Re: [LKP] [vfs] fd0002870b: BUG:KASAN:null-ptr-deref_in_n

[Rong Chen]

On 09/12/2018 04:29 AM, David Howells wrote:

kernel test robot  wrote:


[   18.568403]  nfs_fs_mount+0x901/0x1220

I don't suppose you can tell me what file and line number this corresponds to?

$ faddr2line vmlinux nfs_fs_mount+0x901
nfs_fs_mount+0x901/0x1218:
nfs_parse_devname at fs/nfs/super.c:1911
 (inlined by) nfs_validate_text_mount_data at fs/nfs/super.c:2187
 (inlined by) nfs_fs_mount at fs/nfs/super.c:2684



Also, can you tell me what the mount parameters were?  I'm not sure how to
extract them from the information provided.

qemu command (you could get from 'bin/lkp qemu -k  job-script'):

qemu-system-x86_64 -enable-kvm -fsdev 
local,id=test_dev,path=/home/nfs/.lkp//result/boot/1/vm-kbuild-1G/debian-x86_64-2018-04-03.cgz/x86_64-randconfig-r0-09070102/gcc-6/fd0002870b453c58d0d8c195954f5049bc6675fb/0,security_model=none 
-device virtio-9p-pci,fsdev=test_dev,mount_tag=9p/virtfs_mount -kernel 
vmlinuz-4.19.0-rc1-00104-gfd00028 -append root=/dev/ram0 user=lkp 
job=/lkp/jobs/scheduled/vm-kbuild-1G-11/boot-1-debian-x86_64-2018-04-03.cgz-fd0002870b453c58d0d8c195954f5049bc6675fb-20180910-6016-1hqt4et-1.yaml 
ARCH=x86_64 kconfig=x86_64-randconfig-r0-09070102 
branch=linux-devel/devel-hourly-2018090623 
commit=fd0002870b453c58d0d8c195954f5049bc6675fb 
BOOT_IMAGE=/pkg/linux/x86_64-randconfig-r0-09070102/gcc-6/fd0002870b453c58d0d8c195954f5049bc6675fb/vmlinuz-4.19.0-rc1-00104-gfd00028 
max_uptime=600 
RESULT_ROOT=/result/boot/1/vm-kbuild-1G/debian-x86_64-2018-04-03.cgz/x86_64-randconfig-r0-09070102/gcc-6/fd0002870b453c58d0d8c195954f5049bc6675fb/3 
LKP_LOCAL_RUN=1 debug apic=debug sysrq_always_enabled 
rcupdate.rcu_cpu_stall_timeout=100 net.ifnames=0 printk.devkmsg=on 
panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 
prompt_ramdisk=0 drbd.minor_count=8 systemd.log_level=err 
ignore_loglevel console=tty0 earlyprintk=ttyS0,115200 
console=ttyS0,115200 vga=normal rw  ip=dhcp 
result_service=9p/virtfs_mount -initrd /home/nfs/.lkp/cache/final_initrd 
-smp 2 -m 1024M -no-reboot -watchdog i6300esb -rtc base=localtime 
-device e1000,netdev=net0 -netdev user,id=net0 -display none -monitor 
null -serial stdio -device virtio-scsi-pci,id=scsi0 -drive 
file=/tmp/vdisk-nfs/disk-vm-kbuild-1G-11-0,if=none,id=hd0,media=disk,aio=native,cache=none 
-device scsi-hd,bus=scsi0.0,drive=hd0,scsi-id=1,lun=0 -drive 
file=/tmp/vdisk-nfs/disk-vm-kbuild-1G-11-1,if=none,id=hd1,media=disk,aio=native,cache=none 
-device scsi-hd,bus=scsi0.0,drive=hd1,scsi-id=1,lun=1 -drive 
file=/tmp/vdisk-nfs/disk-vm-kbuild-1G-11-2,if=none,id=hd2,media=disk,aio=native,cache=none 
-device scsi-hd,bus=scsi0.0,drive=hd2,scsi-id=1,lun=2 -drive 
file=/tmp/vdisk-nfs/disk-vm-kbuild-1G-11-3,if=none,id=hd3,media=disk,aio=native,cache=none 
-device scsi-hd,bus=scsi0.0,drive=hd3,scsi-id=1,lun=3 -drive 
file=/tmp/vdisk-nfs/disk-vm-kbuild-1G-11-4,if=none,id=hd4,media=disk,aio=native,cache=none 
-device scsi-hd,bus=scsi0.0,drive=hd4,scsi-id=1,lun=4


Best Regards,
Rong Chen



Thanks,
David
___
LKP mailing list
l...@lists.01.org
https://lists.01.org/mailman/listinfo/lkp

Re: [LKP] [vfs] fd0002870b: BUG:KASAN:null-ptr-deref_in_n

[David Howells]

kernel test robot  wrote:

> [   18.568403]  nfs_fs_mount+0x901/0x1220

I don't suppose you can tell me what file and line number this corresponds to?

Also, can you tell me what the mount parameters were?  I'm not sure how to
extract them from the information provided.

