March 2018 - LKP - Ml01.01.Org

by kernel test robot

FYI, we noticed the following commit (built with gcc-4.9): commit: f7f99cf8bd76d91678e1d8b012a3df449a5c8558 ("crash vmalloc_to_page()") url: https://github.com/0day-ci/linux/commits/Igor-Stoppa/mm-crash-in-vmalloc_... base: git://git.cmpxchg.org/linux-mmotm.git master in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu Nehalem -smp 2 -m 512M caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +------------------------------------------+------------+------------+ | | 745388a346 | f7f99cf8bd | +------------------------------------------+------------+------------+ | boot_successes | 10 | 0 | | boot_failures | 2 | 11 | | BUG:workqueue_lockup-pool | 1 | | | WARNING:at_mm/vmalloc.c:#vmalloc_to_page | 1 | 11 | | RIP:vmalloc_to_page | 1 | 11 | +------------------------------------------+------------+------------+ To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, lkp

4 years, 2 months

1
0
0 / 0

[mtd] 444b19980f: BUG:KASAN:null-ptr-deref_in_n

by kernel test robot

FYI, we noticed the following commit (built with gcc-7): commit: 444b19980f9358b626c04018978d9d4d6cc003e4 ("mtd: rawnand: convert nandsim driver to nand_scan()") https://github.com/bbrezillon/linux-0day mraynal/nand-scan in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu Nehalem -smp 2 -m 512M caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +------------------------------------------+------------+------------+ | | 9e9c8e52de | 444b19980f | +------------------------------------------+------------+------------+ | boot_successes | 6 | 0 | | boot_failures | 0 | 6 | | BUG:KASAN:null-ptr-deref_in_n | 0 | 6 | | BUG:unable_to_handle_kernel | 0 | 6 | | Oops:#[##] | 0 | 6 | | RIP:ns_init_module | 0 | 6 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 6 | +------------------------------------------+------------+------------+ [ 42.540045] BUG: KASAN: null-ptr-deref in ns_init_module+0x883/0xc67 [ 42.540045] Write of size 8 at addr 00000000000000a8 by task swapper/1 [ 42.540045] [ 42.540045] CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1-00063-g444b199 #1 [ 42.540045] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 42.540045] Call Trace: [ 42.540045] kasan_report+0x228/0x258 [ 42.540045] ? do_early_param+0xe3/0xe3 [ 42.540045] ns_init_module+0x883/0xc67 [ 42.540045] ? init_nandsim+0xa56/0xa56 [ 42.540045] ? init_nandsim+0xa56/0xa56 [ 42.540045] ? do_early_param+0xe3/0xe3 [ 42.540045] do_one_initcall+0xe8/0x216 [ 42.540045] ? start_kernel+0x830/0x830 [ 42.540045] ? lock_contended+0x5d8/0x5d8 [ 42.540045] ? do_early_param+0xe3/0xe3 [ 42.540045] ? do_early_param+0xe3/0xe3 [ 42.540045] kernel_init_freeable+0x1a8/0x270 [ 42.540045] ? rest_init+0x274/0x274 [ 42.540045] kernel_init+0x11/0x155 [ 42.540045] ? rest_init+0x274/0x274 [ 42.540045] ret_from_fork+0x24/0x30 [ 42.540045] ================================================================== [ 42.540045] Disabling lock debugging due to kernel taint [ 42.649350] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a8 [ 42.650022] IP: ns_init_module+0x88a/0xc67 [ 42.650022] PGD 0 P4D 0 [ 42.650022] Oops: 0002 [#1] PREEMPT KASAN PTI [ 42.650022] CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.16.0-rc1-00063-g444b199 #1 [ 42.650022] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 42.650022] RIP: 0010:ns_init_module+0x88a/0xc67 [ 42.650022] RSP: 0000:ffff88001a2ffdb0 EFLAGS: 00010256 [ 42.650022] RAX: 0000000000000286 RBX: ffff8800135b2100 RCX: ffffffff82d2f591 [ 42.650022] RDX: ffffed000345ff00 RSI: dffffc0000000000 RDI: ffff8800135b2100 [ 42.650022] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000001 [ 42.650022] R10: fffffbfff0a83e19 R11: fffffbfff0c5cb0b R12: ffff8800135b2be8 [ 42.650022] R13: 0000000000000000 R14: ffffffff854df836 R15: ffffffff8560a098 [ 42.650022] FS: 0000000000000000(0000) GS:ffffffff840bc000(0000) knlGS:0000000000000000 [ 42.650022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.650022] CR2: 00000000000000a8 CR3: 000000000407e000 CR4: 00000000000006f0 [ 42.650022] Call Trace: [ 42.650022] ? init_nandsim+0xa56/0xa56 [ 42.650022] ? init_nandsim+0xa56/0xa56 [ 42.650022] ? do_early_param+0xe3/0xe3 [ 42.650022] do_one_initcall+0xe8/0x216 [ 42.650022] ? start_kernel+0x830/0x830 [ 42.650022] ? lock_contended+0x5d8/0x5d8 [ 42.650022] ? do_early_param+0xe3/0xe3 [ 42.650022] ? do_early_param+0xe3/0xe3 [ 42.650022] kernel_init_freeable+0x1a8/0x270 [ 42.650022] ? rest_init+0x274/0x274 [ 42.650022] kernel_init+0x11/0x155 [ 42.650022] ? rest_init+0x274/0x274 [ 42.650022] ret_from_fork+0x24/0x30 [ 42.650022] Code: e8 30 7a c4 fb 48 8d bb 40 09 00 00 e8 22 33 d7 fb 48 8b ab 40 09 00 00 48 8d bd a8 00 00 00 e8 8d 33 d7 fb 48 8b 3d d8 eb 8d 01 <48> c7 85 a8 00 00 00 74 38 06 82 be 01 00 00 00 e8 ad 94 ae fc [ 42.650022] RIP: ns_init_module+0x88a/0xc67 RSP: ffff88001a2ffdb0 [ 42.650022] CR2: 00000000000000a8 [ 42.650022] ---[ end trace 614f750dae5eaecc ]--- To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, lkp

