lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 10 May 2017 10:24:46 +0800
From:   kernel test robot <xiaolong.ye@...el.com>
To:     "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Cc:     Ingo Molnar <mingo@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andy Lutomirski <luto@...capital.net>,
        Andy Lutomirski <luto@...nel.org>,
        Arnd Bergmann <arnd@...db.de>, Borislav Petkov <bp@...en8.de>,
        Brian Gerst <brgerst@...il.com>,
        Dave Hansen <dave.hansen@...el.com>,
        Denys Vlasenko <dvlasenk@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Michal Hocko <mhocko@...e.com>,
        Peter Zijlstra <peterz@...radead.org>,
        LKML <linux-kernel@...r.kernel.org>, lkp@...org
Subject: [lkp-robot] [x86]  f2a6a70501: BUG:KASAN:null-ptr-deref_on_address


FYI, we noticed the following commit:

commit: f2a6a7050109e0a5c7a84c70aa6010f682b2f1ee ("x86: Convert the rest of the code to support p4d_t")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -smp 2 -m 512M

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------------------------------------------------------+------------+------------+
|                                                                                                 | 907cd43902 | f2a6a70501 |
+-------------------------------------------------------------------------------------------------+------------+------------+
| boot_successes                                                                                  | 0          | 0          |
| boot_failures                                                                                   | 8          | 6          |
| invoked_oom-killer:gfp_mask=0x                                                                  | 2          | 2          |
| Mem-Info                                                                                        | 8          | 6          |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes                                | 2          | 2          |
| page_allocation_failure:order:#,mode:#(__GFP_COMP|__GFP_NOTRACK),nodemask=(null)                | 6          | 4          |
| page_allocation_failure:order:#,mode:#(__GFP_COMP|__GFP_HARDWALL|__GFP_NOTRACK),nodemask=(null) | 6          |            |
| Kernel_panic-not_syncing:can't_set_nsfs_up                                                      | 6          |            |
| BUG:KASAN:null-ptr-deref_on_address                                                             | 0          | 4          |
| BUG:unable_to_handle_kernel                                                                     | 0          | 4          |
| Oops:#[##]                                                                                      | 0          | 4          |
| Kernel_panic-not_syncing:Fatal_exception                                                        | 0          | 4          |
+-------------------------------------------------------------------------------------------------+------------+------------+



