| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210310020856.GB24132@xsang-OptiPlex-9020>
Date: Wed, 10 Mar 2021 10:08:56 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Saravana Kannan <saravanak@...gle.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Marc Zyngier <maz@...nel.org>,
Jisheng Zhang <Jisheng.Zhang@...aptics.com>,
Kever Yang <kever.yang@...k-chips.com>,
Linus Walleij <linus.walleij@...aro.org>,
Bartosz Golaszewski <bgolaszewski@...libre.com>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
lkp@...el.com, "Rafael J. Wysocki" <rafael@...nel.org>,
Marek Szyprowski <m.szyprowski@...sung.com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Tudor Ambarus <Tudor.Ambarus@...rochip.com>,
Saravana Kannan <saravanak@...gle.com>, kernel-team@...roid.com
Subject: [gpiolib] 4731210c09: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 4731210c09f5977300f439b6c56ba220c65b2348 ("[PATCH v1 2/2] driver core: fw_devlink: Handle missing drivers for optional suppliers")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: kernel-selftests
version: kernel-selftests-x86_64-b553cffa-1_20210122
with following parameters:
group: group-01
ucode: 0xe2
test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel.
test-url: https://www.kernel.org/doc/Documentation/kselftest.txt
on test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz with 32G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 388.912130] BUG: kernel NULL pointer dereference, address: 0000000000000590
[ 388.919103] #PF: supervisor read access in kernel mode
[ 388.924245] #PF: error_code(0x0000) - not-present page
[ 388.929389] PGD 0 P4D 0
[ 388.931925] Oops: 0000 [#1] PREEMPT SMP PTI
[ 388.936114] CPU: 2 PID: 20288 Comm: modprobe Not tainted 5.11.0-rc5-00017-g4731210c09f5 #1
[ 388.944388] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017
[ 388.951789] RIP: 0010:__list_del_entry_valid (kbuild/src/consumer/lib/list_debug.c:43)
[ 388.956850] Code: 0f 85 43 00 73 00 48 39 d7 0f 84 23 00 73 00 4c 39 cf 0f 84 1a 00 73 00 b8 01 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 90 <48> 8b 17 4c 8b 47 08 48 b8 00 01 00 00 00 00 ad de 48 39 c2 0f 84
All code
========
0: 0f 85 43 00 73 00 jne 0x730049
6: 48 39 d7 cmp %rdx,%rdi
9: 0f 84 23 00 73 00 je 0x730032
f: 4c 39 cf cmp %r9,%rdi
12: 0f 84 1a 00 73 00 je 0x730032
18: b8 01 00 00 00 mov $0x1,%eax
1d: c3 retq
1e: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
25: 00 00 00 00
29: 90 nop
2a:* 48 8b 17 mov (%rdi),%rdx <-- trapping instruction
2d: 4c 8b 47 08 mov 0x8(%rdi),%r8
31: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax
38: 00 ad de
3b: 48 39 c2 cmp %rax,%rdx
3e: 0f .byte 0xf
3f: 84 .byte 0x84
Code starting with the faulting instruction
===========================================
0: 48 8b 17 mov (%rdi),%rdx
3: 4c 8b 47 08 mov 0x8(%rdi),%r8
7: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax
e: 00 ad de
11: 48 39 c2 cmp %rax,%rdx
14: 0f .byte 0xf
15: 84 .byte 0x84
[ 388.975647] RSP: 0018:ffffc90000b3fdc0 EFLAGS: 00010282
[ 388.980878] RAX: ffffffff81717b80 RBX: ffff8888191c8040 RCX: 0000000000000000
[ 388.988021] RDX: 0000000000000001 RSI: ffffffff827a46fa RDI: 0000000000000590
[ 388.995180] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
[ 389.002323] R10: ffff888100bc3200 R11: 0000000000000000 R12: ffff8888137ab400
[ 389.009468] R13: ffff8888191c8008 R14: 0000000000000000 R15: ffff8888191cacb8
[ 389.016611] FS: 00007f73471e5480(0000) GS:ffff88881dd00000(0000) knlGS:0000000000000000
[ 389.024722] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 389.030484] CR2: 0000000000000590 CR3: 00000008160c4001 CR4: 00000000003706e0
[ 389.037637] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 389.044791] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 389.051935] Call Trace:
[ 389.054382] gpiodevice_release (kbuild/src/consumer/include/linux/list.h:132 kbuild/src/consumer/include/linux/list.h:146 kbuild/src/consumer/drivers/gpio/gpiolib.c:477)
[ 389.058400] device_release (kbuild/src/consumer/drivers/base/core.c:2059)
[ 389.062066] kobject_release (kbuild/src/consumer/lib/kobject.c:709 kbuild/src/consumer/lib/kobject.c:736)
[ 389.065906] release_nodes (kbuild/src/consumer/drivers/base/devres.c:524 (discriminator 12))
[ 389.069662] device_release_driver_internal (kbuild/src/consumer/drivers/base/dd.c:1164 kbuild/src/consumer/drivers/base/dd.c:1187)