4 years, 2 months

1
0
0 / 0

[lkp-robot] [mm, mlock, vmscan] 9c4e6b1a70: kernel_selftests.vm.mlock2-tests.fail

by kernel test robot

FYI, we noticed the following commit (built with gcc-7): commit: 9c4e6b1a7027f102990c0395296015a812525f4d ("mm, mlock, vmscan: no more skipping pagevecs") https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master in testcase: kernel_selftests with following parameters: group: kselftests-03 test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel. test-url: https://www.kernel.org/doc/Documentation/kselftest.txt on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 4G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): KERNEL SELFTESTS: linux_headers_dir is /usr/src/linux-headers-x86_64-rhel-7.2-9c4e6b1a7027f102990c0395296015a812525f4d 2018-03-01 17:58:33 ln -sf /usr/bin/gcc-5 /usr/bin/gcc ... -------------------- running mlock2-tests -------------------- Failed to make faulted page unevictable Failed to make faulted page unevictable Failed to make present page unevictable [FAIL] To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, Xiaolong

4 years, 2 months

1
0
0 / 0

097eb0af45: kernel_BUG_at_mm/hugetlb.c

by kernel test robot

FYI, we noticed the following commit (built with gcc-7): commit: 097eb0af45c0010f9d5cbbc5f623058b3a275950 ("Randomization of address chosen by mmap.") url: https://github.com/0day-ci/linux/commits/Ilya-Smith/Randomization-of-addr... base: git://git.cmpxchg.org/linux-mmotm.git master in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 1G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +------------------------------------------+------------+------------+ | | 745388a346 | 097eb0af45 | +------------------------------------------+------------+------------+ | boot_successes | 6 | 9 | | boot_failures | 0 | 4 | | kernel_BUG_at_mm/hugetlb.c | 0 | 4 | | invalid_opcode:#[##] | 0 | 4 | | RIP:__unmap_hugepage_range | 0 | 4 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 4 | +------------------------------------------+------------+------------+ [ 21.297686] kernel BUG at mm/hugetlb.c:3329! [ 21.299026] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 21.300197] CPU: 1 PID: 507 Comm: trinity-c3 Not tainted 4.16.0-rc2-mm1-00153-g097eb0a #101 [ 21.304957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 21.306766] RIP: 0010:__unmap_hugepage_range+0x5f/0x274 [ 21.308305] RSP: 0018:ffffa333c0bf7d20 EFLAGS: 00010206 [ 21.309410] RAX: 00000000001fffff RBX: ffff8d51ff3a1170 RCX: 0000000000000009 [ 21.310950] RDX: 00007f6e7bf10000 RSI: ffff8d51ff3a1170 RDI: ffffa333c0bf7df0 [ 21.312471] RBP: 00007f6e7c110000 R08: 0000000000000000 R09: 00007f6e7c110000 [ 21.313961] R10: ffffa333c0bf7cc0 R11: 0000000000000000 R12: 00007f6e7bf10000 [ 21.315541] R13: ffffa333c0bf7df0 R14: ffff8d51fe8e06f8 R15: ffffffffa4ad4d20 [ 21.317080] FS: 0000000000000000(0000) GS:ffff8d51f5800000(0000) knlGS:0000000000000000 [ 21.318828] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.320055] CR2: 0000560f12c38000 CR3: 000000002a816000 CR4: 00000000000006e0 [ 21.322177] DR0: 00007f66fb684000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.324102] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 21.325642] Call Trace: [ 21.326268] __unmap_hugepage_range_final+0x9/0x13 [ 21.327314] unmap_single_vma+0x8d/0xcd [ 21.328143] unmap_vmas+0x30/0x3d [ 21.328840] exit_mmap+0x93/0x13d [ 21.329553] mmput+0x64/0xe5 [ 21.330227] do_exit+0x3f1/0x995 [ 21.330908] do_group_exit+0xad/0xad [ 21.331691] SyS_exit_group+0xb/0xb [ 21.332450] do_syscall_64+0x6d/0x103 [ 21.333246] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 21.334358] RIP: 0033:0x6f45afc331c8 [ 21.335126] RSP: 002b:00007ffd436fcaa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7 [ 21.336525] RAX: ffffffffffffffda RBX: 4a4a4a4a4a4a4a4a RCX: 00006f45afc331c8 [ 21.337836] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 21.339366] RBP: 00006bd156196064 R08: 00000000000000e7 R09: ffffffffffffff98 [ 21.340895] R10: 0000000000000207 R11: 0000000000000202 R12: 0000000000000045 [ 21.342406] R13: 000000000000001a R14: 0000560f120153a0 R15: 00000000cccccccd [ 21.343895] Code: 07 00 00 4c 8b 78 58 b8 00 10 00 00 41 8b 4f 08 48 d3 e0 f6 46 52 40 48 89 04 24 75 02 0f 0b 49 8b 47 10 48 f7 d0 48 85 d0 74 02 <0f> 0b 4c 85 c8 74 02 0f 0b 8b 04 24 48 8b 6e 40 49 89 fc 4c 89 [ 21.346557] RIP: __unmap_hugepage_range+0x5f/0x274 RSP: ffffa333c0bf7d20 [ 21.348945] 01 00 00 00 48 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 39 f2 07 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.348955] [ 21.350744] ---[ end trace 685bd0bde9f67ae5 ]--- To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, lkp

