Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp1284281ybk;
        Thu, 21 May 2020 03:11:59 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwTqG8tZUi22sJXw/JteJsopvzlzFL85k0dz41EzHc7R3Scg1G9ycUhAy0pVi84gmfruEvC
X-Received: by 2002:a17:906:4753:: with SMTP id j19mr2954184ejs.83.1590055919600;
        Thu, 21 May 2020 03:11:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1590055919; cv=none;
        d=google.com; s=arc-20160816;
        b=0yu1c8XNV2tqaO8/6DZE1M+lJ3qrxAbU2wd/m0F17FhaQJXOHc6JX5TTZ/+vwqY7yX
         acjiQ8F2eSRaOJ63LiYgd33ZkRR6eT1rmBTAglq3J2ZWGQyzcB/lEYbT3UXWFP7yYhPk
         uZGMxkIYGmiEUkcKghNPZQHrC6q+jc5IHjA94OPx95qB5OohTq+C4poGGWTVoDzifApq
         pilrjRT9OwZ4OYjOF10ljyCVkjJJW2+oDG3tj/rwOqmyrypbrm1wB44PVHxc1tlR6CjE
         Qc1yHO2UydEHk4JlM4TvdiSCWbpMt8HX/hfA/Jyxrcpupn20HQkHWvp7E6YxQAtoR9IS
         xCTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:content-disposition
         :mime-version:message-id:subject:cc:to:from:date:dkim-signature;
        bh=UApygBKEKD5L7w9MpFjbHdAhedexoTNgyVP30Gem0xk=;
        b=h2LSpmsvHgMTm7hQKG9cCt8EUBmt1YbM3gAGkW6YNYFPOHsauZXbgSAnSCFqdGNQOp
         0np2gEAYzjNWDgLC/S5wgU0ytTWTmh6aEvEL8Ned0zDz67Lw4BdyX79FSor6f0d2zHYQ
         bKW8MSfttk9lKSG6jSjX4WjVQlK3UQEMKiU27cmThLn7jy8Xw2eS6Dlo7VRYZAhZ+93r
         RYV/dtD/kNN/8KMkLzM2Q4CUJbSNs6uj0Fi9UvNoC0vn94YddeK552eGMmHL60LUPRoS
         bBWzX9QnTJfepkaA23F28RSHaA/zpxbNct7NTf2cJ3v/MwFGb5xdurthogCBpslIV5uV
         8SWw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ZXszl+lH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id h6si2971068edl.466.2020.05.21.03.11.36;
        Thu, 21 May 2020 03:11:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=ZXszl+lH;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728259AbgEUKJ6 (ORCPT <rfc822;ostrlinux@gmail.com> + 99 others);
        Thu, 21 May 2020 06:09:58 -0400
Received: from mail.kernel.org ([198.145.29.99]:45134 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726821AbgEUKJ6 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 21 May 2020 06:09:58 -0400
Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 896872072C;
        Thu, 21 May 2020 10:09:56 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1590055797;
        bh=Vz5ZJ+z1Zwgifte0nx1dn+SpyiK192LbrfPiuVmBfho=;
        h=Date:From:To:Cc:Subject:From;
        b=ZXszl+lH5OHbWgrfm69KZEaigkvJOntKkKBIsMS2pMtfN0jN/Vwwbl9a+tW2FeHW+
         P7khcjy1LywdEQfshvpos/SudymRUm/eY+naxTpQtobGk7hw8E0ZdHqdm9vkqXu9kd
         cKKOIcyWU+Ana4RttiFLjrS9jDtc9o+vZxj56wjc=
Date:   Thu, 21 May 2020 11:09:53 +0100
From:   Will Deacon <will@kernel.org>
To:     lorenzo.pieralisi@arm.com, guohanjun@huawei.com
Cc:     rjw@rjwysocki.net, linux-arm-kernel@lists.infradead.org,
        linux-kernel@vger.kernel.org, mark.rutland@arm.com
Subject: arm64/acpi: NULL dereference reports from UBSAN at boot
Message-ID: <20200521100952.GA5360@willie-the-truck>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi folks,

I just tried booting the arm64 for-kernelci branch under QEMU (version
4.2.50 (v4.2.0-779-g4354edb6dcc7)) with UBSAN enabled, and I see a couple
of NULL pointer dereferences reported at boot. I think they're both GIC
related (log below). I don't see a panic with UBSAN disabled, so something's
fishy here.

