| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 May 2017 10:39:51 +0800
From: kernel test robot <xiaolong.ye@...el.com>
To: marcandre.lureau@...hat.com
Cc: qemu-devel@...gnu.org, somlo@....edu, linux-kernel@...r.kernel.org,
mst@...hat.com,
Marc-André Lureau
<marcandre.lureau@...hat.com>, lkp@...org
Subject: [lkp-robot] [fw_cfg] 9f0f3ea314: BUG:KASAN:null-ptr-deref_on_address
FYI, we noticed the following commit:
commit: 9f0f3ea31419e56d861441b2d863e992d13f19d7 ("fw_cfg: do DMA read operation")
url: https://github.com/0day-ci/linux/commits/marcandre-lureau-redhat-com/fw_cfg-add-DMA-operations/20170429-202925
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------------------------------+------------+------------+
| | c0bbc7cf8b | 9f0f3ea314 |
+------------------------------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 2 | 8 |
| invoked_oom-killer:gfp_mask=0x | 2 | 2 |
| Mem-Info | 2 | 2 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 2 | 2 |
| BUG:kernel_hang_in_test_stage | 0 | 2 |
| BUG:KASAN:null-ptr-deref_on_address | 0 | 4 |
| BUG:unable_to_handle_kernel | 0 | 4 |
| Oops:#[##] | 0 | 4 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 4 |
+------------------------------------------------------------------+------------+------------+
[ 276.979741] BUG: KASAN: null-ptr-deref on address 0000000000000390
[ 276.979741] BUG: KASAN: null-ptr-deref on address 0000000000000390
[ 276.979778] Read of size 8 by task swapper/1
[ 276.979778] Read of size 8 by task swapper/1
[ 276.979841] CPU: 0 PID: 1 Comm: swapper Not tainted 4.11.0-rc8-00089-g9f0f3ea #2
[ 276.979841] CPU: 0 PID: 1 Comm: swapper Not tainted 4.11.0-rc8-00089-g9f0f3ea #2
[ 276.979878] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 276.979878] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 276.979910] Call Trace:
[ 276.979910] Call Trace:
[ 276.980004] dump_stack+0x19/0x1b
[ 276.980004] dump_stack+0x19/0x1b
[ 276.980131] kasan_report+0x467/0x560
[ 276.980131] kasan_report+0x467/0x560
[ 276.980197] ? swiotlb_map_page+0x54/0x248
[ 276.980197] ? swiotlb_map_page+0x54/0x248
[ 276.980260] ? kasan_unpoison_shadow+0x35/0x43
[ 276.980260] ? kasan_unpoison_shadow+0x35/0x43
[ 276.980324] ? swiotlb_free_coherent+0x9a/0x9a
[ 276.980324] ? swiotlb_free_coherent+0x9a/0x9a
[ 276.980387] __asan_load8+0x5e/0x6f
[ 276.980387] __asan_load8+0x5e/0x6f
[ 276.980428] swiotlb_map_page+0x54/0x248
[ 276.980428] swiotlb_map_page+0x54/0x248
[ 276.980493] ? swiotlb_free_coherent+0x9a/0x9a
[ 276.980493] ? swiotlb_free_coherent+0x9a/0x9a
[ 276.980581] fw_cfg_dma_transfer+0xb9/0x39c
[ 276.980581] fw_cfg_dma_transfer+0xb9/0x39c
[ 276.980649] fw_cfg_read_blob+0xf0/0x201
[ 276.980649] fw_cfg_read_blob+0xf0/0x201
[ 276.980715] ? fw_cfg_dma_transfer+0x39c/0x39c
