| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2016 09:36:15 +0800
From: kernel test robot <xiaolong.ye@...el.com>
To: Jeff Mahoney <jeffm@...e.com>
Cc: David Sterba <dsterba@...e.com>,
LKML <linux-kernel@...r.kernel.org>,
Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [lkp] [btrfs] 80950bdf5f: BUG: KASAN: null-ptr-deref on address
0000000000000030
FYI, we noticed the following commit:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
commit 80950bdf5f9308aad6475ce2ca4da534f83b688a ("btrfs: tests, require fs_info for root")
in testcase: boot
on test machine: 2 threads qemu-system-x86_64 -enable-kvm -cpu Nehalem with 320M memory
caused below changes:
+--------------------------------------------------------------------------+------------+------------+
| | 837e0e1d64 | 80950bdf5f |
+--------------------------------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 24 | 27 |
| invoked_oom-killer:gfp_mask=0x | 24 | 6 |
| warn_alloc_failed+0x | 24 | 14 |
| Mem-Info | 24 | 14 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 24 | 6 |
| backtrace:btrfs_run_sanity_tests | 14 | 21 |
| backtrace:init_btrfs_fs | 17 | 23 |
| backtrace:kernel_init_freeable | 23 | 27 |
| page_allocation_failure:order:#,mode:#(GFP_KERNEL|__GFP_COMP|__GFP_ZERO) | 12 | 12 |
| backtrace:stm_register_device | 12 | 12 |
| backtrace:dummy_stm_init | 12 | 12 |
| backtrace:_do_fork | 2 | 2 |
| backtrace:__platform_driver_register | 1 | |
| backtrace:skylake_audio_init | 1 | |
| backtrace:pcpu_balance_workfn | 3 | |
| backtrace:bioset_create | 2 | |
| backtrace:extent_io_init | 2 | |
| backtrace:__serio_register_driver | 1 | |
| backtrace:egalax_drv_init | 1 | |
| backtrace:kmem_cache_create | 1 | 2 |
| backtrace:btrfs_init_cachep | 1 | 2 |
| BUG:KASAN:null-ptr-deref_on_address | 0 | 21 |
| BUG:unable_to_handle_kernel | 0 | 21 |
| Oops | 0 | 21 |
| RIP:__setup_root | 0 | 21 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 21 |
| backtrace:kobject_add_internal | 0 | 2 |
| backtrace:kobject_init_and_add | 0 | 2 |
| backtrace:i2c_register_driver | 0 | 1 |
| backtrace:m41t80_driver_init | 0 | 1 |
| backtrace:usb_register_driver | 0 | 1 |
| backtrace:cytherm_driver_init | 0 | 1 |
+--------------------------------------------------------------------------+------------+------------+
[ 62.711603] BTRFS: selftest: sectorsize: 4096 nodesize: 4096
[ 62.712275] BTRFS: selftest: Running btrfs free space cache tests
[ 62.713021] ==================================================================
[ 62.713719] BUG: KASAN: null-ptr-deref on address 0000000000000030
[ 62.714341] Read of size 8 by task swapper/0/1
[ 62.714773] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.7.0-rc6-00034-g80950bd #2
[ 62.715497] 0000000000000001 ffff880008d6fc28 ffffffff8cde9789 ffff880008d6fcc0
[ 62.716257] ffff880008d60040 ffff880008d6fcb0 ffffffff8c70a5c2 ffff880008d6fc58
[ 62.716998] ffffffff8c5db6f2 0000000000000292 ffff880008d60040 ffff880008d6fca8
[ 62.717794] Call Trace:
[ 62.718059] [<ffffffff8cde9789>] dump_stack+0x86/0xcd