Please can you take a look when you get a chance? I haven't had time to see
if this is a regression or not, but I don't think it's particularly serious
as I have all sorts of horrible stuff enabled in my .config, since I'm
trying to chase down another bug:

https://git.kernel.org/pub/scm/linux/kernel/git/mark/linux.git/plain/arch/arm64/configs/fuzzing.config?h=fuzzing/arm64-kernelci-20200519&id=c149cf6a51aa4f72d53fc681c6661094e93ef660

(on top of defconfig)

CONFIG_FAIL_PAGE_ALLOC may be to blame.

Cheers,

Will

--->8

[    0.000000][    T0] ================================================================================
[    0.000000][    T0] UBSAN: null-ptr-deref in drivers/acpi/acpica/tbfadt.c:459:37
[    0.000000][    T0] member access within null pointer of type 'struct acpi_table_fadt'
[    0.000000][    T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc6-00124-g96bc42ff0a82 #1
[    0.000000][    T0] Call trace:
[    0.000000][    T0]  dump_backtrace+0x0/0x384
[    0.000000][    T0]  show_stack+0x28/0x38
[    0.000000][    T0]  dump_stack+0xec/0x174
[    0.000000][    T0]  handle_null_ptr_deref+0x134/0x174
[    0.000000][    T0]  __ubsan_handle_type_mismatch_v1+0x84/0xa4
[    0.000000][    T0]  acpi_tb_create_local_fadt+0x1d4/0x1418
[    0.000000][    T0]  acpi_tb_parse_fadt+0x108/0x4b8
[    0.000000][    T0]  acpi_tb_parse_root_table+0x380/0x578
[    0.000000][    T0]  acpi_initialize_tables+0x140/0x194
[    0.000000][    T0]  acpi_table_init+0x90/0xcc
[    0.000000][    T0]  acpi_boot_table_init+0xfc/0x1c8
[    0.000000][    T0]  setup_arch+0x2b4/0x3ec
[    0.000000][    T0]  start_kernel+0x98/0x6f4
[    0.000000][    T0] ================================================================================

[    0.000000][    T0] ================================================================================
[    0.000000][    T0] UBSAN: null-ptr-deref in arch/arm64/kernel/smp.c:596:6
[    0.000000][    T0] member access within null pointer of type 'struct acpi_madt_generic_interrupt'
[    0.000000][    T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0-rc6-00124-g96bc42ff0a82 #1
[    0.000000][    T0] Call trace:
[    0.000000][    T0]  dump_backtrace+0x0/0x384
[    0.000000][    T0]  show_stack+0x28/0x38
[    0.000000][    T0]  dump_stack+0xec/0x174
[    0.000000][    T0]  handle_null_ptr_deref+0x134/0x174
[    0.000000][    T0]  __ubsan_handle_type_mismatch_v1+0x84/0xa4
[    0.000000][    T0]  acpi_parse_gic_cpu_interface+0x60/0xe8
[    0.000000][    T0]  acpi_parse_entries_array+0x288/0x498
[    0.000000][    T0]  acpi_table_parse_entries_array+0x178/0x1b4
[    0.000000][    T0]  acpi_table_parse_madt+0xa4/0x110
[    0.000000][    T0]  acpi_parse_and_init_cpus+0x38/0x100
[    0.000000][    T0]  smp_init_cpus+0x74/0x258
[    0.000000][    T0]  setup_arch+0x350/0x3ec
[    0.000000][    T0]  start_kernel+0x98/0x6f4
[    0.000000][    T0] ================================================================================