[ 276.980715] ? fw_cfg_dma_transfer+0x39c/0x39c
[ 276.980782] ? __kmalloc+0x15f/0x304
[ 276.980782] ? __kmalloc+0x15f/0x304
[ 276.980844] ? fw_cfg_sysfs_probe+0x2c9/0x84a
[ 276.980844] ? fw_cfg_sysfs_probe+0x2c9/0x84a
[ 276.980911] fw_cfg_sysfs_probe+0x2f4/0x84a
[ 276.980911] fw_cfg_sysfs_probe+0x2f4/0x84a
[ 276.980980] ? fw_cfg_sysfs_read_raw+0x70/0x70
[ 276.980980] ? fw_cfg_sysfs_read_raw+0x70/0x70
[ 276.981104] ? acpi_device_wakeup+0x3d/0x110
[ 276.981104] ? acpi_device_wakeup+0x3d/0x110
[ 276.981172] ? acpi_dev_pm_attach+0xf0/0x12e
[ 276.981172] ? acpi_dev_pm_attach+0xf0/0x12e
[ 276.981239] platform_drv_probe+0x54/0xd2
[ 276.981239] platform_drv_probe+0x54/0xd2
[ 276.981330] driver_probe_device+0x2b1/0x730
[ 276.981330] driver_probe_device+0x2b1/0x730
[ 276.981401] ? driver_probe_device+0x730/0x730
[ 276.981401] ? driver_probe_device+0x730/0x730
[ 276.981488] __driver_attach+0x121/0x123
[ 276.981488] __driver_attach+0x121/0x123
[ 276.981556] bus_for_each_dev+0xeb/0x147
[ 276.981556] bus_for_each_dev+0xeb/0x147
[ 276.981623] ? store_drivers_autoprobe+0x80/0x80
[ 276.981623] ? store_drivers_autoprobe+0x80/0x80
[ 276.981688] ? _raw_spin_unlock+0x27/0x3a
[ 276.981688] ? _raw_spin_unlock+0x27/0x3a
[ 276.981756] driver_attach+0x2b/0x2e
[ 276.981756] driver_attach+0x2b/0x2e
[ 276.981823] bus_add_driver+0x27e/0x39c
[ 276.981823] bus_add_driver+0x27e/0x39c
[ 276.981887] driver_register+0xd3/0x193
[ 276.981887] driver_register+0xd3/0x193
[ 276.981975] ? firmware_map_add_early+0x5b/0x5b
[ 276.981975] ? firmware_map_add_early+0x5b/0x5b
[ 276.982018] __platform_driver_register+0x6c/0x71
[ 276.982018] __platform_driver_register+0x6c/0x71
[ 276.982140] fw_cfg_sysfs_init+0x45/0x69
[ 276.982140] fw_cfg_sysfs_init+0x45/0x69
[ 276.982207] do_one_initcall+0x8f/0x1ee
[ 276.982207] do_one_initcall+0x8f/0x1ee
[ 276.982272] ? initcall_blacklisted+0x12c/0x12c
[ 276.982272] ? initcall_blacklisted+0x12c/0x12c
[ 276.982340] ? parse_args+0x35e/0x602
[ 276.982340] ? parse_args+0x35e/0x602
[ 276.982430] ? set_debug_rodata+0x12/0x12
[ 276.982430] ? set_debug_rodata+0x12/0x12
[ 276.982494] kernel_init_freeable+0x19e/0x22e
[ 276.982494] kernel_init_freeable+0x19e/0x22e
[ 276.982558] ? rest_init+0x140/0x140
[ 276.982558] ? rest_init+0x140/0x140
[ 276.982599] kernel_init+0x13/0x127
[ 276.982599] kernel_init+0x13/0x127
[ 276.982662] ? rest_init+0x140/0x140
[ 276.982662] ? rest_init+0x140/0x140
[ 276.982725] ret_from_fork+0x31/0x40
[ 276.982725] ret_from_fork+0x31/0x40
[ 276.982788] ==================================================================
[ 276.982788] ==================================================================
[ 276.982818] Disabling lock debugging due to kernel taint
[ 276.982818] Disabling lock debugging due to kernel taint
