iomi-si UBSAN warning and NULL pointer dereference

From: Meelis Roos
Date: Tue Jun 19 2018 - 08:58:16 EST

Next message: Vitaly Kuznetsov: "Re: [PATCH] x86/hyper-v: use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST, SPACE} hypercalls when possible"
Previous message: Michael Ellerman: "Re: [PATCH] misc: ocxl: Change return type for fault handler"
Next in thread: minyard: "[PATCH] ipmi: Cleanup oops on initialization failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I tried 4.18.0-rc1-00043-gba4dbdedd3ed on HP Proliant Microserver N36L
and got the follsing UBSAN warning + NULL pointer dereferences. It was
working without any warnings in 4.17.0.

[ 7.587532] ipmi message handler version 39.2
[ 7.594899] ipmi device interface
[ 7.605792] IPMI System Interface driver.
[ 7.605949] ipmi_si dmi-ipmi-si.0: ipmi_platform: probing via SMBIOS
[ 7.606047] ipmi_si: SMBIOS: mem 0x0 regsize 1 spacing 1 irq 0
[ 7.606120] ipmi_si: Adding SMBIOS-specified kcs state machine
[ 7.606326] ipmi_si: Trying SMBIOS-specified kcs state machine at mem address 0x0, slave address 0x20, irq 0
[ 7.606463] ipmi_si dmi-ipmi-si.0: Could not set up I/O space
[ 7.606534] ================================================================================
[ 7.606629] UBSAN: Undefined behaviour in drivers/char/ipmi/ipmi_msghandler.c:3477:6
[ 7.606722] member access within null pointer of type 'struct ipmi_smi'
[ 7.606797] CPU: 1 PID: 1360 Comm: systemd-udevd Not tainted 4.18.0-rc1-00043-gba4dbdedd3ed #26
[ 7.606892] Hardware name: HP ProLiant MicroServer, BIOS O41 10/01/2013
[ 7.606962] Call Trace:
[ 7.607042] ? dump_stack+0x5a/0x9b
[ 7.607116] ? ubsan_epilogue+0x9/0x40
[ 7.607188] ? ubsan_type_mismatch_common+0x11f/0x1a0
[ 7.607260] ? __ubsan_handle_type_mismatch+0x3a/0x60
[ 7.607337] ? ipmi_unregister_smi+0x55c/0x570 [ipmi_msghandler]
[ 7.607424] ? try_smi_init+0xbaa/0x1ab5 [ipmi_si]
[ 7.607509] ? init_ipmi_si+0x158/0x240 [ipmi_si]
[ 7.607590] ? ipmi_si_add_smi+0x390/0x390 [ipmi_si]
[ 7.607662] ? do_one_initcall+0x58/0x230
[ 7.607735] ? kmem_cache_alloc+0x43/0x1f0
[ 7.607807] ? do_init_module+0xa7/0x2a9
[ 7.607877] ? load_module+0x1f40/0x3510
[ 7.607947] ? __symbol_put+0x80/0x80
[ 7.608020] ? kernel_read_file+0x229/0x3a0
[ 7.608092] ? __do_sys_finit_module+0xfa/0x120
[ 7.608163] ? do_syscall_64+0x5a/0x1e0
[ 7.608233] ? page_fault+0x8/0x30
[ 7.608306] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 7.608376] ================================================================================
[ 7.608503] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[ 7.608600] PGD 0 P4D 0
[ 7.608672] Oops: 0000 [#1] SMP NOPTI
[ 7.608743] CPU: 1 PID: 1360 Comm: systemd-udevd Not tainted 4.18.0-rc1-00043-gba4dbdedd3ed #26
[ 7.608836] Hardware name: HP ProLiant MicroServer, BIOS O41 10/01/2013
[ 7.608913] RIP: 0010:ipmi_unregister_smi+0x31/0x570 [ipmi_msghandler]
