[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+ZkbkjJw=diHQbqHOBdbcs9zDUS0ggqwrLU02U_tEP73g@mail.gmail.com>
Date: Thu, 1 Mar 2018 15:09:36 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Tetsuo Handa <from-linux-mm@...ove.sakura.ne.jp>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Kees Cook <keescook@...omium.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Petr Mladek <pmladek@...e.com>,
kernel test robot <shun.hao@...el.com>,
Cong Wang <xiyou.wangcong@...il.com>,
Dave Hansen <dave.hansen@...el.com>,
Johannes Weiner <hannes@...xchg.org>,
Mel Gorman <mgorman@...e.de>, Michal Hocko <mhocko@...nel.org>,
Vlastimil Babka <vbabka@...e.cz>,
Peter Zijlstra <peterz@...radead.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Jan Kara <jack@...e.cz>,
Mathieu Desnoyers <mathieu.desnoyers@...icios.com>,
Byungchul Park <byungchul.park@....com>,
Tejun Heo <tj@...nel.org>, Pavel Machek <pavel@....cz>,
Steven Rostedt <rostedt@...dmis.org>,
LKML <linux-kernel@...r.kernel.org>, LKP <lkp@...org>,
kasan-dev <kasan-dev@...glegroups.com>
Subject: Re: [lkp-robot] [printk] c162d5b433: BUG:KASAN:use-after-scope_in_c
On Thu, Mar 1, 2018 at 11:06 AM, Tetsuo Handa
<from-linux-mm@...ove.sakura.ne.jp> wrote:
> Dmitry Vyukov wrote:
>> Hi Shun,
>>
>> The report says "job-script is attached in this email", but I don't
>> see it attached. Did you forget to attach it? How can I reproduce this
>> exact build?
>> Could you post a symbolized report with inlines frames?
>>
>
> Forwarded by penguin-kernel@...ove.sakura.ne.jp
> ----------------------- Original Message -----------------------
> From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
> To: Petr Mladek <pmladek@...e.com>
> Cc: kernel test robot <shun.hao@...el.com>, Cong Wang <xiyou.wangcong@...il.com>, Dave Hansen <dave.hansen@...el.com>, Johannes Weiner <hannes@...xchg.org>, Mel Gorman <mgorman@...e.de>, Michal Hocko <mhocko@...nel.org>, Vlastimil Babka <vbabka@...e.cz>, Peter Zijlstra <peterz@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Jan Kara <jack@...e.cz>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Byungchul Park <byungchul.park@....com>, Tejun Heo <tj@...nel.org>, Pavel Machek <pavel@....cz>, Steven Rostedt <rostedt@...dmis.org>, Sergey Senozhatsky <sergey.senozhatsky@...il.com>, LKML <linux-kernel@...r.kernel.org>, lkp@...org
> Date: Thu, 01 Mar 2018 10:08:19 +0900
> Subject: Re: [lkp-robot] [printk] c162d5b433: BUG:KASAN:use-after-scope_in_c
> ----
>
> Petr Mladek wrote:
>> I am really curious what code is proceed on the line
>> console_unlock+0x185/0x960.
>
> I can reproduce this warning with VMware environment.
> Something is happening inside __asan_store1() before calling raw_spin_lock(&console_owner_lock) ?
>
>
>
> [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.14.0-12953-gc162d5b root=UUID=98df1583-260a-423a-a193-182dade5d085 ro crashkernel=256M security=none sysrq_always_enabled console=ttyS0,115200n8 console=tty0 LANG=en_US.UTF-8
> [ 0.000000] sysrq: sysrq always enabled.
> [ 0.000000] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
> [ 0.000000] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
> [ 0.000000] Memory: 3045216K/4193716K available (15633K kernel code, 6278K rwdata, 6948K rodata, 3592K init, 24228K bss, 1148500K reserved, 0K cma-reserved)
> [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=64, Nodes=1
> [ 0.000000] ftrace: allocating 34522 entries in 135 pages
> [ 0.003333] Running RCU self tests
> [ 0.003333] Hierarchical RCU implementation.
> [ 0.003333] RCU event tracing is enabled.
> [ 0.003333] RCU dyntick-idle grace-period acceleration is enabled.
> [ 0.003333] RCU lockdep checking is enabled.
> [ 0.003333] Tasks RCU enabled.
> [ 0.003333] NR_IRQS: 4352, nr_irqs: 936, preallocated irqs: 16
> [ 0.003333] Offload RCU callbacks from CPUs: .
