lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 4 Nov 2019 16:25:17 +0800
From:   kernel test robot <lkp@...el.com>
To:     Navid Emamdoost <navid.emamdoost@...il.com>
Cc:     emamd001@....edu, smccaman@....edu, kjlu@....edu,
        Navid Emamdoost <navid.emamdoost@...il.com>,
        Johannes Berg <johannes@...solutions.net>,
        "David S. Miller" <davem@...emloft.net>,
        linux-wireless@...r.kernel.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, lkp@...ts.01.org
Subject: [cfg80211] 17e52ab494: stack_segment:#[##]

FYI, we noticed the following commit (built with gcc-7):

commit: 17e52ab494ea09617d8f0ab3345057e7506b6ad9 ("[PATCH] cfg80211: Fix memory leak in cfg80211_inform_single_bss_frame_data")
url: https://github.com/0day-ci/linux/commits/Navid-Emamdoost/cfg80211-Fix-memory-leak-in-cfg80211_inform_single_bss_frame_data/20191030-051221
base: https://git.kernel.org/cgit/linux/kernel/git/jberg/mac80211-next.git master

in testcase: hwsim
with following parameters:

	group: hwsim-01



on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------------+------------+------------+
|                                                       | 7dfd8ac327 | 17e52ab494 |
+-------------------------------------------------------+------------+------------+
| boot_successes                                        | 30         | 3          |
| boot_failures                                         | 0          | 64         |
| general_protection_fault:#[##]                        | 0          | 22         |
| RIP:kmem_cache_alloc_trace                            | 0          | 13         |
| Kernel_panic-not_syncing:Fatal_exception              | 0          | 20         |
| BUG:stack_guard_page_was_hit_at#(stack_is#..#)        | 0          | 3          |
| RIP:fib6_node_lookup                                  | 0          | 3          |
| stack_segment:#[##]                                   | 0          | 25         |
| RIP:__kmalloc                                         | 0          | 26         |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0          | 34         |
| BUG:soft_lockup-CPU##stuck_for#s                      | 0          | 10         |
| RIP:native_queued_spin_lock_slowpath                  | 0          | 10         |
| Kernel_panic-not_syncing:softlockup:hung_tasks        | 0          | 10         |
| BUG:kernel_NULL_pointer_dereference,address           | 0          | 4          |
| Oops:#[##]                                            | 0          | 4          |
| RIP:nexthop_for_each_fib6_nh                          | 0          | 3          |
| RIP:native_safe_halt                                  | 0          | 8          |
| RIP:_raw_spin_lock_bh                                 | 0          | 1          |
| RIP:console_unlock                                    | 0          | 4          |
| WARNING:at_net/ipv6/ip6_fib.c:#fib6_walk_continue     | 0          | 6          |
| RIP:fib6_walk_continue                                | 0          | 6          |
| RIP:_raw_spin_unlock_irqrestore                       | 0          | 1          |
| RIP:__find_rr_leaf                                    | 0          | 1          |
| RIP:__memcpy                                          | 0          | 1          |
| WARNING:at_kernel/rcu/tree.c:#rcu_do_batch            | 0          | 1          |
| RIP:rcu_do_batch                                      | 0          | 1          |
| RIP:find_match                                        | 0          | 1          |
+-------------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>


