| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jun 2018 13:08:38 +0800
From: kernel test robot <xiaolong.ye@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: mingo@...nel.org, oleg@...hat.com, gkohli@...eaurora.org,
tglx@...utronix.de, mpe@...erman.id.au, bigeasy@...utronix.de,
linux-kernel@...r.kernel.org, will.deacon@....com,
peterz@...radead.org, dzickus@...hat.com, lkp@...org
Subject: [lkp-robot] [watchdog/softlockup] 4808e7a5dc:
BUG:KASAN:null-ptr-deref_in_h
FYI, we noticed the following commit (built with gcc-5):
commit: 4808e7a5dc055fd8776e6b59e02775730ea716f6 ("watchdog/softlockup: Replace "watchdog/%u" threads with cpu_stop_work")
url: https://github.com/0day-ci/linux/commits/Peter-Zijlstra/kthread-smpboot-More-fixes/20180613-003329
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -smp 2 -m 512M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+--------------------------------------------------------------------+------------+------------+
| | 1e88b12632 | 4808e7a5dc |
+--------------------------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 10 | 11 |
| WARNING:at_lib/debugobjects.c:#__debug_object_init | 10 | |
| RIP:__debug_object_init | 10 | |
| WARNING:suspicious_RCU_usage | 10 | |
| lib/test_rhashtable.c:#suspicious_rcu_dereference_protected()usage | 10 | |
| WARNING:possible_circular_locking_dependency_detected | 9 | |
| BUG:workqueue_lockup-pool | 1 | |
| BUG:KASAN:null-ptr-deref_in_h | 0 | 11 |
| BUG:unable_to_handle_kernel | 0 | 11 |
| Oops:#[##] | 0 | 11 |
| RIP:hrtimer_active | 0 | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 11 |
+--------------------------------------------------------------------+------------+------------+
[ 0.037000] BUG: KASAN: null-ptr-deref in hrtimer_active+0x70/0xa0
[ 0.037000] Read of size 4 at addr 0000000000000010 by task swapper/1
[ 0.037000]
[ 0.037000] CPU: 0 PID: 1 Comm: swapper Tainted: G T 4.17.0-11348-g4808e7a #1
[ 0.037000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 0.037000] Call Trace:
[ 0.037000] ? kasan_report+0xe3/0x360
[ 0.037000] ? hrtimer_active+0x70/0xa0
[ 0.037000] ? hrtimer_try_to_cancel+0x17/0x210
[ 0.037000] ? hrtimer_cancel+0x15/0x20
[ 0.037000] ? softlockup_stop_fn+0x11/0x20
[ 0.037000] ? lockup_detector_reconfigure+0x25/0xa0
[ 0.037000] ? lockup_detector_init+0x51/0x5d
[ 0.037000] ? kernel_init_freeable+0xa9/0x243
[ 0.037000] ? rest_init+0xd0/0xd0
[ 0.037000] ? kernel_init+0xf/0x120
[ 0.037000] ? rest_init+0xd0/0xd0
[ 0.037000] ? ret_from_fork+0x24/0x30
[ 0.037000] ==================================================================
[ 0.037000] Disabling lock debugging due to kernel taint
[ 0.037032] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[ 0.038000] PGD 0 P4D 0
[ 0.038000] Oops: 0000 [#1] PREEMPT KASAN PTI
[ 0.038000] CPU: 0 PID: 1 Comm: swapper Tainted: G B T 4.17.0-11348-g4808e7a #1
[ 0.038000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 0.038000] RIP: 0010:hrtimer_active+0x70/0xa0
[ 0.038000] Code: 11 4c 89 f7 e8 a1 05 19 00 48 8b 45 30 48 39 c3 74 36 4c 89 f7 e8 90 05 19 00 48 8b 5d 30 4c 8d 6b 10 4c 89 ef e8 80 04 19 00 <44> 8b 63 10 41 f6 c4 01 74 a2 f3 90 eb ea 5b b8 01 00 00 00 5d 41
[ 0.038000] RSP: 0000:ffff88000015fe68 EFLAGS: 00010282
[ 0.038000] RAX: ffff880000154900 RBX: 0000000000000000 RCX: 0000000000000000
[ 0.038000] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffff8242a236
[ 0.038000] RBP: ffffffff8351ef20 R08: 0000000000000000 R09: 0000000000000000
[ 0.038000] R10: 0000000000000001 R11: fffffbfff09346c7 R12: 0000000000000000
[ 0.038000] R13: 0000000000000010 R14: ffffffff8351ef50 R15: ffffffff8351ef58
[ 0.038000] FS: 0000000000000000(0000) GS:ffffffff83482000(0000) knlGS:0000000000000000
[ 0.038000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.038000] CR2: 0000000000000010 CR3: 0000000003424000 CR4: 00000000000006b0
[ 0.038000] Call Trace:
[ 0.038000] ? hrtimer_try_to_cancel+0x17/0x210
[ 0.038000] ? hrtimer_cancel+0x15/0x20
[ 0.038000] ? softlockup_stop_fn+0x11/0x20
[ 0.038000] ? lockup_detector_reconfigure+0x25/0xa0
[ 0.038000] ? lockup_detector_init+0x51/0x5d
[ 0.038000] ? kernel_init_freeable+0xa9/0x243
[ 0.038000] ? rest_init+0xd0/0xd0
[ 0.038000] ? kernel_init+0xf/0x120
[ 0.038000] ? rest_init+0xd0/0xd0
[ 0.038000] ? ret_from_fork+0x24/0x30
[ 0.038000] CR2: 0000000000000010
[ 0.038000] ---[ end trace 223de5392cf44f69 ]---
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
View attachment "config-4.17.0-11348-g4808e7a" of type "text/plain" (114377 bytes)
View attachment "job-script" of type "text/plain" (3943 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (6100 bytes)
Powered by blists - more mailing lists