> [ 0.003333] ==================================================================
> [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x185/0x960
> [ 0.003333] Write of size 1 at addr ffffffff828079b8 by task swapper/0
> [ 0.003333]
> [ 0.003333] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-12953-gc162d5b #414
> [ 0.003333] Call Trace:
> [ 0.003333] ? dump_stack+0x11d/0x1c5
> [ 0.003333] ? printk+0xb5/0xd1
> [ 0.003333] ? arch_local_irq_restore+0x17/0x17
> [ 0.003333] ? do_raw_spin_unlock+0x137/0x169
> [ 0.003333] ? irq_trace+0x2e/0x32
> [ 0.003333] ? console_unlock+0x185/0x960
> [ 0.003333] ? print_address_description+0x6e/0x23b
> [ 0.003333] ? console_unlock+0x185/0x960
> [ 0.003333] ? kasan_report+0x223/0x249
> [ 0.003333] ? console_unlock+0x185/0x960
> [ 0.003333] ? wake_up_klogd+0xdf/0xdf
> [ 0.003333] ? do_raw_spin_unlock+0x145/0x169
> [ 0.003333] ? do_raw_spin_trylock+0xed/0xed
> [ 0.003333] ? irq_trace+0x2e/0x32
> [ 0.003333] ? _raw_spin_unlock_irqrestore+0x3b/0x54
> [ 0.003333] ? time_hardirqs_off+0x12/0x2d
> [ 0.003333] ? arch_local_save_flags+0x7/0x8
> [ 0.003333] ? trace_hardirqs_off_caller+0x127/0x139
> [ 0.003333] ? irq_trace+0x2e/0x32
> [ 0.003333] ? vprintk_emit+0x579/0x823
> [ 0.003333] ? __down_trylock_console_sem+0x90/0xa4
> [ 0.003333] ? __down_trylock_console_sem+0x9d/0xa4
> [ 0.003333] ? vprintk_emit+0x7ec/0x823
> [ 0.003333] ? console_unlock+0x960/0x960
> [ 0.003333] ? memblock_merge_regions+0x2d/0x154
> [ 0.003333] ? memblock_add_range+0x322/0x333
> [ 0.003333] ? memblock_reserve+0xbb/0xe1
> [ 0.003333] ? memblock_add+0xe1/0xe1
> [ 0.003333] ? set_pte+0x24/0x27
> [ 0.003333] ? vprintk_func+0x94/0xa5
> [ 0.003333] ? printk+0xb5/0xd1
> [ 0.003333] ? show_regs_print_info+0x41/0x41
> [ 0.003333] ? kasan_populate_zero_shadow+0x37b/0x3f6
> [ 0.003333] ? native_flush_tlb_global+0x74/0x80
> [ 0.003333] ? kasan_init+0x211/0x22d
> [ 0.003333] ? setup_arch+0xdfa/0xf3c
> [ 0.003333] ? css_set_populated+0x79/0x79
> [ 0.003333] ? reserve_standard_io_resources+0x39/0x39
> [ 0.003333] ? vprintk_func+0x9d/0xa5
> [ 0.003333] ? printk+0xb5/0xd1
> [ 0.003333] ? show_regs_print_info+0x41/0x41
> [ 0.003333] ? start_kernel+0xa2/0x515
> [ 0.003333] ? mem_encrypt_init+0xa/0xa
> [ 0.003333] ? x86_family+0x2e/0x33
> [ 0.003333] ? load_ucode_bsp+0x58/0xec
> [ 0.003333] ? secondary_startup_64+0xa5/0xb0
> [ 0.003333]
> [ 0.003333]
> [ 0.003333] Memory state around the buggy address:
> [ 0.003333] ffffffff82807880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [ 0.003333] ffffffff82807900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [ 0.003333] >ffffffff82807980: 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 01
> [ 0.003333] ^
> [ 0.003333] ffffffff82807a00: f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00
> [ 0.003333] ffffffff82807a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
> [ 0.003333] ==================================================================
> [ 0.003333] Disabling lock debugging due to kernel taint
> [ 0.003333] ==================================================================
> [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x185/0x960
> [ 0.003333] Write of size 1 at addr ffffffff828079b8 by task swapper/0
> [ 0.003333]
> [ 0.003333] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-12953-gc162d5b #414
> [ 0.003333] Call Trace:
> [ 0.003333] ? dump_stack+0x11d/0x1c5
> [ 0.003333] ? printk+0xb5/0xd1
> [ 0.003333] ? arch_local_irq_restore+0x17/0x17
> [ 0.003333] ? do_raw_spin_unlock+0x137/0x169
> [ 0.003333] ? irq_trace+0x2e/0x32
> [ 0.003333] ? console_unlock+0x185/0x960
> [ 0.003333] ? print_address_description+0x6e/0x23b
> [ 0.003333] ? console_unlock+0x185/0x960
> [ 0.003333] ? kasan_report+0x223/0x249
> [ 0.003333] ? console_unlock+0x185/0x960
> [ 0.003333] ? wake_up_klogd+0xdf/0xdf
> [ 0.003333] ? do_raw_spin_unlock+0x145/0x169
> [ 0.003333] ? do_raw_spin_trylock+0xed/0xed
> [ 0.003333] ? irq_trace+0x2e/0x32
> [ 0.003333] ? _raw_spin_unlock_irqrestore+0x3b/0x54
> [ 0.003333] ? time_hardirqs_off+0x12/0x2d
> [ 0.003333] ? arch_local_save_flags+0x7/0x8
> [ 0.003333] ? trace_hardirqs_off_caller+0x127/0x139
> [ 0.003333] ? irq_trace+0x2e/0x32
> [ 0.003333] ? vprintk_emit+0x579/0x823
> [ 0.003333] ? __down_trylock_console_sem+0x90/0xa4
> [ 0.003333] ? __down_trylock_console_sem+0x9d/0xa4
> [ 0.003333] ? vprintk_emit+0x7ec/0x823
> [ 0.003333] ? console_unlock+0x960/0x960
> [ 0.003333] ? memblock_merge_regions+0x2d/0x154
> [ 0.003333] ? memblock_add_range+0x322/0x333
> [ 0.003333] ? memblock_reserve+0xbb/0xe1
> [ 0.003333] ? memblock_add+0xe1/0xe1
> [ 0.003333] ? set_pte+0x24/0x27
> [ 0.003333] ? vprintk_func+0x94/0xa5
> [ 0.003333] ? printk+0xb5/0xd1
> [ 0.003333] ? show_regs_print_info+0x41/0x41
> [ 0.003333] ? kasan_populate_zero_shadow+0x37b/0x3f6
> [ 0.003333] ? native_flush_tlb_global+0x74/0x80
> [ 0.003333] ? kasan_init+0x211/0x22d
> [ 0.003333] ? setup_arch+0xdfa/0xf3c
> [ 0.003333] ? css_set_populated+0x79/0x79
> [ 0.003333] ? reserve_standard_io_resources+0x39/0x39
> [ 0.003333] ? vprintk_func+0x9d/0xa5
> [ 0.003333] ? printk+0xb5/0xd1
> [ 0.003333] ? show_regs_print_info+0x41/0x41
> [ 0.003333] ? start_kernel+0xa2/0x515
> [ 0.003333] ? mem_encrypt_init+0xa/0xa
> [ 0.003333] ? x86_family+0x2e/0x33
> [ 0.003333] ? load_ucode_bsp+0x58/0xec
> [ 0.003333] ? secondary_startup_64+0xa5/0xb0
> [ 0.003333]
> [ 0.003333]
> [ 0.003333] Memory state around the buggy address:
> [ 0.003333] ffffffff82807880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [ 0.003333] ffffffff82807900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> [ 0.003333] >ffffffff82807980: 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 01
> [ 0.003333] ^
> [ 0.003333] ffffffff82807a00: f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00
> [ 0.003333] ffffffff82807a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
> [ 0.003333] ==================================================================
> [ 0.003333] Disabling lock debugging due to kernel taint
> [ 0.003333] ==================================================================
>
>
>
> # ./scripts/faddr2line vmlinux console_unlock+0x185/0x960
> console_unlock+0x185/0x960:
> console_lock_spinning_disable_and_check at kernel/printk/printk.c:1600
> (inlined by) console_unlock at kernel/printk/printk.c:2386
>
>
>
> ffffffff81190da4 <console_unlock>:
> * If there is output waiting, we wake /dev/kmsg and syslog() users.