[ 62.718562] [<ffffffff8c70a5c2>] kasan_report_error+0x442/0x540
[ 62.719153] [<ffffffff8c5db6f2>] ? trace_hardirqs_on_caller+0x1b2/0x2e0
[ 62.719819] [<ffffffff8c5dc374>] ? lockdep_init_map+0xc4/0x2f0
[ 62.720440] [<ffffffff8c70a6f4>] kasan_report+0x34/0x40
[ 62.721002] [<ffffffff8c5c9000>] ? wake_bit_function+0xc0/0xc0
[ 62.721617] [<ffffffff8cb9e9b8>] ? __setup_root+0x678/0x6f0
[ 62.722220] [<ffffffff8c709fce>] __asan_load8+0x5e/0x70
[ 62.722766] [<ffffffff8cb9e9b8>] __setup_root+0x678/0x6f0
[ 62.723341] [<ffffffff8cba2977>] btrfs_alloc_dummy_root+0x97/0xd0
[ 62.724000] [<ffffffff8cc78b94>] btrfs_test_free_space_cache+0x64/0x950
[ 62.724730] [<ffffffff8cc7a6e0>] btrfs_run_sanity_tests+0x70/0x150
[ 62.725595] [<ffffffff90a3cef9>] ? dlm_init+0x26d/0x26d
[ 62.726266] [<ffffffff90a3cfd1>] init_btrfs_fs+0xd8/0x13d
[ 62.726845] [<ffffffff90a09398>] do_one_initcall+0x100/0x1cd
[ 62.727433] [<ffffffff8cdf6825>] ? strlen+0x25/0x40
[ 62.727909] [<ffffffff90a09298>] ? start_kernel+0x508/0x508
[ 62.728466] [<ffffffff90a08aa7>] ? repair_env_string+0x2f/0x73
[ 62.729037] [<ffffffff8c58ccab>] ? parse_args+0x5b/0x510
[ 62.729581] [<ffffffff90a08a78>] ? set_debug_rodata+0x12/0x12
[ 62.730172] [<ffffffff90a0962d>] kernel_init_freeable+0x1c8/0x259
[ 62.730823] [<ffffffff8e7ff6be>] kernel_init+0xe/0x120
[ 62.731389] [<ffffffff8e80cbaf>] ret_from_fork+0x1f/0x40
[ 62.731957] [<ffffffff8e7ff6b0>] ? rest_init+0x140/0x140
[ 62.732505] ==================================================================
[ 62.733243] Disabling lock debugging due to kernel taint
[ 62.733864] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
[ 62.734686] IP: [<ffffffff8cb9e9b8>] __setup_root+0x678/0x6f0
[ 62.735306] PGD 0
[ 62.735541] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN
[ 62.736092] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 4.7.0-rc6-00034-g80950bd #2
[ 62.736957] task: ffff880008d60040 ti: ffff880008d68000 task.ti: ffff880008d68000
[ 62.737698] RIP: 0010:[<ffffffff8cb9e9b8>] [<ffffffff8cb9e9b8>] __setup_root+0x678/0x6f0
[ 62.738517] RSP: 0018:ffff880008d6fd08 EFLAGS: 00010286
[ 62.739056] RAX: 0000000000000000 RBX: ffff880003da4548 RCX: ffffffff8c595e73
[ 62.739752] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffffff9186df00
[ 62.740458] RBP: ffff880008d6fd40 R08: 0000000000000003 R09: 0000000000000001
[ 62.741165] R10: ffffffff90b757cb R11: fffffbfff2309940 R12: ffff880004924000
[ 62.741864] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000001000
[ 62.742566] FS: 0000000000000000(0000) GS:ffff880009400000(0000) knlGS:0000000000000000
[ 62.743357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 62.743935] CR2: 0000000000000030 CR3: 000000000fc0a000 CR4: 00000000000006e0
[ 62.744639] Stack:
[ 62.744855] 000010008c709515 0000000000000010 ffff880003da4548 0000000000001000
[ 62.745626] 0000000000001000 ffff880004924000 ffff880008c06c40 ffff880008d6fd78
[ 62.746419] ffffffff8cba2977 ffff8800004a3a78 0000000000001000 0000000008000000
[ 62.747183] Call Trace:
