------+------------+---------------+
| boot_successes | 7 | 0 | 0 |
| boot_failures | 10 | 12 | 13 |
| invoked_oom-killer:gfp_mask=0x | 2 | | |
| Mem-Info | 2 | | |
| BUG:KASAN:slab-out-of-bounds_in_d | 1 | | |
| PANIC:double_fault | 1 | | |
| WARNING:stack_going_in_the_wrong_direction?ip=double_fault/0x | 1 | | |
| RIP:lockdep_hardirqs_off | 1 | | |
| Kernel_panic-not_syncing:Machine_halted | 1 | | |
| RIP:perf_trace_x86_exceptions | 1 | | |
| BUG:soft_lockup-CPU##stuck_for#s | 7 | 6 | 3 |
| RIP:__slab_alloc | 3 | 0 | 1 |
| Kernel_panic-not_syncing:softlockup:hung_tasks | 7 | 6 | 3 |
| RIP:_raw_spin_unlock_irqrestore | 3 | 1 | |
| RIP:__asan_load8 | 1 | 3 | |
| RIP:copy_user_generic_unrolled | 1 | | |
| Out_of_memory_and_no_killable_processes | 1 | | |
| Kernel_panic-not_syncing:System_is_deadlocked_on_memory | 1 | | |
| BUG:KASAN:null-ptr-deref_in_a | 0 | 6 | 10 |
| BUG:unable_to_handle_kernel | 0 | 6 | 10 |
| Oops:#[##] | 0 | 6 | 10 |
| RIP:allow_write_access | 0 | 6 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 | 10 |
| RIP:__orc_find | 0 | 1 | 1 |
| RIP:arch_local_irq_save | 0 | 1 | |
| RIP:__asan_load1 | 0 | 0 | 1 |
+---------------------------------------------------------------+------------+------------+---------------+
/etc/rcS.d/S00fbsetup: line 3: /sbin/modprobe: not found
Starting udev
[ 43.717047] gfs2: path_lookup on rootfs returned error -2
Kernel tests: Boot OK!
[ 45.270185] ==================================================================
[ 45.277229] BUG: KASAN: null-ptr-deref in allow_write_access+0x12/0x30
[ 45.281161] Read of size 8 at addr 000000000000001e by task 90-trinity/625
[ 45.284197]
[ 45.285252] CPU: 0 PID: 625 Comm: 90-trinity Not tainted 5.1.0-rc2-00406-gb050de0 #1
[ 45.287960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 45.288419] BUG: unable to handle kernel NULL pointer dereference at 000000000000001e
[ 45.297363] Call Trace:
[ 45.297376] dump_stack+0x74/0xb0
[ 45.300404] #PF error: [normal kernel read fault]
[ 45.301648] ? allow_write_access+0x12/0x30
[ 45.303103] PGD 800000000af92067 P4D 800000000af92067 PUD 9870067 PMD 0
[ 45.303117] Oops: 0000 [#1] SMP KASAN PTI
[ 45.303124] CPU: 1 PID: 626 Comm: 90-trinity Not tainted 5.1.0-rc2-00406-gb050de0 #1
[ 45.303128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 45.303137] RIP: 0010:allow_write_access+0x12/0x30
[ 45.303145] Code: 01 c5 31 c0 48 89 ef f3 ab 48 83 c4 60 89 d0 5b 5d 41 5c 41 5d 41 5e c3 48 85 ff 74 2a 53 48 89 fb 48 8d 7f 20 e8 7d 89 f6 ff <48> 8b 5b 20 be 04 00 00 00 48 8d bb d0 01 00 00 e8 00 6e f6 ff f0
[ 45.303149] RSP: 0000:ffff888009ad7c68 EFLAGS: 00010247
[ 45.303155] RAX: 0000000000000001 RBX: fffffffffffffffe RCX: ffffffff81307b8f
[ 45.303158] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000001e
[ 45.303162] RBP: ffff88800a1410a3 R08: 0000000000000007 R09: 0000000000000007
[ 45.303167] R10: ffffed1001d656f7 R11: 0000000000000000 R12: 0000000000000000
[ 45.303171] R13: ffff88800a141088 R14: ffff88800de7d140 R15: ffff88800b2352c8
[ 45.303177] FS: 00007f4f532d6700(0000) GS:ffff88800eb00000(0000) knlGS:0000000000000000
[ 45.303181] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 45.303185] CR2: 000000000000001e CR3: 000000000a030004 CR4: 00000000003606e0
[ 45.303191] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 45.303195] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 45.303198] Call Trace:
[ 45.303208] load_elf_binary+0x1548/0x15ae
[ 45.303215] ? load_misc_binary+0x2aa/0x68c
[ 45.303223] ? mark_held_locks+0x83/0x83
[ 45.303230] ? match_held_lock+0x18/0xf8
[ 45.303237] ? set_fs+0x29/0x29
[ 45.303246] ? cpumask_test_cpu+0x28/0x28
[ 45.303255] search_binary_handler+0xa2/0x20d
[ 45.303263] __do_execve_file+0xa3d/0xe66
[ 45.303270] ? open_exec+0x34/0x34
[ 45.303277] ? strncpy_from_user+0xd9/0x18c
[ 45.303284] do_execve+0x1c/0x1f
[ 45.303291] __x64_sys_execve+0x41/0x48
[ 45.303299] do_syscall_64+0x69/0x85
