| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202412082200.aefeb02-lkp@intel.com>
Date: Sun, 8 Dec 2024 23:29:25 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
<x86@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
<linux-perf-users@...r.kernel.org>, <oliver.sang@...el.com>
Subject: [tip:perf/core] [perf] eca51ce01d:
BUG:KASAN:null-ptr-deref_in_perf_mmap_to_page
Hello,
kernel test robot noticed "BUG:KASAN:null-ptr-deref_in_perf_mmap_to_page" on:
commit: eca51ce01d4956ab4b8f06bb55c031f4913fffcb ("perf: Map pages in advance")
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git perf/core
[test failed on linux-next/master ebe1b11614e079c5e366ce9bd3c8f44ca0fbcc1b]
in testcase: perf-event-tests
version: perf-event-tests-x86_64-a052241-1_20241102
with following parameters:
paranoid: not_paranoid_at_all
config: x86_64-rhel-9.4-bpf
compiler: gcc-12
test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (Skylake) with 32G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202412082200.aefeb02-lkp@intel.com
[ 307.127855][ T2618] BUG: KASAN: null-ptr-deref in perf_mmap_to_page (kernel/events/ring_buffer.c:950)
[ 307.127867][ T2618] Read of size 4 at addr 0000000000000178 by task record_mmap/2618
[ 307.127872][ T2618]
[ 307.133120][ T298]
[ 307.140280][ T2618] CPU: 0 UID: 0 PID: 2618 Comm: record_mmap Not tainted 6.13.0-rc1-00027-geca51ce01d49 #1
[ 307.140287][ T2618] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017
[ 307.140291][ T2618] Call Trace:
[ 307.140294][ T2618] <TASK>
[ 307.140297][ T2618] dump_stack_lvl (lib/dump_stack.c:124)
[ 307.149632][ T298] Testing PERF_RECORD_FORK... PASSED
[ 307.150214][ T2618] kasan_report (mm/kasan/report.c:604)
[ 307.150226][ T2618] ? perf_mmap_to_page (kernel/events/ring_buffer.c:950)
[ 307.152429][ T298]
[ 307.162112][ T2618] perf_mmap_to_page (kernel/events/ring_buffer.c:950)
[ 307.162122][ T2618] perf_mmap (kernel/events/core.c:6579 kernel/events/core.c:6819)
[ 307.162135][ T2618] ? __init_rwsem (arch/x86/include/asm/atomic.h:28 include/linux/atomic/atomic-arch-fallback.h:503 include/linux/atomic/atomic-instrumented.h:68 include/linux/osq_lock.h:25 kernel/locking/rwsem.c:326)
[ 307.171025][ T298] + tests/record_sample/record_mmap
[ 307.173349][ T2618] __mmap_new_vma (include/linux/fs.h:2183 mm/internal.h:124 mm/vma.c:2291 mm/vma.c:2355)
[ 307.173364][ T2618] __mmap_region (mm/vma.c:2457)
[ 307.176222][ T298]
[ 307.180519][ T2618] ? __pfx___mmap_region (mm/vma.c:2436)
[ 307.180526][ T2618] ? lock_is_held_type (kernel/locking/lockdep.c:5590 kernel/locking/lockdep.c:5921)
[ 307.180582][ T2618] ? vm_unmapped_area (mm/mmap.c:711)
[ 307.244366][ T2618] ? lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)
[ 307.248898][ T2618] ? mm_get_unmapped_area_vmflags (mm/mmap.c:853)
[ 307.254645][ T2618] mmap_region (mm/mmap.c:1351)
[ 307.258921][ T2618] do_mmap (mm/mmap.c:497)
[ 307.262848][ T2618] ? __pfx_do_mmap (mm/mmap.c:288)
[ 307.267292][ T2618] ? down_write_killable (arch/x86/include/asm/current.h:49 kernel/locking/rwsem.c:143 kernel/locking/rwsem.c:268 kernel/locking/rwsem.c:1303 kernel/locking/rwsem.c:1318 kernel/locking/rwsem.c:1590)
[ 307.272426][ T2618] ? __pfx_down_write_killable (kernel/locking/rwsem.c:1586)
[ 307.277912][ T2618] ? __fget_files (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 fs/file.c:1050)
[ 307.282455][ T2618] vm_mmap_pgoff (mm/util.c:580)
[ 307.286907][ T2618] ? __pfx_vm_mmap_pgoff (mm/util.c:570)
[ 307.291882][ T2618] ? __fget_files (fs/file.c:1053)
[ 307.296422][ T2618] ksys_mmap_pgoff (mm/mmap.c:542)
[ 307.301050][ T2618] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 307.305415][ T2618] ? __up_write (arch/x86/include/asm/atomic64_64.h:87 include/linux/atomic/atomic-arch-fallback.h:2852 include/linux/atomic/atomic-long.h:268 include/linux/atomic/atomic-instrumented.h:3391 kernel/locking/rwsem.c:1372)
[ 307.309689][ T2618] ? vm_mmap_pgoff (mm/util.c:584)
[ 307.314306][ T2618] ? __pfx_vm_mmap_pgoff (mm/util.c:570)
[ 307.319269][ T2618] ? put_ctx (arch/x86/include/asm/atomic.h:93 include/linux/atomic/atomic-arch-fallback.h:949 include/linux/atomic/atomic-instrumented.h:401 include/linux/refcount.h:264 include/linux/refcount.h:307 include/linux/refcount.h:325 kernel/events/core.c:1223)
[ 307.323279][ T2618] ? mark_held_locks (kernel/locking/lockdep.c:4309)
[ 307.327901][ T2618] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)
