lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Yu9ezQTijq83R93W@xsang-OptiPlex-9020>
Date:   Sun, 7 Aug 2022 14:42:21 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Thomas Gleixner <tglx@...utronix.de>
CC:     Ammar Faizi <ammarfaizi2@...weeb.org>,
        <linux-kernel@...r.kernel.org>, <lkp@...ts.01.org>, <lkp@...el.com>
Subject: [x86/cpu]  cad96c0b26: BUG:kernel_NULL_pointer_dereference,address



Greeting,

FYI, we noticed the following commit (built with clang-16):

commit: cad96c0b26e681c8b7de573371c0ec5cbe55fd58 ("x86/cpu: Remove segment load from switch_to_new_gdt()")
https://github.com/ammarfaizi2/linux-block tglx/devel/depthtracking

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------+------------+------------+
|                                                 | 7c2bb42937 | cad96c0b26 |
+-------------------------------------------------+------------+------------+
| boot_successes                                  | 22         | 0          |
| BUG:kernel_NULL_pointer_dereference,address     | 0          | 25         |
| Oops:#[##]                                      | 0          | 25         |
| EIP:__list_add_valid                            | 0          | 25         |
| Kernel_panic-not_syncing:Fatal_exception        | 0          | 25         |
+-------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[    0.137688][    T0] Initializing HighMem for node 0 (000ae5fe:00440000)
[    0.138247][    T0] BUG: kernel NULL pointer dereference, address: 00000004
[    0.138710][    T0] #PF: supervisor read access in kernel mode
[    0.139089][    T0] #PF: error_code(0x0000) - not-present page
[    0.139473][    T0] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
[    0.139897][    T0] Oops: 0000 [#1] SMP
[    0.140153][    T0] CPU: 0 PID: 0 Comm: swapper Tainted: G                T 5.19.0-00002-gcad96c0b26e6 #1
[    0.140797][    T0] EIP: __list_add_valid+0x10/0xd0
[    0.141122][    T0] Code: 01 eb ac 0f 0b 0f 0b 0f 0b 0f 0b 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 55 89 e5 53 57 56 83 ec 08 89 cf 89 d6 89 45
ec <8b> 59 04 31 d2 39 f3 0f 95 c2 b8 70 15 6a 42 31 c9 6a 00 e8 98 be
[    0.142396][    T0] EAX: e79cbfc4 EBX: 00000000 ECX: 00000000 EDX: 428ee6a8
[    0.142854][    T0] ESI: 428ee6a8 EDI: 00000000 EBP: 421a9e8c ESP: 421a9e78
[    0.143311][    T0] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00210016
[    0.143802][    T0] CR0: 80050033 CR2: 00000004 CR3: 028fe000 CR4: 000406b0
[    0.144259][    T0] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[    0.144718][    T0] DR6: fffe0ff0 DR7: 00000400
[    0.145014][    T0] Call Trace:
[    0.145229][    T0]  ? free_unref_page_commit+0xa9/0x210
[    0.145581][    T0]  ? free_unref_page+0xc4/0x170
[    0.145893][    T0]  ? __free_pages+0x106/0x130
[    0.146190][    T0]  ? add_highpages_with_active_regions+0x185/0x22c
[    0.146622][    T0]  ? set_highmem_pages_init+0x51/0x75
[    0.146968][    T0]  ? set_highmem_pages_init+0x60/0x75
[    0.147318][    T0]  ? mem_init+0x10/0x127
[    0.147588][    T0]  ? mm_init+0x17/0x32
[    0.147848][    T0]  ? start_kernel+0x178/0x4ca
[    0.148150][    T0]  ? i386_start_kernel+0x219/0x21b
[    0.148481][    T0]  ? startup_32_smp+0x161/0x164
[    0.148795][    T0] Modules linked in:
[    0.149045][    T0] CR2: 0000000000000004
[    0.149311][    T0] ---[ end trace 0000000000000000 ]---
[    0.149661][    T0] EIP: __list_add_valid+0x10/0xd0
[    0.149981][    T0] Code: 01 eb ac 0f 0b 0f 0b 0f 0b 0f 0b 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 55 89 e5 53 57 56 83 ec 08 89 cf 89 d6 89 45
ec <8b> 59 04 31 d2 39 f3 0f 95 c2 b8 70 15 6a 42 31 c9 6a 00 e8 98 be
[    0.151254][    T0] EAX: e79cbfc4 EBX: 00000000 ECX: 00000000 EDX: 428ee6a8
[    0.151708][    T0] ESI: 428ee6a8 EDI: 00000000 EBP: 421a9e8c ESP: 421a9e78
[    0.152166][    T0] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00210016
[    0.152654][    T0] CR0: 80050033 CR2: 00000004 CR3: 028fe000 CR4: 000406b0
[    0.153113][    T0] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[    0.153568][    T0] DR6: fffe0ff0 DR7: 00000400
[    0.153865][    T0] Kernel panic - not syncing: Fatal exception



To reproduce:

        # build kernel
	cd linux
	cp config-5.19.0-00002-gcad96c0b26e6 .config
	make HOSTCC=clang-16 CC=clang-16 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=clang-16 CC=clang-16 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp



View attachment "config-5.19.0-00002-gcad96c0b26e6" of type "text/plain" (146528 bytes)

View attachment "job-script" of type "text/plain" (4707 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (4704 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