lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+G9fYvOjtEBtB21FwFmvbautebx_2Py-tjqduPcWyS5B9nB5w@mail.gmail.com>
Date: Wed, 8 May 2024 16:59:10 +0530
From: Naresh Kamboju <naresh.kamboju@...aro.org>
To: open list <linux-kernel@...r.kernel.org>, kunit-dev@...glegroups.com, 
	lkft-triage@...ts.linaro.org
Cc: David Gow <davidgow@...gle.com>, Brendan Higgins <brendan.higgins@...ux.dev>, 
	Guenter Roeck <linux@...ck-us.net>, Dan Carpenter <dan.carpenter@...aro.org>, 
	Arnd Bergmann <arnd@...db.de>, Anders Roxell <anders.roxell@...aro.org>
Subject: next: kasan: Unable to handle kernel paging request at virtual address

While running kunit tests on arm64 and x86_64 the following kernel BUG
noticed on running Linux next-20240508 kernel and stride tests failed.

observations:
1) The null pointer dereference notice while running kunit_test
2) The stride test case failed on today's linux next-20240508 tag.

The detailed log provided in the links below.

Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>

Crash log:
--------

<6>[   43.086497]     KTAP version 1
<6>[   43.087004]     # Subtest: kunit_fault
<6>[   43.087577]     # module: kunit_test
<6>[   43.087748]     1..1
<1>[   43.092588] Unable to handle kernel paging request at virtual
address dfff800000000000
<1>[   43.093687] KASAN: null-ptr-deref in range
[0x0000000000000000-0x0000000000000007]
<1>[   43.094770] Mem abort info:
<1>[   43.095425]   ESR = 0x0000000096000005
<1>[   43.097071]   EC = 0x25: DABT (current EL), IL = 32 bits
<1>[   43.098034]   SET = 0, FnV = 0
<1>[   43.098542]   EA = 0, S1PTW = 0
<1>[   43.099104]   FSC = 0x05: level 1 translation fault
<1>[   43.099837] Data abort info:
<1>[   43.100679]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
<1>[   43.101535]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
<1>[   43.102321]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
<1>[   43.103287] [dfff800000000000] address between user and kernel
address ranges
<0>[   43.105111] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
<4>[   43.106046] Modules linked in:
<4>[   43.108961] CPU: 1 PID: 375 Comm: kunit_try_catch Tainted: G
            N 6.9.0-rc7-next-20240508 #1
<4>[   43.110433] Hardware name: linux,dummy-virt (DT)
<4>[   43.111555] pstate: 82400009 (Nzcv daif +PAN -UAO +TCO -DIT
-SSBS BTYPE=--)
<4>[   43.113232] pc : kunit_test_null_dereference+0x2c/0x114
<4>[   43.114785] lr : kunit_generic_run_threadfn_adapter+0x84/0x104
<4>[   43.115692] sp : ffff800080ff7dd0
<4>[   43.116646] x29: ffff800080ff7de0 x28: 0000000000000000 x27:
1ffe000018f1db69
<4>[   43.117953] x26: dfff800000000000 x25: ffff943388e90ab8 x24:
0000000000000001
<4>[   43.119037] x23: 1ffe000018a7a771 x22: dfff800000000000 x21:
dfff800000000000
<4>[   43.120659] x20: ffff943388e9d5a0 x19: fff00000c53d3b88 x18:
ffff800080097930
<4>[   43.121669] x17: ffff943388e905e4 x16: ffff94338837d7e4 x15:
0000000000000001
<4>[   43.122762] x14: 1ffe000018f1dc59 x13: 0000000000000000 x12:
0000000000000000
<4>[   43.123881] x11: fffd800018f1dc5a x10: dfff800000000000 x9 :
1ffe000018a7a772
<4>[   43.125204] x8 : 7c0c8af2c07cc400 x7 : 0000000000000000 x6 :
72745f74696e756b
<4>[   43.126291] x5 : fff00000c53d45d6 x4 : 0000000000000000 x3 :
ffff94338acf91b4
<4>[   43.127380] x2 : 0000000000000001 x1 : 0000000000000001 x0 :
ffff800080087af8
<4>[   43.129375] Call trace:
<4>[   43.129852]  kunit_test_null_dereference+0x2c/0x114
<4>[   43.130621]  kunit_generic_run_threadfn_adapter+0x84/0x104
<4>[   43.131480]  kthread+0x268/0x3a4
<4>[   43.132390]  ret_from_fork+0x10/0x20
<0>[   43.133497] Code: d2d00015 f9426508 f2fbfff5 f90007e8 (39c002a8)
<4>[   43.134637] ---[ end trace 0000000000000000 ]---
<3>[   43.136227]     # kunit_test_fault_null_dereference: try
faulted: last line seen lib/kunit/kunit-test.c:95

