| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Jan 2019 16:00:55 +0800
From: kernel test robot <lkp@...el.com>
To: Frank Wunderlich <frank-w@...lic-files.de>
Cc: Matthias Brugger <matthias.bgg@...il.com>, netdev@...r.kernel.org,
Sean Wang <sean.wang@...iatek.com>,
Andrew Lunn <andrew@...n.ch>,
linux-mediatek@...ts.infradead.org,
Frank Wunderlich <frank-w@...lic-files.de>, lkp@...org
Subject: [net] 3a1152fe14: BUG:KASAN:null-ptr-deref_in_d
FYI, we noticed the following commit (built with gcc-7):
commit: 3a1152fe1427f5f0e8a5ef0b872ef398f42c9862 ("[PATCH 3/8] net: dsa: adding handling of second CPU-Port")
url: https://github.com/0day-ci/linux/commits/Frank-Wunderlich/adding-multiple-CPU-Ports/20181215-134348
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 768M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+----------------------------------------------------+------------+------------+
| | 5c54ff6cd3 | 3a1152fe14 |
+----------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 16 | 16 |
| WARNING:at_mm/page_alloc.c:#__alloc_pages_nodemask | 16 | 16 |
| RIP:__alloc_pages_nodemask | 16 | 16 |
| Mem-Info | 16 | 16 |
| IP-Config:Auto-configuration_of_network_failed | 1 | |
| BUG:KASAN:null-ptr-deref_in_d | 0 | 16 |
| BUG:unable_to_handle_kernel | 0 | 16 |
| Oops:#[##] | 0 | 16 |
| RIP:dsa_slave_create | 0 | 16 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 16 |
+----------------------------------------------------+------------+------------+
[ 150.324626] BUG: KASAN: null-ptr-deref in dsa_slave_create+0xda/0x6e9
[ 150.339313] Read of size 8 at addr 00000000000000e8 by task kworker/0:1/15
[ 150.354148]
[ 150.359272] CPU: 0 PID: 15 Comm: kworker/0:1 Tainted: G W 4.20.0-rc6-00061-g3a1152f #1
[ 150.380855] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 150.399388] Workqueue: events deferred_probe_work_func
[ 150.411606] Call Trace:
[ 150.418579] dump_stack+0x19/0x1b
[ 150.427382] kasan_report+0x20a/0x23d
[ 150.436623] __asan_load8+0x7f/0x81
[ 150.445535] dsa_slave_create+0xda/0x6e9
[ 150.454840] ? __mdiobus_register+0x27b/0x30a
[ 150.465381] dsa_register_switch+0xd0c/0xf01
[ 150.475941] ? preempt_count_sub+0x13/0xc0
[ 150.485921] ? new_slab+0x3c6/0x3ed
[ 150.495002] ? dsa_switch_alloc+0xf2/0xf2
[ 150.504942] ? kasan_poison_shadow+0x2f/0x31
[ 150.515118] ? kasan_unpoison_shadow+0x14/0x35
[ 150.525363] ? kasan_kmalloc+0x93/0xa2
[ 150.535085] ? kasan_slab_alloc+0x11/0x13
[ 150.545355] ? strnlen+0x20/0x37
[ 150.553683] ? strncmp+0x33/0x5c
[ 150.561561] ? __rcu_read_unlock+0x6d/0x7c
[ 150.571230] dsa_loop_drv_probe+0x156/0x161
[ 150.581469] mdio_probe+0x57/0x76
[ 150.590182] ? really_probe+0x28c/0x57c
[ 150.599934] really_probe+0x29b/0x57c
[ 150.609167] ? driver_allows_async_probing+0x1b/0x1b
[ 150.621263] driver_probe_device+0x123/0x134
[ 150.631730] __device_attach_driver+0xff/0x120
[ 150.642375] ? bus_for_each_drv+0xf8/0x143
[ 150.652486] bus_for_each_drv+0x113/0x143
[ 150.661254] ? subsys_find_device_by_id+0x193/0x193
[ 150.672105] ? __mutex_lock_killable_slowpath+0x10/0x10
[ 150.684459] ? preempt_count_sub+0x13/0xc0
[ 150.694114] ? klist_next+0x129/0x13b
[ 150.702283] __device_attach+0xed/0x166
[ 150.711283] ? device_bind_driver+0x67/0x67
[ 150.720750] ? preempt_count_sub+0x13/0xc0
[ 150.729434] ? devices_kset_move_last+0xd0/0xeb
[ 150.739540] device_initial_probe+0xe/0x10
[ 150.747389] bus_probe_device+0x5b/0xee
[ 150.755137] deferred_probe_work_func+0xc4/0xf0
[ 150.763813] process_one_work+0x20a/0x2f2
[ 150.771595] process_scheduled_works+0x37/0x3e
[ 150.780087] worker_thread+0x2ac/0x3b0
[ 150.788250] kthread+0x1a9/0x1b9
[ 150.795801] ? process_scheduled_works+0x3e/0x3e
