| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180911004752.GG1110@shao2-debian>
Date: Tue, 11 Sep 2018 08:47:52 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: David Howells <dhowells@...hat.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [LKP] [vfs] fd0002870b: BUG:KASAN:null-ptr-deref_in_n
FYI, we noticed the following commit (built with gcc-6):
commit: fd0002870b453c58d0d8c195954f5049bc6675fb ("vfs: Implement a filesystem superblock creation/configuration context")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -smp 2 -m 1G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | bae551929c | fd0002870b |
+------------------------------------------+------------+------------+
| boot_successes | 6 | 2 |
| boot_failures | 0 | 11 |
| BUG:KASAN:null-ptr-deref_in_n | 0 | 11 |
| BUG:unable_to_handle_kernel | 0 | 11 |
| Oops:#[##] | 0 | 11 |
| RIP:nfs_fs_mount | 0 | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 11 |
+------------------------------------------+------------+------------+
[ 18.557980] BUG: KASAN: null-ptr-deref in nfs_fs_mount+0x901/0x1220
[ 18.559674] Read of size 1 at addr 0000000000000000 by task mount.nfs/357
[ 18.561456]
[ 18.562063] CPU: 0 PID: 357 Comm: mount.nfs Not tainted 4.19.0-rc1-00104-gfd00028 #1
[ 18.564199] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 18.566478] Call Trace:
[ 18.567308] kasan_report+0x107/0x330
[ 18.568403] nfs_fs_mount+0x901/0x1220
[ 18.569523] ? kmem_cache_free+0x70/0x170
[ 18.570710] ? nfs_compare_super+0x440/0x440
[ 18.571944] ? nd_jump_link+0xb0/0xb0
[ 18.573039] ? ksys_mount+0x5a/0xc0
[ 18.574106] ? strcmp+0x30/0x50
[ 18.575083] ? nfs_clone_super+0x150/0x150
[ 18.576273] ? nfs_remount+0x890/0x890
[ 18.577395] ? vfs_parse_fs_string+0xad/0xe0
[ 18.578629] ? nfs_compare_super+0x440/0x440
[ 18.579895] ? legacy_get_tree+0x83/0x180
[ 18.581069] legacy_get_tree+0x83/0x180
[ 18.582204] vfs_get_tree+0xaf/0x250
[ 18.583272] do_mount+0x39b/0xfe0
[ 18.584282] ? __might_sleep+0x2e/0xd0
[ 18.585394] ? __might_sleep+0x2e/0xd0
[ 18.586507] ? copy_mount_string+0x20/0x20
[ 18.587697] ? copy_mount_options+0x3a/0x1c0
[ 18.588842] ? copy_mount_options+0xf1/0x1c0
[ 18.589936] ksys_mount+0x79/0xc0
[ 18.590831] __x64_sys_mount+0x5d/0x70
[ 18.591819] do_syscall_64+0xac/0x3d0
[ 18.593009] ? syscall_return_slowpath+0xb0/0xb0
[ 18.594185] ? mm_fault_error+0x1c0/0x1c0
[ 18.595256] ? __put_user_4+0x1b/0x30
[ 18.596222] ? async_page_fault+0x8/0x30
[ 18.597251] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 18.598505] RIP: 0033:0x7fd79e7f424a
[ 18.599463] Code: 48 8b 0d 51 fc 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1e fc 2a 00 f7 d8 64 89 01 48
[ 18.606261] RSP: 002b:00007ffe34069b58 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 18.608156] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd79e7f424a
[ 18.609829] RDX: 0000558512e8cf70 RSI: 0000558512e8cf50 RDI: 0000558512e8b210
[ 18.611506] RBP: 00007ffe34069d50 R08: 0000558512e98320 R09: 0000000000000060
[ 18.613359] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fd79f138410
[ 18.615038] R13: 00007ffe34069d50 R14: 00007ffe34069c50 R15: 0000558512e98300
[ 18.616716] ==================================================================
[ 18.618528] Disabling lock debugging due to kernel taint
[ 18.762009] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 18.764184] PGD 0 P4D 0