4 years, 2 months

1
0
0 / 0

[lkp-robot] [printk] c162d5b433: BUG:KASAN:use-after-scope_in_c

by kernel test robot

TO: Petr Mladek <pmladek(a)suse.com> CC: Cong Wang <xiyou.wangcong(a)gmail.com>, Dave Hansen <dave.hansen(a)intel.com>, Johannes Weiner <hannes(a)cmpxchg.org>, Mel Gorman <mgorman(a)suse.de>, Michal Hocko <mhocko(a)kernel.org>, Vlastimil Babka <vbabka(a)suse.cz>, Peter Zijlstra <peterz(a)infradead.org>, Linus Torvalds <torvalds(a)linux-foundation.org>, Jan Kara <jack(a)suse.cz>, Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>, Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>, Byungchul Park <byungchul.park(a)lge.com>, Tejun Heo <tj(a)kernel.org>, Pavel Machek <pavel(a)ucw.cz>, Steven Rostedt (VMware) <rostedt(a)goodmis.org>, Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com>, LKML <linux-kernel(a)vger.kernel.org>, linux-kernel(a)vger.kernel.org, lkp(a)01.org FYI, we noticed the following commit (built with gcc-7): commit: c162d5b4338d72deed61aa65ed0f2f4ba2bbc8ab ("printk: Hide console waiter logic into helpers") https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 1G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +--------------------------------+------------+------------+ | | dbdda842fe | c162d5b433 | +--------------------------------+------------+------------+ | boot_successes | 0 | 0 | | boot_failures | 18 | 16 | | BUG:KASAN:use-after-scope_in_p | 18 | | | BUG:KASAN:use-after-scope_in_c | 0 | 16 | +--------------------------------+------------+------------+ [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x185/0x960 [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x185/0x960 [ 0.003333] Write of size 1 at addr ffffffff828079b8 by task swapper/0 [ 0.003333] Write of size 1 at addr ffffffff828079b8 by task swapper/0 [ 0.003333] [ 0.003333] [ 0.003333] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-12953-gc162d5b #1 [ 0.003333] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-12953-gc162d5b #1 [ 0.003333] Call Trace: [ 0.003333] Call Trace: [ 0.003333] ? dump_stack+0x11d/0x1c5 [ 0.003333] ? dump_stack+0x11d/0x1c5 [ 0.003333] ? printk+0xb5/0xd1 [ 0.003333] ? printk+0xb5/0xd1 [ 0.003333] ? arch_local_irq_restore+0x17/0x17 [ 0.003333] ? arch_local_irq_restore+0x17/0x17 [ 0.003333] ? do_raw_spin_unlock+0x137/0x169 [ 0.003333] ? do_raw_spin_unlock+0x137/0x169 [ 0.003333] ? irq_trace+0x2e/0x32 [ 0.003333] ? irq_trace+0x2e/0x32 [ 0.003333] ? console_unlock+0x185/0x960 [ 0.003333] ? console_unlock+0x185/0x960 [ 0.003333] ? print_address_description+0x6e/0x23b [ 0.003333] ? print_address_description+0x6e/0x23b [ 0.003333] ? console_unlock+0x185/0x960 [ 0.003333] ? console_unlock+0x185/0x960 [ 0.003333] ? kasan_report+0x223/0x249 [ 0.003333] ? kasan_report+0x223/0x249 [ 0.003333] ? console_unlock+0x185/0x960 [ 0.003333] ? console_unlock+0x185/0x960 [ 0.003333] ? wake_up_klogd+0xdf/0xdf [ 0.003333] ? wake_up_klogd+0xdf/0xdf [ 0.003333] ? do_raw_spin_unlock+0x145/0x169 [ 0.003333] ? do_raw_spin_unlock+0x145/0x169 [ 0.003333] ? do_raw_spin_trylock+0xed/0xed [ 0.003333] ? do_raw_spin_trylock+0xed/0xed [ 0.003333] ? irq_trace+0x2e/0x32 [ 0.003333] ? irq_trace+0x2e/0x32 [ 0.003333] ? _raw_spin_unlock_irqrestore+0x3b/0x54 [ 0.003333] ? _raw_spin_unlock_irqrestore+0x3b/0x54 [ 0.003333] ? time_hardirqs_off+0x12/0x2d [ 0.003333] ? time_hardirqs_off+0x12/0x2d [ 0.003333] ? arch_local_save_flags+0x7/0x8 [ 0.003333] ? arch_local_save_flags+0x7/0x8 [ 0.003333] ? trace_hardirqs_off_caller+0x127/0x139 [ 0.003333] ? trace_hardirqs_off_caller+0x127/0x139 [ 0.003333] ? irq_trace+0x2e/0x32 [ 0.003333] ? irq_trace+0x2e/0x32 [ 0.003333] ? vprintk_emit+0x579/0x823 [ 0.003333] ? vprintk_emit+0x579/0x823 [ 0.003333] ? __down_trylock_console_sem+0x90/0xa4 [ 0.003333] ? __down_trylock_console_sem+0x90/0xa4 [ 0.003333] ? __down_trylock_console_sem+0x9d/0xa4 [ 0.003333] ? __down_trylock_console_sem+0x9d/0xa4 [ 0.003333] ? vprintk_emit+0x7ec/0x823 [ 0.003333] ? vprintk_emit+0x7ec/0x823 [ 0.003333] ? console_unlock+0x960/0x960 [ 0.003333] ? console_unlock+0x960/0x960 [ 0.003333] ? memblock_merge_regions+0x2d/0x154 [ 0.003333] ? memblock_merge_regions+0x2d/0x154 [ 0.003333] ? memblock_add_range+0x322/0x333 [ 0.003333] ? memblock_add_range+0x322/0x333 [ 0.003333] ? memblock_reserve+0xbb/0xe1 [ 0.003333] ? memblock_reserve+0xbb/0xe1 [ 0.003333] ? memblock_add+0xe1/0xe1 [ 0.003333] ? memblock_add+0xe1/0xe1 [ 0.003333] ? set_pte+0x24/0x27 [ 0.003333] ? set_pte+0x24/0x27 [ 0.003333] ? vprintk_func+0x94/0xa5 [ 0.003333] ? vprintk_func+0x94/0xa5 [ 0.003333] ? printk+0xb5/0xd1 [ 0.003333] ? printk+0xb5/0xd1 [ 0.003333] ? show_regs_print_info+0x41/0x41 [ 0.003333] ? show_regs_print_info+0x41/0x41 [ 0.003333] ? kasan_populate_zero_shadow+0x37b/0x3f6 [ 0.003333] ? kasan_populate_zero_shadow+0x37b/0x3f6 [ 0.003333] ? native_flush_tlb_global+0x74/0x80 [ 0.003333] ? native_flush_tlb_global+0x74/0x80 [ 0.003333] ? kasan_init+0x211/0x22d [ 0.003333] ? kasan_init+0x211/0x22d [ 0.003333] ? setup_arch+0xdfa/0xf3c [ 0.003333] ? setup_arch+0xdfa/0xf3c [ 0.003333] ? css_set_populated+0x79/0x79 [ 0.003333] ? css_set_populated+0x79/0x79 [ 0.003333] ? reserve_standard_io_resources+0x39/0x39 [ 0.003333] ? reserve_standard_io_resources+0x39/0x39 [ 0.003333] ? vprintk_func+0x9d/0xa5 [ 0.003333] ? vprintk_func+0x9d/0xa5 [ 0.003333] ? printk+0xb5/0xd1 [ 0.003333] ? printk+0xb5/0xd1 [ 0.003333] ? show_regs_print_info+0x41/0x41 [ 0.003333] ? show_regs_print_info+0x41/0x41 [ 0.003333] ? start_kernel+0xa2/0x515 [ 0.003333] ? start_kernel+0xa2/0x515 [ 0.003333] ? mem_encrypt_init+0xa/0xa [ 0.003333] ? mem_encrypt_init+0xa/0xa [ 0.003333] ? x86_family+0x2e/0x33 [ 0.003333] ? x86_family+0x2e/0x33 [ 0.003333] ? load_ucode_bsp+0x58/0xec [ 0.003333] ? load_ucode_bsp+0x58/0xec [ 0.003333] ? secondary_startup_64+0xa5/0xb0 [ 0.003333] ? secondary_startup_64+0xa5/0xb0 To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, Shun

