lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171003140634.r2jzujgl62ox4uzh@wfg-t540p.sh.intel.com>
Date:   Tue, 3 Oct 2017 22:06:34 +0800
From:   Fengguang Wu <fengguang.wu@...el.com>
To:     Byungchul Park <byungchul.park@....com>
Cc:     Ingo Molnar <mingo@...nel.org>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        linux-kernel@...r.kernel.org, LKP <lkp@...org>,
        Josh Poimboeuf <jpoimboe@...hat.com>
Subject: [lockdep] b09be676e0 BUG: unable to handle kernel NULL pointer
 dereference at 000001f2

Hi Byungchul,

This patch triggers a NULL-dereference bug at update_stack_state().
Although its parent commit also has a NULL-dereference bug, however
the call stack looks rather different. Both dmesg files are attached.

It also triggers this warning, which is being discussed in another
thread, so CC Josh. The full dmesg attached, too.

        Please press Enter to activate this console.
        [  138.605622] WARNING: kernel stack regs at be299c9a in procd:340 has bad 'bp' value 000001be
        [  138.605627] unwind stack type:0 next_sp:  (null) mask:0x2 graph_idx:0
        [  138.605631] be299c9a: 299ceb00 (0x299ceb00)
        [  138.605633] be299c9e: 2281f1be (0x2281f1be)
        [  138.605634] be299ca2: 299cebb6 (0x299cebb6)

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit b09be676e0ff25bd6d2e7637e26d349f9109ad75
Author:     Byungchul Park <byungchul.park@....com>
AuthorDate: Mon Aug 7 16:12:52 2017 +0900
Commit:     Ingo Molnar <mingo@...nel.org>
CommitDate: Thu Aug 10 12:29:07 2017 +0200

     locking/lockdep: Implement the 'crossrelease' feature
     
     Lockdep is a runtime locking correctness validator that detects and
     reports a deadlock or its possibility by checking dependencies between
     locks. It's useful since it does not report just an actual deadlock but
     also the possibility of a deadlock that has not actually happened yet.
     That enables problems to be fixed before they affect real systems.
     
     However, this facility is only applicable to typical locks, such as
     spinlocks and mutexes, which are normally released within the context in
     which they were acquired. However, synchronization primitives like page
     locks or completions, which are allowed to be released in any context,
     also create dependencies and can cause a deadlock.
     
     So lockdep should track these locks to do a better job. The 'crossrelease'
     implementation makes these primitives also be tracked.
     
     Signed-off-by: Byungchul Park <byungchul.park@....com>
     Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
     Cc: Linus Torvalds <torvalds@...ux-foundation.org>
     Cc: Peter Zijlstra <peterz@...radead.org>
     Cc: Thomas Gleixner <tglx@...utronix.de>
     Cc: akpm@...ux-foundation.org
     Cc: boqun.feng@...il.com
     Cc: kernel-team@....com
     Cc: kirill@...temov.name
     Cc: npiggin@...il.com
     Cc: walken@...gle.com
     Cc: willy@...radead.org
     Link: http://lkml.kernel.org/r/1502089981-21272-6-git-send-email-byungchul.park@lge.com
     Signed-off-by: Ingo Molnar <mingo@...nel.org>

