| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180224055545.jmfww5mwyijukobo@shao2-debian>
Date: Sat, 24 Feb 2018 13:55:46 +0800
From: kernel test robot <shun.hao@...el.com>
To: "Paul E.McKenney" <paulmck@...ux.vnet.ibm.com>
Cc: LKML <linux-kernel@...r.kernel.org>,
"Paul E.McKenney" <paulmck@...ux.vnet.ibm.com>,
linux-kernel@...r.kernel.org, lkp@...org
Subject: [lkp-robot] [rcu] 056becf54e:
BUG:KASAN:null-ptr-deref_in__lock_acquire
TO: Paul E. McKenney <paulmck@...ux.vnet.ibm.com>
CC: LKML <linux-kernel@...r.kernel.org>, Paul E. McKenney <paulmck@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, lkp@...org
FYI, we noticed the following commit (built with gcc-7):
commit: 056becf54ef1ab39db14a66625353899dba6762f ("rcu: Parallelize expedited grace-period initialization")
https://git.kernel.org/cgit/linux/kernel/git/paulmck/linux-rcu.git rcu/dev
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -smp 2 -m 512M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------------------------------+------------+------------+
| | 28ea7ed1b3 | 056becf54e |
+------------------------------------------------------------------+------------+------------+
| boot_successes | 2 | 0 |
| boot_failures | 6 | 41 |
| invoked_oom-killer:gfp_mask=0x | 6 | |
| Mem-Info | 6 | |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 6 | |
| BUG:KASAN:null-ptr-deref_in__lock_acquire | 0 | 41 |
| BUG:unable_to_handle_kernel | 0 | 41 |
| Oops:#[##] | 0 | 41 |
| RIP:__lock_acquire | 0 | 41 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 41 |
+------------------------------------------------------------------+------------+------------+
[ 0.037875] BUG: KASAN: null-ptr-deref in __lock_acquire+0x171/0x13d0
[ 0.040000] Read of size 8 at addr 0000000000000018 by task swapper/0/0
[ 0.040000]
[ 0.040000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.16.0-rc1-00044-g056becf #1
[ 0.040000] Call Trace:
[ 0.040000] dump_stack+0x81/0xb3
[ 0.040000] kasan_report+0x22a/0x25a
[ 0.040000] __lock_acquire+0x171/0x13d0
[ 0.040000] ? lookup_chain_cache+0x42/0x6b
[ 0.040000] ? mark_lock+0x25b/0x26d
[ 0.040000] ? rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] ? debug_check_no_locks_freed+0x19f/0x19f
[ 0.040000] ? debug_check_no_locks_freed+0x19f/0x19f
[ 0.040000] ? acpi_hw_read+0x1a0/0x202
[ 0.040000] ? rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] ? lock_acquire+0x1c0/0x209
[ 0.040000] lock_acquire+0x1c0/0x209
[ 0.040000] ? rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] _raw_spin_lock_irqsave+0x43/0x56
[ 0.040000] ? rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] ? sync_sched_exp_handler+0x111/0x111
[ 0.040000] sync_rcu_exp_select_cpus+0x2ff/0x412
[ 0.040000] ? rcu_read_lock_sched_held+0x60/0x66
[ 0.040000] ? sync_sched_exp_handler+0x111/0x111
[ 0.040000] _synchronize_rcu_expedited+0x427/0x5ba
[ 0.040000] ? signal_pending+0x15/0x15
[ 0.040000] ? acpi_hw_write_pm1_control+0x52/0x52
[ 0.040000] ? acpi_hw_write_pm1_control+0x52/0x52
[ 0.040000] ? __change_page_attr_set_clr+0x420/0x420
[ 0.040000] ? printk+0x94/0xb0
[ 0.040000] ? show_regs_print_info+0xa/0xa
[ 0.040000] ? lock_downgrade+0x26a/0x26a
[ 0.040000] ? acpi_read_bit_register+0xb1/0xde
[ 0.040000] ? acpi_read+0xa/0xa
[ 0.040000] ? acpi_read+0xa/0xa
[ 0.040000] ? acpi_hw_get_mode+0x91/0xc2
[ 0.040000] ? _find_next_bit+0x3f/0xe4
[ 0.040000] ? __lock_is_held+0x2a/0x87
[ 0.040000] ? lock_is_held_type+0x78/0x86
[ 0.040000] rcu_test_sync_prims+0xa/0x23
[ 0.040000] rest_init+0xb/0xcf
[ 0.040000] start_kernel+0x59a/0x5be
[ 0.040000] ? mem_encrypt_init+0x6/0x6
[ 0.040000] ? memcpy_orig+0x54/0x110
[ 0.040000] ? x86_family+0x5/0x1d
