lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20190108014810.fvejx4735rmv2mmb@inn2.lkp.intel.com>
Date:   Tue, 8 Jan 2019 09:48:10 +0800
From:   kernel test robot <lkp@...el.com>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        devel@...verdev.osuosl.org, lkp@...org
Subject: [blk]  a736152993: BUG:KASAN:null-ptr-deref_in_d


FYI, we noticed the following commit (built with gcc-7):

commit: a7361529939e80b6e182cf17f30e00545863f718 ("blk-mq: fix changelog")
https://git.kernel.org/cgit/linux/kernel/git/gregkh/driver-core.git debugfs_cleanup

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 3G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------------+------------+------------+
|                                                | 23343defc4 | a736152993 |
+------------------------------------------------+------------+------------+
| boot_successes                                 | 5          | 0          |
| boot_failures                                  | 5          | 11         |
| BUG:kernel_in_stage                            | 1          |            |
| IP-Config:Auto-configuration_of_network_failed | 4          |            |
| BUG:KASAN:null-ptr-deref_in_d                  | 0          | 11         |
| BUG:unable_to_handle_kernel                    | 0          | 11         |
| Oops:#[##]                                     | 0          | 11         |
| RIP:debugfs_create_files                       | 0          | 11         |
| Kernel_panic-not_syncing:Fatal_exception       | 0          | 11         |
+------------------------------------------------+------------+------------+



