Bug 1782736 - kernel panic on coredump with '|' core_pattern
Summary: kernel panic on coredump with '|' core_pattern
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-12 08:53 UTC by Chunyu Hu
Modified: 2019-12-12 08:53 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)

Description Chunyu Hu 2019-12-12 08:53:26 UTC
1. Please describe the problem:

We find kernel can panic if we set the kernel core_pattern with /proc/sys/kernel/core_pattern

Steps:
/bin/echo "|" > /proc/sys/kernel/core_pattern

[root@kvm-02-guest16 tests]# cat a.c
int main(){
        int *p = 0;
        *p = 0;
        return 0;
}

Execute compiled binary with above source file to fault kernel. this will panic kernel. 

[  124.706104] systemd-coredump[2698]: Failed to parse PID "%P": Invalid argument 
[  124.791390] show_signal_msg: 17 callbacks suppressed 
[  124.791395] core_dump[2742]: segfault at 402010 ip 0000000000401116 sp 00007ffc3aa7fc10 error 6 in core_dump[401000+1000] 
[  124.793495] Code: 01 5d c3 90 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa eb 8a 55 48 89 e5 48 c7 45 f8 10 20 40 00 48 8b 45 f8 <c6> 00 74 b8 00 00 00 00 5d c3 f3 0f 1e fa 41 57 4c 8d 3d 23 2d 00 
[  124.797151] BUG: kernel NULL pointer dereference, address: 0000000000000020 
[  124.798117] #PF: supervisor read access in kernel mode 
[  124.798837] #PF: error_code(0x0000) - not-present page 
[  124.799560] PGD 8000000126853067 P4D 8000000126853067 PUD 12687c067 PMD 0  
[  124.800465] Oops: 0000 [#1] SMP PTI 
[  124.800936] CPU: 0 PID: 2742 Comm: core_dump Not tainted 5.4.2-300.fc31.x86_64 #1 
[  124.801924] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 
[  124.802748] RIP: 0010:do_coredump+0x7f2/0x113b 
[  124.803364] Code: ff 48 85 ff 74 0c e8 3d 1d fa ff 44 8b 95 10 ff ff ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 71 08 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f 84 a9 06 00 00 44 
[  124.805865] RSP: 0018:ffffaff7c113fc78 EFLAGS: 00010246 
[  124.806534] RAX: 0000000000004000 RBX: ffff9440eabb4000 RCX: 000000000001aac7 
[  124.807475] RDX: 0000000000000000 RSI: ffffaff7c113fc40 RDI: 0000000000000000 
[  124.808372] RBP: ffffaff7c113fdc8 R08: 0000000000000400 R09: ffffaff7c113fbc8 
[  124.809299] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffb6711a40 
[  124.810228] R13: ffff9440f5eace40 R14: ffff9440e6bceec0 R15: 0000000000000000 
[  124.811211] FS:  00007fcd641aa540(0000) GS:ffff9440fba00000(0000) knlGS:0000000000000000 
[  124.812208] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[  124.813012] CR2: 0000000000000020 CR3: 00000001269fa003 CR4: 00000000003606f0 
[  124.814047] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 
[  124.815055] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 
[  124.816012] Call Trace: 
[  124.816381]  ? mem32_serial_in+0x20/0x20 
[  124.816915]  get_signal+0x152/0x890 
[  124.817379]  ? __switch_to_asm+0x40/0x70 
[  124.817828]  ? __switch_to_asm+0x34/0x70 
[  124.818341]  ? __switch_to_asm+0x40/0x70 
[  124.818905]  do_signal+0x36/0x650 
[  124.819359]  ? __switch_to+0x10d/0x440 
[  124.819884]  ? __switch_to_asm+0x34/0x70 
[  124.820355]  ? __schedule+0x2da/0x730 
[  124.820862]  exit_to_usermode_loop+0x9d/0x130 
[  124.821428]  prepare_exit_to_usermode+0x9b/0xa0 
[  124.822009]  retint_user+0x8/0x8 
[  124.822424] RIP: 0033:0x401116 
