Ubuntu
linux package

Bug #1897894
Activity log

Activity log for bug #1897894

Date	Who	What changed	Old value	New value	Message
2020-09-30 12:31:25	Po-Hsu Lin	bug			added bug
2020-09-30 12:31:36	Po-Hsu Lin	bug task added		linux (Ubuntu)
2020-09-30 12:33:00	Po-Hsu Lin	description	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well.	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c
2020-09-30 12:33:31	Po-Hsu Lin	description	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c
2020-09-30 12:34:05	Po-Hsu Lin	tags		apport-collected bionic uec-images
2020-09-30 12:34:07	Po-Hsu Lin	description	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c --- ProblemType: Bug AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Sep 30 12:23 seq crw-rw---- 1 root audio 116, 33 Sep 30 12:23 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay' ApportVersion: 2.20.9-0ubuntu7.17 Architecture: i386 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: DistroRelease: Ubuntu 18.04 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' Lsusb: Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 0424:2514 Standard Microsystems Corp. USB 2.0 Hub Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: Dell Inc. PowerEdge R310 Package: linux (not installed) PciMultimedia: ProcFB: 0 mgag200drmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-48-generic root=UUID=7b91a2b8-2e02-407e-a51d-766f6d969020 ro console=ttyS0,96008n1 ProcVersionSignature: User Name 5.4.0-48.52~18.04.1-generic 5.4.60 RelatedPackageVersions: linux-restricted-modules-5.4.0-48-generic N/A linux-backports-modules-5.4.0-48-generic N/A linux-firmware 1.173.19 RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill' Tags: bionic uec-images Uname: Linux 5.4.0-48-generic i686 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm audio cdrom dialout dip floppy lxd netdev plugdev sudo video _MarkForUpload: True dmi.bios.date: 08/17/2011 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.8.2 dmi.board.name: 05XKKK dmi.board.vendor: Dell Inc. dmi.board.version: A05 dmi.chassis.type: 23 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.8.2:bd08/17/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr: dmi.product.name: PowerEdge R310 dmi.sys.vendor: Dell Inc.
2020-09-30 12:34:08	Po-Hsu Lin	attachment added		CRDA.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415644/+files/CRDA.txt
2020-09-30 12:34:11	Po-Hsu Lin	attachment added		CurrentDmesg.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415645/+files/CurrentDmesg.txt
2020-09-30 12:34:13	Po-Hsu Lin	attachment added		Lspci.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415646/+files/Lspci.txt
2020-09-30 12:34:15	Po-Hsu Lin	attachment added		ProcCpuinfo.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415647/+files/ProcCpuinfo.txt
2020-09-30 12:34:16	Po-Hsu Lin	attachment added		ProcCpuinfoMinimal.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415648/+files/ProcCpuinfoMinimal.txt
2020-09-30 12:34:17	Po-Hsu Lin	attachment added		ProcEnviron.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415649/+files/ProcEnviron.txt
2020-09-30 12:34:19	Po-Hsu Lin	attachment added		ProcInterrupts.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415650/+files/ProcInterrupts.txt
2020-09-30 12:34:20	Po-Hsu Lin	attachment added		ProcModules.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415651/+files/ProcModules.txt
2020-09-30 12:34:22	Po-Hsu Lin	attachment added		UdevDb.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415652/+files/UdevDb.txt
2020-09-30 12:34:24	Po-Hsu Lin	attachment added		WifiSyslog.txt https://bugs.launchpad.net/bugs/1897894/+attachment/5415653/+files/WifiSyslog.txt