[ 276.982855] BUG: unable to handle kernel NULL pointer dereference at 0000000000000390
[ 276.982855] BUG: unable to handle kernel NULL pointer dereference at 0000000000000390
[ 276.982924] IP: swiotlb_map_page+0x54/0x248
[ 276.982924] IP: swiotlb_map_page+0x54/0x248
[ 276.982952] PGD 0
[ 276.982952] PGD 0
[ 276.982958]
[ 276.982958]
[ 276.983012] Oops: 0000 [#1] PREEMPT KASAN
[ 276.983012] Oops: 0000 [#1] PREEMPT KASAN
[ 276.983020] Modules linked in:
[ 276.983020] Modules linked in:
[ 276.983210] CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.11.0-rc8-00089-g9f0f3ea #2
[ 276.983210] CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.11.0-rc8-00089-g9f0f3ea #2
[ 276.983241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 276.983241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 276.983274] task: ffff88011a5b4680 task.stack: ffff88011a5b8000
[ 276.983274] task: ffff88011a5b4680 task.stack: ffff88011a5b8000
[ 276.983312] RIP: 0010:swiotlb_map_page+0x54/0x248
[ 276.983312] RIP: 0010:swiotlb_map_page+0x54/0x248
[ 276.983343] RSP: 0018:ffff88011a5bf9b8 EFLAGS: 00010292
[ 276.983343] RSP: 0018:ffff88011a5bf9b8 EFLAGS: 00010292
[ 276.983402] RAX: ffff88011a5b4680 RBX: 0000000000098640 RCX: ffffffff8113b4e3
[ 276.983402] RAX: ffff88011a5b4680 RBX: 0000000000098640 RCX: ffffffff8113b4e3
[ 276.983434] RDX: 0000000000000004 RSI: 0000000000000003 RDI: 0000000000000292
[ 276.983434] RDX: 0000000000000004 RSI: 0000000000000003 RDI: 0000000000000292
[ 276.983466] RBP: ffff88011a5bf9f8 R08: 0000000000000003 R09: 0000000000000000
[ 276.983466] RBP: ffff88011a5bf9f8 R08: 0000000000000003 R09: 0000000000000000
[ 276.983499] R10: ffff88011a5bf8cf R11: fffffbfff06cd0a3 R12: 0000000000000000
[ 276.983499] R10: ffff88011a5bf8cf R11: fffffbfff06cd0a3 R12: 0000000000000000
[ 276.983531] R13: 0000000000000010 R14: 0000000000000000 R15: ffffffff81517b2f
[ 276.983531] R13: 0000000000000010 R14: 0000000000000000 R15: ffffffff81517b2f
[ 276.983566] FS: 0000000000000000(0000) GS:ffffffff8227d000(0000) knlGS:0000000000000000
[ 276.983566] FS: 0000000000000000(0000) GS:ffffffff8227d000(0000) knlGS:0000000000000000
[ 276.983598] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 276.983598] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 276.983630] CR2: 0000000000000390 CR3: 000000007ef79000 CR4: 00000000000006f0
[ 276.983630] CR2: 0000000000000390 CR3: 000000007ef79000 CR4: 00000000000006f0
[ 276.983666] Call Trace:
[ 276.983666] Call Trace:
[ 276.983727] ? swiotlb_free_coherent+0x9a/0x9a
[ 276.983727] ? swiotlb_free_coherent+0x9a/0x9a
[ 276.983765] fw_cfg_dma_transfer+0xb9/0x39c
[ 276.983765] fw_cfg_dma_transfer+0xb9/0x39c
[ 276.983827] fw_cfg_read_blob+0xf0/0x201
[ 276.983827] fw_cfg_read_blob+0xf0/0x201