4 years, 2 months

7
11
0 / 0

[lkp-robot] [bisect done] 097eb0af45 [ 29.033551] kernel BUG at mm/hugetlb.c:3329!

by kernel test robot

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is https://github.com/0day-ci/linux/commits/Ilya-Smith/Randomization-of-addr... commit 097eb0af45c0010f9d5cbbc5f623058b3a275950 Author: Ilya Smith <blackzert(a)gmail.com> AuthorDate: Tue Feb 27 16:13:38 2018 +0300 Commit: 0day robot <fengguang.wu(a)intel.com> CommitDate: Fri Mar 2 09:29:02 2018 +0800 Randomization of address chosen by mmap. This is more proof of concept. Current implementation doesn't randomize address returned by mmap. All the entropy ends with choosing mmap_base_addr at the process creation. After that mmap build very predictable layout of address space. It allows to bypass ASLR in many cases. This patch make randomization of address on any mmap call. It works good on 64 bit system, but usage under 32 bit systems is not recommended. This approach uses current implementation to simplify search of address. Here I would like to discuss this approach. Signed-off-by: Ilya Smith <blackzert(a)gmail.com> 745388a346 pci: test for unexpectedly disabled bridges 097eb0af45 Randomization of address chosen by mmap. +------------------------------------------+------------+------------+ | | 745388a346 | 097eb0af45 | +------------------------------------------+------------+------------+ | boot_successes | 45 | 10 | | boot_failures | 1 | 15 | | invoked_oom-killer:gfp_mask=0x | 1 | | | Mem-Info | 1 | | | kernel_BUG_at_mm/hugetlb.c | 0 | 15 | | invalid_opcode:#[##] | 0 | 15 | | EIP:__unmap_hugepage_range | 0 | 14 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 12 | | EIP:huge_pte_alloc | 0 | 1 | +------------------------------------------+------------+------------+ [ 28.876347] VFS: Warning: trinity-c3 using old stat() call. Recompile your binary. [ 28.917271] VFS: Warning: trinity-c3 using old stat() call. Recompile your binary. [main] Couldn't [ 29.033551] kernel BUG at mm/hugetlb.c:3329! [ 29.034410] invalid opcode: 0000 [#1] PREEMPT DEBUG_PAGEALLOC [ 29.035258] CPU: 0 PID: 516 Comm: trinity-subchil Not tainted 4.16.0-rc2-mm1-00153-g097eb0a #929 [ 29.036445] EIP: __unmap_hugepage_range+0x240/0x250 [ 29.037115] EFLAGS: 00010206 CPU: 0 [ 29.037615] EAX: 03c48000 EBX: 00400000 ECX: 003fffff EDX: 84f16000 [ 29.038473] ESI: 8490bec4 EDI: 811ad400 EBP: 8490be60 ESP: 8490be30 [ 29.039346] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 [ 29.040118] CR0: 