2020-09-30 12:34:41	Po-Hsu Lin	description	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c --- ProblemType: Bug AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Sep 30 12:23 seq crw-rw---- 1 root audio 116, 33 Sep 30 12:23 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay' ApportVersion: 2.20.9-0ubuntu7.17 Architecture: i386 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: DistroRelease: Ubuntu 18.04 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig' Lsusb: Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 0424:2514 Standard Microsystems Corp. USB 2.0 Hub Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: Dell Inc. PowerEdge R310 Package: linux (not installed) PciMultimedia: ProcFB: 0 mgag200drmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-48-generic root=UUID=7b91a2b8-2e02-407e-a51d-766f6d969020 ro console=ttyS0,96008n1 ProcVersionSignature: User Name 5.4.0-48.52~18.04.1-generic 5.4.60 RelatedPackageVersions: linux-restricted-modules-5.4.0-48-generic N/A linux-backports-modules-5.4.0-48-generic N/A linux-firmware 1.173.19 RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill' Tags: bionic uec-images Uname: Linux 5.4.0-48-generic i686 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm audio cdrom dialout dip floppy lxd netdev plugdev sudo video _MarkForUpload: True dmi.bios.date: 08/17/2011 dmi.bios.vendor: Dell Inc. dmi.bios.version: 1.8.2 dmi.board.name: 05XKKK dmi.board.vendor: Dell Inc. dmi.board.version: A05 dmi.chassis.type: 23 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvr1.8.2:bd08/17/2011:svnDellInc.:pnPowerEdgeR310:pvr:rvnDellInc.:rn05XKKK:rvrA05:cvnDellInc.:ct23:cvr: dmi.product.name: PowerEdge R310 dmi.sys.vendor: Dell Inc.	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe (this issue does not exist on other arhces) bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c
2020-09-30 12:36:45	Po-Hsu Lin	tags	apport-collected bionic uec-images	5.4 bionic i386 kqa-blocker sru-20200921 ubuntu-ltp-syscalls
2020-09-30 12:43:53	Po-Hsu Lin	description	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe (this issue does not exist on other arhces) bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be found in 5.4.0-48-generic as well. Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c	Issue found on 5.4.0-49.53~18.04.1 i386 node pepe (this issue does not exist on other arhces) bind04 test will cause kernel NULL pointer dereference and taints the kernel, making other tests to fail. Test output: <<<test_output>>> incrementing stop tst_test.c:1250: TINFO: Timeout per run is 0h 05m 00s bind04.c:117: TINFO: Testing AF_UNIX pathname stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX pathname seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract stream bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing AF_UNIX abstract seqpacket bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 loop SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv4 any SCTP bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 1 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop TCP variant 2 bind04.c:150: TPASS: Communication successful bind04.c:117: TINFO: Testing IPv6 loop SCTP bind04.c:150: TPASS: Communication successful tst_test.c:1295: TINFO: If you are running on slow machine, try exporting LTP_TIMEOUT_MUL > 1 tst_test.c:1296: TBROK: Test killed! (timeout?) Summary: passed 13 failed 0 skipped 0 warnings 0 <<<execution_status>>> initiation_status="ok" duration=3 termination_type=exited termination_id=2 corefile=no cutime=40 cstime=324 <<<test_end>>> syslog output: pepe kernel: [ 456.420474] LTP: starting bind04 pepe kernel: [ 456.451023] sctp: Hash tables configured (bind 512/512) pepe kernel: [ 456.452997] BUG: kernel NULL