> *
> * console_unlock(); may be called from any context.
> */
> void console_unlock(void)
> {
> ffffffff81190da4: e8 57 e1 da 00 callq ffffffff81f3ef00 <__fentry__>
> ffffffff81190da9: 55 push %rbp
> ffffffff81190daa: 48 89 e5 mov %rsp,%rbp
> ffffffff81190dad: 41 57 push %r15
> ffffffff81190daf: 41 56 push %r14
> ffffffff81190db1: 48 8d 85 f8 fe ff ff lea -0x108(%rbp),%rax
> ffffffff81190db8: 41 55 push %r13
> ffffffff81190dba: 41 54 push %r12
> ffffffff81190dbc: 53 push %rbx
> ffffffff81190dbd: 48 bb 00 00 00 00 00 movabs $0xdffffc0000000000,%rbx
> ffffffff81190dc4: fc ff df
> ffffffff81190dc7: 48 c1 e8 03 shr $0x3,%rax
> ffffffff81190dcb: 48 81 ec 20 01 00 00 sub $0x120,%rsp
> ffffffff81190dd2: 48 89 85 d0 fe ff ff mov %rax,-0x130(%rbp)
> ffffffff81190dd9: 48 01 d8 add %rbx,%rax
> ffffffff81190ddc: 48 c7 85 f8 fe ff ff movq $0x41b58ab3,-0x108(%rbp)
> ffffffff81190de3: b3 8a b5 41
> ffffffff81190de7: 48 c7 85 00 ff ff ff movq $0xffffffff825fb4c2,-0x100(%rbp)
> ffffffff81190dee: c2 b4 5f 82
> ffffffff81190df2: 48 c7 85 08 ff ff ff movq $0xffffffff81190da4,-0xf8(%rbp)
> ffffffff81190df9: a4 0d 19 81
> ffffffff81190dfd: c7 00 f1 f1 f1 f1 movl $0xf1f1f1f1,(%rax)
> ffffffff81190e03: c7 40 04 01 f2 f2 f2 movl $0xf2f2f201,0x4(%rax)
> ffffffff81190e0a: c7 40 08 f2 f2 f2 f2 movl $0xf2f2f2f2,0x8(%rax)
> ffffffff81190e11: c7 40 0c 01 f2 f2 f2 movl $0xf2f2f201,0xc(%rax)
> ffffffff81190e18: c7 40 10 f2 f2 f2 f2 movl $0xf2f2f2f2,0x10(%rax)
> ffffffff81190e1f: c7 40 14 00 f2 f2 f2 movl $0xf2f2f200,0x14(%rax)
> ffffffff81190e26: c7 40 18 f3 f3 f3 f3 movl $0xf3f3f3f3,0x18(%rax)
> static u64 seen_seq;
> unsigned long flags;
> bool wake_klogd = false;
> bool do_cond_resched, retry;
>
> if (console_suspended) {
> ffffffff81190e2d: e8 3f 82 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190e32: 83 3d a7 c2 14 03 00 cmpl $0x0,0x314c2a7(%rip) # ffffffff842dd0e0 <console_suspended>
> ffffffff81190e39: 74 0a je ffffffff81190e45 <console_unlock+0xa1>
> up_console_sem();
> ffffffff81190e3b: e8 31 82 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190e40: e9 85 08 00 00 jmpq ffffffff811916ca <console_unlock+0x926>
> *
> * console_trylock() is not able to detect the preemptive
> * context reliably. Therefore the value must be stored before
> * and cleared after the the "again" goto label.
> */
> do_cond_resched = console_may_schedule;
> ffffffff81190e45: e8 27 82 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190e4a: 8b 05 b0 c0 14 03 mov 0x314c0b0(%rip),%eax # ffffffff842dcf00 <console_may_schedule>
> {
> static char ext_text[CONSOLE_EXT_LOG_MAX];
> static char text[LOG_LINE_MAX + PREFIX_MAX];
> static u64 seen_seq;
> unsigned long flags;
> bool wake_klogd = false;
> ffffffff81190e50: 45 31 ed xor %r13d,%r13d
> ffffffff81190e53: 48 89 9d e8 fe ff ff mov %rbx,-0x118(%rbp)
> *
> * console_trylock() is not able to detect the preemptive
> * context reliably. Therefore the value must be stored before
> * and cleared after the the "again" goto label.
> */
> do_cond_resched = console_may_schedule;
> ffffffff81190e5a: 89 85 cc fe ff ff mov %eax,-0x134(%rbp)
> again:
> console_may_schedule = 0;
> ffffffff81190e60: e8 0c 82 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> * unless they're explicitly marked as being able to cope (CON_ANYTIME) don't
> * call them until this CPU is officially up.