[ 45.303308] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 45.303314] RIP: 0033:0x7f4f52ddb807
[ 45.303321] Code: 77 19 f4 48 89 d7 44 89 c0 0f 05 48 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 f7 d8 64 41 89 01 eb df b8 3b 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 00 a6 2d 00 f7 d8 64 89 02
[ 45.303324] RSP: 002b:00007ffc2f1cae88 EFLAGS: 00000206 ORIG_RAX: 000000000000003b
[ 45.303331] RAX: ffffffffffffffda RBX: 00000000006925d8 RCX: 00007f4f52ddb807
[ 45.303335] RDX: 0000000000692620 RSI: 00000000006925d8 RDI: 00000000006914d8
[ 45.303339] RBP: 0000000000691010 R08: 00000000006914d0 R09: 0101010101010101
[ 45.303343] R10: 00007ffc2f1cac10 R11: 0000000000000206 R12: 00000000006914d8
[ 45.303347] R13: 0000000000692620 R14: 0000000000692620 R15: 00007ffc2f1ccf60
[ 45.303351] Modules linked in:
[ 45.303357] CR2: 000000000000001e
[ 45.303367] ---[ end trace bbce985a62ebde0d ]---
[ 45.303373] RIP: 0010:allow_write_access+0x12/0x30
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 05d08e2995cbe6efdb993482ee0d38a77040861a 79a3aaa7b82e3106be97842dedfd8429248896e6 --
git bisect good 2dbd2d8f2c2ccd640f9cb6462e23f0a5ac67e1a2 # 18:33 G 11 0 11 11 Merge remote-tracking branch 'net-next/master'
git bisect good d177ed11c13c43e0f5a289727c0237b9141ca458 # 18:45 G 12 0 11 11 Merge remote-tracking branch 'kvm-arm/next'
git bisect good a1a606c7831374d6ef20ed04c16a76b44f79bcab # 18:58 G 12 0 11 11 Merge remote-tracking branch 'rpmsg/for-next'
git bisect good f2ea30d060707080d2d5f8532f0efebfa3a04302 # 19:21 G 12 0 11 11 Merge remote-tracking branch 'nvdimm/libnvdimm-for-next'
git bisect good e006c7613228cfa7abefd1c5175e171e6ae2c4b7 # 19:34 G 12 0 11 11 Merge remote-tracking branch 'xarray/xarray'
git bisect good 046b78627faba9a4b85c9f7a0bba764bbbbe76ff # 19:49 G 12 0 12 12 Merge remote-tracking branch 'devfreq/for-next'
git bisect bad 1999d633921bdbbf76c7f1065d15ec237a977c02 # 20:05 B 0 9 24 0 Merge branch 'akpm-current/current'
git bisect good 4aa445a97c1da9d169f63377262709254e496f65 # 20:18 G 11 0 10 10 mm: introduce put_user_page*(), placeholder versions
git bisect good f6e06951c4f5f330471530bd12a2b75ed5326005 # 20:37 G 11 0 11 11 lib/plist: rename DEBUG_PI_LIST to DEBUG_PLIST
git bisect bad ffbb2d4bbda0f0e82531b4a839cee3e6db0eb09f # 20:52 B 1 6 1 1 autofs: fix some word usage oddities in autofs.txt
git bisect good bc341e1f87c0f100165c5fd2a693d2c90477e322 # 21:21 G 11 0 10 10 lib/test_bitmap.c: switch test_bitmap_parselist to ktime_get()
git bisect good 11d2673e0f90086825df35385fc52d4cc9015c21 # 21:35 G 12 0 11 11 checkpatch: fix something
git bisect good 46238614d8a1a3cde66abc7fd8c4b75c9e4793f3 # 21:51 G 12 0 10 10 fs/binfmt_elf.c: make scope of "pos" variable smaller
git bisect bad 42d4a144a5a5b05b981beb57b5f0891b2eb85b78 # 22:04 B 0 10 25 0 fs/binfmt_elf.c: delete trailing "return;" in functions returning "void"
git bisect bad b050de0f986606011986698de504c0dbc12c40dc # 22:21 B 0 1 16 0 fs/binfmt_elf.c: free PT_INTERP filename ASAP
# first bad commit: [b050de0f986606011986698de504c0dbc12c40dc] fs/binfmt_elf.c: free PT_INTERP filename ASAP
git bisect good 46238614d8a1a3cde66abc7fd8c4b75c9e4793f3 # 22:24 G 34 0 27 37 fs/binfmt_elf.c: make scope of "pos" variable smaller
# extra tests with debug options
git bisect bad b050de0f986606011986698de504c0dbc12c40dc # 22:34 B 4 8 4 4 fs/binfmt_elf.c: free PT_INTERP filename ASAP
# extra tests on HEAD of linux-next/master
git bisect bad 05d08e2995cbe6efdb993482ee0d38a77040861a # 22:34 B 0 10 31 3 Add linux-next specific files for 20190402
# extra tests on tree/branch linux-next/master
git bisect bad 05d08e2995cbe6efdb993482ee0d38a77040861a # 22:35 B 0 10 31 3 Add linux-next specific files for 20190402
# extra tests with first bad commit reverted
git bisect good 150238fdb7cd7234ce95fb083866dbf5f70082c9 # 22:53 G 13 0 11 11 Revert "fs/binfmt_elf.c: free PT_INTERP filename ASAP"
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation