Public bug reported: Issue found on 5.4.0-49.53~18.04.1 i386 node pepe (this issue does not exist on other arhces)
bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] *pdpt = 00000000220e0001 *pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be traced back to 5.4.0-38.42~18.04.1 Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c ** Affects: ubuntu-kernel-tests Importance: Undecided Status: New ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Tags: 5.4 bionic i386 kqa-blocker sru-20200921 ubuntu-ltp-syscalls ** Also affects: linux (Ubuntu) Importance: Undecided Status: New ** Description changed: Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. syslog output: - pepe kernel: [ 456.420474] LTP: starting bind04 - pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) - pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 - pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode - pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page - pepe kernel: [ 456.651172] *pdpt = 00000000220e0001 *pde = 0000000000000000 - pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI - pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu - pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 - pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] - pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 - pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 - pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 - pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 - pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 - pepe kernel: [ 457.540361] Call Trace: - pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] - pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] - pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 - pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 - pepe kernel: [ 457.776127] inet_release+0x2f/0x60 - pepe kernel: [ 457.818040] inet6_release+0x28/0x40 - pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 - pepe kernel: [ 457.904565] sock_close+0x12/0x20 - pepe kernel: [ 457.944190] __fput+0xb3/0x240 - pepe kernel: [ 457.980694] ____fput+0xd/0x10 - pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 - pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 - pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 - pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff - pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 - pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 - pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 - pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 - pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 - pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas - pepe kernel: [ 459.415874] CR2: 0000000000000008 - pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- - pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] - pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 - pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 - pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 - pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 - pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 + pepe kernel: [ 456.420474] LTP: starting bind04 + pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) + pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 + pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode + pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page + pepe kernel: [ 456.651172] *pdpt = 00000000220e0001 *pde = 0000000000000000 + pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI + pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu + pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 + pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] + pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 + pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 + pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 + pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 + pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 + pepe kernel: [ 457.540361] Call Trace: + pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] + pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] + pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 + pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 + pepe kernel: [ 457.776127] inet_release+0x2f/0x60 + pepe kernel: [ 457.818040] inet6_release+0x28/0x40 + pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 + pepe kernel: [ 457.904565] sock_close+0x12/0x20 + pepe kernel: [ 457.944190] __fput+0xb3/0x240 + pepe kernel: [ 457.980694] ____fput+0xd/0x10 + pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 + pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 + pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 + pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff + pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 + pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 + pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 + pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 + pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 + pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas + pepe kernel: [ 459.415874] CR2: 0000000000000008 + pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- + pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] + pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 + pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 + pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 + pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 + pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. + Test case: + https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c ** Description changed: Issue found on 5.4.0-49.53~18.04.1 i386 node pepe - bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. + bind04 test will cause kernel NULL pointer dereference and taints the + kernel, making other tests to fail. + + Test output: + <<<test_output>>> + incrementing stop + tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s + bind04.c:117: TINFO: Testing AF_UNIX pathname stream + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing AF_UNIX abstract stream + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv4 loop SCTP + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv4 any SCTP + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 + bind04.c:150: TPASS: Communication successful + bind04.c:117: TINFO: Testing IPv6 loop SCTP + bind04.c:150: TPASS: Communication successful + tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 + tst_test.c:1296: TBROK: Test killed! (timeout?) + + Summary: + passed 13 + failed 0 + skipped 0 + warnings 0 + <<<execution_status>>> + initiation_status="ok" + duration=3 termination_type=exited termination_id=2 corefile=no + cutime=40 cstime=324 + <<<test_end>>> + syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] *pdpt = 00000000220e0001 *pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c ** Tags added: apport-collected bionic uec-images ** Description changed: Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] *pdpt = 00000000220e0001 *pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c + --- + ProblemType: Bug + AlsaDevices: + total 0 + crw-rw---- 1 root audio 116, 1 Sep 30 12:23 seq + crw-rw---- 1 root audio 116, 33 Sep 30 12:23 timer + AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay' + ApportVersion: 2.20.9-0ubuntu7.17 + Architecture: i386 + ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord' + AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: + DistroRelease: Ubuntu 18.04 + IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' + Lsusb: + Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub + Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub + Bus 001 Device 003: ID 0424:2514 Standard Microsystems Corp. USB 2.0 Hub + Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub + Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub + MachineType: Dell Inc. PowerEdge R310 + Package: linux (not installed) + PciMultimedia: + + ProcFB: 0 mgag200drmfb + ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-48-generic root=UUID=7b91a2b8-2e02-407e-a51d-766f6d969020 ro console=ttyS0,96008n1 + ProcVersionSignature: User Name 5.4.0-48.52~18.04.1-generic 5.4.60 + RelatedPackageVersions: + linux-restricted-modules-5.4.0-48-generic N/A + linux-backports-modules-5.4.0-48-generic N/A + linux-firmware 1.173.19 + RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill' + Tags: bionic uec-images + Uname: Linux 5.4.0-48-generic i686 + UpgradeStatus: No upgrade log present (probably fresh install) + UserGroups: adm audio cdrom dialout dip floppy lxd netdev plugdev sudo video + _MarkForUpload: True + dmi.bios.date: 08/17/2011 + dmi.bios.vendor: Dell Inc. + dmi.bios.version: 1.8.2 + dmi.board.name: 05XKKK + dmi.board.vendor: Dell Inc. + dmi.board.version: A05 + dmi.chassis.type: 23 + dmi.chassis.vendor: Dell Inc. + dmi.modalias: dmi:bvnDellInc.:bvr1.8.2:bd08/17/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr: + dmi.product.name: PowerEdge R310 + dmi.sys.vendor: Dell Inc. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1897894 Title: bind04 from ubuntu_ltp_syscalls caused kernel NULL pointer dereference on B-5.4 i386 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/1897894/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
