lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 08 Aug 2017 11:20:47 +0800
From:   kernel test robot <fengguang.wu@...el.com>
To:     Ard Biesheuvel <ard.biesheuvel@...aro.org>
Cc:     LKP <lkp@...org>, kernel-hardening@...ts.openwall.com,
        linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
        Kees Cook <keescook@...omium.org>, wfg@...ux.intel.com
Subject: f7dd250789 ("gcc-plugins: structleak: add option to init all
 .."):  kmodloader/112 is trying to release lock (module_mutex) at:

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/gcc-plugin/structleak

commit f7dd2507893cc3425d3ffc2369559619960befb0
Author:     Ard Biesheuvel <ard.biesheuvel@...aro.org>
AuthorDate: Sun Aug 6 12:06:27 2017 +0100
Commit:     Kees Cook <keescook@...omium.org>
CommitDate: Mon Aug 7 11:20:57 2017 -0700

    gcc-plugins: structleak: add option to init all vars used as byref args
    
    In the Linux kernel, struct type variables are rarely passed by-value,
    and so functions that initialize such variables typically take an input
    reference to the variable rather than returning a value that can
    subsequently be used in an assignment.
    
    If the initalization function is not part of the same compilation unit,
    the lack of an assignment operation defeats any analysis the compiler
    can perform as to whether the variable may be used before having been
    initialized. This means we may end up passing on such variables
    uninitialized, resulting in potential information leaks.
    
    So extend the existing structleak GCC plugin so it will [optionally]
    apply to all struct type variables that have their address taken at any
    point, rather than only to variables of struct types that have a __user
    annotation.
    
    Signed-off-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>
    Signed-off-by: Kees Cook <keescook@...omium.org>

520eccdfe1  Linux 4.13-rc2
f7dd250789  gcc-plugins: structleak: add option to init all vars used as byref args
f7dd250789  gcc-plugins: structleak: add option to init all vars used as byref args
+-------------------------------------------+-----------+------------+------------+
|                                           | v4.13-rc2 | f7dd250789 | f7dd250789 |
+-------------------------------------------+-----------+------------+------------+
| boot_successes                            | 163       | 0          | 0          |
| boot_failures                             | 0         | 32         | 32         |
| is_trying_to_release_lock(module_mutex)at | 0         | 32         | 32         |
| BUG:unable_to_handle_kernel               | 0         | 32         | 32         |
| Oops:#[##]                                | 0         | 32         | 32         |
| EIP:m_start                               | 0         | 32         | 32         |
| Kernel_panic-not_syncing:Fatal_exception  | 0         | 32         | 32         |
+-------------------------------------------+-----------+------------+------------+

