| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Oct 2017 22:06:34 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Byungchul Park <byungchul.park@....com>
Cc: Ingo Molnar <mingo@...nel.org>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
linux-kernel@...r.kernel.org, LKP <lkp@...org>,
Josh Poimboeuf <jpoimboe@...hat.com>
Subject: [lockdep] b09be676e0 BUG: unable to handle kernel NULL pointer
dereference at 000001f2
Hi Byungchul,
This patch triggers a NULL-dereference bug at update_stack_state().
Although its parent commit also has a NULL-dereference bug, however
the call stack looks rather different. Both dmesg files are attached.
It also triggers this warning, which is being discussed in another
thread, so CC Josh. The full dmesg attached, too.
Please press Enter to activate this console.
[ 138.605622] WARNING: kernel stack regs at be299c9a in procd:340 has bad 'bp' value 000001be
[ 138.605627] unwind stack type:0 next_sp: (null) mask:0x2 graph_idx:0
[ 138.605631] be299c9a: 299ceb00 (0x299ceb00)
[ 138.605633] be299c9e: 2281f1be (0x2281f1be)
[ 138.605634] be299ca2: 299cebb6 (0x299cebb6)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit b09be676e0ff25bd6d2e7637e26d349f9109ad75
Author: Byungchul Park <byungchul.park@....com>
AuthorDate: Mon Aug 7 16:12:52 2017 +0900
Commit: Ingo Molnar <mingo@...nel.org>
CommitDate: Thu Aug 10 12:29:07 2017 +0200
locking/lockdep: Implement the 'crossrelease' feature
Lockdep is a runtime locking correctness validator that detects and
reports a deadlock or its possibility by checking dependencies between
locks. It's useful since it does not report just an actual deadlock but
also the possibility of a deadlock that has not actually happened yet.
That enables problems to be fixed before they affect real systems.
However, this facility is only applicable to typical locks, such as
spinlocks and mutexes, which are normally released within the context in
which they were acquired. However, synchronization primitives like page
locks or completions, which are allowed to be released in any context,
also create dependencies and can cause a deadlock.
So lockdep should track these locks to do a better job. The 'crossrelease'
implementation makes these primitives also be tracked.
Signed-off-by: Byungchul Park <byungchul.park@....com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: akpm@...ux-foundation.org
Cc: boqun.feng@...il.com
Cc: kernel-team@....com
Cc: kirill@...temov.name
Cc: npiggin@...il.com
Cc: walken@...gle.com
Cc: willy@...radead.org
Link: http://lkml.kernel.org/r/1502089981-21272-6-git-send-email-byungchul.park@lge.com
Signed-off-by: Ingo Molnar <mingo@...nel.org>
ce07a9415f locking/lockdep: Make check_prev_add() able to handle external stack_trace
b09be676e0 locking/lockdep: Implement the 'crossrelease' feature
74d83ec2b7 Merge tag 'platform-drivers-x86-v4.14-2' of git://git.infradead.org/linux-platform-drivers-x86
1418b85217 Add linux-next specific files for 20170929
+--------------------------------------------------------------+------------+------------+------------+---------------+
| | ce07a9415f | b09be676e0 | 74d83ec2b7 | next-20170929 |
+--------------------------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 119 | 113 | 5 | 479 |
| boot_failures | 6 | 21 | 1 | 146 |
| BUG:unable_to_handle_kernel | 6 | 10 | 1 | 42 |
| Oops:#[##] | 6 | 10 | 1 | 42 |
| EIP:iput | 5 | | | |
| Kernel_panic-not_syncing:Fatal_exception | 6 | | | |
| EIP:do_raw_spin_trylock | 1 | | | |
| EIP:update_stack_state | 0 | 10 | 1 | 42 |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 10 | 1 | 42 |
| WARNING:kernel_stack | 0 | 12 | 0 | 110 |
| WARNING:at_arch/x86/include/asm/fpu/internal.h:#fpu__restore | 0 | 1 | | |
| EIP:fpu__restore | 0 | 1 | | |
| invoked_oom-killer:gfp_mask=0x | 0 | 0 | 0 | 16 |
| Mem-Info | 0 | 0 | 0 | 16 |
| EIP:clear_user | 0 | 0 | 0 | 2 |
| EIP:copy_page_to_iter | 0 | 0 | 0 | 1 |
+--------------------------------------------------------------+------------+------------+------------+---------------+
[ 136.982078] sock: process `trinity-main' is using obsolete setsockopt SO_BSDCOMPAT
procd: Instance odhcpd::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
procd: Instance uhttpd::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
[ 187.360180] Writes: Total: 2 Max/Min: 0/0 Fail: 0
[ 214.960026] BUG: unable to handle kernel NULL pointer dereference at 000001f2
[ 214.960812] IP: update_stack_state+0xd4/0x340
[ 214.961278] *pde = 00000000
[ 214.961281]
[ 214.961728] Oops: 0000 [#1] PREEMPT SMP
[ 214.962087] CPU: 0 PID: 18728 Comm: 01-cpu-hotplug Not tainted 4.13.0-rc4-00170-gb09be67 #592
[ 214.962885] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 214.963853] task: bb0b53c0 task.stack: bb3ac000