[ 389.074894] driver_detach (kbuild/src/consumer/drivers/base/dd.c:1251)
[ 389.078473] bus_remove_driver (kbuild/src/consumer/drivers/base/bus.c:680)
[ 389.082401] gpio_mockup_exit (gpio-mockup.c:?) gpio_mockup
[ 389.087548] __x64_sys_delete_module (kbuild/src/consumer/kernel/module.c:1064 kbuild/src/consumer/kernel/module.c:1006 kbuild/src/consumer/kernel/module.c:1006)
[ 389.092187] ? syscall_enter_from_user_mode (kbuild/src/consumer/arch/x86/include/asm/irqflags.h:54 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:94 kbuild/src/consumer/kernel/entry/common.c:106)
[ 389.097259] ? lockdep_hardirqs_on (kbuild/src/consumer/kernel/locking/lockdep.c:4162)
[ 389.101620] do_syscall_64 (kbuild/src/consumer/arch/x86/entry/common.c:46)
[ 389.105211] entry_SYSCALL_64_after_hwframe (kbuild/src/consumer/arch/x86/entry/entry_64.S:127)
[ 389.110282] RIP: 0033:0x7f7347305dd7
[ 389.113860] Code: 73 01 c3 48 8b 0d b9 10 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 89 10 0c 00 f7 d8 64 89 01 48
All code
========
0: 73 01 jae 0x3
2: c3 retq
3: 48 8b 0d b9 10 0c 00 mov 0xc10b9(%rip),%rcx # 0xc10c3
a: f7 d8 neg %eax
c: 64 89 01 mov %eax,%fs:(%rcx)
f: 48 83 c8 ff or $0xffffffffffffffff,%rax
13: c3 retq
14: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
1b: 00 00 00
1e: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
23: b8 b0 00 00 00 mov $0xb0,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 retq
33: 48 8b 0d 89 10 0c 00 mov 0xc1089(%rip),%rcx # 0xc10c3
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 retq
9: 48 8b 0d 89 10 0c 00 mov 0xc1089(%rip),%rcx # 0xc1099
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 389.132653] RSP: 002b:00007ffcd5f52a78 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0
[ 389.140232] RAX: ffffffffffffffda RBX: 0000564dfdabc100 RCX: 00007f7347305dd7
[ 389.147374] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000564dfdabc168
[ 389.154515] RBP: 0000564dfdabc168 R08: 00007ffcd5f51a21 R09: 0000000000000000
[ 389.161657] R10: 00007f7347377ae0 R11: 0000000000000206 R12: 0000000000000000
[ 389.168798] R13: 0000000000000000 R14: 0000564dfdabc168 R15: 0000564dfdabc210
[ 389.175941] Modules linked in: gpio_mockup(-) btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c sd_mod t10_pi sg intel_rapl_msr intel_rapl_common dell_wmi x86_pkg_temp_thermal intel_powerclamp coretemp dell_smbios crct10dif_pclmul ipmi_devintf crc32_pclmul mei_wdt crc32c_intel ipmi_msghandler dell_wmi_descriptor sparse_keymap wmi_bmof dcdbas ahci ghash_clmulni_intel i915 libahci i2c_i801 mei_me rapl i2c_smbus intel_cstate libata intel_uncore mei intel_pch_thermal wmi intel_gtt video acpi_pad intel_pmc_core ip_tables [last unloaded: preemptirq_delay_test]
[ 389.225888] CR2: 0000000000000590
[ 389.229218] ---[ end trace 0b0c7ec922ff47d5 ]---
[ 389.233853] RIP: 0010:__list_del_entry_valid (kbuild/src/consumer/lib/list_debug.c:43)
[ 389.238910] Code: 0f 85 43 00 73 00 48 39 d7 0f 84 23 00 73 00 4c 39 cf 0f 84 1a 00 73 00 b8 01 00 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 90 <48> 8b 17 4c 8b 47 08 48 b8 00 01 00 00 00 00 ad de 48 39 c2 0f 84
All code
========
0: 0f 85 43 00 73 00 jne 0x730049
6: 48 39 d7 cmp %rdx,%rdi
9: 0f 84 23 00 73 00 je 0x730032
f: 4c 39 cf cmp %r9,%rdi
12: 0f 84 1a 00 73 00 je 0x730032
18: b8 01 00 00 00 mov $0x1,%eax
1d: c3 retq
1e: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
25: 00 00 00 00
29: 90 nop
2a:* 48 8b 17 mov (%rdi),%rdx <-- trapping instruction
2d: 4c 8b 47 08 mov 0x8(%rdi),%r8
31: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax
38: 00 ad de
3b: 48 39 c2 cmp %rax,%rdx
3e: 0f .byte 0xf
3f: 84 .byte 0x84
Code starting with the faulting instruction
===========================================
0: 48 8b 17 mov (%rdi),%rdx
3: 4c 8b 47 08 mov 0x8(%rdi),%r8
7: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax
e: 00 ad de
11: 48 39 c2 cmp %rax,%rdx
14: 0f .byte 0xf
15: 84 .byte 0x84
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml
bin/lkp run compatible-job.yaml
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.11.0-rc5-00017-g4731210c09f5" of type "text/plain" (173067 bytes)
View attachment "job-script" of type "text/plain" (8085 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (46628 bytes)
View attachment "job.yaml" of type "text/plain" (7127 bytes)
Powered by blists - more mailing lists