lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 5 Jun 2019 08:42:22 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     Ioana Ciornei <ioana.ciornei@....com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Vladimir Oltean <olteanv@...il.com>,
        Florian Fainelli <f.fainelli@...il.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [net] 0e27921816: kernel_BUG_at_drivers/net/phy/mdio_bus.c

FYI, we noticed the following commit (built with gcc-7):

commit: 0e27921816ad99f78140e0c61ddf2bc515cc7e22 ("net: dsa: Use PHYLINK for the CPU/DSA ports")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------+------------+------------+
|                                          | 77373d49de | 0e27921816 |
+------------------------------------------+------------+------------+
| boot_successes                           | 14         | 0          |
| boot_failures                            | 1          | 16         |
| BUG:kernel_hang_in_boot_stage            | 1          |            |
| kernel_BUG_at_drivers/net/phy/mdio_bus.c | 0          | 16         |
| invalid_opcode:#[##]                     | 0          | 16         |
| RIP:mdiobus_free                         | 0          | 16         |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 16         |
+------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>


[   30.407329] kernel BUG at drivers/net/phy/mdio_bus.c:503!
[   30.409066] invalid opcode: 0000 [#1] SMP KASAN PTI
[   30.410155] CPU: 1 PID: 114 Comm: kworker/1:1 Tainted: G                T 5.2.0-rc1-00391-g0e27921 #1
[   30.412336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   30.414226] Workqueue: events deferred_probe_work_func
[   30.415501] RIP: 0010:mdiobus_free+0x4b/0x6f
[   30.416504] Code: 48 89 df 5b 5d 41 5c e9 ec 8b fe fe 31 f6 83 fd 03 48 c7 c7 48 4d 70 90 40 0f 95 c6 31 c9 31 d2 e8 75 bb f1 fe 83 fd 03 74 02 <0f> 0b 4c 89 e7 e8 a3 ba fe fe c7 83 98 00 00 00 04 00 00 00 48 8d
[   30.423831] RSP: 0000:ffff88806995fb88 EFLAGS: 00010297
[   30.425093] RAX: fffffbfff20e0900 RBX: ffff88806744a940 RCX: ffffffff8b7df4e9
[   30.426602] RDX: 0000000000000000 RSI: 2000040000000000 RDI: ffffffff90704d68
[   30.428104] RBP: 0000000000000002 R08: 0000000000000003 R09: 0000000000000007
[   30.429594] R10: 0000000000000000 R11: ffffffff90501f2b R12: ffff88806744a9d8
[   30.431080] R13: 0000000000000003 R14: ffff888050801b00 R15: ffff888050801c88
[   30.432642] FS:  0000000000000000(0000) GS:ffff88806b300000(0000) knlGS:0000000000000000
[   30.434525] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.435783] CR2: 00000000ffffffff CR3: 000000005c622000 CR4: 00000000000406a0
[   30.437377] Call Trace:
[   30.437976]  release_nodes+0x287/0x2e6
[   30.438856]  ? _raw_spin_lock_irq+0x1c/0x1c
[   30.439782]  ? list_move_tail+0x6a/0x6a
[   30.440655]  ? __device_links_no_driver+0xad/0xc2
[   30.441734]  really_probe+0x43c/0x637
[   30.442599]  ? driver_allows_async_probing+0x3a/0x3a
[   30.443756]  bus_for_each_drv+0xff/0x13c
[   30.444627]  ? subsys_find_device_by_id+0x197/0x197
[   30.445661]  ? klist_next+0x12e/0x13e
[   30.446594]  __device_attach+0xfe/0x1b7
[   30.447517]  ? device_bind_driver+0x5e/0x5e
[   30.448489]  ? ftrace_likely_update+0x23a/0x261
[   30.449479]  bus_probe_device+0x54/0xea
[   30.450406]  deferred_probe_work_func+0xf6/0x121
[   30.451520]  process_one_work+0x35a/0x552
[   30.452460]  process_scheduled_works+0x32/0x37
[   30.453475]  worker_thread+0x396/0x4af
[   30.454337]  ? process_scheduled_works+0x37/0x37
[   30.455492]  kthread+0x1ca/0x1d9
[   30.456249]  ? __kthread_cancel_work+0xab/0xab
[   30.457278]  ret_from_fork+0x24/0x30
[   30.458149] ---[ end trace fa7633f222494403 ]---


To reproduce:

        # build kernel
	cd linux
	cp config-5.2.0-rc1-00391-g0e27921 .config
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
Rong Chen


View attachment "config-5.2.0-rc1-00391-g0e27921" of type "text/plain" (147421 bytes)

View attachment "job-script" of type "text/plain" (4385 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (19684 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