[ 62.747427] [<ffffffff8cba2977>] btrfs_alloc_dummy_root+0x97/0xd0
[ 62.748013] [<ffffffff8cc78b94>] btrfs_test_free_space_cache+0x64/0x950
[ 62.748648] [<ffffffff8cc7a6e0>] btrfs_run_sanity_tests+0x70/0x150
[ 62.749242] [<ffffffff90a3cef9>] ? dlm_init+0x26d/0x26d
[ 62.749753] [<ffffffff90a3cfd1>] init_btrfs_fs+0xd8/0x13d
[ 62.750277] [<ffffffff90a09398>] do_one_initcall+0x100/0x1cd
[ 62.750844] [<ffffffff8cdf6825>] ? strlen+0x25/0x40
[ 62.751344] [<ffffffff90a09298>] ? start_kernel+0x508/0x508
[ 62.751907] [<ffffffff90a08aa7>] ? repair_env_string+0x2f/0x73
[ 62.752499] [<ffffffff8c58ccab>] ? parse_args+0x5b/0x510
[ 62.753048] [<ffffffff90a08a78>] ? set_debug_rodata+0x12/0x12
[ 62.753633] [<ffffffff90a0962d>] kernel_init_freeable+0x1c8/0x259
[ 62.754265] [<ffffffff8e7ff6be>] kernel_init+0xe/0x120
[ 62.754776] [<ffffffff8e80cbaf>] ret_from_fork+0x1f/0x40
[ 62.755314] [<ffffffff8e7ff6b0>] ? rest_init+0x140/0x140
[ 62.755846] Code: c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 49 8d bc 24 40 07 00 00 e8 c9 b5 b6 ff 4d 8b ac 24 40 07 00 00 49 8d 7d 30 e8 b8 b5 b6 ff <49> 8b 75 30 48 8d bb f8 01 00 00 4c 8d ab df 01 00 00 e8 e1 0e
[ 62.758526] RIP [<ffffffff8cb9e9b8>] __setup_root+0x678/0x6f0
[ 62.759094] RSP <ffff880008d6fd08>
[ 62.759431] CR2: 0000000000000030
[ 62.759744] ---[ end trace 4dfd2887d274f657 ]---
[ 62.760192] Kernel panic - not syncing: Fatal exception
FYI, raw QEMU command line is:
qemu-system-x86_64 -enable-kvm -cpu Nehalem -kernel /pkg/linux/x86_64-randconfig-s2-07080935/gcc-6/80950bdf5f9308aad6475ce2ca4da534f83b688a/vmlinuz-4.7.0-rc6-00034-g80950bd -append 'root=/dev/ram0 user=lkp job=/lkp/scheduled/vm-intel12-yocto-x86_64-7/bisect_boot-1-yocto-minimal-x86_64.cgz-x86_64-randconfig-s2-07080935-80950bdf5f9308aad6475ce2ca4da534f83b688a-20160708-110555-1ih03s-0.yaml ARCH=x86_64 kconfig=x86_64-randconfig-s2-07080935 branch=linux-devel/devel-spot-201607080857 commit=80950bdf5f9308aad6475ce2ca4da534f83b688a BOOT_IMAGE=/pkg/linux/x86_64-randconfig-s2-07080935/gcc-6/80950bdf5f9308aad6475ce2ca4da534f83b688a/vmlinuz-4.7.0-rc6-00034-g80950bd max_uptime=600 RESULT_ROOT=/result/boot/1/vm-intel12-yocto-x86_64/yocto-minimal-x86_64.cgz/x86_64-randconfig-s2-07080935/gcc-6/80950bdf5f9308aad6475ce2ca4da534f83b688a/0 LKP_SERVER=inn earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal rw ip=::::vm-intel12-yocto-x86_64-7::dhcp drbd.minor_count=8' -initrd /fs/KVM/initrd-vm-intel12-yocto-x86_64-7 -m 320 -smp 2 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -drive file=/fs/KVM/disk0-vm-intel12-yocto-x86_64-7,media=disk,if=virtio -drive file=/fs/KVM/disk1-vm-intel12-yocto-x86_64-7,media=disk,if=virtio -pidfile /dev/shm/kboot/pid-vm-intel12-yocto-x86_64-7 -serial file:/dev/shm/kboot/serial-vm-intel12-yocto-x86_64-7 -daemonize -display none -monitor null
Thanks,
Xiaolong
View attachment "config-4.7.0-rc6-00034-g80950bd" of type "text/plain" (122100 bytes)
Download attachment "dmesg.xz" of type "application/octet-stream" (18252 bytes)
Powered by blists - more mailing lists