pointer dereference, address: 00000008 pepe kernel: [ 456.528037] #PF: supervisor read access in kernel mode pepe kernel: [ 456.589500] #PF: error_code(0x0000) - not-present page pepe kernel: [ 456.651172] pdpt = 00000000220e0001 pde = 0000000000000000 pepe kernel: [ 456.720122] Oops: 0000 [#1] SMP PTI pepe kernel: [ 456.761828] CPU: 1 PID: 9783 Comm: bind04 Not tainted 5.4.0-48-generic #52~18.04.1-Ubuntu pepe kernel: [ 456.859798] Hardware name: Dell Inc. PowerEdge R310/05XKKK, BIOS 1.8.2 08/17/2011 pepe kernel: [ 456.949345] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 457.008824] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 457.233564] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 457.308755] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 457.383798] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 457.465170] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 pepe kernel: [ 457.540361] Call Trace: pepe kernel: [ 457.569594] sctp_queue_purge_ulpevents+0x22/0x40 [sctp] pepe kernel: [ 457.633241] sctp_close+0x69/0x270 [sctp] pepe kernel: [ 457.681179] ? tty_write_unlock+0x2a/0x30 pepe kernel: [ 457.729224] ? tty_ldisc_deref+0x13/0x20 pepe kernel: [ 457.776127] inet_release+0x2f/0x60 pepe kernel: [ 457.818040] inet6_release+0x28/0x40 pepe kernel: [ 457.860783] __sock_release+0x32/0xb0 pepe kernel: [ 457.904565] sock_close+0x12/0x20 pepe kernel: [ 457.944190] __fput+0xb3/0x240 pepe kernel: [ 457.980694] ____fput+0xd/0x10 pepe kernel: [ 458.017302] task_work_run+0x82/0xa0 pepe kernel: [ 458.060044] exit_to_usermode_loop+0xed/0x110 pepe kernel: [ 458.112251] do_fast_syscall_32+0x1c7/0x240 pepe kernel: [ 458.162275] entry_SYSENTER_32+0xac/0xff pepe kernel: [ 458.209176] EIP: 0xb7ef5bb5 pepe kernel: [ 458.242666] Code: d3 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 pepe kernel: [ 458.467405] EAX: 00000000 EBX: 00000007 ECX: 00000002 EDX: 00000000 pepe kernel: [ 458.542597] ESI: b7ee4000 EDI: 00000006 EBP: 004b1210 ESP: bfebe150 pepe kernel: [ 458.617789] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000293 pepe kernel: [ 458.699012] Modules linked in: sctp nfsd auth_rpcgss nfs_acl lockd grace sunrpc intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif gpio_ich intel_cstate lpc_ich dcdbas i7core_edac acpi_power_meter mac_hid ipmi_si ipmi_devintf ipmi_msghandler sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mgag200 drm_vram_helper i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops mpt3sas drm raid_class bnx2 pata_acpi scsi_transport_sas pepe kernel: [ 459.415874] CR2: 0000000000000008 pepe kernel: [ 459.455555] ---[ end trace 3324c5a4a96e9820 ]--- pepe kernel: [ 459.510874] EIP: sctp_ulpevent_free+0x24/0x70 [sctp] pepe kernel: [ 459.570321] Code: 52 67 71 e3 66 90 66 66 66 66 90 55 89 e5 57 56 53 66 83 78 20 00 89 c3 78 3b 8b 78 3c 8b 40 40 85 c0 74 20 8b 83 88 00 00 00 <8b> 70 08 85 f6 74 13 90 8d 74 26 00 8d 46 18 e8 48 ec ff ff 8b 36 pepe kernel: [ 459.795066] EAX: 00000000 EBX: e239aa20 ECX: 00000246 EDX: e239aa08 pepe kernel: [ 459.870047] ESI: e1c02a08 EDI: 00000000 EBP: e5661eac ESP: e5661ea0 pepe kernel: [ 459.945240] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202 pepe kernel: [ 460.026673] CR0: 80050033 CR2: 00000008 CR3: 25602000 CR4: 000006f0 This issue can be traced back to 5.4.0-38.42~18.04.1 Test case: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/bind/bind04.c
2020-09-30 13:00:10	Ubuntu Kernel Bot	linux (Ubuntu): status	New	Confirmed
2020-09-30 13:00:11	Ubuntu Kernel Bot	tags	5.4 bionic i386 kqa-blocker sru-20200921 ubuntu-ltp-syscalls	5.4 bionic focal i386 kqa-blocker sru-20200921 ubuntu-ltp-syscalls

Ubuntulinux package

Activity log for bug #1897894

Ubuntu
linux package