From: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
To: Will Deacon <will@kernel.org>
Cc: guohanjun@huawei.com, rjw@rjwysocki.net,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, mark.rutland@arm.com
Subject: Re: arm64/acpi: NULL dereference reports from UBSAN at boot
Date: Thu, 21 May 2020 18:37:38 +0100 [thread overview]
Message-ID: <20200521173738.GA29590@e121166-lin.cambridge.arm.com> (raw)
In-Reply-To: <20200521100952.GA5360@willie-the-truck>
On Thu, May 21, 2020 at 11:09:53AM +0100, Will Deacon wrote:
> Hi folks,
>
> I just tried booting the arm64 for-kernelci branch under QEMU (version
> 4.2.50 (v4.2.0-779-g4354edb6dcc7)) with UBSAN enabled, and I see a
> couple of NULL pointer dereferences reported at boot. I think they're
> both GIC related (log below). I don't see a panic with UBSAN disabled,
> so something's fishy here.
May I ask you the QEMU command line please - just to make sure I can
replicate it.
> Please can you take a look when you get a chance? I haven't had time to see
> if this is a regression or not, but I don't think it's particularly serious
> as I have all sorts of horrible stuff enabled in my .config, since I'm
> trying to chase down another bug:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/plain/arch/arm64/configs/fuzzing.config?h=fuzzing/arm64-kernelci-20200519&id=c149cf6a51aa4f72d53fc681c6661094e93ef660
>
> (on top of defconfig)
>
> CONFIG_FAIL_PAGE_ALLOC may be to blame.
Not sure about that, they are both quite cryptic, I wonder if UBSAN
is not tricked by the ACPI_OFFSET macro - need to debug it further
to understand what's going on here.
Thanks,
Lorenzo
> Cheers,
>
> Will
>
> --->8
>
> [ 0.000000][ T0] ================================================================================
> [ 0.000000][ T0] UBSAN: null-ptr-deref in drivers/acpi/acpica/tbfadt.c:459:37
> [ 0.000000][ T0] member access within null pointer of type 'struct acpi_table_fadt'
> [ 0.000000][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc6-00124-g96bc42ff0a82 #1
> [ 0.000000][ T0] Call trace:
> [ 0.000000][ T0] dump_backtrace+0x0/0x384
> [ 0.000000][ T0] show_stack+0x28/0x38
> [ 0.000000][ T0] dump_stack+0xec/0x174
> [ 0.000000][ T0] handle_null_ptr_deref+0x134/0x174
> [ 0.000000][ T0] __ubsan_handle_type_mismatch_v1+0x84/0xa4
> [ 0.000000][ T0] acpi_tb_create_local_fadt+0x1d4/0x1418
> [ 0.000000][ T0] acpi_tb_parse_fadt+0x108/0x4b8
> [ 0.000000][ T0] acpi_tb_parse_root_table+0x380/0x578
> [ 0.000000][ T0] acpi_initialize_tables+0x140/0x194
> [ 0.000000][ T0] acpi_table_init+0x90/0xcc
> [ 0.000000][ T0] acpi_boot_table_init+0xfc/0x1c8
> [ 0.000000][ T0] setup_arch+0x2b4/0x3ec
> [ 0.000000][ T0] start_kernel+0x98/0x6f4
> [ 0.000000][ T0] ================================================================================
>
> [ 0.000000][ T0] ================================================================================
> [ 0.000000][ T0] UBSAN: null-ptr-deref in arch/arm64/kernel/smp.c:596:6
> [ 0.000000][ T0] member access within null pointer of type 'struct acpi_madt_generic_interrupt'
> [ 0.000000][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc6-00124-g96bc42ff0a82 #1
> [ 0.000000][ T0] Call trace:
> [ 0.000000][ T0] dump_backtrace+0x0/0x384
> [ 0.000000][ T0] show_stack+0x28/0x38
> [ 0.000000][ T0] dump_stack+0xec/0x174
> [ 0.000000][ T0] handle_null_ptr_deref+0x134/0x174
> [ 0.000000][ T0] __ubsan_handle_type_mismatch_v1+0x84/0xa4
> [ 0.000000][ T0] acpi_parse_gic_cpu_interface+0x60/0xe8
> [ 0.000000][ T0] acpi_parse_entries_array+0x288/0x498
> [ 0.000000][ T0] acpi_table_parse_entries_array+0x178/0x1b4
> [ 0.000000][ T0] acpi_table_parse_madt+0xa4/0x110
> [ 0.000000][ T0] acpi_parse_and_init_cpus+0x38/0x100
> [ 0.000000][ T0] smp_init_cpus+0x74/0x258
> [ 0.000000][ T0] setup_arch+0x350/0x3ec
> [ 0.000000][ T0] start_kernel+0x98/0x6f4
> [ 0.000000][ T0] ================================================================================
WARNING: multiple messages have this Message-ID (diff)
From: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
To: Will Deacon <will@kernel.org>
Cc: mark.rutland@arm.com, rjw@rjwysocki.net,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, guohanjun@huawei.com
Subject: Re: arm64/acpi: NULL dereference reports from UBSAN at boot
Date: Thu, 21 May 2020 18:37:38 +0100 [thread overview]
Message-ID: <20200521173738.GA29590@e121166-lin.cambridge.arm.com> (raw)
In-Reply-To: <20200521100952.GA5360@willie-the-truck>
On Thu, May 21, 2020 at 11:09:53AM +0100, Will Deacon wrote:
> Hi folks,
>
> I just tried booting the arm64 for-kernelci branch under QEMU (version
> 4.2.50 (v4.2.0-779-g4354edb6dcc7)) with UBSAN enabled, and I see a
> couple of NULL pointer dereferences reported at boot. I think they're
> both GIC related (log below). I don't see a panic with UBSAN disabled,
> so something's fishy here.