ce07a9415f  locking/lockdep: Make check_prev_add() able to handle external stack_trace
b09be676e0  locking/lockdep: Implement the 'crossrelease' feature
74d83ec2b7  Merge tag 'platform-drivers-x86-v4.14-2' of git://git.infradead.org/linux-platform-drivers-x86
1418b85217  Add linux-next specific files for 20170929
+--------------------------------------------------------------+------------+------------+------------+---------------+
|                                                              | ce07a9415f | b09be676e0 | 74d83ec2b7 | next-20170929 |
+--------------------------------------------------------------+------------+------------+------------+---------------+
| boot_successes                                               | 119        | 113        | 5          | 479           |
| boot_failures                                                | 6          | 21         | 1          | 146           |
| BUG:unable_to_handle_kernel                                  | 6          | 10         | 1          | 42            |
| Oops:#[##]                                                   | 6          | 10         | 1          | 42            |
| EIP:iput                                                     | 5          |            |            |               |
| Kernel_panic-not_syncing:Fatal_exception                     | 6          |            |            |               |
| EIP:do_raw_spin_trylock                                      | 1          |            |            |               |
| EIP:update_stack_state                                       | 0          | 10         | 1          | 42            |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt        | 0          | 10         | 1          | 42            |
| WARNING:kernel_stack                                         | 0          | 12         | 0          | 110           |
| WARNING:at_arch/x86/include/asm/fpu/internal.h:#fpu__restore | 0          | 1          |            |               |
| EIP:fpu__restore                                             | 0          | 1          |            |               |
| invoked_oom-killer:gfp_mask=0x                               | 0          | 0          | 0          | 16            |
| Mem-Info                                                     | 0          | 0          | 0          | 16            |
| EIP:clear_user                                               | 0          | 0          | 0          | 2             |
| EIP:copy_page_to_iter                                        | 0          | 0          | 0          | 1             |
+--------------------------------------------------------------+------------+------------+------------+---------------+

[  136.982078] sock: process `trinity-main' is using obsolete setsockopt SO_BSDCOMPAT
procd: Instance odhcpd::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
procd: Instance uhttpd::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
[  187.360180] Writes:  Total: 2  Max/Min: 0/0   Fail: 0 
[  214.960026] BUG: unable to handle kernel NULL pointer dereference at 000001f2
[  214.960812] IP: update_stack_state+0xd4/0x340
[  214.961278] *pde = 00000000 
[  214.961281] 
[  214.961728] Oops: 0000 [#1] PREEMPT SMP
[  214.962087] CPU: 0 PID: 18728 Comm: 01-cpu-hotplug Not tainted 4.13.0-rc4-00170-gb09be67 #592
[  214.962885] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[  214.963853] task: bb0b53c0 task.stack: bb3ac000
[  214.964281] EIP: update_stack_state+0xd4/0x340
[  214.964702] EFLAGS: 00010002 CPU: 0
[  214.965040] EAX: 0000a570 EBX: bb3adccb ECX: 0000f401 EDX: 0000a570
[  214.965643] ESI: 00000001 EDI: 000001ba EBP: bb3adc6b ESP: bb3adc3f
[  214.966253]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[  214.966791] CR0: 80050033 CR2: 000001f2 CR3: 0b3a7000 CR4: 00140690
[  214.967405] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[  214.967995] DR6: fffe0ff0 DR7: 00000400
[  214.968374] Call Trace:
[  214.968623]  ? unwind_next_frame+0xea/0x400
[  214.969017]  ? __unwind_start+0xf5/0x180
[  214.969412]  ? __save_stack_trace+0x81/0x160
[  214.969838]  ? save_stack_trace+0x20/0x30
[  214.970253]  ? __lock_acquire+0xfa5/0x12f0
[  214.970676]  ? lock_acquire+0x1c2/0x230
[  214.971033]  ? tick_periodic+0x3a/0xf0
[  214.971396]  ? _raw_spin_lock+0x42/0x50
[  214.971771]  ? tick_periodic+0x3a/0xf0
[  214.972145]  ? tick_periodic+0x3a/0xf0
[  214.972528]  ? debug_smp_processor_id+0x12/0x20
[  214.972985]  ? tick_handle_periodic+0x23/0xc0
[  214.973409]  ? local_apic_timer_interrupt+0x63/0x70
[  214.973893]  ? smp_trace_apic_timer_interrupt+0x235/0x6a0
[  214.974431]  ? trace_apic_timer_interrupt+0x37/0x3c
[  214.974895]  ? strrchr+0x23/0x50
[  214.975205] Code: 0f 95 c1 89 c7 89 45 e4 0f b6 c1 89 c6 89 45 dc 8b 04 85 98 cb 74 bc 88 4d e3 89 45 f0 83 c0 01 84 c9 89 04 b5 98 cb 74 bc 74 3b <8b> 47 38 8b 57 34 c6 43 1d 01 25 00 00 02 00 83 e2 03 09 d0 83
[  214.977101] EIP: update_stack_state+0xd4/0x340 SS:ESP: 0068:bb3adc3f
[  214.977721] CR2: 00000000000001f2
[  214.978049] ---[ end trace 0d147fd4aba8ff50 ]---
[  214.978500] Kernel panic - not syncing: Fatal exception in interrupt