[  281.352720] ieee80211 phy4: mac80211_hwsim_conf_tx (queue=3 txop=0 cw_min=15 cw_max=1023 aifs=7)
[  281.356547] ieee80211 phy4: mac80211_hwsim_bss_info_changed(changed=0x2000 vif->addr=02:00:00:00:04:00)
[  281.361679] ieee80211 phy0: mac80211_hwsim_config (freq=2412(2412 - 0)/noht idle=0 ps=0 smps=static)
[  281.364156] hwsim sw_scan request, prepping stuff
[  281.366627] ieee80211 phy0: mac80211_hwsim_configure_filter
[  281.371287] stack segment: 0000 [#1] SMP PTI
[  281.372607] CPU: 1 PID: 4794 Comm: hostapd Not tainted 5.3.0-13249-g17e52ab494ea0 #1
[  281.374319] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[  281.376263] RIP: 0010:__kmalloc+0x9d/0x270
[  281.377534] Code: 01 00 00 4d 8b 07 65 49 8b 50 08 65 4c 03 05 d2 09 78 68 49 8b 28 48 85 ed 0f 84 a1 01 00 00 41 8b 47 20 4d 8b 07 48 8d 4a 01 <48> 8b 5c 05 00 48 89 e8 65 49 0f c7 08 0f 94 c0 84 c0 74 c5 41 8b
[  281.381319] RSP: 0018:ffffbe9a800a89f0 EFLAGS: 00010206
[  281.382976] RAX: 0000000000000000 RBX: 0000000000000b20 RCX: 00000000000014e6
[  281.384938] RDX: 00000000000014e5 RSI: 0000000000000b20 RDI: ffff97a947c02fc0
[  281.386519] RBP: 00059640db432a5a R08: 000000000002f120 R09: 0000000000000000
[  281.388613] R10: ffffbe9a800a8b70 R11: ffff97a9e69e0098 R12: 0000000000000b20
[  281.390908] R13: 00000000000000d9 R14: ffff97a947c02fc0 R15: ffff97a947c02fc0
[  281.393153] FS:  00007f5ed0c61700(0000) GS:ffff97aa7fd00000(0000) knlGS:0000000000000000
[  281.395588] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  281.397443] CR2: 00007f12d1692008 CR3: 00000001a5e30000 CR4: 00000000000406e0
[  281.399645] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  281.401935] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  281.404221] Call Trace:
[  281.405634]  <IRQ>
[  281.407011]  ? cfg80211_inform_single_bss_frame_data+0xcf/0x380 [cfg80211]
[  281.409205]  cfg80211_inform_single_bss_frame_data+0xcf/0x380 [cfg80211]
[  281.411411]  ? check_preempt_curr+0x2d/0x90
[  281.413159]  ? cfg80211_inform_bss_frame_data+0x37/0x3e0 [cfg80211]
[  281.415314]  cfg80211_inform_bss_frame_data+0x37/0x3e0 [cfg80211]
[  281.417391]  ? reweight_entity+0x154/0x1a0
[  281.419164]  ? check_preempt_wakeup+0x11e/0x230
[  281.420972]  ieee80211_bss_info_update+0xe8/0x2b0 [mac80211]
[  281.422978]  ? ttwu_do_wakeup+0x1e/0x160
[  281.424646]  ? try_to_wake_up+0x6b/0x590
[  281.426338]  ? pollwake+0x74/0x90
[  281.427947]  ? wake_up_q+0x80/0x80
[  281.429500]  ? __wake_up_common+0x76/0x170
[  281.431207]  ? __wake_up_common_lock+0x87/0xc0
[  281.432984]  ? sock_def_readable+0x43/0x80
[  281.434749]  ? packet_rcv+0x2f7/0x4d0
[  281.436350]  ieee80211_scan_rx+0xd6/0x120 [mac80211]
[  281.438235]  ieee80211_rx_napi+0x96a/0xa90 [mac80211]
[  281.440190]  ? llc_rcv+0x1ab/0x300 [llc]
[  281.441824]  ? process_backlog+0xd5/0x170
[  281.443499]  ieee80211_tasklet_handler+0xbd/0xd0 [mac80211]
[  281.445482]  tasklet_action_common+0x5e/0x120
[  281.447312]  __do_softirq+0xe3/0x2f8
[  281.448854]  do_softirq_own_stack+0x2a/0x40
[  281.450487]  </IRQ>
[  281.451773]  do_softirq+0x41/0x50
[  281.453358]  __local_bh_enable_ip+0x4b/0x50
[  281.455076]  ieee80211_mgmt_tx+0x36d/0x580 [mac80211]
[  281.456852]  ? syscall_return_via_sysret+0xf/0x7f
[  281.458579]  cfg80211_mlme_mgmt_tx+0x10e/0x300 [cfg80211]
[  281.460419]  nl80211_tx_mgmt+0x320/0x3b0 [cfg80211]
[  281.462218]  genl_family_rcv_msg+0x203/0x400
[  281.463822]  ? get_page_from_freelist+0x15e7/0x1600
[  281.465488]  genl_rcv_msg+0x47/0x90
[  281.466962]  ? netlink_rcv_skb+0xc2/0x110
[  281.468431]  ? genl_family_rcv_msg+0x400/0x400
[  281.469991]  netlink_rcv_skb+0x4a/0x110
[  281.471518]  genl_rcv+0x24/0x40
