| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Feb 2022 15:58:08 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Mario Limonciello <mario.limonciello@....com>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, "Rafael J . Wysocki" <rjw@...ysocki.net>,
linux-acpi@...r.kernel.org,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
Xiaomeng.Hou@....com, Aaron.Liu@....com, Ray.Huang@....com,
hdegoede@...hat.com, Mario Limonciello <mario.limonciello@....com>
Subject: [ACPI] [confidence: ] 602548e9ee:
BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 602548e9eec8dc7598a1e642304e8c084b2e0c60 ("[PATCH 3/3] ACPI: bus: For platform OSC negotiate capabilities")
url: https://github.com/0day-ci/linux/commits/Mario-Limonciello/ACPI-APEI-Adjust-for-acpi_run_osc-logic-changes/20220216-025736
base: https://git.kernel.org/cgit/linux/kernel/git/rafael/linux-pm.git linux-next
patch link: https://lore.kernel.org/linux-acpi/20220215185209.1046551-3-mario.limonciello@amd.com
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu Icelake-Server -smp 4 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------+------------+------------+
| | 842b232ab9 | 602548e9ee |
+---------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 0 | 10 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 10 |
| Oops:#[##] | 0 | 10 |
| RIP:acpi_bus_init | 0 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 10 |
+---------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 1.038642][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000004
[ 1.040972][ T1] #PF: supervisor read access in kernel mode
[ 1.040972][ T1] #PF: error_code(0x0000) - not-present page
[ 1.040972][ T1] PGD 0 P4D 0
[ 1.040972][ T1] Oops: 0000 [#1] SMP PTI
[ 1.040972][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc4-00040-g602548e9eec8 #1
[ 1.040972][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1.040972][ T1] RIP: 0010:acpi_bus_init (drivers/acpi/bus.c:345 drivers/acpi/bus.c:1277)
[ 1.040972][ T1] Code: 32 82 e8 ca fc 5a fe 85 c0 0f 85 93 00 00 00 41 bd 05 00 00 00 48 8b 3c 24 48 8d 74 24 08 e8 3f bd 58 fe 48 8b 7c 24 30 89 c3 <8b> 47 04 89 44 24 40 e8 a5 d9 2e fe 83 fb 0f 75 07 41 ff cd 75 d5
All code
========
0: 32 82 e8 ca fc 5a xor 0x5afccae8(%rdx),%al
6: fe 85 c0 0f 85 93 incb -0x6c7af040(%rbp)
c: 00 00 add %al,(%rax)
e: 00 41 bd add %al,-0x43(%rcx)
11: 05 00 00 00 48 add $0x48000000,%eax
16: 8b 3c 24 mov (%rsp),%edi
19: 48 8d 74 24 08 lea 0x8(%rsp),%rsi
1e: e8 3f bd 58 fe callq 0xfffffffffe58bd62
23: 48 8b 7c 24 30 mov 0x30(%rsp),%rdi
28: 89 c3 mov %eax,%ebx
2a:* 8b 47 04 mov 0x4(%rdi),%eax <-- trapping instruction
2d: 89 44 24 40 mov %eax,0x40(%rsp)
31: e8 a5 d9 2e fe callq 0xfffffffffe2ed9db
36: 83 fb 0f cmp $0xf,%ebx
39: 75 07 jne 0x42
3b: 41 ff cd dec %r13d
3e: 75 d5 jne 0x15
Code starting with the faulting instruction
===========================================
0: 8b 47 04 mov 0x4(%rdi),%eax
3: 89 44 24 40 mov %eax,0x40(%rsp)
7: e8 a5 d9 2e fe callq 0xfffffffffe2ed9b1
c: 83 fb 0f cmp $0xf,%ebx
f: 75 07 jne 0x18
11: 41 ff cd dec %r13d