May I ask you the QEMU command line please - just to make sure I can
replicate it.
> Please can you take a look when you get a chance? I haven't had time to see
> if this is a regression or not, but I don't think it's particularly serious
> as I have all sorts of horrible stuff enabled in my .config, since I'm
> trying to chase down another bug:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/plain/arch/arm64/configs/fuzzing.config?h=fuzzing/arm64-kernelci-20200519&id=c149cf6a51aa4f72d53fc681c6661094e93ef660
>
> (on top of defconfig)
>
> CONFIG_FAIL_PAGE_ALLOC may be to blame.
Not sure about that, they are both quite cryptic, I wonder if UBSAN
is not tricked by the ACPI_OFFSET macro - need to debug it further
to understand what's going on here.
Thanks,
Lorenzo
> Cheers,
>
> Will
>
> --->8
>
> [ 0.000000][ T0] ================================================================================
> [ 0.000000][ T0] UBSAN: null-ptr-deref in drivers/acpi/acpica/tbfadt.c:459:37
> [ 0.000000][ T0] member access within null pointer of type 'struct acpi_table_fadt'
> [ 0.000000][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc6-00124-g96bc42ff0a82 #1
> [ 0.000000][ T0] Call trace:
> [ 0.000000][ T0] dump_backtrace+0x0/0x384
> [ 0.000000][ T0] show_stack+0x28/0x38
> [ 0.000000][ T0] dump_stack+0xec/0x174
> [ 0.000000][ T0] handle_null_ptr_deref+0x134/0x174
> [ 0.000000][ T0] __ubsan_handle_type_mismatch_v1+0x84/0xa4
> [ 0.000000][ T0] acpi_tb_create_local_fadt+0x1d4/0x1418
> [ 0.000000][ T0] acpi_tb_parse_fadt+0x108/0x4b8
> [ 0.000000][ T0] acpi_tb_parse_root_table+0x380/0x578
> [ 0.000000][ T0] acpi_initialize_tables+0x140/0x194
> [ 0.000000][ T0] acpi_table_init+0x90/0xcc
> [ 0.000000][ T0] acpi_boot_table_init+0xfc/0x1c8
> [ 0.000000][ T0] setup_arch+0x2b4/0x3ec
> [ 0.000000][ T0] start_kernel+0x98/0x6f4
> [ 0.000000][ T0] ================================================================================
>
> [ 0.000000][ T0] ================================================================================
> [ 0.000000][ T0] UBSAN: null-ptr-deref in arch/arm64/kernel/smp.c:596:6
> [ 0.000000][ T0] member access within null pointer of type 'struct acpi_madt_generic_interrupt'
> [ 0.000000][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc6-00124-g96bc42ff0a82 #1
> [ 0.000000][ T0] Call trace:
> [ 0.000000][ T0] dump_backtrace+0x0/0x384
> [ 0.000000][ T0] show_stack+0x28/0x38
> [ 0.000000][ T0] dump_stack+0xec/0x174
> [ 0.000000][ T0] handle_null_ptr_deref+0x134/0x174
> [ 0.000000][ T0] __ubsan_handle_type_mismatch_v1+0x84/0xa4
> [ 0.000000][ T0] acpi_parse_gic_cpu_interface+0x60/0xe8
> [ 0.000000][ T0] acpi_parse_entries_array+0x288/0x498
> [ 0.000000][ T0] acpi_table_parse_entries_array+0x178/0x1b4
> [ 0.000000][ T0] acpi_table_parse_madt+0xa4/0x110
> [ 0.000000][ T0] acpi_parse_and_init_cpus+0x38/0x100
> [ 0.000000][ T0] smp_init_cpus+0x74/0x258
> [ 0.000000][ T0] setup_arch+0x350/0x3ec