                                                           # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 29b46dfb136cdbeece542b3f01115237e43f2855 v4.13 --
git bisect  bad 64414e5f9896805c2e80583345e9b1745be73aa9  # 06:35  B     25     6    0  84  Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu
git bisect  bad 608c1d3c17e9e0e87dae69b9bb78f0556006ee6e  # 06:35  B     23     9    0 100  Merge branch 'for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
git bisect  bad 9e85ae6af6e907975f68d82ff127073ec024cb05  # 06:36  B     53     6    0  10  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
git bisect good a1400cdb777409d142c76958ed96e39c2cb95edd  # 07:50  G    200     0    0   0  Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect  bad dd90cccffc20a15d8e4c3ac8813f4b6a6cd4766f  # 07:50  B     41    12    0  12  Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good e0a195b5225e1285806622cc146dc5c3312fb392  # 07:50  G    406     0    0   0  Merge branch 'x86-spinlocks-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect  bad 5f82e71a001d14824a7728ad9e49f6aea420f161  # 07:51  B     42     5    0  13  Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 6c51e67b64d169419fb13318035bb442f9176612  # 08:52  G    196     0    0   1  Merge branch 'x86-syscall-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect  bad b09be676e0ff25bd6d2e7637e26d349f9109ad75  # 08:53  B     54    10    0  11  locking/lockdep: Implement the 'crossrelease' feature
git bisect good d0646a6f5533226ceb7620c20717286d3a372794  # 09:41  G    197     0    0   0  jump_label: Add RELEASE barrier after text changes
git bisect good d89e588ca4081615216cc25f2489b0281ac0bfe9  # 10:36  G    198     0    0   0  locking: Introduce smp_mb__after_spinlock()
git bisect  bad 545c23f2e954eb3365629b20ceeef4eadb1ff97f  # 10:36  B     70     2    0   2  locking/lockdep: Refactor lookup_chain_cache()
git bisect  bad ae813308f4630642d2c1c87553929ce95f29f9ef  # 11:25  B     28     1    0   4  locking/lockdep: Avoid creating redundant links
# extra tests on HEAD of tip/x86/urgent
git bisect  bad b9545e75894b4866c62b36682527f5df1394ac58  # 11:27  B     29     3    0   3  x86/asm: Fix inline asm call constraints for GCC 4.4
# extra tests on tree/branch linus/master
git bisect  bad 74d83ec2b73457449918c315e40622c03a3659a6  # 11:31  B      2     1    0   0  Merge tag 'platform-drivers-x86-v4.14-2' of git://git.infradead.org/linux-platform-drivers-x86
# extra tests on tree/branch linux-next/master
git bisect  bad 1418b852174ad50b3cb4738b8801626aefdc0bd9  # 11:33  B    472    42    0 104  Add linux-next specific files for 20170929

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-openwrt-lkp-hsw01-101:20170930014514:i386-randconfig-i0-201739:4.13.0-rc4-00170-gb09be67:592.gz" of type "application/gzip" (15438 bytes)

Download attachment "dmesg-openwrt-lkp-nhm-dp2-12:20170930050756:i386-randconfig-i0-201739:4.13.0-rc4-00169-gce07a941:627.gz" of type "application/gzip" (15898 bytes)

View attachment "reproduce-openwrt-lkp-hsw01-101:20170930014514:i386-randconfig-i0-201739:4.13.0-rc4-00170-gb09be67:592" of type "text/plain" (897 bytes)

View attachment "config-4.13.0-rc4-00170-gb09be67" of type "text/plain" (87750 bytes)

View attachment "dmesg-openwrt-lkp-hsw01-103:20170930013206:i386-randconfig-i0-201739:4.13.0-rc4-00170-gb09be67:592" of type "text/plain" (60941 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