lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 11 Dec 2018 14:13:20 +0800
From:   kernel test robot <lkp@...el.com>
To:     David Howells <dhowells@...hat.com>
Cc:     Al Viro <viro@...iv.linux.org.uk>,
        LKML <linux-kernel@...r.kernel.org>,
        linux-fsdevel@...r.kernel.org, lkp@...org
Subject: [NFS]  cf7886ae95: BUG:unable_to_handle_kernel


FYI, we noticed the following commit (built with gcc-7):

commit: cf7886ae95a845054b81e64127ae1ed457161852 ("NFS: Add fs_context support.")
https://git.kernel.org/cgit/linux/kernel/git/viro/vfs.git Q17

in testcase: locktorture
with following parameters:

	runtime: 300s
	test: cpuhotplug

test-description: This torture test consists of creating a number of kernel threads which acquire the lock and hold it for specific amount of time, thus simulating different critical region behaviors.
test-url: https://www.kernel.org/doc/Documentation/locking/locktorture.txt


on test machine: qemu-system-x86_64 -enable-kvm -cpu IvyBridge -smp 2 -m 2G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------+------------+------------+
|                                          | 82abd9aeeb | cf7886ae95 |
+------------------------------------------+------------+------------+
| boot_successes                           | 11         | 0          |
| boot_failures                            | 2          | 8          |
| End_of_test:RCU_HOTPLUG                  | 2          |            |
| BUG:unable_to_handle_kernel              | 0          | 8          |
| Oops:#[##]                               | 0          | 8          |
| RIP:security_sb_set_mnt_opts             | 0          | 8          |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 8          |
+------------------------------------------+------------+------------+



[    8.943957] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[    8.946087] PGD 0 P4D 0 
[    8.946991] Oops: 0000 [#1] SMP PTI
[    8.948027] CPU: 0 PID: 392 Comm: mount.nfs Not tainted 4.20.0-rc1-00059-gcf7886a #1
[    8.950060] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[    8.952192] RIP: 0010:security_sb_set_mnt_opts+0x15/0x60
[    8.953437] Code: 48 83 c4 20 5b c3 b8 ff ff ff ff eb f3 90 90 90 90 90 90 90 90 0f 1f 44 00 00 41 56 41 55 49 89 d5 41 54 55 ba a1 ff ff ff 53 <8b> 46 10 48 8b 1d 01 15 cf 01 85 c0 0f 45 c2 48 85 db 74 2a 49 89
[    8.957465] RSP: 0000:ffffc9000058fd50 EFLAGS: 00010246
[    8.958731] RAX: ffff88007d6f3c00 RBX: ffff88007d4f6800 RCX: ffffc9000058fd80
[    8.960275] RDX: 00000000ffffffa1 RSI: 0000000000000000 RDI: ffff88007d4f6800
[    8.961806] RBP: ffff88007d4f6800 R08: 0000000000026080 R09: ffffffff8139e6fc
[    8.963323] R10: ffffea0001fad9c0 R11: 0000000000000000 R12: ffff88007d6f3c00
[    8.964782] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[    8.966291] FS:  00007fae1cbde480(0000) GS:ffff880072800000(0000) knlGS:0000000000000000
[    8.968377] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    8.969726] CR2: 0000000000000010 CR3: 000000007d696000 CR4: 00000000001406f0
[    8.971212] Call Trace:
[    8.972096]  nfs_set_sb_security+0x44/0x90
[    8.973177]  nfs_get_tree_common+0xf8/0x350
[    8.974306]  nfs_try_get_tree+0x56/0x290
[    8.975332]  ? get_nfs_version+0x21/0x80
[    8.976402]  vfs_get_tree+0x61/0x160
[    8.977429]  do_mount+0x7ab/0xa30
[    8.978418]  ksys_mount+0x80/0xd0
[    8.979365]  __x64_sys_mount+0x21/0x30
[    8.980380]  do_syscall_64+0x5b/0x180
[    8.981425]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[    8.982652] RIP: 0033:0x7fae1c29a24a
[    8.983636] Code: 48 8b 0d 51 fc 2a 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1e fc 2a 00 f7 d8 64 89 01 48
[    8.987600] RSP: 002b:00007fffd183d398 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[    8.989645] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fae1c29a24a
[    8.991171] RDX: 000055c8181a1f90 RSI: 000055c8181a1f70 RDI: 000055c8181a0230
[    8.992770] RBP: 00007fffd183d590 R08: 000055c8181ad340 R09: 0000000000000060
[    8.994235] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fae1cbde410
[    8.995754] R13: 00007fffd183d590 R14: 00007fffd183d490 R15: 000055c8181ad320
[    8.997256] Modules linked in: sr_mod cdrom sg ata_generic pata_acpi crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ppdev snd_pcm aesni_intel crypto_simd cryptd snd_timer glue_helper snd soundcore pcspkr serio_raw ata_piix libata i2c_piix4 floppy parport_pc parport ip_tables
[    9.002636] CR2: 0000000000000010
[    9.003654] ---[ end trace 548dab2651173a46 ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
	bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email




Thanks,
lkp

View attachment "config-4.20.0-rc1-00059-gcf7886a" of type "text/plain" (168105 bytes)

View attachment "job-script" of type "text/plain" (4203 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (13908 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