[    7.063335] 
[    7.063494] =====================================
[    7.063922] WARNING: bad unlock balance detected!
[    7.064351] 4.13.0-rc2-00001-gf7dd2507 #191 Not tainted
[    7.064830] -------------------------------------
[    7.065259] kmodloader/112 is trying to release lock (module_mutex) at:
[    7.065865] [<7909ed9a>] m_stop+0xd/0xf
[    7.066216] but there are no more locks to release!
[    7.066663] 
[    7.066663] other info that might help us debug this:
[    7.066663] 
[    7.066663] other info that might help us debug this:
[    7.067257] 1 lock held by kmodloader/112:
[    7.067635]  #0:  (&p->lock){+.+.+.}, at: [<791311b2>] seq_read+0x27/0x368
[    7.068264] 
[    7.068264] stack backtrace:
[    7.068264] 
[    7.068264] stack backtrace:
[    7.068668] CPU: 0 PID: 112 Comm: kmodloader Not tainted 4.13.0-rc2-00001-gf7dd2507 #191
[    7.069408] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[    7.070338] Call Trace:
[    7.070569]  dump_stack+0x74/0xa7
[    7.070874]  ? m_stop+0xd/0xf
[    7.071149]  print_unlock_imbalance_bug+0xb1/0xbe
[    7.071582]  ? m_stop+0xd/0xf
[    7.071855]  ? m_stop+0xd/0xf
[    7.072128]  lock_release+0x11c/0x24d
[    7.072464]  ? m_stop+0xd/0xf
[    7.072747]  __mutex_unlock_slowpath+0x27/0x1bf
[    7.073163]  ? __kmalloc+0x5e/0x66
[    7.073477]  mutex_unlock+0xb/0xd
[    7.073786]  m_stop+0xd/0xf
[    7.074044]  seq_read+0x187/0x368
[    7.074349]  ? seq_lseek+0x13f/0x13f
[    7.074681]  proc_reg_read+0x47/0x64
[    7.075011]  ? proc_reg_mmap+0x54/0x54
[    7.075356]  __vfs_read+0x22/0x109
[    7.075673]  ? find_held_lock+0x29/0x6c
[    7.076027]  ? __do_page_fault+0x302/0x378
[    7.076402]  vfs_read+0x83/0xf4
[    7.076694]  SyS_read+0x3d/0x82
[    7.076984]  do_int80_syscall_32+0x4c/0xd9
[    7.077359]  entry_INT80_32+0x2c/0x2c
[    7.077697] EIP: 0x6ff5fd0e
[    7.077954] EFLAGS: 00000246 CPU: 0
[    7.078274] EAX: ffffffda EBX: 00000003 ECX: 094a4088 EDX: 00001000
[    7.078846] ESI: 094a4028 EDI: 00001000 EBP: 094a5090 ESP: 77d69f4c
[    7.079415]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
[    7.079925] BUG: unable to handle kernel NULL pointer dereference at   (null)
[    7.080581] IP: m_start+0x12/0x24
[    7.080884] *pde = 00000000 
[    7.080885] 
[    7.081288] Oops: 0000 [#1] SMP
[    7.081579] Modules linked in:
[    7.081861] CPU: 0 PID: 112 Comm: kmodloader Not tainted 4.13.0-rc2-00001-gf7dd2507 #191
[    7.082593] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[    7.083513] task: 86cb4000 task.stack: 86cb6000
[    7.083926] EIP: m_start+0x12/0x24
[    7.084237] EFLAGS: 00010246 CPU: 0
[    7.084560] EAX: 00000000 EBX: 00000000 ECX: 7990e72c EDX: 7909f0bc
[    7.085126] ESI: 00000000 EDI: 00000000 EBP: 86cb7e94 ESP: 86cb7e90
[    7.085695]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[    7.086185] CR0: 80050033 CR2: 00000000 CR3: 0ecba000 CR4: 001406d0
[    7.086759] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[    7.087327] DR6: fffe0ff0 DR7: 00000400
[    7.087679] Call Trace:
[    7.087906]  seq_read+0x258/0x368
[    7.088210]  ? seq_lseek+0x13f/0x13f
[    7.088541]  proc_reg_read+0x47/0x64
[    7.088868]  ? proc_reg_mmap+0x54/0x54
[    7.089214]  __vfs_read+0x22/0x109
[    7.089528]  ? find_held_lock+0x29/0x6c
[    7.089879]  ? __do_page_fault+0x302/0x378
[    7.090252]  vfs_read+0x83/0xf4
[    7.090545]  SyS_read+0x3d/0x82
[    7.090833]  do_int80_syscall_32+0x4c/0xd9
[    7.091206]  entry_INT80_32+0x2c/0x2c
[    7.091543] EIP: 0x6ff5fd0e
[    7.091800] EFLAGS: 00000246 CPU: 0
[    7.092118] EAX: ffffffda EBX: 00000003 ECX: 094a4088 EDX: 00001000
[    7.092689] ESI: 094a4028 EDI: 00001000 EBP: 094a5090 ESP: 77d69f4c
[    7.093257]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
[    7.093752] Code: 79 e8 61 1d 09 00 5d c3 55 89 d0 89 e5 ba e8 e6 90 79 e8 01 1d 09 00 5d c3 55 b8 f0 e6 90 79 89 e5 53 89 d3 31 d2 e8 54 74 56 00 <8b> 13 b8 e8 e6 90 79 8b 4b 04 e8 b3 1c 09 00 5b 5d c3 55 85 d2
[    7.095477] EIP: m_start+0x12/0x24 SS:ESP: 0068:86cb7e90
[    7.095963] CR2: 0000000000000000
[    7.096276] ---[ end trace 5d7df7bc417c7ad9 ]---
[    7.096710] Kernel panic - not syncing: Fatal exception

                                                          # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start f7dd2507893cc3425d3ffc2369559619960befb0 520eccdfe187591a51ea9ab4c1a024ae4d0f68d9 --
# first bad commit: [f7dd2507893cc3425d3ffc2369559619960befb0] gcc-plugins: structleak: add option to init all vars used as byref args
git bisect good 520eccdfe187591a51ea9ab4c1a024ae4d0f68d9  # 11:15  G     31     0    0   0  Linux 4.13-rc2
# extra tests on HEAD of kees/for-next/gcc-plugin/structleak
git bisect  bad f7dd2507893cc3425d3ffc2369559619960befb0  # 11:15  B      0    32   51   0  gcc-plugins: structleak: add option to init all vars used as byref args
# extra tests on tree/branch kees/for-next/gcc-plugin/structleak
git bisect  bad f7dd2507893cc3425d3ffc2369559619960befb0  # 11:15  B      0    32   51   0  gcc-plugins: structleak: add option to init all vars used as byref args
# extra tests with first bad commit reverted
git bisect good 39cfbbd528552f0d5733b33b52f1f2fc3ec2e117  # 11:20  G     11     0    0   0  Revert "gcc-plugins: structleak: add option to init all vars used as byref args"

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-openwrt-lkp-hsw01-105:20170808105332:i386-randconfig-n0-201732:4.13.0-rc2-00001-gf7dd2507:191.gz" of type "application/gzip" (22724 bytes)

View attachment "reproduce-openwrt-lkp-hsw01-105:20170808105332:i386-randconfig-n0-201732:4.13.0-rc2-00001-gf7dd2507:191" of type "text/plain" (897 bytes)

View attachment "config-4.13.0-rc2-00001-gf7dd2507" of type "text/plain" (99874 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