> */
> static inline int can_use_console(void)
> {
> return cpu_online(raw_smp_processor_id()) || have_callable_console();
> ffffffff81190e65: 65 8b 05 bc 22 e8 7e mov %gs:0x7ee822bc(%rip),%eax # 13128 <cpu_number>
> * context reliably. Therefore the value must be stored before
> * and cleared after the the "again" goto label.
> */
> do_cond_resched = console_may_schedule;
> again:
> console_may_schedule = 0;
> ffffffff81190e6c: c7 05 8a c0 14 03 00 movl $0x0,0x314c08a(%rip) # ffffffff842dcf00 <console_may_schedule>
> ffffffff81190e73: 00 00 00
> *
> * Returns 1 if @cpu is set in @cpumask, else returns 0
> */
> static inline int cpumask_test_cpu(int cpu, const struct cpumask *cpumask)
> {
> return test_bit(cpumask_check(cpu), cpumask_bits((cpumask)));
> ffffffff81190e76: 89 c0 mov %eax,%eax
>
> static __always_inline bool variable_test_bit(long nr, volatile const unsigned long *addr)
> {
> bool oldbit;
>
> asm volatile("bt %2,%1"
> ffffffff81190e78: 48 0f a3 05 a8 ad c8 bt %rax,0x1c8ada8(%rip) # ffffffff82e1bc28 <__cpu_online_mask>
> ffffffff81190e7f: 01
> ffffffff81190e80: 49 c7 c6 28 bc e1 82 mov $0xffffffff82e1bc28,%r14
> * unless they're explicitly marked as being able to cope (CON_ANYTIME) don't
> * call them until this CPU is officially up.
> */
> static inline int can_use_console(void)
> {
> return cpu_online(raw_smp_processor_id()) || have_callable_console();
> ffffffff81190e87: 0f 82 a3 01 00 00 jb ffffffff81191030 <console_unlock+0x28c>
> */
> static int have_callable_console(void)
> {
> struct console *con;
>
> for_each_console(con)
> ffffffff81190e8d: e8 df 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190e92: 48 8b 1d 07 c3 14 03 mov 0x314c307(%rip),%rbx # ffffffff842dd1a0 <console_drivers>
> ffffffff81190e99: e8 d3 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190e9e: 48 85 db test %rbx,%rbx
> ffffffff81190ea1: 0f 84 14 08 00 00 je ffffffff811916bb <console_unlock+0x917>
> if ((con->flags & CON_ENABLED) &&
> ffffffff81190ea7: e8 c5 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190eac: 48 8d 7b 40 lea 0x40(%rbx),%rdi
> ffffffff81190eb0: e8 bd 51 1f 00 callq ffffffff81386072 <__asan_load2>
> ffffffff81190eb5: 8b 43 40 mov 0x40(%rbx),%eax
> ffffffff81190eb8: 83 e0 14 and $0x14,%eax
> ffffffff81190ebb: 66 83 f8 14 cmp $0x14,%ax
> ffffffff81190ebf: 0f 84 6b 01 00 00 je ffffffff81191030 <console_unlock+0x28c>
> */
> static int have_callable_console(void)
> {
> struct console *con;
>
> for_each_console(con)
> ffffffff81190ec5: e8 a7 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190eca: 48 8d 7b 50 lea 0x50(%rbx),%rdi
> ffffffff81190ece: e8 89 53 1f 00 callq ffffffff8138625c <__asan_load8>
> ffffffff81190ed3: 48 8b 5b 50 mov 0x50(%rbx),%rbx
> ffffffff81190ed7: eb c0 jmp ffffffff81190e99 <console_unlock+0xf5>
> ffffffff81190ed9: e8 93 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190ede: 65 8b 05 43 22 e8 7e mov %gs:0x7ee82243(%rip),%eax # 13128 <cpu_number>
> ffffffff81190ee5: 89 c0 mov %eax,%eax
> ffffffff81190ee7: 49 0f a3 06 bt %rax,(%r14)
> ffffffff81190eeb: 0f 82 6c 04 00 00 jb ffffffff8119135d <console_unlock+0x5b9>
> {
> struct console *con;
>
> trace_console_rcuidle(text, len);
>
> if (!console_drivers)
> ffffffff81190ef1: e8 7b 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190ef6: 48 8b 1d a3 c2 14 03 mov 0x314c2a3(%rip),%rbx # ffffffff842dd1a0 <console_drivers>
> ffffffff81190efd: 48 85 db test %rbx,%rbx
> ffffffff81190f00: 0f 85 5c 05 00 00 jne ffffffff81191462 <console_unlock+0x6be>
> ffffffff81190f06: 48 8d 9d 18 ff ff ff lea -0xe8(%rbp),%rbx
> ffffffff81190f0d: 4c 8d a5 58 ff ff ff lea -0xa8(%rbp),%r12
> */
> console_lock_spinning_enable();
>
> stop_critical_timings(); /* don't trace print latency */
> call_console_drivers(ext_text, ext_len, text, len);
> start_critical_timings();
> ffffffff81190f14: e8 58 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190f19: e8 18 a2 0c 00 callq ffffffff8125b136 <start_critical_timings>
> ffffffff81190f1e: 48 89 df mov %rbx,%rdi
> static int console_lock_spinning_disable_and_check(void)
> {
> int waiter;
>
> raw_spin_lock(&console_owner_lock);
> waiter = READ_ONCE(console_waiter);
> ffffffff81190f21: 49 89 df mov %rbx,%r15
> ffffffff81190f24: e8 04 51 1f 00 callq ffffffff8138602d <__asan_store1>
> ffffffff81190f29: 4c 89 e7 mov %r12,%rdi /*** console_unlock+0x185/0x960 ***/
> ffffffff81190f2c: c6 85 18 ff ff ff 00 movb $0x0,-0xe8(%rbp)
> ffffffff81190f33: 49 c1 ef 03 shr $0x3,%r15
> ffffffff81190f37: e8 f1 50 1f 00 callq ffffffff8138602d <__asan_store1>
> */
> static int console_lock_spinning_disable_and_check(void)
> {
> int waiter;
>
> raw_spin_lock(&console_owner_lock);
> ffffffff81190f3c: 48 c7 c7 e0 96 95 82 mov $0xffffffff829596e0,%rdi /*** ffffffff829596e0 d console_owner_lock ***/