[  281.472823]  netlink_unicast+0x193/0x230
[  281.474260]  netlink_sendmsg+0x2c7/0x3c0
[  281.475709]  sock_sendmsg+0x5b/0x60
[  281.477038]  ___sys_sendmsg+0x289/0x310
[  281.478427]  ? __generic_file_write_iter+0x192/0x1c0
[  281.480098]  ? __switch_to_asm+0x34/0x70
[  281.481489]  ? generic_file_write_iter+0x105/0x170
[  281.483057]  ? new_sync_write+0x12d/0x1d0
[  281.484475]  ? __sys_sendmsg+0x5e/0xa0
[  281.485827]  __sys_sendmsg+0x5e/0xa0
[  281.487166]  do_syscall_64+0x5b/0x1d0
[  281.488485]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  281.490055] RIP: 0033:0x7f5ecea88dc7
[  281.491448] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb cd 66 0f 1f 44 00 00 8b 05 4a 49 2b 00 85 c0 75 2e 48 63 ff 48 63 d2 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 a1 f0 2a 00 f7 d8 64 89 02 48
[  281.496207] RSP: 002b:00007ffee627e138 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  281.498355] RAX: ffffffffffffffda RBX: 0000558434f23f80 RCX: 00007f5ecea88dc7
[  281.500372] RDX: 0000000000000000 RSI: 00007ffee627e1c0 RDI: 0000000000000007
[  281.502395] RBP: 0000558434f23e90 R08: 0000000000000004 R09: 00000000000000f0
[  281.504425] R10: 00007ffee627e29c R11: 0000000000000246 R12: 000055843553af70
[  281.506419] R13: 00007ffee627e1c0 R14: 00007ffee627e2f8 R15: 00007ffee627e29c
[  281.508512] Modules linked in: veth bridge stp llc cmac ccm mac80211_hwsim mac80211 cfg80211 rfkill libarc4 bochs_drm drm_vram_helper ttm sr_mod cdrom sg intel_rapl_msr ata_generic pata_acpi intel_rapl_common crct10dif_pclmul crc32_pclmul crc32c_intel drm_kms_helper ghash_clmulni_intel ppdev syscopyarea sysfillrect sysimgblt fb_sys_fops drm snd_pcm snd_timer aesni_intel crypto_simd cryptd snd glue_helper ata_piix soundcore joydev pcspkr serio_raw libata i2c_piix4 parport_pc floppy parport ip_tables
[  281.519824] ---[ end trace 89d647cf452f4b83 ]---
[  281.521477] RIP: 0010:__kmalloc+0x9d/0x270
[  281.523152] Code: 01 00 00 4d 8b 07 65 49 8b 50 08 65 4c 03 05 d2 09 78 68 49 8b 28 48 85 ed 0f 84 a1 01 00 00 41 8b 47 20 4d 8b 07 48 8d 4a 01 <48> 8b 5c 05 00 48 89 e8 65 49 0f c7 08 0f 94 c0 84 c0 74 c5 41 8b
[  281.528732] RSP: 0018:ffffbe9a800a89f0 EFLAGS: 00010206
[  281.531135] RAX: 0000000000000000 RBX: 0000000000000b20 RCX: 00000000000014e6
[  281.533323] RDX: 00000000000014e5 RSI: 0000000000000b20 RDI: ffff97a947c02fc0
[  281.535660] RBP: 00059640db432a5a R08: 000000000002f120 R09: 0000000000000000
[  281.537922] R10: ffffbe9a800a8b70 R11: ffff97a9e69e0098 R12: 0000000000000b20
[  281.540194] R13: 00000000000000d9 R14: ffff97a947c02fc0 R15: ffff97a947c02fc0
[  281.542579] FS:  00007f5ed0c61700(0000) GS:ffff97aa7fd00000(0000) knlGS:0000000000000000
[  281.545928] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  281.548293] CR2: 00007f12d1692008 CR3: 00000001a5e30000 CR4: 00000000000406e0
[  281.550636] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  281.553000] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  281.555504] Kernel panic - not syncing: Fatal exception in interrupt
[  281.559423] Kernel Offset: 0x16600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)

Elapsed time: 280

qemu-img create -f qcow2 disk-vm-snb-3e69c9392a65-0 256G


To reproduce:

        # build kernel
	cd linux
	cp config-5.3.0-13249-g17e52ab494ea0 .config
	make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



Thanks,
lkp


View attachment "config-5.3.0-13249-g17e52ab494ea0" of type "text/plain" (200554 bytes)

View attachment "job-script" of type "text/plain" (4897 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (137912 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