<trim>

<6>[   98.315793]         KTAP version 1
<6>[   98.317173]         # Subtest: stride
<4>[   98.320844] regmap_test stride.regmap_test: No cache used with
register defaults set!
<3>[   98.323706]
==================================================================
<3>[   98.325683] BUG: KASAN: slab-out-of-bounds in stride+0x698/0x8a8
<3>[   98.326518] Write of size 1 at addr fff00000c7b3320b by task
kunit_try_catch/1143
<3>[   98.328402]
<3>[   98.329468] CPU: 0 PID: 1143 Comm: kunit_try_catch Tainted: G
  D          N 6.9.0-rc7-next-20240508 #1
<3>[   98.330560] Hardware name: linux,dummy-virt (DT)
<3>[   98.331400] Call trace:
<3>[   98.332216]  dump_backtrace+0xf0/0x128
<3>[   98.332815]  show_stack+0x18/0x24
<3>[   98.333475]  dump_stack_lvl+0x40/0x84
<3>[   98.334187]  print_report+0x16c/0x728
<3>[   98.334887]  kasan_report+0xd8/0x134
<3>[   98.335589]  __asan_report_store1_noabort+0x20/0x2c
<3>[   98.337089]  stride+0x698/0x8a8
<3>[   98.337739]  kunit_try_run_case+0x118/0x31c
<3>[   98.338574]  kunit_generic_run_threadfn_adapter+0x84/0x104
<3>[   98.339529]  kthread+0x268/0x3a4
<3>[   98.340427]  ret_from_fork+0x10/0x20
<3>[   98.341331]
<3>[   98.341826] Allocated by task 1143:
<4>[   98.342644]  kasan_save_track+0x40/0x78
<4>[   98.343269]  kasan_save_alloc_info+0x44/0x54
<4>[   98.344067]  __kasan_kmalloc+0x84/0x9c
<4>[   98.345005]  __kmalloc_noprof+0x208/0x3a4
<4>[   98.346322]  __regmap_init_ram+0x70/0x158
<4>[   98.347113]  gen_regmap+0x3a4/0x554
<4>[   98.347878]  stride+0x78/0x8a8
<4>[   98.348639]  kunit_try_run_case+0x118/0x31c
<4>[   98.349326]  kunit_generic_run_threadfn_adapter+0x84/0x104
<4>[   98.350315]  kthread+0x268/0x3a4
<4>[   98.350983]  ret_from_fork+0x10/0x20
<3>[   98.351734]
<3>[   98.352257] The buggy address belongs to the object at fff00000c7b33200
<3>[   98.352257]  which belongs to the cache kmalloc-16 of size 16
<3>[   98.354108] The buggy address is located 0 bytes to the right of
<3>[   98.354108]  allocated 11-byte region [fff00000c7b33200, fff00000c7b3320b)
<3>[   98.355956]
<3>[   98.356752] The buggy address belongs to the physical page:
<4>[   98.357945] page: refcount:1 mapcount:0 mapping:0000000000000000
index:0x0 pfn:0x107b33
<4>[   98.359143] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
<4>[   98.360819] page_type: 0xffffefff(slab)
<4>[   98.362282] raw: 0bfffe0000000000 fff00000c0001640
dead000000000122 0000000000000000
<4>[   98.363246] raw: 0000000000000000 0000000080800080
00000001ffffefff 0000000000000000
<4>[   98.364762] page dumped because: kasan: bad access detected
<3>[   98.365543]
<3>[   98.365944] Memory state around the buggy address:
<3>[   98.367010]  fff00000c7b33100: fa fb fc fc fa fb fc fc fa fb fc
fc fa fb fc fc
<3>[   98.368304]  fff00000c7b33180: fa fb fc fc fa fb fc fc fa fb fc
fc fa fb fc fc
<3>[   98.369228] >fff00000c7b33200: 00 03 fc fc 00 03 fc fc fc fc fc
fc fc fc fc fc
<3>[   98.370208]                       ^
<3>[   98.370915]  fff00000c7b33280: fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc fc
<3>[   98.372179]  fff00000c7b33300: fc fc fc fc fc fc fc fc fc fc fc
fc fc fc fc fc
<3>[   98.373119]
==================================================================
<6>[   98.379784]         not ok 1 none-default @0x0
<6>[   98.387715]         ok 2 flat-default @0x0
<6>[   98.396608]         ok 3 rbtree-default @0x0
<6>[   98.403430]         ok 4 maple-default @0x0
<6>[   98.405635]     # stride: pass:3 fail:1 skip:0 total:4
<6>[   98.406235]     not ok 11 stride

Links:
----
 - https://storage.tuxsuite.com/public/linaro/lkft/builds/2gB3M3nlA8sWzr9GBuN7rCQHsPH/
 - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20240508/testrun/23827533/suite/log-parser-boot/tests/
 - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20240508/testrun/23827533/suite/log-parser-boot/test/check-kernel-bug/log
 - https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2gB3N9JXfJ181Hm9cmchZm9q53F

metadata:
--
  arch: arm64
  environment: qemu-arm64
  git_describe: next-20240508
  git_repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next


--
Linaro LKFT
https://lkft.linaro.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