| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Apr 2019 15:00:27 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: Florian Westphal <fw@...len.de>
Cc: "David S. Miller" <davem@...emloft.net>,
LKML <linux-kernel@...r.kernel.org>,
Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [net] 97cdcf37b5:
BUG:using__this_cpu_read()in_preemptible[#]code:systemd-timesyn
FYI, we noticed the following commit (built with gcc-7):
commit: 97cdcf37b57e3f204be3000b9eab9686f38b4356 ("net: place xmit recursion in softnet data")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-----------------------------------------------------------------+------------+------------+
| | 74dcb4c1a5 | 97cdcf37b5 |
+-----------------------------------------------------------------+------------+------------+
| boot_successes | 10 | 5 |
| boot_failures | 2 | 7 |
| BUG:kernel_reboot-without-warning_in_test_stage | 2 | |
| BUG:using__this_cpu_read()in_preemptible[#]code:systemd-timesyn | 0 | 7 |
+-----------------------------------------------------------------+------------+------------+
[ 122.128702] BUG: using __this_cpu_read() in preemptible [00000000] code: systemd-timesyn/283
[ 122.134075] caller is ip6_output+0x3a5/0x7f0
[ 122.135345] CPU: 0 PID: 283 Comm: systemd-timesyn Not tainted 5.1.0-rc2-00580-g97cdcf3 #1
[ 122.137478] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 122.139696] Call Trace:
[ 122.140478] dump_stack+0x86/0xc5
[ 122.141637] __this_cpu_preempt_check+0x19d/0x1c0
[ 122.146615] ip6_output+0x3a5/0x7f0
[ 122.153794] ip6_local_out+0x1a6/0x290
[ 122.155207] ? ip6_sk_dst_lookup_flow+0x463/0x780
[ 122.156582] ip6_send_skb+0x84/0x1b0
[ 122.157690] udp_v6_send_skb+0x694/0x1580
[ 122.159048] udpv6_sendmsg+0x1a55/0x2530
[ 122.160237] ? save_stack+0x43/0xd0
[ 122.161322] ? __kasan_kmalloc+0xa4/0xd0
[ 122.162763] ? ip_output+0x1c0/0x1c0
[ 122.163949] ? do_syscall_64+0x21/0xdfd
[ 122.165132] ? udpv6_setsockopt+0x30/0x30
[ 122.166326] ? __save_stack_trace+0x83/0xd0
[ 122.167585] ? save_stack+0x43/0xd0
[ 122.168671] ? __kasan_kmalloc+0xa4/0xd0
[ 122.170110] ? kasan_slab_alloc+0x12/0x20
[ 122.171315] ? kmem_cache_alloc+0xbd/0x550
[ 122.172553] ? __x64_sys_epoll_ctl+0xad8/0x36f0
[ 122.173990] ? do_syscall_64+0xf8/0xdfd
[ 122.175147] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 122.176618] ? trace_hardirqs_off+0x77/0x2b0
[ 122.177872] ? __sock_create+0x107/0x250
[ 122.179053] ? __fget+0x22c/0x2d0
[ 122.180085] ? __might_sleep+0x9a/0x190
[ 122.181249] inet_sendmsg+0xc7/0x410
[ 122.182350] ? udpv6_sendmsg+0x5/0x2530
[ 122.183588] ? inet_sendmsg+0xc7/0x410
[ 122.184727] __sys_sendto+0x285/0x390
[ 122.185871] ? __x64_sys_getpeername+0xb0/0xb0
[ 122.189611] ? kasan_check_write+0x14/0x20
[ 122.191101] ? fput_many+0x20/0x130
[ 122.192185] ? fput+0x13/0x20
[ 122.193153] ? __x64_sys_epoll_ctl+0x2a6/0x36f0
[ 122.194612] ? preempt_count_add+0xc1/0x1b0
[ 122.196104] ? read_actions_logged+0x2e0/0x2e0
[ 122.198094] ? put_timespec64+0xa9/0x100
[ 122.199277] ? kvm_clock_get_cycles+0x9/0x10