> [ 0.000000][ T0] start_kernel+0x98/0x6f4
> [ 0.000000][ T0] ================================================================================
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-05-21 17:37 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-21 10:09 arm64/acpi: NULL dereference reports from UBSAN at boot Will Deacon
2020-05-21 10:09 ` Will Deacon
2020-05-21 17:37 ` Lorenzo Pieralisi [this message]
2020-05-21 17:37 ` Lorenzo Pieralisi
2020-05-26 20:21 ` Will Deacon
2020-05-26 20:21 ` Will Deacon
2020-05-27 13:41 ` Lorenzo Pieralisi
2020-05-27 13:41 ` Lorenzo Pieralisi
2020-06-01 7:05 ` Will Deacon
2020-06-01 7:05 ` Will Deacon
2020-06-01 21:51 ` Nick Desaulniers
2020-06-01 21:51 ` Nick Desaulniers
2020-06-01 21:57 ` Ard Biesheuvel
2020-06-01 21:57 ` Ard Biesheuvel
2020-06-01 22:19 ` Nick Desaulniers
2020-06-01 22:19 ` Nick Desaulniers
2020-06-01 22:28 ` Ard Biesheuvel
2020-06-01 22:28 ` Ard Biesheuvel
2020-06-01 23:18 ` [PATCH] ACPICA: fix UBSAN warning using __builtin_offsetof Nick Desaulniers
2020-06-01 23:18 ` Nick Desaulniers
2020-06-01 23:37 ` Peter Collingbourne
2020-06-01 23:37 ` Peter Collingbourne
2020-06-01 23:48 ` Nick Desaulniers
2020-06-01 23:48 ` Nick Desaulniers
2020-06-02 0:02 ` Kaneda, Erik
2020-06-02 0:02 ` Kaneda, Erik
2020-06-02 18:46 ` Nick Desaulniers
2020-06-02 18:46 ` Nick Desaulniers
2020-06-08 14:51 ` Will Deacon
2020-06-08 14:51 ` Will Deacon
2020-06-08 20:29 ` Nick Desaulniers
2020-06-08 20:29 ` Nick Desaulniers
2020-06-08 20:38 ` [PATCH v2] arm64: acpi: fix UBSAN warning Nick Desaulniers
2020-06-08 20:38 ` Nick Desaulniers
2020-06-09 17:46 ` Lorenzo Pieralisi
2020-06-09 17:46 ` Lorenzo Pieralisi
2020-06-09 19:50 ` Jeremy Linton
2020-06-09 19:50 ` Jeremy Linton
2020-06-10 11:21 ` Will Deacon
2020-06-10 11:21 ` Will Deacon
2020-06-08 23:20 ` [PATCH] ACPICA: fix UBSAN warning using __builtin_offsetof Kaneda, Erik
2020-06-08 23:20 ` Kaneda, Erik
2020-06-10 23:06 ` Kaneda, Erik
2020-06-10 23:06 ` Kaneda, Erik
2020-06-10 23:29 ` Nick Desaulniers
2020-06-10 23:29 ` Nick Desaulniers
2020-06-10 23:46 ` Jung-uk Kim
2020-06-10 23:46 ` [Devel] " Jung-uk Kim
2020-06-10 23:46 ` Jung-uk Kim
2020-06-11 16:45 ` [Devel] " Kaneda, Erik
2020-06-11 16:45 ` Kaneda, Erik
2020-06-11 17:06 ` Nick Desaulniers
2020-06-11 17:06 ` Nick Desaulniers
2020-06-16 21:39 ` Kaneda, Erik
2020-06-16 21:39 ` Kaneda, Erik
2020-06-10 23:31 ` Jung-uk Kim
2020-06-10 23:31 ` [Devel] " Jung-uk Kim
2020-06-10 23:31 ` Jung-uk Kim
2020-05-22 8:07 ` arm64/acpi: NULL dereference reports from UBSAN at boot Hanjun Guo
2020-05-22 8:07 ` Hanjun Guo
2020-05-22 9:43 ` Hanjun Guo
2020-05-22 9:43 ` Hanjun Guo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200521173738.GA29590@e121166-lin.cambridge.arm.com \
--to=lorenzo.pieralisi@arm.com \
--cc=guohanjun@huawei.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=rjw@rjwysocki.net \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.