80050033 CR2: 0810783c CR3: 0ce7f000 CR4: 00000690 [ 29.040975] Call Trace: [ 29.041347] ? put_lock_stats+0xd/0x30 [ 29.041981] __unmap_hugepage_range_final+0x11/0x20 [ 29.042666] unmap_single_vma+0x94/0xb0 [ 29.043211] unmap_vmas+0x33/0x50 [ 29.043697] exit_mmap+0x63/0x150 [ 29.044188] ? __might_sleep+0x2d/0x80 [ 29.044711] mmput+0x41/0xe0 [ 29.045118] do_exit+0x196/0x990 [ 29.045575] do_group_exit+0x2b/0x90 [ 29.046069] ? __task_pid_nr_ns+0x81/0xe0 [ 29.046656] SyS_exit_group+0x11/0x20 [ 29.047203] do_int80_syscall_32+0x4c/0x100 [ 29.047828] entry_INT80_32+0x31/0x31 [ 29.048379] EIP: 0x809af42 [ 29.048772] EFLAGS: 00000202 CPU: 0 [ 29.049282] EAX: ffffffda EBX: 00000000 ECX: 00000000 EDX: ffffffff [ 29.050124] ESI: 00000000 EDI: 08cbc000 EBP: 08cbc000 ESP: 77a54538 [ 29.050972] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b [ 29.051712] Code: 8d 64 24 04 8b 45 e4 e8 df 4f 9a 00 e9 bf fe ff ff 8d 76 00 8d bc 27 00 00 00 00 0f 0b 8b 4f 0c f7 d1 85 c8 0f 84 1c fe ff ff 90 <0f> 0b 8d b6 00 00 00 00 0f 0b e8 61 90 f3 ff 90 55 89 e5 53 89 [ 29.054334] EIP: __unmap_hugepage_range+0x240/0x250 SS:ESP: 0068:8490be30 [ 29.081286] Kernel panic - not syncing: Fatal exception [ 29.082038] Kernel Offset: 0x6800000 from 0x79000000 (relocation range: 0x78000000-0x8afdffff) # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD git bisect start 097eb0af45c0010f9d5cbbc5f623058b3a275950 745388a34645dd2b69f5e7115ad47fea7a218726 -- # first bad commit: [097eb0af45c0010f9d5cbbc5f623058b3a275950] Randomization of address chosen by mmap. git bisect good 745388a34645dd2b69f5e7115ad47fea7a218726 # 11:15 G 31 0 7 15 pci: test for unexpectedly disabled bridges # extra tests with debug options git bisect bad 097eb0af45c0010f9d5cbbc5f623058b3a275950 # 11:24 B 0 1 15 0 Randomization of address chosen by mmap. # extra tests on HEAD of linux-review/Ilya-Smith/Randomization-of-address-chosen-by-mmap/20180302-092859 git bisect bad 097eb0af45c0010f9d5cbbc5f623058b3a275950 # 11:29 B 0 14 32 1 Randomization of address chosen by mmap. # extra tests on tree/branch linux-review/Ilya-Smith/Randomization-of-address-chosen-by-mmap/20180302-092859 git bisect bad 097eb0af45c0010f9d5cbbc5f623058b3a275950 # 11:31 B 0 14 32 1 Randomization of address chosen by mmap. # extra tests with first bad commit reverted git bisect good 80d6f8e526bed88efbe4c96a31ae4ed60cdf5c1d # 11:52 G 10 0 2 2 Revert "Randomization of address chosen by mmap." --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