[   41.433960] BUG: KASAN: null-ptr-deref in debugfs_create_files+0x4e/0x82
[   41.433960] Read of size 8 at addr 0000000000000000 by task kworker/u2:1/184
[   41.433960] 
[   41.433960] CPU: 0 PID: 184 Comm: kworker/u2:1 Not tainted 5.0.0-rc1-00108-ga736152 #1
[   41.433960] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   41.433960] Workqueue: events_unbound async_run_entry_fn
[   41.433960] Call Trace:
[   41.433960]  ? debugfs_create_files+0x4e/0x82
[   41.433960]  kasan_report+0x123/0x136
[   41.433960]  ? debugfs_create_files+0x4e/0x82
[   41.433960]  debugfs_create_files+0x4e/0x82
[   41.433960]  blk_mq_debugfs_register+0x124/0x15e
[   41.433960]  blk_register_queue+0x117/0x187
[   41.433960]  __device_add_disk+0x577/0x68c
[   41.433960]  ? bdget_disk+0x3b/0x3b
[   41.433960]  ? rpm_check_suspend_allowed+0x62/0x12d
[   41.433960]  ? rpm_idle+0x15/0x187
[   41.433960]  ? preempt_count_sub+0x13/0xc0
[   41.433960]  sd_probe_async+0x1f1/0x2e2
[   41.433960]  ? sd_revalidate_disk+0x1995/0x1995
[   41.433960]  async_run_entry_fn+0x70/0x1c8
[   41.433960]  process_one_work+0x229/0x30f
[   41.433960]  ? worker_clr_flags+0x56/0x98
[   41.433960]  worker_thread+0x29a/0x3c5
[   41.433960]  ? process_scheduled_works+0x37/0x37
[   41.433960]  kthread+0x19f/0x1ae
[   41.433960]  ? __kthread_cancel_work+0xb2/0xb2
[   41.433960]  ret_from_fork+0x35/0x40
[   41.433960] ==================================================================
[   41.433960] Disabling lock debugging due to kernel taint
[   41.462550] db_root: cannot open: /etc/target
[   41.464118] L440GX flash mapping: failed to find PIIX4 ISA bridge, cannot continue
[   41.465617] device id = 2440
[   41.466288] device id = 2480
[   41.466929] device id = 24c0
[   41.467588] device id = 24d0
[   41.468242] device id = 25a1
[   41.468879] device id = 2670
[   41.469706] platform physmap-flash.0: failed to claim resource 0: [mem 0x08000000-0x07ffffff]
[   41.471900] Ramix PMC551 PCI Mezzanine Ram Driver. (C) 1999,2000 Nortel Networks.
[   41.473363] pmc551: not detected
[   41.480628] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[   41.480958] #PF error: [normal kernel read fault]
[   41.480958] PGD 0 P4D 0 
[   41.480958] Oops: 0000 [#1] PREEMPT KASAN
[   41.480958] CPU: 0 PID: 1 Comm: swapper Tainted: G    B             5.0.0-rc1-00108-ga736152 #1
[   41.480958] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   41.480958] RIP: 0010:debugfs_create_files+0x4e/0x82
[   41.480958] Code: b1 ff 4c 8b 65 30 49 8d bc 24 10 02 00 00 e8 11 b8 b1 ff 4d 89 ac 24 10 02 00 00 49 c7 c5 e0 16 25 83 48 89 df e8 5e b7 b1 ff <4c> 8b 23 4d 85 e4 74 24 48 8d 7b 08 e8 e5 b4 b1 ff 0f b7 73 08 48
[   41.480958] RSP: 0000:ffff8880a38a7b68 EFLAGS: 00010282
[   41.480958] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff816bd8c8
[   41.480958] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
[   41.480958] RBP: ffff88808fdea700 R08: ffff88808fdea738 R09: 0000000000000007
[   41.480958] R10: 0000000000000001 R11: ffff88808dfaa16f R12: ffff88808dfaa000
[   41.480958] R13: ffffffff832516e0 R14: ffff88808d248838 R15: ffff88808d248868
[   41.480958] FS:  0000000000000000(0000) GS:ffffffff8407d000(0000) knlGS:0000000000000000
[   41.480958] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.480958] CR2: 0000000000000000 CR3: 000000000402f000 CR4: 00000000000406f0
[   41.480958] Call Trace:
[   41.480958]  blk_mq_debugfs_register+0x124/0x15e
[   41.480958]  blk_register_queue+0x117/0x187
[   41.480958]  __device_add_disk+0x577/0x68c
[   41.480958]  ? bdget_disk+0x3b/0x3b
[   41.480958]  ? blk_mq_init_allocated_queue+0x5f3/0x63f
[   41.480958]  ? blk_mq_init_queue+0x36/0x52
[   41.480958]  ? blk_mq_alloc_tag_set+0x363/0x40e
[   41.480958]  add_mtd_blktrans_dev+0x4e3/0x575
[   41.480958]  ? kasan_kmalloc+0x89/0x9a
[   41.480958]  mtdblock_add_mtd+0xb1/0xca
[   41.480958]  blktrans_notify_add+0x42/0x59
[   41.480958]  add_mtd_device+0x37d/0x3d4
[   41.480958]  mtd_device_parse_register+0xc9/0x1de
[   41.480958]  ? set_debug_rodata+0xc/0xc
[   41.480958]  mtdram_init_device+0x12b/0x13b
[   41.480958]  init_mtdram+0x75/0xca
[   41.480958]  ? init_pmc551+0x532/0x532
[   41.480958]  do_one_initcall+0xc3/0x1b6
[   41.480958]  ? start_kernel+0x4ad/0x4ad
[   41.480958]  ? __memset+0x29/0x30
[   41.480958]  ? ___might_sleep+0x78/0x1fb
[   41.480958]  kernel_init_freeable+0x190/0x221
[   41.480958]  ? rest_init+0xc1/0xc1
[   41.480958]  kernel_init+0x7/0xf9
[   41.480958]  ? rest_init+0xc1/0xc1
[   41.480958]  ret_from_fork+0x35/0x40
[   41.480958] CR2: 0000000000000000
[   41.480958] ---[ end trace db039e7dd4e1d779 ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp

View attachment "config-5.0.0-rc1-00108-ga736152" of type "text/plain" (128192 bytes)

View attachment "job-script" of type "text/plain" (4415 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (11144 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