14: 75 d5 jne 0xffffffffffffffeb
[ 1.040972][ T1] RSP: 0000:ffffc90000013e28 EFLAGS: 00010246
[ 1.040972][ T1] RAX: 0000000000000005 RBX: 0000000000000005 RCX: 0000000000000563
[ 1.040972][ T1] RDX: 0000000000000562 RSI: ffffc90000013cc8 RDI: 0000000000000000
[ 1.040972][ T1] RBP: ffffc90000013e64 R08: 0000000000000000 R09: 0000000000000296
[ 1.040972][ T1] R10: ffff88810d190960 R11: 0000000000000202 R12: ffffc90000013e38
[ 1.040972][ T1] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000000
[ 1.040972][ T1] FS: 0000000000000000(0000) GS:ffff88842fc00000(0000) knlGS:0000000000000000
[ 1.040972][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.040972][ T1] CR2: 0000000000000004 CR3: 0000000002612001 CR4: 0000000000370ef0
[ 1.040972][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1.040972][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1.040972][ T1] Call Trace:
[ 1.040972][ T1] <TASK>
[ 1.040972][ T1] ? acpi_bus_init (drivers/acpi/bus.c:1338)
[ 1.040972][ T1] acpi_init (drivers/acpi/bus.c:1352)
[ 1.040972][ T1] do_one_initcall (init/main.c:1300)
[ 1.040972][ T1] kernel_init_freeable (init/main.c:1372 init/main.c:1389 init/main.c:1408 init/main.c:1613)
[ 1.040972][ T1] ? rest_init (init/main.c:1494)
[ 1.040972][ T1] kernel_init (init/main.c:1504)
[ 1.040972][ T1] ret_from_fork (arch/x86/entry/entry_64.S:301)
[ 1.040972][ T1] </TASK>
[ 1.040972][ T1] Modules linked in:
[ 1.040972][ T1] CR2: 0000000000000004
[ 1.040972][ T1] ---[ end trace 0000000000000000 ]---
[ 1.040972][ T1] RIP: 0010:acpi_bus_init (drivers/acpi/bus.c:345 drivers/acpi/bus.c:1277)
[ 1.040972][ T1] Code: 32 82 e8 ca fc 5a fe 85 c0 0f 85 93 00 00 00 41 bd 05 00 00 00 48 8b 3c 24 48 8d 74 24 08 e8 3f bd 58 fe 48 8b 7c 24 30 89 c3 <8b> 47 04 89 44 24 40 e8 a5 d9 2e fe 83 fb 0f 75 07 41 ff cd 75 d5
All code
========
0: 32 82 e8 ca fc 5a xor 0x5afccae8(%rdx),%al
6: fe 85 c0 0f 85 93 incb -0x6c7af040(%rbp)
c: 00 00 add %al,(%rax)
e: 00 41 bd add %al,-0x43(%rcx)
11: 05 00 00 00 48 add $0x48000000,%eax
16: 8b 3c 24 mov (%rsp),%edi
19: 48 8d 74 24 08 lea 0x8(%rsp),%rsi
1e: e8 3f bd 58 fe callq 0xfffffffffe58bd62
23: 48 8b 7c 24 30 mov 0x30(%rsp),%rdi
28: 89 c3 mov %eax,%ebx
2a:* 8b 47 04 mov 0x4(%rdi),%eax <-- trapping instruction
2d: 89 44 24 40 mov %eax,0x40(%rsp)
31: e8 a5 d9 2e fe callq 0xfffffffffe2ed9db
36: 83 fb 0f cmp $0xf,%ebx
39: 75 07 jne 0x42
3b: 41 ff cd dec %r13d
3e: 75 d5 jne 0x15
Code starting with the faulting instruction
===========================================
0: 8b 47 04 mov 0x4(%rdi),%eax
3: 89 44 24 40 mov %eax,0x40(%rsp)
7: e8 a5 d9 2e fe callq 0xfffffffffe2ed9b1
c: 83 fb 0f cmp $0xf,%ebx
f: 75 07 jne 0x18
11: 41 ff cd dec %r13d
14: 75 d5 jne 0xffffffffffffffeb
To reproduce:
# build kernel
cd linux
cp config-5.17.0-rc4-00040-g602548e9eec8 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.17.0-rc4-00040-g602548e9eec8" of type "text/plain" (123214 bytes)
View attachment "job-script" of type "text/plain" (4887 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (6848 bytes)
Powered by blists - more mailing lists