4 years, 2 months

1
0
0 / 0

[x86/fsgsbase/64] 45ac7b4322: PANIC:double_fault

by kernel test robot

FYI, we noticed the following commit (built with gcc-6): commit: 45ac7b432279cfc0731b72a6af07a0e900556156 ("x86/fsgsbase/64: Enable FSGSBASE by default and add a chicken bit") https://github.com/changbae/FSGSBASE fsgs_tip_4.16-rc3_v10.2 in testcase: trinity with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu IvyBridge -m 420M caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +-----------------------------------------+------------+------------+ | | c2cd5c4305 | 45ac7b4322 | +-----------------------------------------+------------+------------+ | boot_successes | 8 | 4 | | boot_failures | 0 | 4 | | PANIC:double_fault | 0 | 4 | | RIP:trace_hardirqs_off_caller | 0 | 4 | | RIP:#a3:trace_hardirqs_off_caller | 0 | 4 | | Kernel_panic-not_syncing:Machine_halted | 0 | 4 | +-----------------------------------------+------------+------------+ [ 0.036034] ---------------- [ 0.036566] | NMI testsuite: [ 0.037008] -------------------- [ 0.038017] remote IPI: ok | [ 0.038631] local IPI: [ 0.038654] PANIC: double fault, error_code: 0x0 [ 0.039000] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.16.0-rc3-00014-g45ac7b4 #1 [ 0.039000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000007020 EFLAGS: 00010083 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe0000007070 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] FS: 0000000000000000(0000) GS:ffff880017600000(0000) knlGS:0000000000000000 [ 0.039000] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.039000] CR2: fffffe0000006ff8 CR3: 0000000008a10000 CR4: 00000000001506f0 [ 0.039000] Call Trace: [ 0.039000] <#DF> [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000007130 EFLAGS: 00010083 ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe0000007180 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000007240 EFLAGS: 00010083 ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe0000007290 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000007350 EFLAGS: 00010083 ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe00000073a0 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000007460 EFLAGS: 00010083 ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe00000074b0 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000007570 EFLAGS: 00010083 ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe00000075c0 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000007680 EFLAGS: 00010083 ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe00000076d0 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000007790 EFLAGS: 00010083 ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe00000077e0 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 0010:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe00000078a0 EFLAGS: 00010083 ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe00000078f0 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] error_entry+0x48/0xd0 [ 0.039000] RIP: 79a3:trace_hardirqs_off_caller+0x0/0x17b [ 0.039000] RSP: 0000:fffffe0000313762 EFLAGS: 0000000f ORIG_RAX: 0000000000000000 [ 0.039000] RAX: 00000000a2e00a00 RBX: 0000000000000001 RCX: ffffffffa2e00a00 [ 0.039000] RDX: ffff880017600000 RSI: ffffffffffffffff RDI: ffffffffa2e01888 [ 0.039000] RBP: fffffe0000007a00 R08: 0000000000000000 R09: 0000000000000000 [ 0.039000] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 0.039000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 0.039000] ? async_page_fault+0x42/0x80 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 0.039000] ? vsnprintf+0x368/0x3b5 [ 0.039000] ? vsnprintf+0x368/0x3b5 [ 0.039000] ? sprintf+0x51/0x6d [ 0.039000] ? kallsyms_expand_symbol+0x5/0x73 [ 0.039000] ? __sprint_symbol+0xb0/0xf7 [ 0.039000] ? number+0x149/0x257 [ 0.039000] ? __lock_acquire+0x6a1/0x7c0 [ 0.039000] ? __lock_acquire+0x6a1/0x7c0 [ 0.039000] ? __lock_acquire+0x6a1/0x7c0 [ 0.039000] ? _raw_spin_unlock+0x24/0x2d [ 0.039000] ? __printk_safe_exit+0x5/0xd [ 0.039000] ? console_unlock+0x4c2/0x5a7 [ 0.039000] ? __lock_acquire+0x6a1/0x7c0 [ 0.039000] ? is_bpf_text_address+0x62/0x6a [ 0.039000] ? kernel_text_address+0x6c/0x80 [ 0.039000] ? kernel_text_address+0x6c/0x80 [ 0.039000] ? __kernel_text_address+0xe/0x30 [ 0.039000] ? show_trace_log_lvl+0x1be/0x320 [ 0.039000] ? show_trace_log_lvl+0x1be/0x320 [ 0.039000] ? trace_hardirqs_off+0x167/0x167 [ 0.039000] ? show_regs+0x6a/0x150 [ 0.039000] ? df_debug+0x1d/0x29 [ 0.039000] ? do_double_fault+0x66/0x76 [ 0.039000] ? double_fault+0x53/0x60 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] ? trace_hardirqs_off+0x167/0x167 [ 0.039000] </#DF> [ 0.039000] WARNING: stack recursion on stack type 5 [ 0.039000] Code: 05 63 30 3b 01 0f 83 22 ff ff ff e9 e2 fe ff ff 83 3d b5 48 3b 01 00 4c 8b 64 24 28 0f 85 2e ff ff ff 5b 5d 41 5c 41 5d 41 5e c3 <65> 8b 05 a6 9f 8e 5d 85 c0 0f 85 6b 01 00 00 41 57 41 56 41 55 [ 0.039000] Kernel panic - not syncing: Machine halted. [ 0.039000] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.16.0-rc3-00014-g45ac7b4 #1 [ 0.039000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 0.039000] Call Trace: [ 0.039000] <#DF> [ 0.039000] dump_stack+0x7d/0xb4 [ 0.039000] panic+0xec/0x23f [ 0.039000] df_debug+0x29/0x29 [ 0.039000] do_double_fault+0x66/0x76 [ 0.039000] double_fault+0x53/0x60 [ 0.039000] WARNING: stack going in the wrong direction? ip=double_fault+0x53/0x60 [ 0.039000] ? restore_regs_and_return_to_kernel+0x21/0x21 [ 0.039000] ? error_entry+0x48/0xd0 [ 0.039000] ? trace_hardirqs_off+0x167/0x167 [ 0.039000] </#DF> Elapsed time: 10 #!/bin/bash To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email Thanks, lkp