[ 7.608982] Code: 54 55 48 89 fd 53 48 83 ec 30 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 31 c0 48 85 ff 0f 84 24 05 00 00 48 c7 c7 c0 23 16 c0 <44> 8b 65 00 e8 a6 65 5c c2 48 83 fd f0 c7 45 00 ff ff ff ff c6 45
[ 7.609210] RSP: 0018:ffffa52c40227bb8 EFLAGS: 00010292
[ 7.609281] RAX: 0000000000000000 RBX: ffff8e8e3b2df200 RCX: 0000000000000006
[ 7.609352] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffffffffc01623c0
[ 7.609424] RBP: 0000000000000000 R08: 0000000000000199 R09: 000000000000025a
[ 7.609495] R10: ffffffff821bc0b0 R11: 0000000000000006 R12: ffffffffc0181aa8
[ 7.609566] R13: 0000000000000000 R14: ffff8e8e3b2df240 R15: ffffffffc0181260
[ 7.609640] FS: 00007fef3a80b8c0(0000) GS:ffff8e8e3dd00000(0000) knlGS:0000000000000000
[ 7.609734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.609803] CR2: 0000000000000000 CR3: 000000003ab1a000 CR4: 00000000000006e0
[ 7.609873] Call Trace:
[ 7.609956] ? try_smi_init+0xbaa/0x1ab5 [ipmi_si]
[ 7.610040] ? init_ipmi_si+0x158/0x240 [ipmi_si]
[ 7.610121] ? ipmi_si_add_smi+0x390/0x390 [ipmi_si]
[ 7.610191] ? do_one_initcall+0x58/0x230
[ 7.610262] ? kmem_cache_alloc+0x43/0x1f0
[ 7.610333] ? do_init_module+0xa7/0x2a9
[ 7.610404] ? load_module+0x1f40/0x3510
[ 7.610475] ? __symbol_put+0x80/0x80
[ 7.610547] ? kernel_read_file+0x229/0x3a0
[ 7.610618] ? __do_sys_finit_module+0xfa/0x120
[ 7.610689] ? do_syscall_64+0x5a/0x1e0
[ 7.610759] ? page_fault+0x8/0x30
[ 7.610832] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 7.610902] Modules linked in: ipmi_si(+) ipmi_devintf ipmi_msghandler k10temp jc42 w83795 eeprom ip_tables
[ 7.611014] CR2: 0000000000000000
[ 7.611094] ---[ end trace 099b4ef2a90b74a1 ]---
[ 7.611170] RIP: 0010:ipmi_unregister_smi+0x31/0x570 [ipmi_msghandler]
[ 7.611239] Code: 54 55 48 89 fd 53 48 83 ec 30 65 48 8b 04 25 28 00 00 00 48 89 44 24 28 31 c0 48 85 ff 0f 84 24 05 00 00 48 c7 c7 c0 23 16 c0 <44> 8b 65 00 e8 a6 65 5c c2 48 83 fd f0 c7 45 00 ff ff ff ff c6 45
[ 7.611466] RSP: 0018:ffffa52c40227bb8 EFLAGS: 00010292
[ 7.611537] RAX: 0000000000000000 RBX: ffff8e8e3b2df200 RCX: 0000000000000006
[ 7.611609] RDX: 0000000000000000 RSI: 0000000000000202 RDI: ffffffffc01623c0
[ 7.611680] RBP: 0000000000000000 R08: 0000000000000199 R09: 000000000000025a
[ 7.611751] R10: ffffffff821bc0b0 R11: 0000000000000006 R12: ffffffffc0181aa8
[ 7.611822] R13: 0000000000000000 R14: ffff8e8e3b2df240 R15: ffffffffc0181260
[ 7.611894] FS: 00007fef3a80b8c0(0000) GS:ffff8e8e3dd00000(0000) knlGS:0000000000000000
[ 7.611988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.612067] CR2: 0000000000000000 CR3: 000000003ab1a000 CR4: 00000000000006e0

--
Meelis Roos (mroos@xxxxxxxx)

Next message: Vitaly Kuznetsov: "Re: [PATCH] x86/hyper-v: use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST, SPACE} hypercalls when possible"
Previous message: Michael Ellerman: "Re: [PATCH] misc: ocxl: Change return type for fault handler"
Next in thread: minyard: "[PATCH] ipmi: Cleanup oops on initialization failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]