[ 122.200530] ? posix_get_boottime+0x3d/0x70
[ 122.201774] ? __x64_sys_clock_gettime+0x124/0x170
[ 122.203157] ? __x64_sys_clock_settime+0x1d0/0x1d0
[ 122.204535] __x64_sys_sendto+0xe1/0x1a0
[ 122.205748] ? __secure_computing+0xcc/0x290
[ 122.207015] do_syscall_64+0xf8/0xdfd
[ 122.208134] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 122.209611] ? syscall_return_slowpath+0x5c0/0x5c0
[ 122.210981] ? trace_hardirqs_off_caller+0x6d/0x290
[ 122.212381] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 122.213825] RIP: 0033:0x7fb7fbb77693
[ 122.214931] Code: 49 89 ca b8 2c 00 00 00 0f 05 48 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 cb f7 ff ff 48 89 04 24 49 89 ca b8 2c 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 11 f8 ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 122.219784] RSP: 002b:00007ffcf45d8fb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 122.221973] RAX: ffffffffffffffda RBX: 000055f4809ec630 RCX: 00007fb7fbb77693
[ 122.223888] RDX: 0000000000000030 RSI: 00007ffcf45d8fd0 RDI: 000000000000000d
[ 122.225808] RBP: 00007ffcf45d8fd0 R08: 000055f4809efac8 R09: 000000000000001c
[ 122.227736] R10: 0000000000000040 R11: 0000000000000293 R12: 0000000000000000
[ 122.229663] R13: 00007ffcf45d9000 R14: 0000000000000066 R15: 0000000000000000
[ 128.230905] Writes: Total: 86739088 Max/Min: 0/0 Fail: 0
[ 132.379339] BUG: using __this_cpu_read() in preemptible [00000000] code: systemd-timesyn/283
[ 132.383668] caller is ip6_output+0x3a5/0x7f0
[ 132.385076] CPU: 0 PID: 283 Comm: systemd-timesyn Not tainted 5.1.0-rc2-00580-g97cdcf3 #1
[ 132.387545] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 132.390088] Call Trace:
[ 132.391079] dump_stack+0x86/0xc5
[ 132.392255] __this_cpu_preempt_check+0x19d/0x1c0
[ 132.393737] ip6_output+0x3a5/0x7f0
[ 132.394959] ip6_local_out+0x1a6/0x290
[ 132.396178] ? ip6_sk_dst_lookup_flow+0x463/0x780
[ 132.397683] ip6_send_skb+0x84/0x1b0
[ 132.398943] udp_v6_send_skb+0x694/0x1580
[ 132.400408] udpv6_sendmsg+0x1a55/0x2530
[ 132.401771] ? save_stack+0x43/0xd0
[ 132.402945] ? __kasan_kmalloc+0xa4/0xd0
[ 132.404508] ? ip_output+0x1c0/0x1c0
[ 132.407428] ? do_syscall_64+0x21/0xdfd
[ 132.408760] ? udpv6_setsockopt+0x30/0x30
[ 132.410118] ? __save_stack_trace+0x83/0xd0
[ 132.411478] ? save_stack+0x43/0xd0
[ 132.412728] ? __kasan_kmalloc+0xa4/0xd0
[ 132.414377] ? kasan_slab_alloc+0x12/0x20
[ 132.415743] ? kmem_cache_alloc+0xbd/0x550
[ 132.417099] ? __x64_sys_epoll_ctl+0xad8/0x36f0
[ 132.418621] ? do_syscall_64+0xf8/0xdfd
[ 132.419897] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 132.421457] ? trace_hardirqs_off+0x77/0x2b0
[ 132.422898] ? __sock_create+0x107/0x250
[ 132.424124] ? __fget+0x22c/0x2d0
[ 132.425269] ? __might_sleep+0x9a/0x190
[ 132.426587] inet_sendmsg+0xc7/0x410
[ 132.427851] ? udpv6_sendmsg+0x5/0x2530
[ 132.429241] ? inet_sendmsg+0xc7/0x410
[ 132.430508] __sys_sendto+0x285/0x390
[ 132.431769] ? __x64_sys_getpeername+0xb0/0xb0
[ 132.433245] ? kasan_check_write+0x14/0x20
[ 132.434623] ? fput_many+0x20/0x130
