| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3e3af3b6-28fe-448f-90f1-4f2ed0c651f4@paulmck-laptop> Date: Tue, 20 Jan 2026 21:11:11 -0800 From: "Paul E. McKenney" <paulmck@...nel.org> To: Sergey Senozhatsky <senozhatsky@...omium.org> Cc: Peter Zijlstra <peterz@...radead.org>, Thomas Gleixner <tglx@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, Steven Rostedt <rostedt@...dmis.org>, linux-mm@...ck.org, linux-kernel@...r.kernel.org Subject: Re: [next-20260120] KASAN: maybe wild-memory-access in select_task_rq_fair On Wed, Jan 21, 2026 at 01:03:02PM +0900, Sergey Senozhatsky wrote: > Hello, > > I'm seeing the following KASAN report on next-20260120 (qemu x86_64). > There seems to be a lot of stuff going on in the call trace: I'll say! > [ 1.714941][ T136] ================================================================== > [ 1.715713][ C0] Oops: general protection fault, probably for non-canonical address 0xeb1125008e9810b0: 0000 [#1] SMP KASAN > [ 1.715702][ T136] ------------[ cut here ]------------ > [ 1.716702][ C0] KASAN: maybe wild-memory-access in range [0x5889480474c08580-0x5889480474c08587] > [ 1.716702][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.19.0-rc6-next-20260120-00004-g7dff00c348a6 #645 PREEMPT > [ 1.715702][ T136] WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0xb6/0xe0, CPU#2: devtmpf.X/136 This is most likely to happen when you do an rcu_read_unlock() without a matchine rcu_read_lock(). It could also happen if you nested rcu_read_lock() a billion deep. Or if RCU had a strange bug. Or if someone corrupted the current task_struct structure's =>rcu_read_lock_nesting field. Is it feasible to bisect this? Thanx, Paul > [ 1.716702][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.1 11/11/2019 > [ 1.716702][ C0] RIP: 0010:select_task_rq_fair+0x37b/0x920 > [ 1.715702][ T136] Modules linked in: > [ 1.716702][ C0] Code: 3c 02 00 0f 85 9b 05 00 00 4d 8b 26 4d 85 e4 0f 84 5e 04 00 00 4d 8d 6c 24 3c b8 ff ff 37 00 4c 89 ee 48 c1 e0 2a 48 c1 ee 03 <0f> b6 34 06 4c 89 e8 83 e0 07 83 c0 03 40 38 f0 7c 0d 40 84 f6 74 > [ 1.715702][ T136] CPU: 2 UID: 62500582 PID: 136 Comm: devtmpf.X Not tainted 6.19.0-rc6-next-20260120-00004-g7dff00c348a6 #645 PREEMPT > [ 1.716702][ C0] RSP: 0000:ffff88875ea08a08 EFLAGS: 00010003 > [ 1.715702][ T136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.1 11/11/2019 > [ 1.716702][ C0] > [ 1.716702][ C0] RAX: dffffc0000000000 RBX: 0000000000000008 RCX: 0000000000000000 > [ 1.716702][ C0] RDX: 1ffffffff032f83e RSI: 0b1129008e9810b0 RDI: ffff88875ea37ed0 > [ 1.716702][ C0] RBP: ffff888100bf2240 R08: 0000000000000000 R09: 0000000000000000 > [ 1.716702][ C0] R10: ffffffff814b2ddb R11: ffff88875ea08ff8 R12: 5889480474c08548 > [ 1.716702][ C0] R13: 5889480474c08584 R14: ffffffff8197c1f5 R15: 0000000000000000 > [ 1.716702][ C0] FS: 0000000000000000(0000) GS:ffff8887da44b000(0000) knlGS:0000000000000000 > [ 1.716702][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 1.716702][ C0] CR2: ffff888005601000 CR3: 000000000387d001 CR4: 0000000000770ef0 > [ 1.716702][ C0] PKRU: 55555554 > [ 1.716702][ C0] Call Trace: > [ 1.716702][ C0] <IRQ> > [ 1.716702][ C0] ? select_idle_sibling+0x1490/0x1490 > [ 1.716702][ C0] ? select_idle_sibling+0x1490/0x1490 > [ 1.716702][ C0] select_task_rq+0x13a/0x410 > [ 1.716702][ C0] try_to_wake_up+0x429/0xfc0 > [ 1.716702][ C0] ? select_task_rq+0x410/0x410 > [ 1.716702][ C0] ? lock_acquire+0xe2/0x110 > [ 1.716702][ C0] ? call_timer_fn+0x116/0x3b0 > [ 1.716702][ C0] ? hrtimers_cpu_dying+0x4f0/0x4f0 > [ 1.716702][ C0] call_timer_fn+0x157/0x3b0 > [ 1.716702][ C0] ? do_raw_spin_lock+0x124/0x260 > [ 1.716702][ C0] ? __try_to_del_timer_sync+0x120/0x120 > [ 1.716702][ C0] ? __rwlock_init+0x140/0x140 > [ 1.716702][ C0] ? find_held_lock+0x2b/0x80 > [ 1.716702][ C0] ? start_dl_timer+0x28c/0x4c0 > [ 1.716702][ C0] expire_timers+0x20b/0x3a0 > [ 1.716702][ C0] ? hrtimers_cpu_dying+0x4f0/0x4f0 > [ 1.716702][ C0] __run_timer_base.part.0+0x4aa/0x610 > [ 1.716702][ C0] ? expire_timers+0x3a0/0x3a0 > [ 1.716702][ C0] ? tmigr_requires_handle_remote+0x154/0x270 > [ 1.716702][ C0] ? kvm_sched_clock_read+0xd/0x20 > [ 1.716702][ C0] ? sched_clock_cpu+0x139/0x4f0 > [ 1.716702][ C0] ? lock_acquire+0xe2/0x110 > [ 1.716702][ C0] ? sched_clock_tick+0x5f/0x240 > [ 1.716702][ C0] ? do_raw_spin_lock+0x124/0x260 > [ 1.716702][ C0] run_timer_softirq+0x128/0x210 > [ 1.716702][ C0] ? timer_delete_sync_try+0xe0/0xe0 > [ 1.716702][ C0] ? nohz_run_idle_balance+0x170/0x170 > [ 1.716702][ C0] handle_softirqs+0x1c6/0x680 > [ 1.716702][ C0] ? ktime_get+0x1a6/0x1d0 > [ 1.716702][ C0] ? tasklet_unlock_wait+0x50/0x50 > [ 1.716702][ C0] ? clockevents_program_event+0x1c5/0x270 > [ 1.716702][ C0] __irq_exit_rcu+0xaf/0xe0 > [ 1.716702][ C0] irq_exit_rcu+0x5/0x10 > [ 1.716702][ C0] sysvec_apic_timer_interrupt+0x67/0x80 > [ 1.716702][ C0] </IRQ> > [ 1.716702][ C0] <TASK> > [ 1.716702][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 > [ 1.716702][ C0] RIP: 0010:pv_native_safe_halt+0xb/0x10 > [ 1.716702][ C0] Code: 48 8b 3d d8 7f 69 01 e8 23 00 00 00 48 2b 05 5c 90 6d 00 c3 cc cc cc cc cc cc cc cc cc cc cc eb 07 0f 00 2d 57 8d 11 00 fb f4 <c3> cc cc cc cc 8b 17 48 89 fe 89 d7 83 e7 fe 0f 01 f9 66 90 0f be > [ 1.716702][ C0] RSP: 0000:ffffffff83807e20 EFLAGS: 00000202 > [ 1.716702][ C0] RAX: 00000000000038f1 RBX: ffffffff8381b480 RCX: ffffed10ebd463b3 > [ 1.716702][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff814e855b > [ 1.716702][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10ebd463b2 > [ 1.716702][ C0] R10: ffff88875ea31d93 R11: 0000000000000000 R12: 0000000000000000 > [ 1.716702][ C0] R13: 1ffffffff0700fc8 R14: dffffc0000000000 R15: 0000000000014790 > [ 1.716702][ C0] ? cpuidle_idle_call+0x22b/0x360 > [ 1.716702][ C0] default_idle+0x5/0x10 > [ 1.716702][ C0] default_idle_call+0x68/0xa0 > [ 1.716702][ C0] cpuidle_idle_call+0x22b/0x360 > [ 1.716702][ C0] ? arch_cpu_idle_exit+0x30/0x30 > [ 1.716702][ C0] ? mark_tsc_async_resets+0x10/0x10 > [ 1.716702][ C0] ? lockdep_hardirqs_on_prepare.part.0+0x93/0x130 > [ 1.716702][ C0] do_idle+0xd0/0x120 > [ 1.716702][ C0] cpu_startup_entry+0x4b/0x60 > [ 1.716702][ C0] rest_init+0x1aa/0x1b0 > [ 1.716702][ C0] start_kernel+0x37f/0x380 > [ 1.716702][ C0] x86_64_start_reservations+0x20/0x20 > [ 1.716702][ C0] x86_64_start_kernel+0xd1/0xe0 > [ 1.716702][ C0] common_startup_64+0x12c/0x138 > [ 1.716702][ C0] </TASK> > [ 1.716702][ C0] Modules linked in: > [ 1.716702][ C0] ---[ end trace 0000000000000000 ]--- > [ 1.715702][ T136] Oops: general protection fault, probably for non-canonical address 0xdffffc00f06bbbfd: 0000 [#2] SMP KASAN > [ 1.716702][ C0] RIP: 0010:select_task_rq_fair+0x37b/0x920 > [ 1.715702][ T136] KASAN: probably user-memory-access in range [0x00000007835ddfe8-0x00000007835ddfef] > [ 1.716702][ C0] Code: 3c 02 00 0f 85 9b 05 00 00 4d 8b 26 4d 85 e4 0f 84 5e 04 00 00 4d 8d 6c 24 3c b8 ff ff 37 00 4c 89 ee 48 c1 e0 2a 48 c1 ee 03 <0f> b6 34 06 4c 89 e8 83 e0 07 83 c0 03 40 38 f0 7c 0d 40 84 f6 74 > [ 1.715702][ T136] CPU: 2 UID: 62500582 PID: 136 Comm: devtmpf.X Tainted: G D 6.19.0-rc6-next-20260120-00004-g7dff00c348a6 #645 PREEMPT > [ 1.716702][ C0] RSP: 0000:ffff88875ea08a08 EFLAGS: 00010003 > [ 1.715702][ T136] Tainted: [D]=DIE > [ 1.715702][ T136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.1 11/11/2019 > [ 1.716702][ C0] RAX: dffffc0000000000 RBX: 0000000000000008 RCX: 0000000000000000 > [ 1.715702][ T136] Oops: general protection fault, probably for non-canonical address 0xdffffc00f06bbbfd: 0000 [#3] SMP KASAN > [ 1.716702][ C0] RDX: 1ffffffff032f83e RSI: 0b1129008e9810b0 RDI: ffff88875ea37ed0 > [ 1.715702][ T136] KASAN: probably user-memory-access in range [0x00000007835ddfe8-0x00000007835ddfef] > [ 1.716702][ C0] RBP: ffff888100bf2240 R08: 0000000000000000 R09: 0000000000000000 > [ 1.715702][ T136] CPU: 2 UID: 62500582 PID: 136 Comm: devtmpf.X Tainted: G D 6.19.0-rc6-next-20260120-00004-g7dff00c348a6 #645 PREEMPT > [ 1.716702][ C0] R10: ffffffff814b2ddb R11: ffff88875ea08ff8 R12: 5889480474c08548 > [ 1.715702][ T136] Tainted: [D]=DIE > [ 1.715702][ T136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.1 11/11/2019 > [ 1.716702][ C0] R13: 5889480474c08584 R14: ffffffff8197c1f5 R15: 0000000000000000 > [ 1.715702][ T136] Oops: general protection fault, probably for non-canonical address 0xdffffc00f06bbbfd: 0000 [#4] SMP KASAN > [ 1.716702][ C0] FS: 0000000000000000(0000) GS:ffff8887da44b000(0000) knlGS:0000000000000000 > [ 1.715702][ T136] KASAN: probably user-memory-access in range [0x00000007835ddfe8-0x00000007835ddfef] > [ 1.716702][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 1.715702][ T136] CPU: 2 UID: 62500582 PID: 136 Comm: devtmpf.X Tainted: G D 6.19.0-rc6-next-20260120-00004-g7dff00c348a6 #645 PREEMPT > [ 1.716702][ C0] CR2: ffff888005601000 CR3: 000000000387d001 CR4: 0000000000770ef0 > [ 1.715702][ T136] Tainted: [D]=DIE > [ 1.716702][ C0] PKRU: 55555554 > [ 1.715702][ T136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.1 11/11/2019 > [ 1.716702][ C0] Kernel panic - not syncing: Fatal exception in interrupt > [ 1.716702][ C0] Shutting down cpus with NMI > [ 1.716702][ C0] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
Powered by blists - more mailing lists