lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Sat, 23 Dec 2017 20:36:35 +0100 (CET)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     syzbot 
        <bot+d85a4a76747ecb51a02faa3009877c4ffea665d6@...kaller.appspotmail.com>
cc:     douly.fnst@...fujitsu.com, hpa@...or.com, jgross@...e.com,
        linux-kernel@...r.kernel.org, mingo@...hat.com,
        peterz@...radead.org, rostedt@...dmis.org,
        syzkaller-bugs@...glegroups.com, x86@...nel.org
Subject: Re: WARNING in rcu_process_callbacks

On Sat, 23 Dec 2017, syzbot wrote:
> Hello,
> 
> syzkaller hit the following crash on 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> 
> Unfortunately, I don't have any reproducer for this bug yet.
> 
> 
> RBP: 00007f50826f4a90 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
> R13: 00007f50826f4bc8 R14: 00000000004b75bb R15: 0000000000000000
> WARNING: CPU: 0 PID: 7719 at kernel/rcu/tree.c:2714 arch_local_irq_disable
> arch/x86/include/asm/paravirt.h:772 [inline]

So the only thing which triggers a BUG in that code is the paravirt stuff

#define PVOP_TEST_NULL(op)      BUG_ON(op == NULL)

Your config has PARAVIRT_DEBUG=y

So this is again something which got executed before a gazillion of times
and then something becomes NULL. In this case it's  pv_irq_ops.irq_disable

I've seen such unexplainable NULL pointers in quite some sysbot bug reports
lately. The irq_desc->irq_data.common issue is more or less the same
problem. This really stinks like a stray pointer.

Thanks,

	tglx


Powered by blists - more mailing lists