[ 132.435808] ? fput+0x13/0x20
[ 132.436877] ? __x64_sys_epoll_ctl+0x2a6/0x36f0
[ 132.438365] ? preempt_count_add+0xc1/0x1b0
[ 132.440031] ? read_actions_logged+0x2e0/0x2e0
[ 132.441592] ? put_timespec64+0xa9/0x100
[ 132.442935] ? kvm_clock_get_cycles+0x9/0x10
[ 132.444551] ? posix_get_boottime+0x3d/0x70
[ 132.445944] ? __x64_sys_clock_gettime+0x124/0x170
[ 132.447482] ? __x64_sys_clock_settime+0x1d0/0x1d0
[ 132.449078] __x64_sys_sendto+0xe1/0x1a0
[ 132.450416] ? __secure_computing+0xcc/0x290
[ 132.451835] do_syscall_64+0xf8/0xdfd
[ 132.453097] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 132.454806] ? syscall_return_slowpath+0x5c0/0x5c0
[ 132.456168] ? trace_hardirqs_off_caller+0x6d/0x290
[ 132.457546] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 132.459192] RIP: 0033:0x7fb7fbb77693
[ 132.460397] Code: 49 89 ca b8 2c 00 00 00 0f 05 48 3d 01 f0 ff ff 73 34 c3 48 83 ec 08 e8 cb f7 ff ff 48 89 04 24 49 89 ca b8 2c 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 11 f8 ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 132.466482] RSP: 002b:00007ffcf45d8fb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 132.470514] RAX: ffffffffffffffda RBX: 000055f4809ec630 RCX: 00007fb7fbb77693
[ 132.472803] RDX: 0000000000000030 RSI: 00007ffcf45d8fd0 RDI: 000000000000000d
[ 132.475040] RBP: 00007ffcf45d8fd0 R08: 000055f4809efba8 R09: 000000000000001c
[ 132.477296] R10: 0000000000000040 R11: 0000000000000293 R12: 0000000000000000
[ 132.479514] R13: 00007ffcf45d9000 R14: 0000000000000066 R15: 0000000000000000
Elapsed time: 130
qemu-img create -f qcow2 disk-vm-snb-2G-147-0 256G
qemu-img create -f qcow2 disk-vm-snb-2G-147-1 256G
qemu-img create -f qcow2 disk-vm-snb-2G-147-2 256G
qemu-img create -f qcow2 disk-vm-snb-2G-147-3 256G
qemu-img create -f qcow2 disk-vm-snb-2G-147-4 256G
qemu-img create -f qcow2 disk-vm-snb-2G-147-5 256G
qemu-img create -f qcow2 disk-vm-snb-2G-147-6 256G
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu SandyBridge
-kernel $kernel
-initrd initrd-vm-snb-2G-147
-m 2048
-smp 2
-device e1000,netdev=net0
-netdev user,id=net0,hostfwd=tcp::23254-:22
-boot order=nc
-no-reboot
-watchdog i6300esb
-watchdog-action debug
-rtc base=localtime
-drive file=disk-vm-snb-2G-147-0,media=disk,if=virtio
-drive file=disk-vm-snb-2G-147-1,media=disk,if=virtio
-drive file=disk-vm-snb-2G-147-2,media=disk,if=virtio
-drive file=disk-vm-snb-2G-147-3,media=disk,if=virtio
-drive file=disk-vm-snb-2G-147-4,media=disk,if=virtio
-drive file=disk-vm-snb-2G-147-5,media=disk,if=virtio
-drive file=disk-vm-snb-2G-147-6,media=disk,if=virtio
-serial stdio
-display none
-monitor null
)
append=(
ip=::::vm-snb-2G-147::dhcp
To reproduce:
# build kernel
cd linux
cp config-5.1.0-rc2-00580-g97cdcf3 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
View attachment "config-5.1.0-rc2-00580-g97cdcf3" of type "text/plain" (100533 bytes)
View attachment "job-script" of type "text/plain" (4420 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (16896 bytes)
Powered by blists - more mailing lists