[ 214.964281] EIP: update_stack_state+0xd4/0x340
[ 214.964702] EFLAGS: 00010002 CPU: 0
[ 214.965040] EAX: 0000a570 EBX: bb3adccb ECX: 0000f401 EDX: 0000a570
[ 214.965643] ESI: 00000001 EDI: 000001ba EBP: bb3adc6b ESP: bb3adc3f
[ 214.966253] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[ 214.966791] CR0: 80050033 CR2: 000001f2 CR3: 0b3a7000 CR4: 00140690
[ 214.967405] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 214.967995] DR6: fffe0ff0 DR7: 00000400
[ 214.968374] Call Trace:
[ 214.968623] ? unwind_next_frame+0xea/0x400
[ 214.969017] ? __unwind_start+0xf5/0x180
[ 214.969412] ? __save_stack_trace+0x81/0x160
[ 214.969838] ? save_stack_trace+0x20/0x30
[ 214.970253] ? __lock_acquire+0xfa5/0x12f0
[ 214.970676] ? lock_acquire+0x1c2/0x230
[ 214.971033] ? tick_periodic+0x3a/0xf0
[ 214.971396] ? _raw_spin_lock+0x42/0x50
[ 214.971771] ? tick_periodic+0x3a/0xf0
[ 214.972145] ? tick_periodic+0x3a/0xf0
[ 214.972528] ? debug_smp_processor_id+0x12/0x20
[ 214.972985] ? tick_handle_periodic+0x23/0xc0
[ 214.973409] ? local_apic_timer_interrupt+0x63/0x70
[ 214.973893] ? smp_trace_apic_timer_interrupt+0x235/0x6a0
[ 214.974431] ? trace_apic_timer_interrupt+0x37/0x3c
[ 214.974895] ? strrchr+0x23/0x50
[ 214.975205] Code: 0f 95 c1 89 c7 89 45 e4 0f b6 c1 89 c6 89 45 dc 8b 04 85 98 cb 74 bc 88 4d e3 89 45 f0 83 c0 01 84 c9 89 04 b5 98 cb 74 bc 74 3b <8b> 47 38 8b 57 34 c6 43 1d 01 25 00 00 02 00 83 e2 03 09 d0 83
[ 214.977101] EIP: update_stack_state+0xd4/0x340 SS:ESP: 0068:bb3adc3f
[ 214.977721] CR2: 00000000000001f2
[ 214.978049] ---[ end trace 0d147fd4aba8ff50 ]---
[ 214.978500] Kernel panic - not syncing: Fatal exception in interrupt
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 29b46dfb136cdbeece542b3f01115237e43f2855 v4.13 --
git bisect bad 64414e5f9896805c2e80583345e9b1745be73aa9 # 06:35 B 25 6 0 84 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu
git bisect bad 608c1d3c17e9e0e87dae69b9bb78f0556006ee6e # 06:35 B 23 9 0 100 Merge branch 'for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
git bisect bad 9e85ae6af6e907975f68d82ff127073ec024cb05 # 06:36 B 53 6 0 10 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
git bisect good a1400cdb777409d142c76958ed96e39c2cb95edd # 07:50 G 200 0 0 0 Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad dd90cccffc20a15d8e4c3ac8813f4b6a6cd4766f # 07:50 B 41 12 0 12 Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good e0a195b5225e1285806622cc146dc5c3312fb392 # 07:50 G 406 0 0 0 Merge branch 'x86-spinlocks-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad 5f82e71a001d14824a7728ad9e49f6aea420f161 # 07:51 B 42 5 0 13 Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 6c51e67b64d169419fb13318035bb442f9176612 # 08:52 G 196 0 0 1 Merge branch 'x86-syscall-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad b09be676e0ff25bd6d2e7637e26d349f9109ad75 # 08:53 B 54 10 0 11 locking/lockdep: Implement the 'crossrelease' feature
git bisect good d0646a6f5533226ceb7620c20717286d3a372794 # 09:41 G 197 0 0 0 jump_label: Add RELEASE barrier after text changes
git bisect good d89e588ca4081615216cc25f2489b0281ac0bfe9 # 10:36 G 198 0 0 0 locking: Introduce smp_mb__after_spinlock()
git bisect bad 545c23f2e954eb3365629b20ceeef4eadb1ff97f # 10:36 B 70 2 0 2 locking/lockdep: Refactor lookup_chain_cache()
git bisect bad ae813308f4630642d2c1c87553929ce95f29f9ef # 11:25 B 28 1 0 4 locking/lockdep: Avoid creating redundant links
# extra tests on HEAD of tip/x86/urgent
git bisect bad b9545e75894b4866c62b36682527f5df1394ac58 # 11:27 B 29 3 0 3 x86/asm: Fix inline asm call constraints for GCC 4.4
# extra tests on tree/branch linus/master
git bisect bad 74d83ec2b73457449918c315e40622c03a3659a6 # 11:31 B 2 1 0 0 Merge tag 'platform-drivers-x86-v4.14-2' of git://git.infradead.org/linux-platform-drivers-x86
# extra tests on tree/branch linux-next/master
git bisect bad 1418b852174ad50b3cb4738b8801626aefdc0bd9 # 11:33 B 472 42 0 104 Add linux-next specific files for 20170929
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-openwrt-lkp-hsw01-101:20170930014514:i386-randconfig-i0-201739:4.13.0-rc4-00170-gb09be67:592.gz" of type "application/gzip" (15438 bytes)
Download attachment "dmesg-openwrt-lkp-nhm-dp2-12:20170930050756:i386-randconfig-i0-201739:4.13.0-rc4-00169-gce07a941:627.gz" of type "application/gzip" (15898 bytes)
View attachment "reproduce-openwrt-lkp-hsw01-101:20170930014514:i386-randconfig-i0-201739:4.13.0-rc4-00170-gb09be67:592" of type "text/plain" (897 bytes)
View attachment "config-4.13.0-rc4-00170-gb09be67" of type "text/plain" (87750 bytes)
View attachment "dmesg-openwrt-lkp-hsw01-103:20170930013206:i386-randconfig-i0-201739:4.13.0-rc4-00170-gb09be67:592" of type "text/plain" (60941 bytes)
Powered by blists - more mailing lists