> ffffffff81190f43: c6 85 58 ff ff ff 00 movb $0x0,-0xa8(%rbp)
> ffffffff81190f4a: e8 9a bd da 00 callq ffffffff81f3cce9 <_raw_spin_lock>
> waiter = READ_ONCE(console_waiter);
> ffffffff81190f4f: 4c 03 bd e8 fe ff ff add -0x118(%rbp),%r15
> ffffffff81190f56: 8a 05 c4 bb 04 03 mov 0x304bbc4(%rip),%al # ffffffff841dcb20 <console_waiter>
> ffffffff81190f5c: 48 89 df mov %rbx,%rdi
> ffffffff81190f5f: 88 85 e0 fe ff ff mov %al,-0x120(%rbp)
> ffffffff81190f65: 41 c6 07 01 movb $0x1,(%r15)
> ffffffff81190f69: e8 bf 50 1f 00 callq ffffffff8138602d <__asan_store1>
> ffffffff81190f6e: 8a 85 e0 fe ff ff mov -0x120(%rbp),%al
> ffffffff81190f74: 48 89 df mov %rbx,%rdi
> ffffffff81190f77: 88 85 18 ff ff ff mov %al,-0xe8(%rbp)
> ffffffff81190f7d: e8 69 50 1f 00 callq ffffffff81385feb <__asan_load1>
> ffffffff81190f82: 8a 85 18 ff ff ff mov -0xe8(%rbp),%al
> console_owner = NULL;
> raw_spin_unlock(&console_owner_lock);
> ffffffff81190f88: 48 c7 c7 e0 96 95 82 mov $0xffffffff829596e0,%rdi
> ffffffff81190f8f: 41 c6 07 f8 movb $0xf8,(%r15)
> {
> int waiter;
>
> raw_spin_lock(&console_owner_lock);
> waiter = READ_ONCE(console_waiter);
> console_owner = NULL;
> ffffffff81190f93: 48 c7 05 c2 bb 04 03 movq $0x0,0x304bbc2(%rip) # ffffffff841dcb60 <console_owner>
> ffffffff81190f9a: 00 00 00 00
> static int console_lock_spinning_disable_and_check(void)
> {
> int waiter;
>
> raw_spin_lock(&console_owner_lock);
> waiter = READ_ONCE(console_waiter);
> ffffffff81190f9e: 88 85 e0 fe ff ff mov %al,-0x120(%rbp)
> console_owner = NULL;
> raw_spin_unlock(&console_owner_lock);
> ffffffff81190fa4: e8 9b bf da 00 callq ffffffff81f3cf44 <_raw_spin_unlock>
> ffffffff81190fa9: 48 8b 9d f0 fe ff ff mov -0x110(%rbp),%rbx
>
> if (!waiter) {
> ffffffff81190fb0: 8a 85 e0 fe ff ff mov -0x120(%rbp),%al
> ffffffff81190fb6: 81 e3 00 02 00 00 and $0x200,%ebx
> ffffffff81190fbc: 84 c0 test %al,%al
> ffffffff81190fbe: 0f 85 54 05 00 00 jne ffffffff81191518 <console_unlock+0x774>
> spin_release(&console_owner_dep_map, 1, _THIS_IP_);
> ffffffff81190fc4: e8 a8 80 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190fc9: 48 c7 c2 c4 0f 19 81 mov $0xffffffff81190fc4,%rdx
> ffffffff81190fd0: be 01 00 00 00 mov $0x1,%esi
> ffffffff81190fd5: 48 c7 c7 60 97 95 82 mov $0xffffffff82959760,%rdi
> ffffffff81190fdc: e8 0d 19 fe ff callq ffffffff811728ee <lock_release>
> if (console_lock_spinning_disable_and_check()) {
> printk_safe_exit_irqrestore(flags);
> return;
> }
>
> printk_safe_exit_irqrestore(flags);
> ffffffff81190fe1: e8 82 2d 00 00 callq ffffffff81193d68 <__printk_safe_exit>
> ffffffff81190fe6: 48 85 db test %rbx,%rbx
> ffffffff81190fe9: 0f 85 d6 05 00 00 jne ffffffff811915c5 <console_unlock+0x821>
> ffffffff81190fef: e8 7d 80 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81190ff4: 48 8b bd f0 fe ff ff mov -0x110(%rbp),%rdi
> ffffffff81190ffb: e8 48 ca ff ff callq ffffffff8118da48 <arch_local_irq_restore>
> ffffffff81191000: e8 42 9f fd ff callq ffffffff8116af47 <trace_hardirqs_off>
>
> if (do_cond_resched)
> ffffffff81191005: e8 67 80 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff8119100a: 83 bd cc fe ff ff 00 cmpl $0x0,-0x134(%rbp)
> ffffffff81191011: 74 1d je ffffffff81191030 <console_unlock+0x28c>
> cond_resched();
> ffffffff81191013: e8 59 80 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc>
> ffffffff81191018: 31 d2 xor %edx,%edx
> ffffffff8119101a: be 5a 09 00 00 mov $0x95a,%esi
> ffffffff8119101f: 48 c7 c7 00 65 07 82 mov $0xffffffff82076500,%rdi
> ffffffff81191026: e8 91 77 fa ff callq ffffffff811387bc <___might_sleep>
> ffffffff8119102b: e8 43 66 da 00 callq ffffffff81f37673 <_cond_resched>
>
>
>
> Forwarded by penguin-kernel@...ove.sakura.ne.jp
> ----------------------- Original Message -----------------------
> From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
> To: Petr Mladek <pmladek@...e.com>
> Cc: kernel test robot <shun.hao@...el.com>, Cong Wang <xiyou.wangcong@...il.com>, Dave Hansen <dave.hansen@...el.com>, Johannes Weiner <hannes@...xchg.org>, Mel Gorman <mgorman@...e.de>, Michal Hocko <mhocko@...nel.org>, Vlastimil Babka <vbabka@...e.cz>, Peter Zijlstra <peterz@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Jan Kara <jack@...e.cz>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, Byungchul Park <byungchul.park@....com>, Tejun Heo <tj@...nel.org>, Pavel Machek <pavel@....cz>, Steven Rostedt <rostedt@...dmis.org>, Sergey Senozhatsky <sergey.senozhatsky@...il.com>, LKML <linux-kernel@...r.kernel.org>, lkp@...org
> Date: Thu, 01 Mar 2018 12:26:15 +0900
> Subject: Re: [lkp-robot] [printk] c162d5b433: BUG:KASAN:use-after-scope_in_c
> ----
>
> Tetsuo Handa wrote:
>> Petr Mladek wrote:
>> > I am really curious what code is proceed on the line
>> > console_unlock+0x185/0x960.