Thanks,
David

[LKP] [vfs] fd0002870b: BUG:KASAN:null-ptr-deref_in_n

[kernel test robot]

FYI, we noticed the following commit (built with gcc-6):

commit: fd0002870b453c58d0d8c195954f5049bc6675fb ("vfs: Implement a filesystem 
superblock creation/configuration context")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -smp 2 
-m 1G

caused below changes (please refer to attached dmesg/kmsg for entire 
log/backtrace):


+--+++
|  | bae551929c | fd0002870b |
+--+++
| boot_successes   | 6  | 2  |
| boot_failures| 0  | 11 |
| BUG:KASAN:null-ptr-deref_in_n| 0  | 11 |
| BUG:unable_to_handle_kernel  | 0  | 11 |
| Oops:#[##]   | 0  | 11 |
| RIP:nfs_fs_mount | 0  | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0  | 11 |
+--+++



[   18.557980] BUG: KASAN: null-ptr-deref in nfs_fs_mount+0x901/0x1220
[   18.559674] Read of size 1 at addr  by task mount.nfs/357
[   18.561456] 
[   18.562063] CPU: 0 PID: 357 Comm: mount.nfs Not tainted 
4.19.0-rc1-00104-gfd00028 #1
[   18.564199] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1 04/01/2014
[   18.566478] Call Trace:
[   18.567308]  kasan_report+0x107/0x330
[   18.568403]  nfs_fs_mount+0x901/0x1220
[   18.569523]  ? kmem_cache_free+0x70/0x170
[   18.570710]  ? nfs_compare_super+0x440/0x440
[   18.571944]  ? nd_jump_link+0xb0/0xb0
[   18.573039]  ? ksys_mount+0x5a/0xc0
[   18.574106]  ? strcmp+0x30/0x50
[   18.575083]  ? nfs_clone_super+0x150/0x150
[   18.576273]  ? nfs_remount+0x890/0x890
[   18.577395]  ? vfs_parse_fs_string+0xad/0xe0
[   18.578629]  ? nfs_compare_super+0x440/0x440
[   18.579895]  ? legacy_get_tree+0x83/0x180
[   18.581069]  legacy_get_tree+0x83/0x180
[   18.582204]  vfs_get_tree+0xaf/0x250
[   18.583272]  do_mount+0x39b/0xfe0
[   18.584282]  ? __might_sleep+0x2e/0xd0
[   18.585394]  ? __might_sleep+0x2e/0xd0
[   18.586507]  ? copy_mount_string+0x20/0x20
[   18.587697]  ? copy_mount_options+0x3a/0x1c0
[   18.588842]  ? copy_mount_options+0xf1/0x1c0
[   18.589936]  ksys_mount+0x79/0xc0
[   18.590831]  __x64_sys_mount+0x5d/0x70
[   18.591819]  do_syscall_64+0xac/0x3d0
[   18.593009]  ? syscall_return_slowpath+0xb0/0xb0
[   18.594185]  ? mm_fault_error+0x1c0/0x1c0
[   18.595256]  ? __put_user_4+0x1b/0x30
[   18.596222]  ? async_page_fault+0x8/0x30
[   18.597251]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   18.598505] RIP: 0033:0x7fd79e7f424a
[   18.599463] Code: 48 8b 0d 51 fc 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 
0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 
f0 ff ff 73 01 c3 48 8b 0d 1e fc 2a 00 f7 d8 64 89 01 48
[   18.606261] RSP: 002b:7ffe34069b58 EFLAGS: 0202 ORIG_RAX: 
00a5
[   18.608156] RAX: ffda RBX:  RCX: 7fd79e7f424a
[   18.609829] RDX: 558512e8cf70 RSI: 558512e8cf50 RDI: 558512e8b210
[   18.611506] RBP: 7ffe34069d50 R08: 558512e98320 R09: 0060
[   18.613359] R10:  R11: 0202 R12: 7fd79f138410
[   18.615038] R13: 7ffe34069d50 R14: 7ffe34069c50 R15: 558512e98300
[   18.616716] 
==
[   18.618528] Disabling lock debugging due to kernel taint
[   18.762009] BUG: unable to handle kernel NULL pointer dereference at 

[   18.764184] PGD 0 P4D 0 
[   18.765016] Oops:  [#1] PREEMPT KASAN PTI
[   18.766279] CPU: 0 PID: 357 Comm: mount.nfs Tainted: GB 
4.19.0-rc1-00104-gfd00028 #1
[   18.768705] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1 04/01/2014
[   18.770938] RIP: 0010:nfs_fs_mount+0x901/0x1220
[   18.772208] Code: 02 74 06 66 83 f8 0a 75 19 48 8d bb 2a 01 00 00 66 41 c1 
c4 08 e8 df 33 f1 ff 66 44 89 a3 2a 01 00 00 4c 89 ef e8 bf 32 f1 ff <41> 80 7d 
00 5b 0f 84 4a 08 00 00 be 3a 00 00 00 4c 89 ef e8 b7 9a
[   18.776851] RSP: :88001ff1fb70 EFLAGS: 00010292
[   18.778318] RAX: 88001ed45c00 RBX: 880017e19b80 RCX: 
[   18.780200] RDX: 0001 RSI: dc00 RDI: 82cdcf80
[   18.782055] RBP: 88001ff1fc90 R08: fbfff0495731 R09: fbfff0495730
[   18.783938] R10: 0003 R11: fbfff0495731 R12: 
[   18.785811] R13:  R14: 1000 R15: 880017e19ca8
[   18.787709] FS:  7fd79f138480() GS:82465000() 
knlGS:
[   18.789910] CS:  0010 DS:  ES:  CR0: 80050033
[   18.791455]