[ 18.765016] Oops: 0000 [#1] PREEMPT KASAN PTI
[ 18.766279] CPU: 0 PID: 357 Comm: mount.nfs Tainted: G B 4.19.0-rc1-00104-gfd00028 #1
[ 18.768705] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 18.770938] RIP: 0010:nfs_fs_mount+0x901/0x1220
[ 18.772208] Code: 02 74 06 66 83 f8 0a 75 19 48 8d bb 2a 01 00 00 66 41 c1 c4 08 e8 df 33 f1 ff 66 44 89 a3 2a 01 00 00 4c 89 ef e8 bf 32 f1 ff <41> 80 7d 00 5b 0f 84 4a 08 00 00 be 3a 00 00 00 4c 89 ef e8 b7 9a
[ 18.776851] RSP: 0000:ffff88001ff1fb70 EFLAGS: 00010292
[ 18.778318] RAX: ffff88001ed45c00 RBX: ffff880017e19b80 RCX: 0000000000000000
[ 18.780200] RDX: 0000000000000001 RSI: dffffc0000000000 RDI: ffffffff82cdcf80
[ 18.782055] RBP: ffff88001ff1fc90 R08: fffffbfff0495731 R09: fffffbfff0495730
[ 18.783938] R10: 0000000000000003 R11: fffffbfff0495731 R12: 0000000000000000
[ 18.785811] R13: 0000000000000000 R14: 0000000000001000 R15: ffff880017e19ca8
[ 18.787709] FS: 00007fd79f138480(0000) GS:ffffffff82465000(0000) knlGS:0000000000000000
[ 18.789910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 18.791455] CR2: 0000000000000000 CR3: 000000003fb6a003 CR4: 00000000000606f0
[ 18.793339] Call Trace:
[ 18.794147] ? kmem_cache_free+0x70/0x170
[ 18.795296] ? nfs_compare_super+0x440/0x440
[ 18.796504] ? nd_jump_link+0xb0/0xb0
[ 18.797603] ? ksys_mount+0x5a/0xc0
[ 18.798643] ? strcmp+0x30/0x50
[ 18.799610] ? nfs_clone_super+0x150/0x150
[ 18.800813] ? nfs_remount+0x890/0x890
[ 18.801945] ? vfs_parse_fs_string+0xad/0xe0
[ 18.803155] ? nfs_compare_super+0x440/0x440
[ 18.804383] ? legacy_get_tree+0x83/0x180
[ 18.805558] legacy_get_tree+0x83/0x180
[ 18.806690] vfs_get_tree+0xaf/0x250
[ 18.807765] do_mount+0x39b/0xfe0
[ 18.808776] ? __might_sleep+0x2e/0xd0
[ 18.809792] ? __might_sleep+0x2e/0xd0
[ 18.810887] ? copy_mount_string+0x20/0x20
[ 18.812072] ? copy_mount_options+0x3a/0x1c0
[ 18.813310] ? copy_mount_options+0xf1/0x1c0
[ 18.814555] ksys_mount+0x79/0xc0
[ 18.815572] __x64_sys_mount+0x5d/0x70
[ 18.816683] do_syscall_64+0xac/0x3d0
[ 18.817785] ? syscall_return_slowpath+0xb0/0xb0
[ 18.819175] ? mm_fault_error+0x1c0/0x1c0
[ 18.820350] ? __put_user_4+0x1b/0x30
[ 18.821455] ? async_page_fault+0x8/0x30
[ 18.822622] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 18.824024] RIP: 0033:0x7fd79e7f424a
[ 18.825087] Code: 48 8b 0d 51 fc 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1e fc 2a 00 f7 d8 64 89 01 48
[ 18.829774] RSP: 002b:00007ffe34069b58 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[ 18.831873] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd79e7f424a
[ 18.833764] RDX: 0000558512e8cf70 RSI: 0000558512e8cf50 RDI: 0000558512e8b210
[ 18.835657] RBP: 00007ffe34069d50 R08: 0000558512e98320 R09: 0000000000000060
[ 18.837543] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fd79f138410
[ 18.839426] R13: 00007ffe34069d50 R14: 00007ffe34069c50 R15: 0000558512e98300
[ 18.841309] Modules linked in: crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd input_leds led_class floppy cmdlinepart
[ 18.844315] CR2: 0000000000000000
[ 19.028656] ---[ end trace df17e7a878a94ae1 ]---
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
View attachment "config-4.19.0-rc1-00104-gfd00028" of type "text/plain" (104198 bytes)
View attachment "job-script" of type "text/plain" (4472 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (13052 bytes)
Powered by blists - more mailing lists