| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Apr 2019 17:55:01 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: Bart Van Assche <bvanassche@....org>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Will Deacon <will.deacon@....com>,
Waiman Long <longman@...hat.com>,
shenghui <shhuiw@...mail.com>,
LKML <linux-kernel@...r.kernel.org>,
Bart Van Assche <bart.vanassche@...disk.com>, lkp@...org
Subject: [locking/lockdep] b6957ee36c:
WARNING:at_kernel/locking/lockdep.c:#lockdep_unregister_key
FYI, we noticed the following commit (built with gcc-5):
commit: b6957ee36c281c84f9fdd3deda5a78ddf303c296 ("locking/lockdep: Zap lock classes even with lock debugging disabled")
https://github.com/bvanassche/linux for-next
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-----------------------------------------------------------------------------+------------+------------+
| | 0d498b752b | b6957ee36c |
+-----------------------------------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 16 | 12 |
| BUG:kernel_in_stage | 4 | 1 |
| kobject(#):tried_to_init_an_initialized_object,something_is_seriously_wrong | 12 | 11 |
| BUG:KASAN:use-after-free_in_t | 12 | 11 |
| WARNING:at_kernel/locking/lockdep.c:#lockdep_unregister_key | 0 | 11 |
| RIP:lockdep_unregister_key | 0 | 11 |
+-----------------------------------------------------------------------------+------------+------------+
[ 526.537883] WARNING: CPU: 0 PID: 1 at kernel/locking/lockdep.c:4920 lockdep_unregister_key+0x1dd/0x390
[ 526.540038] CPU: 0 PID: 1 Comm: swapper Tainted: G B T 5.1.0-rc3-00007-gb6957ee3 #1
[ 526.540038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 526.540038] RIP: 0010:lockdep_unregister_key+0x1dd/0x390
[ 526.540038] Code: 48 c1 e8 03 42 80 3c 30 00 0f 85 81 01 00 00 48 8b 1b 48 85 db 75 c2 48 83 c5 01 48 89 2d 8b e6 d0 08 48 83 05 93 e6 d0 08 01 <0f> 0b 48 83 05 91 e6 d0 08 01 48 83 05 91 e6 d0 08 01 ba 01 00 00
[ 526.540038] RSP: 0000:ffff8880678af800 EFLAGS: 00010002
[ 526.540038] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8534af18
[ 526.540038] RDX: 1ffffffff14c7b9d RSI: ffffffff814122f5 RDI: ffff8880678a10e8
[ 526.540038] RBP: ffffffff8a63dce8 R08: fffffbfff0e34159 R09: fffffbfff0e34159
[ 526.540038] R10: 0000000006f66365 R11: fffffbfff0e34158 R12: ffff888057b00b50
[ 526.540038] R13: 0000000000000202 R14: ffff8880678a0000 R15: ffffffff8a3b61c8
[ 526.540038] FS: 0000000000000000(0000) GS:ffffffff870d9000(0000) knlGS:0000000000000000
[ 526.540038] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 526.540038] CR2: 0000000000000000 CR3: 0000000007028000 CR4: 00000000000006f0
[ 526.540038] Call Trace:
[ 526.540038] blk_free_flush_queue+0x2c/0x80
[ 526.540038] blk_mq_exit_hctx+0x295/0x420
[ 526.540038] blk_mq_free_queue+0x3a5/0x530
[ 526.540038] blk_cleanup_queue+0x1da/0x290
[ 526.540038] __scsi_remove_device+0x118/0x470
[ 526.540038] scsi_forget_host+0x16c/0x220
[ 526.540038] scsi_remove_host+0x124/0x300
[ 526.540038] sdebug_driver_remove+0x63/0x300
[ 526.540038] ? driver_sysfs_add+0x12b/0x380
[ 526.540038] ? config_cdb_len+0x3b0/0x3b0
[ 526.540038] really_probe+0x21a/0xbd0
[ 526.540038] ? resp_inquiry+0x3d80/0x3d80
[ 526.540038] driver_probe_device+0x115/0x2d0
[ 526.540038] __device_attach_driver+0x1dc/0x260
[ 526.540038] ? driver_allows_async_probing+0xe0/0xe0
[ 526.540038] bus_for_each_drv+0x16b/0x210
[ 526.540038] ? subsys_find_device_by_id+0x3e0/0x3e0
[ 526.540038] __device_attach+0x24a/0x370
[ 526.540038] ? device_bind_driver+0x100/0x100
[ 526.540038] ? kobject_uevent_env+0x39a/0x1500
[ 526.540038] device_initial_probe+0x1e/0x30
[ 526.540038] bus_probe_device+0x222/0x2d0
[ 526.540038] device_add+0xee1/0x18b0
[ 526.540038] ? dev_set_name+0xf0/0xf0
[ 526.540038] ? __raw_spin_lock_init+0x38/0x110
[ 526.540038] ? __init_waitqueue_head+0x45/0xa0
[ 526.540038] device_register+0x29/0x40
[ 526.540038] sdebug_add_adapter+0x22b/0x5f0
[ 526.540038] ? kobject_uevent+0x20/0x30
[ 526.540038] scsi_debug_init+0xd3c/0xfbd
[ 526.540038] ? init_osst+0x24a/0x24a
[ 526.540038] ? kobject_uevent+0x20/0x30
[ 526.540038] ? osst_setup+0x346/0x346
[ 526.540038] ? init_osst+0x24a/0x24a
[ 526.540038] do_one_initcall+0x138/0x2eb
[ 526.540038] ? start_kernel+0x933/0x933
[ 526.540038] ? reacquire_held_locks+0x550/0x550
[ 526.540038] ? lock_acquire+0xc3/0x180
[ 526.540038] ? __usermodehelper_set_disable_depth+0x1c/0x60
[ 526.540038] kernel_init_freeable+0x390/0x4b2
[ 526.540038] ? rest_init+0x200/0x200
[ 526.540038] kernel_init+0x17/0x250
[ 526.540038] ? rest_init+0x200/0x200
[ 526.540038] ? rest_init+0x200/0x200
[ 526.540038] ret_from_fork+0x1f/0x30
[ 526.540038] ---[ end trace 6914c1771d2db339 ]---
To reproduce:
# build kernel
cd linux
cp config-5.1.0-rc3-00007-gb6957ee3 .config
make HOSTCC=gcc-5 CC=gcc-5 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-5 CC=gcc-5 ARCH=x86_64 prepare
make HOSTCC=gcc-5 CC=gcc-5 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-5 CC=gcc-5 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-5 CC=gcc-5 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
View attachment "config-5.1.0-rc3-00007-gb6957ee3" of type "text/plain" (127019 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (13640 bytes)
Powered by blists - more mailing lists