[    0.225718] BUG: KASAN: null-ptr-deref on address 0000000000000020
[    0.225718] BUG: KASAN: null-ptr-deref on address 0000000000000020
[    0.226666] Write of size 8 by task swapper/0/0
[    0.226666] Write of size 8 by task swapper/0/0
[    0.226666] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.11.0-rc2-00278-gf2a6a70 #2
[    0.226666] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.11.0-rc2-00278-gf2a6a70 #2
[    0.226666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[    0.226666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[    0.226666] Call Trace:
[    0.226666] Call Trace:
[    0.226666]  dump_stack+0x149/0x1eb
[    0.226666]  dump_stack+0x149/0x1eb
[    0.226666]  kasan_report+0x61d/0x670
[    0.226666]  kasan_report+0x61d/0x670
[    0.226666]  ? proc_sys_init+0x30/0x87
[    0.226666]  ? proc_sys_init+0x30/0x87
[    0.226666]  ? __asan_loadN+0xf/0x20
[    0.226666]  ? __asan_loadN+0xf/0x20
[    0.226666]  ? proc_mkdir_data+0xb6/0x170
[    0.226666]  ? proc_mkdir_data+0xb6/0x170
[    0.226666]  __asan_store8+0x61/0x70
[    0.226666]  __asan_store8+0x61/0x70
[    0.226666]  proc_sys_init+0x30/0x87
[    0.226666]  proc_sys_init+0x30/0x87
[    0.226666]  proc_root_init+0xf4/0x11e
[    0.226666]  proc_root_init+0xf4/0x11e
[    0.226666]  start_kernel+0x8b5/0x990
[    0.226666]  start_kernel+0x8b5/0x990
[    0.226666]  ? thread_stack_cache_init+0x35/0x35
[    0.226666]  ? thread_stack_cache_init+0x35/0x35
[    0.226666]  ? __asan_loadN+0xf/0x20
[    0.226666]  ? __asan_loadN+0xf/0x20
[    0.226666]  ? early_idt_handler_array+0x120/0x120
[    0.226666]  ? early_idt_handler_array+0x120/0x120
[    0.226666]  x86_64_start_reservations+0x6b/0x8c
[    0.226666]  x86_64_start_reservations+0x6b/0x8c
[    0.226666]  x86_64_start_kernel+0x199/0x1bd
[    0.226666]  x86_64_start_kernel+0x199/0x1bd
[    0.226666]  start_cpu+0x14/0x14
[    0.226666]  start_cpu+0x14/0x14
[    0.226666] ==================================================================
[    0.226666] ==================================================================
[    0.226666] Disabling lock debugging due to kernel taint
[    0.226666] Disabling lock debugging due to kernel taint
[    0.226704] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[    0.226704] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[    0.228866] IP: proc_sys_init+0x35/0x87
[    0.228866] IP: proc_sys_init+0x35/0x87
[    0.229726] PGD 0 
[    0.229726] PGD 0 
[    0.229732] P4D 0 
[    0.229732] P4D 0 
[    0.229999] 
[    0.229999] 
[    0.229999] Oops: 0002 [#1] SMP KASAN
[    0.229999] Oops: 0002 [#1] SMP KASAN
[    0.229999] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B           4.11.0-rc2-00278-gf2a6a70 #2
[    0.229999] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G    B           4.11.0-rc2-00278-gf2a6a70 #2
[    0.229999] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[    0.229999] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[    0.229999] task: ffffffff8762a380 task.stack: ffffffff87600000
[    0.229999] task: ffffffff8762a380 task.stack: ffffffff87600000
[    0.229999] RIP: 0010:proc_sys_init+0x35/0x87
[    0.229999] RIP: 0010:proc_sys_init+0x35/0x87
[    0.229999] RSP: 0000:ffffffff87607e00 EFLAGS: 00010286
[    0.229999] RSP: 0000:ffffffff87607e00 EFLAGS: 00010286
[    0.229999] RAX: ffffffff8762a380 RBX: 332459ea0398d339 RCX: ffffffff8128f6d6
[    0.229999] RAX: ffffffff8762a380 RBX: 332459ea0398d339 RCX: ffffffff8128f6d6
[    0.229999] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000028
[    0.229999] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000028
[    0.229999] RBP: ffffffff87607e10 R08: fffffbfff11abe65 R09: fffffbfff11abe64
[    0.229999] RBP: ffffffff87607e10 R08: fffffbfff11abe65 R09: fffffbfff11abe64
[    0.229999] R10: ffffffff88d5f327 R11: fffffbfff11abe65 R12: 0000000000000000
[    0.229999] R10: ffffffff88d5f327 R11: fffffbfff11abe65 R12: 0000000000000000
[    0.229999] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000002
[    0.229999] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000002
[    0.229999] FS:  0000000000000000(0000) GS:ffff880000200000(0000) knlGS:0000000000000000
[    0.229999] FS:  0000000000000000(0000) GS:ffff880000200000(0000) knlGS:0000000000000000
[    0.229999] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.229999] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.229999] CR2: 0000000000000020 CR3: 000000000761e000 CR4: 00000000000006b0
[    0.229999] CR2: 0000000000000020 CR3: 000000000761e000 CR4: 00000000000006b0
[    0.229999] Call Trace:
[    0.229999] Call Trace:
[    0.229999]  proc_root_init+0xf4/0x11e
[    0.229999]  proc_root_init+0xf4/0x11e
[    0.229999]  start_kernel+0x8b5/0x990
[    0.229999]  start_kernel+0x8b5/0x990
[    0.229999]  ? thread_stack_cache_init+0x35/0x35
[    0.229999]  ? thread_stack_cache_init+0x35/0x35
[    0.229999]  ? __asan_loadN+0xf/0x20
[    0.229999]  ? __asan_loadN+0xf/0x20
[    0.229999]  ? early_idt_handler_array+0x120/0x120
[    0.229999]  ? early_idt_handler_array+0x120/0x120
[    0.229999]  x86_64_start_reservations+0x6b/0x8c
[    0.229999]  x86_64_start_reservations+0x6b/0x8c
[    0.229999]  x86_64_start_kernel+0x199/0x1bd
[    0.229999]  x86_64_start_kernel+0x199/0x1bd
[    0.229999]  start_cpu+0x14/0x14
[    0.229999]  start_cpu+0x14/0x14
[    0.229999] Code: 1d 51 9f fd e8 08 7a 5b f7 31 f6 48 c7 c7 80 af a0 85 e8 fa fa 96 f7 48 8d 78 20 49 89 c4 48 31 eb e8 3b db 7b f7 49 8d 7c 24 28 <49> c7 44 24 20 40 c0 a0 85 e8 28 db 7b f7 49 8d 7c 24 08 49 c7 
[    0.229999] Code: 1d 51 9f fd e8 08 7a 5b f7 31 f6 48 c7 c7 80 af a0 85 e8 fa fa 96 f7 48 8d 78 20 49 89 c4 48 31 eb e8 3b db 7b f7 49 8d 7c 24 28 <49> c7 44 24 20 40 c0 a0 85 e8 28 db 7b f7 49 8d 7c 24 08 49 c7 
[    0.229999] RIP: proc_sys_init+0x35/0x87 RSP: ffffffff87607e00
[    0.229999] RIP: proc_sys_init+0x35/0x87 RSP: ffffffff87607e00
[    0.229999] CR2: 0000000000000020
[    0.229999] CR2: 0000000000000020
[    0.229999] ---[ end trace d7042a2b0fc5a1e6 ]---


To reproduce:

        git clone https://github.com/01org/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script  # job-script is attached in this email



Thanks,
Xiaolong

View attachment "config-4.11.0-rc2-00278-gf2a6a70" of type "text/plain" (120665 bytes)

View attachment "job-script" of type "text/plain" (3933 bytes)

Download attachment "dmesg.xz" of type "application/octet-stream" (7192 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