>>
>> I can reproduce this warning with VMware environment.
>> Something is happening inside __asan_store1() before calling raw_spin_lock(&console_owner_lock) ?
>>
>
> Interesting thing is that as of commit 97ace515f01439d4 on linux.git, there is no
> such __asan_store1() before calling raw_spin_lock(&console_owner_lock) and hence
> cannot reproduce this warning. Maybe a KASAN bug as of commit c162d5b4338d72de ?
>
>
>
> ffffffff8115d3a1 <console_unlock>:
> * If there is output waiting, we wake /dev/kmsg and syslog() users.
> *
> * console_unlock(); may be called from any context.
> */
> void console_unlock(void)
> {
> ffffffff8115d3a1: e8 5a 44 ca 00 callq ffffffff81e01800 <__fentry__>
> ffffffff8115d3a6: 41 57 push %r15
> ffffffff8115d3a8: 41 56 push %r14
> ffffffff8115d3aa: 41 55 push %r13
> ffffffff8115d3ac: 41 54 push %r12
> ffffffff8115d3ae: 55 push %rbp
> ffffffff8115d3af: 53 push %rbx
> ffffffff8115d3b0: 48 83 ec 28 sub $0x28,%rsp
> static u64 seen_seq;
> unsigned long flags;
> bool wake_klogd = false;
> bool do_cond_resched, retry;
>
> if (console_suspended) {
> ffffffff8115d3b4: e8 6e e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d3b9: 83 3d 60 e1 34 03 00 cmpl $0x0,0x334e160(%rip) # ffffffff844ab520 <console_suspended>
> ffffffff8115d3c0: 74 0a je ffffffff8115d3cc <console_unlock+0x2b>
> up_console_sem();
> ffffffff8115d3c2: e8 60 e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d3c7: e9 4d 07 00 00 jmpq ffffffff8115db19 <console_unlock+0x778>
> *
> * console_trylock() is not able to detect the preemptive
> * context reliably. Therefore the value must be stored before
> * and cleared after the the "again" goto label.
> */
> do_cond_resched = console_may_schedule;
> ffffffff8115d3cc: e8 56 e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d3d1: 8b 05 69 df 34 03 mov 0x334df69(%rip),%eax # ffffffff844ab340 <console_may_schedule>
> {
> static char ext_text[CONSOLE_EXT_LOG_MAX];
> static char text[LOG_LINE_MAX + PREFIX_MAX];
> static u64 seen_seq;
> unsigned long flags;
> bool wake_klogd = false;
> ffffffff8115d3d7: 45 31 f6 xor %r14d,%r14d
>
> static __always_inline bool variable_test_bit(long nr, volatile const unsigned long *addr)
> {
> bool oldbit;
>
> asm volatile("bt %2,%1"
> ffffffff8115d3da: 49 c7 c5 e8 92 01 83 mov $0xffffffff830192e8,%r13
> *
> * console_trylock() is not able to detect the preemptive
> * context reliably. Therefore the value must be stored before
> * and cleared after the the "again" goto label.
> */
> do_cond_resched = console_may_schedule;
> ffffffff8115d3e1: 89 44 24 18 mov %eax,0x18(%rsp)
> again:
> console_may_schedule = 0;
> ffffffff8115d3e5: e8 3d e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> * unless they're explicitly marked as being able to cope (CON_ANYTIME) don't
> * call them until this CPU is officially up.
> */
> static inline int can_use_console(void)
> {
> return cpu_online(raw_smp_processor_id()) || have_callable_console();
> ffffffff8115d3ea: 65 8b 05 3f ad eb 7e mov %gs:0x7eebad3f(%rip),%eax # 18130 <cpu_number>
> * context reliably. Therefore the value must be stored before
> * and cleared after the the "again" goto label.
> */
> do_cond_resched = console_may_schedule;
> again:
> console_may_schedule = 0;
> ffffffff8115d3f1: c7 05 45 df 34 03 00 movl $0x0,0x334df45(%rip) # ffffffff844ab340 <console_may_schedule>
> ffffffff8115d3f8: 00 00 00
> *
> * Returns 1 if @cpu is set in @cpumask, else returns 0
> */
> static inline int cpumask_test_cpu(int cpu, const struct cpumask *cpumask)
> {
> return test_bit(cpumask_check(cpu), cpumask_bits((cpumask)));
> ffffffff8115d3fb: 89 c0 mov %eax,%eax
> ffffffff8115d3fd: 49 0f a3 45 00 bt %rax,0x0(%r13)
> * unless they're explicitly marked as being able to cope (CON_ANYTIME) don't
> * call them until this CPU is officially up.
