On (20/02/05 16:48), John Ogness wrote: > On 2020-02-05, Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx> wrote: > > 3BUG: KASAN: wild-memory-access in copy_data+0x129/0x220> > > 3Write of size 4 at addr 5a5a5a5a5a5a5a5a by task cat/474> > > The problem was due to an uninitialized pointer. > > Very recently the ringbuffer API was expanded so that it could > optionally count lines in a record. This made it possible for me to > implement record_print_text_inline(), which can do all the kmsg_dump > multi-line madness without requiring a temporary buffer. Rather than > passing an extra argument around for the optional line count, I added > the text_line_count pointer to the printk_record struct. And since line > counting is rarely needed, it is only performed if text_line_count is > non-NULL. > > I oversaw that devkmsg_open() setup a printk_record and so I did not see > to add the extra NULL initialization of text_line_count. There should be > be an initializer function/macro to avoid this danger. > > John Ogness > > The quick fixup: > > diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c > index d0d24ee1d1f4..5ad67ff60cd9 100644 > --- a/kernel/printk/printk.c > +++ b/kernel/printk/printk.c > @@ -883,6 +883,7 @@ static int devkmsg_open(struct inode *inode, struct file *file) > user->record.text_buf_size = sizeof(user->text_buf); > user->record.dict_buf = &user->dict_buf[0]; > user->record.dict_buf_size = sizeof(user->dict_buf); > + user->record.text_line_count = NULL; > > logbuf_lock_irq(); > user->seq = prb_first_seq(prb); Yes. That should do. It seems that /dev/kmsg reads/writes happen very early in my system and all the backtraces I saw were from completely unrelated paths - either a NULL deref at sys_clone()->do_fork()->copy_creds()->prepare_creads(), or general protection fault in sys_keyctl()->join_session_keyring()->prepare_creds(), or some weird crashes in ext4. And so on. I see some more unexplainable lockups on one on my test boards, but I can't provide more details at this time. Might not be related to the patch set. Need to investigate further. -ss _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec