Re: upstream boot error: UBSAN: null-ptr-deref in corrupted

From: Dmitry Vyukov
Date: Sat Dec 19 2020 - 04:51:03 EST

Next message: Amir Goldstein: "Re: [PATCH] inotify, memcg: account inotify instances to kmemcg"
Previous message: Dmitry Vyukov: "Re: kernel BUG at drivers/dma-buf/dma-buf.c:LINE!"
In reply to: Kees Cook: "Re: upstream boot error: UBSAN: null-ptr-deref in corrupted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 18, 2020 at 8:47 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> On Thu, Dec 17, 2020 at 11:38:30AM +0100, Dmitry Vyukov wrote:
> > On Thu, Dec 17, 2020 at 11:14 AM syzbot
> > <syzbot+73d662376f16e2a7336d@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > >
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit: accefff5 Merge tag 'arm-soc-omap-genpd-5.11' of git://git...
> > > git tree: upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=14567b7f500000
> > > kernel config: https://syzkaller.appspot.com/x/.config?x=1e6efc730c219bd4
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=73d662376f16e2a7336d
> > > compiler: clang version 11.0.0 (https://github.com/llvm/llvm-project.git ca2dcbd030eadbf0aa9b660efe864ff08af6e18b)
> > >
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+73d662376f16e2a7336d@xxxxxxxxxxxxxxxxxxxxxxxxx
> >
> > +Kees
> >
> > Not sure if it's related to UBSAN or not, but we didn't used to get
> > empty stack traces.
> > Either way syzbot can't boot the upstream kernel anymore.
>
> _none_ of them? :(
>
> Are you able to see which UBSAN config is tweaking this?

It seems that so far this is triggered only only 1 instances and that
instance is the only one that uses clang:
https://syzkaller.appspot.com/upstream

There is some difference in config between clang/gcc instances, but I
don't see anything obvious that mentions null pointers:

failing clang instance:
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
CONFIG_UBSAN=y
# CONFIG_UBSAN_TRAP is not set
CONFIG_CC_HAS_UBSAN_BOUNDS=y
CONFIG_CC_HAS_UBSAN_ARRAY_BOUNDS=y
CONFIG_UBSAN_BOUNDS=y
CONFIG_UBSAN_ARRAY_BOUNDS=y
CONFIG_UBSAN_SHIFT=y
# CONFIG_UBSAN_DIV_ZERO is not set
CONFIG_UBSAN_SIGNED_OVERFLOW=y
# CONFIG_UBSAN_UNSIGNED_OVERFLOW is not set
CONFIG_UBSAN_OBJECT_SIZE=y
CONFIG_UBSAN_BOOL=y
CONFIG_UBSAN_ENUM=y
# CONFIG_UBSAN_ALIGNMENT is not set
CONFIG_UBSAN_SANITIZE_ALL=y
# CONFIG_TEST_UBSAN is not set

working gcc instance:
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
CONFIG_UBSAN=y
# CONFIG_UBSAN_TRAP is not set
CONFIG_CC_HAS_UBSAN_BOUNDS=y
CONFIG_UBSAN_BOUNDS=y
CONFIG_UBSAN_ONLY_BOUNDS=y
CONFIG_UBSAN_SHIFT=y
# CONFIG_UBSAN_DIV_ZERO is not set
CONFIG_UBSAN_SIGNED_OVERFLOW=y
CONFIG_UBSAN_BOOL=y
CONFIG_UBSAN_ENUM=y
# CONFIG_UBSAN_ALIGNMENT is not set
CONFIG_UBSAN_SANITIZE_ALL=y
# CONFIG_TEST_UBSAN is not set

Next message: Amir Goldstein: "Re: [PATCH] inotify, memcg: account inotify instances to kmemcg"
Previous message: Dmitry Vyukov: "Re: kernel BUG at drivers/dma-buf/dma-buf.c:LINE!"
In reply to: Kees Cook: "Re: upstream boot error: UBSAN: null-ptr-deref in corrupted"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]