> */
> static inline int can_use_console(void)
> {
> return cpu_online(raw_smp_processor_id()) || have_callable_console();
> ffffffff8115d402: 0f 82 26 01 00 00 jb ffffffff8115d52e <console_unlock+0x18d>
> */
> static int have_callable_console(void)
> {
> struct console *con;
>
> for_each_console(con)
> ffffffff8115d408: e8 1a e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d40d: 48 8b 1d cc e1 34 03 mov 0x334e1cc(%rip),%rbx # ffffffff844ab5e0 <console_drivers>
> ffffffff8115d414: e8 0e e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d419: 48 85 db test %rbx,%rbx
> ffffffff8115d41c: 0f 84 e8 06 00 00 je ffffffff8115db0a <console_unlock+0x769>
> if ((con->flags & CON_ENABLED) &&
> ffffffff8115d422: e8 00 e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d427: 48 8d 7b 40 lea 0x40(%rbx),%rdi
> ffffffff8115d42b: e8 4c 1c 1a 00 callq ffffffff812ff07c <__asan_load2>
> ffffffff8115d430: 8b 43 40 mov 0x40(%rbx),%eax
> ffffffff8115d433: 83 e0 14 and $0x14,%eax
> ffffffff8115d436: 66 83 f8 14 cmp $0x14,%ax
> ffffffff8115d43a: 0f 84 ee 00 00 00 je ffffffff8115d52e <console_unlock+0x18d>
> */
> static int have_callable_console(void)
> {
> struct console *con;
>
> for_each_console(con)
> ffffffff8115d440: e8 e2 e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d445: 48 8d 7b 50 lea 0x50(%rbx),%rdi
> ffffffff8115d449: e8 18 1e 1a 00 callq ffffffff812ff266 <__asan_load8>
> ffffffff8115d44e: 48 8b 5b 50 mov 0x50(%rbx),%rbx
> ffffffff8115d452: eb c0 jmp ffffffff8115d414 <console_unlock+0x73>
> ffffffff8115d454: e8 ce e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d459: 65 8b 05 d0 ac eb 7e mov %gs:0x7eebacd0(%rip),%eax # 18130 <cpu_number>
> ffffffff8115d460: 89 c0 mov %eax,%eax
> ffffffff8115d462: 49 0f a3 45 00 bt %rax,0x0(%r13)
> ffffffff8115d467: 0f 82 b1 03 00 00 jb ffffffff8115d81e <console_unlock+0x47d>
> {
> struct console *con;
>
> trace_console_rcuidle(text, len);
>
> if (!console_drivers)
> ffffffff8115d46d: e8 b5 e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d472: 48 8b 1d 67 e1 34 03 mov 0x334e167(%rip),%rbx # ffffffff844ab5e0 <console_drivers>
> ffffffff8115d479: 48 85 db test %rbx,%rbx
> ffffffff8115d47c: 0f 85 63 04 00 00 jne ffffffff8115d8e5 <console_unlock+0x544>
> */
> console_lock_spinning_enable();
>
> stop_critical_timings(); /* don't trace print latency */
> call_console_drivers(ext_text, ext_len, text, len);
> start_critical_timings();
> ffffffff8115d482: e8 a0 e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d487: e8 ce 49 0a 00 callq ffffffff81201e5a <start_critical_timings>
> */
> static int console_lock_spinning_disable_and_check(void)
> {
> int waiter;
>
> raw_spin_lock(&console_owner_lock);
> ffffffff8115d48c: 48 c7 c7 00 38 b5 82 mov $0xffffffff82b53800,%rdi /*** ffffffff82b53800 d console_owner_lock ***/
> ffffffff8115d493: 48 89 eb mov %rbp,%rbx
> ffffffff8115d496: e8 5e b3 bf 00 callq ffffffff81d587f9 <_raw_spin_lock>
> ffffffff8115d49b: 44 8a 25 7e da 24 03 mov 0x324da7e(%rip),%r12b # ffffffff843aaf20 <console_waiter>
> waiter = READ_ONCE(console_waiter);
> console_owner = NULL;
> raw_spin_unlock(&console_owner_lock);
> ffffffff8115d4a2: 48 c7 c7 00 38 b5 82 mov $0xffffffff82b53800,%rdi
> {
> int waiter;
>
> raw_spin_lock(&console_owner_lock);
> waiter = READ_ONCE(console_waiter);
> console_owner = NULL;
> ffffffff8115d4a9: 48 c7 05 ac da 24 03 movq $0x0,0x324daac(%rip) # ffffffff843aaf60 <console_owner>
> ffffffff8115d4b0: 00 00 00 00
> ffffffff8115d4b4: 81 e3 00 02 00 00 and $0x200,%ebx
> raw_spin_unlock(&console_owner_lock);
> ffffffff8115d4ba: e8 95 b5 bf 00 callq ffffffff81d58a54 <_raw_spin_unlock>
>
> if (!waiter) {
> ffffffff8115d4bf: 45 84 e4 test %r12b,%r12b
> ffffffff8115d4c2: 0f 85 cf 04 00 00 jne ffffffff8115d997 <console_unlock+0x5f6>
> spin_release(&console_owner_dep_map, 1, _THIS_IP_);
> ffffffff8115d4c8: e8 5a e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d4cd: 48 c7 c2 c8 d4 15 81 mov $0xffffffff8115d4c8,%rdx
> ffffffff8115d4d4: be 01 00 00 00 mov $0x1,%esi
> ffffffff8115d4d9: 48 c7 c7 80 38 b5 82 mov $0xffffffff82b53880,%rdi
> ffffffff8115d4e0: e8 97 82 fe ff callq ffffffff8114577c <lock_release>
> if (console_lock_spinning_disable_and_check()) {
> printk_safe_exit_irqrestore(flags);
> return;
> }
>
> printk_safe_exit_irqrestore(flags);
> ffffffff8115d4e5: e8 f3 25 00 00 callq ffffffff8115fadd <__printk_safe_exit>
> ffffffff8115d4ea: 48 85 db test %rbx,%rbx
> ffffffff8115d4ed: 0f 85 22 05 00 00 jne ffffffff8115da15 <console_unlock+0x674>
> ffffffff8115d4f3: e8 2f e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d4f8: 48 89 ef mov %rbp,%rdi
> ffffffff8115d4fb: e8 f4 cf ff ff callq ffffffff8115a4f4 <arch_local_irq_restore>
> ffffffff8115d500: e8 94 25 fe ff callq ffffffff8113fa99 <trace_hardirqs_off>
>
> if (do_cond_resched)
> ffffffff8115d505: e8 1d e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d50a: 83 7c 24 18 00 cmpl $0x0,0x18(%rsp)
> ffffffff8115d50f: 74 1d je ffffffff8115d52e <console_unlock+0x18d>
> cond_resched();
> ffffffff8115d511: e8 11 e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc>
> ffffffff8115d516: 31 d2 xor %edx,%edx
> ffffffff8115d518: be 66 09 00 00 mov $0x966,%esi
> ffffffff8115d51d: 48 c7 c7 20 85 27 82 mov $0xffffffff82278520,%rdi
> ffffffff8115d524: e8 24 8b fb ff callq ffffffff8111604d <___might_sleep>
> ffffffff8115d529: e8 ad 68 bf 00 callq ffffffff81d53ddb <_cond_resched>
+Ard, Kees
This is a problem with GCC_PLUGIN_STRUCTLEAK_BYREF_ALL. It inserts an
initializing write for __u used in READ_ONCE outside of live scope of
the variable.