[  124.822857] Code: 01 5d c3 90 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa eb 8a 55 48 89 e5 48 c7 45 f8 10 20 40 00 48 8b 45 f8 <c6> 00 74 b8 00 00 00 00 5d c3 f3 0f 1e fa 41 57 4c 8d 3d 23 2d 00 
[  124.825265] RSP: 002b:00007ffc3aa7fc10 EFLAGS: 00010246 
[  124.825990] RAX: 0000000000402010 RBX: 0000000000401120 RCX: 00007fcd641a2578 
[  124.827006] RDX: 00007ffc3aa7fd18 RSI: 00007ffc3aa7fd08 RDI: 0000000000000001 
[  124.827878] RBP: 00007ffc3aa7fc10 R08: 0000000000000000 R09: 00007fcd641cb440 
[  124.828817] R10: 00000000ffffffff R11: 000000000000000d R12: 0000000000401020 
[  124.829825] R13: 00007ffc3aa7fd00 R14: 0000000000000000 R15: 0000000000000000 
[  124.830769] Modules linked in: sunrpc snd_hda_codec_generic ledtrig_audio snd_hda_intel snd_intel_nhlt snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device intel_rapl_msr snd_pcm intel_rapl_common crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_timer 8139too snd virtio_balloon joydev 8139cp soundcore mii i2c_piix4 ip_tables qxl drm_kms_helper ttm drm crc32c_intel virtio_console serio_raw ata_generic pata_acpi qemu_fw_cfg 
[  124.835899] CR2: 0000000000000020 
[  124.836379] ---[ end trace aa79c92793830174 ]--- 
[  124.837018] RIP: 0010:do_coredump+0x7f2/0x113b 
[  124.837641] Code: ff 48 85 ff 74 0c e8 3d 1d fa ff 44 8b 95 10 ff ff ff 65 48 8b 04 25 c0 6b 01 00 48 8b 00 48 8b 7d a0 a8 04 0f 85 71 08 00 00 <48> 8b 57 20 0f b7 02 66 25 00 f0 66 3d 00 80 0f 84 a9 06 00 00 44 
[  124.840077] RSP: 0018:ffffaff7c113fc78 EFLAGS: 00010246 
[  124.840751] RAX: 0000000000004000 RBX: ffff9440eabb4000 RCX: 000000000001aac7 
[  124.841685] RDX: 0000000000000000 RSI: ffffaff7c113fc40 RDI: 0000000000000000 
[  124.842592] RBP: ffffaff7c113fdc8 R08: 0000000000000400 R09: ffffaff7c113fbc8 
[  124.843685] R10: 0000000000000001 R11: 0000000000000000 R12: ffffffffb6711a40 
[  124.844627] R13: ffff9440f5eace40 R14: ffff9440e6bceec0 R15: 0000000000000000 
[  124.845631] FS:  00007fcd641aa540(0000) GS:ffff9440fba00000(0000) knlGS:0000000000000000 
[  124.846669] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033 
[  124.847409] CR2: 0000000000000020 CR3: 00000001269fa003 CR4: 00000000003606f0 
[  124.848279] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 
[  124.849125] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 


2. What is the Version-Release number of the kernel:

5.4.2-300.fc31.x86_64

3. Did it work previously in Fedora? If so, what kernel version did the issue
   *first* appear?  Old kernels are available for download at
   https://koji.fedoraproject.org/koji/packageinfo?packageID=8 :

Yes, it work previously, will try later.

4. Can you reproduce this issue? If so, please provide the steps to reproduce
   the issue below:

yes, pleases see above.

5. Does this problem occur with the latest Rawhide kernel? To install the
   Rawhide kernel, run ``sudo dnf install fedora-repos-rawhide`` followed by
   ``sudo dnf update --enablerepo=rawhide kernel``:

yes.

6. Are you running any modules that not shipped with directly Fedora's kernel?:
no


7. Please attach the kernel logs. You can get the complete kernel log
   for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the
   issue occurred on a previous boot, use the journalctl ``-b`` flag.


Note You need to log in before you can comment on or make changes to this bug.