[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ad521a36-c080-f761-e91b-dc38b8af08ee@huawei.com>
Date: Fri, 22 May 2020 16:07:14 +0800
From: Hanjun Guo <guohanjun@...wei.com>
To: Will Deacon <will@...nel.org>, <lorenzo.pieralisi@....com>
CC: <rjw@...ysocki.net>, <linux-arm-kernel@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>, <mark.rutland@....com>
Subject: Re: arm64/acpi: NULL dereference reports from UBSAN at boot
Hi Will,
On 2020/5/21 18:09, Will Deacon wrote:
> Hi folks,
>
> I just tried booting the arm64 for-kernelci branch under QEMU (version
> 4.2.50 (v4.2.0-779-g4354edb6dcc7)) with UBSAN enabled, and I see a couple
> of NULL pointer dereferences reported at boot. I think they're both GIC
> related (log below). I don't see a panic with UBSAN disabled, so something's
> fishy here.
>
> Please can you take a look when you get a chance? I haven't had time to see
> if this is a regression or not, but I don't think it's particularly serious
> as I have all sorts of horrible stuff enabled in my .config, since I'm
> trying to chase down another bug:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/plain/arch/arm64/configs/fuzzing.config?h=fuzzing/arm64-kernelci-20200519&id=c149cf6a51aa4f72d53fc681c6661094e93ef660
>
> (on top of defconfig)
>
> CONFIG_FAIL_PAGE_ALLOC may be to blame.
I enabled UBSAN and CONFIG_FAIL_PAGE_ALLOC on top of defconfig,
testing against the for-kernelci branch on the D06 board, I
can see some UBSAN warnings from megaraid_sas driver [0], but not
from any other subsystem including ACPI, I will try all your
configs above to see if I can get more warnings.
Thanks
Hanjun
[0]:
[ 18.244272]
================================================================================
[ 18.252673] UBSAN: array-index-out-of-bounds in
drivers/scsi/megaraid/megaraid_sas_fp.c:104:32
[ 18.261244] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
[ 18.267313] CPU: 0 PID: 656 Comm: kworker/0:1 Not tainted
5.7.0-rc6-1-14703-gf4582661223d-dirty #20
[ 18.276314] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS
2280-V2 CS V3.B210.01 03/12/2020
[ 18.285151] Workqueue: events work_for_cpu_fn
[ 18.289488] Call trace:
[ 18.291925] dump_backtrace+0x0/0x248
[ 18.295572] show_stack+0x18/0x28
[ 18.298873] dump_stack+0xc0/0x10c
[ 18.302261] ubsan_epilogue+0x10/0x58
[ 18.305905] __ubsan_handle_out_of_bounds+0x8c/0xa8
[ 18.310763] mr_update_load_balance_params+0x118/0x120
[ 18.315877] MR_ValidateMapInfo+0x300/0xb00
[ 18.320040] megasas_get_map_info+0x134/0x1f8
[ 18.324377] megasas_init_adapter_fusion+0xba8/0x10a0
[ 18.329403] megasas_probe_one+0x6e0/0x1b70
[ 18.333569] local_pci_probe+0x40/0xb0
[ 18.337299] work_for_cpu_fn+0x1c/0x30
[ 18.341031] process_one_work+0x1f8/0x378
[ 18.345022] worker_thread+0x21c/0x4c0
[ 18.348753] kthread+0x150/0x158
[ 18.351967] ret_from_fork+0x10/0x18
[ 18.355529]
================================================================================
[ 18.592274]
================================================================================
[ 18.600672] UBSAN: array-index-out-of-bounds in
drivers/scsi/megaraid/megaraid_sas_fp.c:141:9
[ 18.609155] index 1 is out of range for type 'MR_LD_SPAN_MAP [1]'
[ 18.615221] CPU: 0 PID: 656 Comm: kworker/0:1 Not tainted
5.7.0-rc6-1-14703-gf4582661223d-dirty #20
[ 18.624222] Hardware name: Huawei TaiShan 2280 V2/BC82AMDC, BIOS
2280-V2 CS V3.B210.01 03/12/2020
[ 18.633050] Workqueue: events work_for_cpu_fn
[ 18.637387] Call trace:
[ 18.639822] dump_backtrace+0x0/0x248
[ 18.643467] show_stack+0x18/0x28
[ 18.646767] dump_stack+0xc0/0x10c
[ 18.650152] ubsan_epilogue+0x10/0x58
[ 18.653796] __ubsan_handle_out_of_bounds+0x8c/0xa8
[ 18.658652] MR_GetLDTgtId+0x58/0x60
[ 18.662211] megasas_sync_map_info+0xd0/0x1c0
[ 18.666547] megasas_init_adapter_fusion+0xd60/0x10a0
[ 18.671574] megasas_probe_one+0x6e0/0x1b70
[ 18.675736] local_pci_probe+0x40/0xb0
[ 18.679466] work_for_cpu_fn+0x1c/0x30
[ 18.683197] process_one_work+0x1f8/0x378
[ 18.687188] worker_thread+0x21c/0x4c0
[ 18.690920] kthread+0x150/0x158
[ 18.694123] ret_from_fork+0x10/0x18
[ 18.697683]
================================================================================
Powered by blists - more mailing lists