Below "movb $0x1,0x0(%r13)" and "movb $0xf8,0x0(%r13)" denote live
scope of the variable __u (the 0xf8 that appears in the KASAN report).
But the initializing store at ffffffff811a5f84 (and the corresponding
KASAN check) are outside of that scope, which causes the KASAN report.
ffffffff811a5f61: 49 8d 9f 40 ff ff ff lea -0xc0(%r15),%rbx
ffffffff811a5f68: 4d 8d 67 80 lea -0x80(%r15),%r12
kernel/printk/printk.c:1600
waiter = READ_ONCE(console_waiter);
ffffffff811a5f79: 49 89 dd mov %rbx,%r13
ffffffff811a5f7c: e8 d3 4e 21 00 callq ffffffff813bae54 <__asan_store1>
ffffffff811a5f81: 4c 89 e7 mov %r12,%rdi
ffffffff811a5f84: 41 c6 87 40 ff ff ff movb $0x0,-0xc0(%r15)
ffffffff811a5f8b: 00
ffffffff811a5f8c: 49 c1 ed 03 shr $0x3,%r13
ffffffff811a5f90: e8 bf 4e 21 00 callq ffffffff813bae54 <__asan_store1>
kernel/printk/printk.c:1599
raw_spin_lock(&console_owner_lock);
ffffffff811a5f95: 48 c7 c7 e0 90 b5 82 mov $0xffffffff82b590e0,%rdi
ffffffff811a5f9c: 41 c6 47 80 00 movb $0x0,-0x80(%r15)
ffffffff811a5fa1: e8 92 a9 e7 00 callq ffffffff82020938 <_raw_spin_lock>
kernel/printk/printk.c:1600
waiter = READ_ONCE(console_waiter);
ffffffff811a5fa6: 4c 03 ad e8 fe ff ff add -0x118(%rbp),%r13
__read_once_size():
./include/linux/compiler.h:178
})
static __always_inline
void __read_once_size(const volatile void *p, void *res, int size)
{
__READ_ONCE_SIZE;
ffffffff811a5fad: 44 8a 35 2c 7b e6 02 mov 0x2e67b2c(%rip),%r14b
# ffffffff8400dae0 <console_waiter>
ffffffff811a5fb4: 48 89 df mov %rbx,%rdi
console_lock_spinning_disable_and_check():
kernel/printk/printk.c:1600
ffffffff811a5fb7: 41 c6 45 00 01 movb $0x1,0x0(%r13)
__read_once_size():
./include/linux/compiler.h:178
ffffffff811a5fbc: e8 93 4e 21 00 callq ffffffff813bae54 <__asan_store1>
console_lock_spinning_disable_and_check():
kernel/printk/printk.c:1600
ffffffff811a5fc1: 48 89 df mov %rbx,%rdi
__read_once_size():
./include/linux/compiler.h:178
ffffffff811a5fc4: 45 88 b7 40 ff ff ff mov %r14b,-0xc0(%r15)
console_lock_spinning_disable_and_check():
kernel/printk/printk.c:1600
ffffffff811a5fcb: e8 3d 4e 21 00 callq ffffffff813bae0d <__asan_load1>
ffffffff811a5fd0: 45 8a b7 40 ff ff ff mov -0xc0(%r15),%r14b
kernel/printk/printk.c:1602
raw_spin_unlock(&console_owner_lock);
ffffffff811a5fd7: 48 c7 c7 e0 90 b5 82 mov $0xffffffff82b590e0,%rdi
ffffffff811a5fde: 41 c6 45 00 f8 movb $0xf8,0x0(%r13)
kernel/printk/printk.c:1601
console_owner = NULL;
ffffffff811a5fe3: 48 c7 05 32 7b e6 02 movq $0x0,0x2e67b32(%rip)
# ffffffff8400db20 <console_owner>
ffffffff811a5fea: 00 00 00 00
kernel/printk/printk.c:1602
raw_spin_unlock(&console_owner_lock);
ffffffff811a5fee: e8 d1 ab e7 00 callq ffffffff82020bc4
<_raw_spin_unlock>
We either need to fix GCC_PLUGIN_STRUCTLEAK_BYREF_ALL (and probably
GCC_PLUGIN_STRUCTLEAK) to insert initialization at proper places or
run before KASAN instrumentation (though, since the initializing
stores are instrumented, it already runs partially before KASAN), or
declare GCC_PLUGIN_STRUCTLEAK incompatible with KASAN (it's not the
first time we debug this).
Powered by blists - more mailing lists