[ 276.983889] ? fw_cfg_dma_transfer+0x39c/0x39c
[ 276.983889] ? fw_cfg_dma_transfer+0x39c/0x39c
[ 276.983930] ? __kmalloc+0x15f/0x304
[ 276.983930] ? __kmalloc+0x15f/0x304
[ 276.983989] ? fw_cfg_sysfs_probe+0x2c9/0x84a
[ 276.983989] ? fw_cfg_sysfs_probe+0x2c9/0x84a
[ 276.984089] fw_cfg_sysfs_probe+0x2f4/0x84a
[ 276.984089] fw_cfg_sysfs_probe+0x2f4/0x84a
[ 276.984153] ? fw_cfg_sysfs_read_raw+0x70/0x70
[ 276.984153] ? fw_cfg_sysfs_read_raw+0x70/0x70
[ 276.984214] ? acpi_device_wakeup+0x3d/0x110
[ 276.984214] ? acpi_device_wakeup+0x3d/0x110
[ 276.984254] ? acpi_dev_pm_attach+0xf0/0x12e
[ 276.984254] ? acpi_dev_pm_attach+0xf0/0x12e
[ 276.984314] platform_drv_probe+0x54/0xd2
[ 276.984314] platform_drv_probe+0x54/0xd2
[ 276.984407] driver_probe_device+0x2b1/0x730
[ 276.984407] driver_probe_device+0x2b1/0x730
[ 276.984473] ? driver_probe_device+0x730/0x730
[ 276.984473] ? driver_probe_device+0x730/0x730
[ 276.984534] __driver_attach+0x121/0x123
[ 276.984534] __driver_attach+0x121/0x123
[ 276.984575] bus_for_each_dev+0xeb/0x147
[ 276.984575] bus_for_each_dev+0xeb/0x147
[ 276.984635] ? store_drivers_autoprobe+0x80/0x80
[ 276.984635] ? store_drivers_autoprobe+0x80/0x80
[ 276.984673] ? _raw_spin_unlock+0x27/0x3a
[ 276.984673] ? _raw_spin_unlock+0x27/0x3a
[ 276.984736] driver_attach+0x2b/0x2e
[ 276.984736] driver_attach+0x2b/0x2e
[ 276.984798] bus_add_driver+0x27e/0x39c
[ 276.984798] bus_add_driver+0x27e/0x39c
[ 276.984836] driver_register+0xd3/0x193
[ 276.984836] driver_register+0xd3/0x193
[ 276.984895] ? firmware_map_add_early+0x5b/0x5b
[ 276.984895] ? firmware_map_add_early+0x5b/0x5b
[ 276.984933] __platform_driver_register+0x6c/0x71
[ 276.984933] __platform_driver_register+0x6c/0x71
[ 276.984992] fw_cfg_sysfs_init+0x45/0x69
[ 276.984992] fw_cfg_sysfs_init+0x45/0x69
[ 276.985087] do_one_initcall+0x8f/0x1ee
[ 276.985087] do_one_initcall+0x8f/0x1ee
[ 276.985127] ? initcall_blacklisted+0x12c/0x12c
[ 276.985127] ? initcall_blacklisted+0x12c/0x12c
[ 276.985189] ? parse_args+0x35e/0x602
[ 276.985189] ? parse_args+0x35e/0x602
[ 276.985251] ? set_debug_rodata+0x12/0x12
[ 276.985251] ? set_debug_rodata+0x12/0x12
[ 276.985289] kernel_init_freeable+0x19e/0x22e
[ 276.985289] kernel_init_freeable+0x19e/0x22e
[ 276.985348] ? rest_init+0x140/0x140
[ 276.985348] ? rest_init+0x140/0x140
[ 276.985386] kernel_init+0x13/0x127
[ 276.985386] kernel_init+0x13/0x127
[ 276.985444] ? rest_init+0x140/0x140
[ 276.985444] ? rest_init+0x140/0x140
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
View attachment "config-4.11.0-rc8-00089-g9f0f3ea" of type "text/plain" (112327 bytes)
View attachment "job-script" of type "text/plain" (4359 bytes)
Download attachment "dmesg.xz" of type "application/octet-stream" (10692 bytes)
Powered by blists - more mailing lists