[ 150.804612] ? kthread_delayed_work_timer_fn+0xd8/0xd8
[ 150.814246] ret_from_fork+0x1f/0x30
[ 150.821890] ==================================================================
[ 150.836959] Disabling lock debugging due to kernel taint
[ 150.861359] BUG: unable to handle kernel NULL pointer dereference at 00000000000000e8
[ 150.878176] PGD 0 P4D 0
[ 150.884178] Oops: 0000 [#1] PREEMPT KASAN
[ 150.892990] CPU: 0 PID: 15 Comm: kworker/0:1 Tainted: G B W 4.20.0-rc6-00061-g3a1152f #1
[ 150.911785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 150.929411] Workqueue: events deferred_probe_work_func
[ 150.941660] RIP: 0010:dsa_slave_create+0xda/0x6e9
[ 150.952258] Code: ff ff ff e8 0e 4a e3 ff 48 85 c0 48 89 c3 0f 84 13 06 00 00 49 8d bf e8 00 00 00 49 be 00 00 00 00 00 00 01 00 e8 8b 2d 78 fe <4d> 8b af e8 00 00 00 48 8d bb d0 00 00 00 e8 f9 2d 78 fe 48 8d bb
[ 150.986017] RSP: 0000:ffff888027da7948 EFLAGS: 00010256
[ 150.997556] RAX: 0000000000000296 RBX: ffff8880241e9100 RCX: ffffffffb96ff07f
[ 151.009581] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffffffbd7676c0
[ 151.022445] RBP: ffff888027da7988 R08: dffffc0000000000 R09: 0000000000000001
[ 151.037253] R10: ffffffffbd49f1f7 R11: fffffbfff7accc67 R12: ffff8880259be6a0
[ 151.051964] R13: ffffffffbbdab720 R14: 0001000000000000 R15: 0000000000000000
[ 151.067725] FS: 0000000000000000(0000) GS:ffffffffbc84f000(0000) knlGS:0000000000000000
[ 151.084343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 151.095592] CR2: 00000000000000e8 CR3: 0000000014a1c000 CR4: 00000000000006f0
[ 151.109922] Call Trace:
[ 151.114935] ? __mdiobus_register+0x27b/0x30a
[ 151.122720] dsa_register_switch+0xd0c/0xf01
[ 151.130685] ? preempt_count_sub+0x13/0xc0
[ 151.139274] ? new_slab+0x3c6/0x3ed
[ 151.147150] ? dsa_switch_alloc+0xf2/0xf2
[ 151.157226] ? kasan_poison_shadow+0x2f/0x31
[ 151.165660] ? kasan_unpoison_shadow+0x14/0x35
[ 151.174823] ? kasan_kmalloc+0x93/0xa2
[ 151.182410] ? kasan_slab_alloc+0x11/0x13
[ 151.190865] ? strnlen+0x20/0x37
[ 151.198257] ? strncmp+0x33/0x5c
[ 151.206162] ? __rcu_read_unlock+0x6d/0x7c
[ 151.214623] dsa_loop_drv_probe+0x156/0x161
[ 151.223851] mdio_probe+0x57/0x76
[ 151.231410] ? really_probe+0x28c/0x57c
[ 151.239633] really_probe+0x29b/0x57c
[ 151.248421] ? driver_allows_async_probing+0x1b/0x1b
[ 151.258755] driver_probe_device+0x123/0x134
[ 151.267865] __device_attach_driver+0xff/0x120
[ 151.277267] ? bus_for_each_drv+0xf8/0x143
[ 151.287020] bus_for_each_drv+0x113/0x143
[ 151.295869] ? subsys_find_device_by_id+0x193/0x193
[ 151.305758] ? __mutex_lock_killable_slowpath+0x10/0x10
[ 151.317292] ? preempt_count_sub+0x13/0xc0
[ 151.326367] ? klist_next+0x129/0x13b
[ 151.334146] __device_attach+0xed/0x166
[ 151.343083] ? device_bind_driver+0x67/0x67
[ 151.352780] ? preempt_count_sub+0x13/0xc0
[ 151.361173] ? devices_kset_move_last+0xd0/0xeb
[ 151.369918] device_initial_probe+0xe/0x10
[ 151.377956] bus_probe_device+0x5b/0xee
[ 151.385926] deferred_probe_work_func+0xc4/0xf0
[ 151.395011] process_one_work+0x20a/0x2f2
[ 151.403824] process_scheduled_works+0x37/0x3e
[ 151.414152] worker_thread+0x2ac/0x3b0
[ 151.422586] kthread+0x1a9/0x1b9
[ 151.429294] ? process_scheduled_works+0x3e/0x3e
[ 151.438165] ? kthread_delayed_work_timer_fn+0xd8/0xd8
[ 151.447958] ret_from_fork+0x1f/0x30
[ 151.456352] CR2: 00000000000000e8
[ 151.462960] ---[ end trace 40da026dee692287 ]---
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
View attachment "config-4.20.0-rc6-00061-g3a1152f" of type "text/plain" (125922 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (25188 bytes)
Powered by blists - more mailing lists