[ 0.040000] ? load_ucode_bsp+0x3a/0xab
[ 0.040000] secondary_startup_64+0xa5/0xb0
[ 0.040000] ==================================================================
[ 0.040000] Disabling lock debugging due to kernel taint
[ 0.040000] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[ 0.040000] IP: __lock_acquire+0x171/0x13d0
[ 0.040000] PGD 0 P4D 0
[ 0.040000] Oops: 0000 [#1] PREEMPT SMP KASAN PTI
[ 0.040000] Modules linked in:
[ 0.040000] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.16.0-rc1-00044-g056becf #1
[ 0.040000] RIP: 0010:__lock_acquire+0x171/0x13d0
[ 0.040000] RSP: 0000:ffffffffb6a079a0 EFLAGS: 00010056
[ 0.040000] RAX: 0000000000000096 RBX: 0000000000000000 RCX: ffffffffb50c9e31
[ 0.040000] RDX: 0000000000000003 RSI: 0000000000000003 RDI: 0000000000000001
[ 0.040000] RBP: ffffffffb6a07b50 R08: dffffc0000000000 R09: 0000000000000000
[ 0.040000] R10: 0000000000000000 R11: ffffffffb81f673a R12: 0000000000000018
[ 0.040000] R13: 0000000000000000 R14: ffffffffb6a1cc40 R15: 0000000000000001
[ 0.040000] FS: 0000000000000000(0000) GS:ffff880012e00000(0000) knlGS:0000000000000000
[ 0.040000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.040000] CR2: 0000000000000018 CR3: 0000000017a14000 CR4: 00000000000006b0
[ 0.040000] Call Trace:
[ 0.040000] ? lookup_chain_cache+0x42/0x6b
[ 0.040000] ? mark_lock+0x25b/0x26d
[ 0.040000] ? rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] ? debug_check_no_locks_freed+0x19f/0x19f
[ 0.040000] ? debug_check_no_locks_freed+0x19f/0x19f
[ 0.040000] ? acpi_hw_read+0x1a0/0x202
[ 0.040000] ? rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] ? lock_acquire+0x1c0/0x209
[ 0.040000] lock_acquire+0x1c0/0x209
[ 0.040000] ? rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] _raw_spin_lock_irqsave+0x43/0x56
[ 0.040000] ? rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] rcu_report_exp_cpu_mult+0x21/0x6d
[ 0.040000] ? sync_sched_exp_handler+0x111/0x111
[ 0.040000] sync_rcu_exp_select_cpus+0x2ff/0x412
[ 0.040000] ? rcu_read_lock_sched_held+0x60/0x66
[ 0.040000] ? sync_sched_exp_handler+0x111/0x111
[ 0.040000] _synchronize_rcu_expedited+0x427/0x5ba
[ 0.040000] ? signal_pending+0x15/0x15
[ 0.040000] ? acpi_hw_write_pm1_control+0x52/0x52
[ 0.040000] ? acpi_hw_write_pm1_control+0x52/0x52
[ 0.040000] ? __change_page_attr_set_clr+0x420/0x420
[ 0.040000] ? printk+0x94/0xb0
[ 0.040000] ? show_regs_print_info+0xa/0xa
[ 0.040000] ? lock_downgrade+0x26a/0x26a
[ 0.040000] ? acpi_read_bit_register+0xb1/0xde
[ 0.040000] ? acpi_read+0xa/0xa
[ 0.040000] ? acpi_read+0xa/0xa
[ 0.040000] ? acpi_hw_get_mode+0x91/0xc2
[ 0.040000] ? _find_next_bit+0x3f/0xe4
[ 0.040000] ? __lock_is_held+0x2a/0x87
[ 0.040000] ? lock_is_held_type+0x78/0x86
[ 0.040000] rcu_test_sync_prims+0xa/0x23
[ 0.040000] rest_init+0xb/0xcf
[ 0.040000] start_kernel+0x59a/0x5be
[ 0.040000] ? mem_encrypt_init+0x6/0x6
[ 0.040000] ? memcpy_orig+0x54/0x110
[ 0.040000] ? x86_family+0x5/0x1d
[ 0.040000] ? load_ucode_bsp+0x3a/0xab
[ 0.040000] secondary_startup_64+0xa5/0xb0
[ 0.040000] Code: b6 48 c7 c7 40 8c 25 b6 e8 c4 d5 f9 ff 0f ff e9 3e 12 00 00 8b 1d fb df 9b 01 85 db 74 19 4c 89 e7 bb 00 00 00 00 e8 6b e2 14 00 <49> 81 3c 24 80 3d 66 b7 41 0f 45 df 41 83 fd 01 77 17 45 89 ef
[ 0.040000] RIP: __lock_acquire+0x171/0x13d0 RSP: ffffffffb6a079a0
[ 0.040000] CR2: 0000000000000018
[ 0.040000] ---[ end trace 3538acf156ca7a42 ]---
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Shun
View attachment "config-4.16.0-rc1-00044-g056becf" of type "text/plain" (122379 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (5732 bytes)
Powered by blists - more mailing lists