[ 307.333732][ T2618] ? syscall_exit_to_user_mode (arch/x86/include/asm/jump_label.h:36 include/linux/context_tracking_state.h:108 include/linux/context_tracking.h:41 include/linux/entry-common.h:364 kernel/entry/common.c:220)
[ 307.339303][ T2618] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 307.343834][ T2618] ? __kasan_slab_alloc (mm/kasan/common.c:318 mm/kasan/common.c:345)
[ 307.348711][ T2618] ? rcu_is_watching (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/context_tracking.h:128 kernel/rcu/tree.c:737)
[ 307.353326][ T2618] ? lockdep_init_map_type (kernel/locking/lockdep.c:4980)
[ 307.358551][ T2618] ? __rwlock_init (kernel/locking/spinlock_debug.c:49)
[ 307.362995][ T2618] ? file_f_owner_allocate (fs/fcntl.c:110)
[ 307.368150][ T2618] ? do_fcntl (fs/fcntl.c:440 fs/fcntl.c:530)
[ 307.372347][ T2618] ? __pfx_do_fcntl (fs/fcntl.c:448)
[ 307.376880][ T2618] ? mark_held_locks (kernel/locking/lockdep.c:4309)
[ 307.381499][ T2618] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)
[ 307.387330][ T2618] ? syscall_exit_to_user_mode (arch/x86/include/asm/jump_label.h:36 include/linux/context_tracking_state.h:108 include/linux/context_tracking.h:41 include/linux/entry-common.h:364 kernel/entry/common.c:220)
[ 307.392898][ T2618] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 307.397430][ T2618] ? mark_held_locks (kernel/locking/lockdep.c:4309)
[ 307.402050][ T2618] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)
[ 307.407881][ T2618] ? syscall_exit_to_user_mode (arch/x86/include/asm/jump_label.h:36 include/linux/context_tracking_state.h:108 include/linux/context_tracking.h:41 include/linux/entry-common.h:364 kernel/entry/common.c:220)
[ 307.413451][ T2618] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 307.417985][ T2618] ? do_user_addr_fault (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 include/linux/mm.h:741 arch/x86/mm/fault.c:1340)
[ 307.423037][ T2618] ? __rcu_read_unlock (kernel/rcu/tree_plugin.h:440 (discriminator 2))
[ 307.427828][ T2618] ? do_user_addr_fault (include/linux/rcupdate.h:883 include/linux/mm.h:741 arch/x86/mm/fault.c:1340)
[ 307.432877][ T2618] ? mark_held_locks (kernel/locking/lockdep.c:4309)
[ 307.437499][ T2618] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406)
[ 307.443331][ T2618] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 307.449076][ T2618] RIP: 0033:0x7f9dbc1c88a3
[ 307.453360][ T2618] Code: ef e8 d1 b4 ff ff eb e7 e8 3a 68 01 00 66 2e 0f 1f 84 00 00 00 00 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 8b 05 29 05 0d 00 64 c7
All code
========
0: ef out %eax,(%dx)
1: e8 d1 b4 ff ff call 0xffffffffffffb4d7
6: eb e7 jmp 0xffffffffffffffef
8: e8 3a 68 01 00 call 0x16847
d: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
14: 00 00 00
17: 41 89 ca mov %ecx,%r10d
1a: 41 f7 c1 ff 0f 00 00 test $0xfff,%r9d
21: 75 14 jne 0x37
23: b8 09 00 00 00 mov $0x9,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 25 ja 0x57
32: c3 ret
33: 0f 1f 40 00 nopl 0x0(%rax)
37: 48 8b 05 29 05 0d 00 mov 0xd0529(%rip),%rax # 0xd0567
3e: 64 fs
3f: c7 .byte 0xc7
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 25 ja 0x2d
8: c3 ret
9: 0f 1f 40 00 nopl 0x0(%rax)
d: 48 8b 05 29 05 0d 00 mov 0xd0529(%rip),%rax # 0xd053d
14: 64 fs
15: c7 .byte 0xc7
[ 307.472788][ T2618] RSP: 002b:00007ffd7c31e008 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 307.481042][ T2618] RAX: ffffffffffffffda RBX: 00007ffd7c31e318 RCX: 00007f9dbc1c88a3
[ 307.488860][ T2618] RDX: 0000000000000003 RSI: 0000000000009000 RDI: 0000000000000000
[ 307.496678][ T2618] RBP: 00007ffd7c31e070 R08: 0000000000000004 R09: 0000000000000000
[ 307.504497][ T2618] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[ 307.512326][ T2618] R13: 00007ffd7c31e328 R14: 000055886087cdd8 R15: 00007f9dbc2e7020
[ 307.520166][ T2618] </TASK>
[ 307.523050][ T2618] ==================================================================
[ 307.532190][ T2618] Disabling lock debugging due to kernel taint
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
View attachment "config-6.13.0-rc1-00027-geca51ce01d49" of type "text/plain" (248270 bytes)
View attachment "job-script" of type "text/plain" (5109 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (36304 bytes)
View attachment "perf-event-tests" of type "text/plain" (144986 bytes)
View attachment "job.yaml" of type "text/plain" (4294 bytes)
Powered by blists - more mailing lists