[Bug 1878888] [NEW] kernel NULL pointer dereference on B-5.3 i386 with bind04 from ubuntu_ltp_syscalls

Po-Hsu Lin Fri, 15 May 2020 03:01:27 -0700

Public bug reported:

Issue found on i386 instance pepe with 5.3.0-51-generic.


This issue does not exist in Bionic i386. For Eoan, we don't test i386
on it.

Test log:
<<<test_start>>>
tag=bind04 stime=1589535760
cmdline="bind04"
contacts=""
analysis=exit
<<<test_output>>>
incrementing stop
tst_test.c:1246: INFO: Timeout per run is 0h 05m 00s
bind04.c:117: INFO: Testing AF_UNIX pathname stream
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing AF_UNIX pathname seqpacket
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing AF_UNIX abstract stream
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing AF_UNIX abstract seqpacket
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv4 loop TCP variant 1
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv4 loop TCP variant 2
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv4 loop SCTP
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv4 any TCP variant 1
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv4 any TCP variant 2
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv4 any SCTP
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv6 loop TCP variant 1
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv6 loop TCP variant 2
bind04.c:150: PASS: Communication successful
bind04.c:117: INFO: Testing IPv6 loop SCTP
bind04.c:150: PASS: Communication successful
tst_test.c:1286: INFO: If you are running on slow machine, try exporting 
LTP_TIMEOUT_MUL > 1
tst_test.c:1287: BROK: Test killed! (timeout?)

Summary:
passed   13
failed   0
skipped  0
warnings 0
<<<execution_status>>>

dmesg output:
[  242.717444] LTP: starting bind04
[  242.758656] sctp: Hash tables configured (bind 512/512)
[  242.761776] BUG: kernel NULL pointer dereference, address: 00000008
[  242.761834] #PF: supervisor read access in kernel mode
[  242.761877] #PF: error_code(0x0000) - not-present page
[  242.761920] *pdpt = 0000000025330001 *pde = 0000000000000000
[  242.761970] Oops: 0000 [#1] SMP PTI
[  242.762002] CPU: 3 PID: 2194 Comm: bind04 Not tainted 5.3.0-51-generic 
#44~18.04.2-Ubuntu
[  242.762073] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 
08/17/2011
[  242.762147] EIP: sctp_ulpevent_free+0x24/0x70 [sctp]
[  242.762192] Code: c2 f4 94 e0 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 
78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 
85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36
[  242.762329] EAX: 00000000 EBX: e3c09718 ECX: 00000246 EDX: e3c09700
[  242.762371] ESI: e3c19700 EDI: 00000000 EBP: e456deac ESP: e456dea0
[  242.762414] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202
[  242.762460] CR0: 80050033 CR2: 00000008 CR3: 24530000 CR4: 000006f0
[  242.762502] Call Trace:
[  242.762531]  sctp_queue_purge_ulpevents+0x22/0x40 [sctp]
[  242.762576]  sctp_close+0x69/0x270 [sctp]
[  242.762605]  ? tty_write_unlock+0x2a/0x30
[  242.762635]  ? tty_ldisc_deref+0x13/0x20
[  242.762663]  inet_release+0x2f/0x60
[  242.762689]  inet6_release+0x28/0x40
[  242.762716]  __sock_release+0x32/0xb0
[  242.762742]  sock_close+0x12/0x20
[  242.762767]  __fput+0xb3/0x240
[  242.762789]  ____fput+0xd/0x10
[  242.762813]  task_work_run+0x82/0xa0
[  242.762840]  exit_to_usermode_loop+0xed/0x110
[  242.762871]  do_fast_syscall_32+0x1c7/0x240
[  242.762901]  entry_SYSENTER_32+0xaf/0x102
[  242.762929] EIP: 0xb7eedaa5
[  242.762950] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb 
b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 
c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
[  242.763075] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000
[  242.763120] ESI: b7edc000 EDI: 00000006 EBP: 00523210 ESP: bfc10ef0
[  242.763163] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293
[  242.763209] Modules linked in: sctp ipmi_ssif intel_powerclamp coretemp 
kvm_intel ipmi_si kvm ipmi_devintf irqbypass gpio_ich acpi_power_meter dcdbas 
ipmi_msghandler intel_cstate i7core_edac mac_hid lpc_ich sch_fq_codel ib_iser 
rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi 
scsi_transport_iscsi nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables 
x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov 
async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 
multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper 
syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class pata_acpi 
bnx2 scsi_transport_sas
[  242.763677] CR2: 0000000000000008
[  242.763726] ---[ end trace aa4a222d63d4ba7d ]---
[  242.766853] EIP: sctp_ulpevent_free+0x24/0x70 [sctp]
[  242.766890] Code: c2 f4 94 e0 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 
78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 
85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36
[  242.770320] EAX: 00000000 EBX: e3c09718 ECX: 00000246 EDX: e3c09700
[  242.772090] ESI: e3c19700 EDI: 00000000 EBP: e456deac ESP: e456dea0
[  242.773796] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202
[  242.775546] CR0: 80050033 CR2: 00000008 CR3: 24530000 CR4: 000006f0

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-5.3.0-51-generic 5.3.0-51.44~18.04.2
ProcVersionSignature: User Name 5.3.0-51.44~18.04.2-generic 5.3.18
Uname: Linux 5.3.0-51-generic i686
ApportVersion: 2.20.9-0ubuntu7.14
Architecture: i386
Date: Fri May 15 09:42:53 2020
SourcePackage: linux-hwe
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: ubuntu-kernel-tests
     Importance: Undecided
         Status: New

** Affects: linux-hwe (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: 5.3 apport-bug bionic i386 kqa-blocker sru-20200427 ubuntu-ltp 
uec-images

** Also affects: ubuntu-kernel-tests
   Importance: Undecided
       Status: New

** Tags added: 5.3 kqa-blocker sru-20200427 ubuntu-ltp

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1878888

Title:
  kernel NULL pointer dereference on B-5.3 i386 with bind04 from
  ubuntu_ltp_syscalls

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1878888/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1878888] [NEW] kernel NULL pointer dereference on B-5.3 i386 with bind04 from ubuntu_ltp_syscalls

Reply via email to