4 years, 2 months

1
0
0 / 0

[lkp-robot] [bisect done] 58d12b27c0 [ 24.520308] WARNING: CPU: 0 PID: 982 at include/net/dst.h:239 dst_hold

by kernel test robot

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is https://github.com/dsahern/linux ipv6/fib6-change-rfc-v3 commit 58d12b27c00f65e2488b999049f23eafd0b80138 Author: David Ahern <dsahern(a)gmail.com> AuthorDate: Tue Feb 27 20:31:02 2018 -0800 Commit: David Ahern <dsahern(a)gmail.com> CommitDate: Wed Feb 28 14:39:53 2018 -0800 net/ipv6: Cleanup exception and cache route handling IPv6 FIB will only contain FIB entries with exception routes added to the FIB entry. Once this transformation is complete, FIB lookups will return a fib6_info with the lookup functions still returning a dst based rt6_info. The current code uses rt6_info is for both paths and overloads the rt6_info variable usually called 'rt'. This patch introduces a new 'f6i' variable name for the result of the FIB lookup and keeps 'rt' as the dst based return variable. 'f6i' becomes a fib6_info in a later patch which is why it is introduced as f6i now; avoids the additional churn in the later patch. In addition, remove RTF_CACHE and dst checks from fib6 add and delete since they can not happen now and will never happen after the data type flip. Signed-off-by: David Ahern <dsahern(a)gmail.com> 79f41f0d9a net/ipv6: Add gfp_flags to route add functions 58d12b27c0 net/ipv6: Cleanup exception and cache route handling a28cdf0460 net/ipv6: Remove unused code and variables for rt6_info +----------------------------------------+------------+------------+------------+ | | 79f41f0d9a | 58d12b27c0 | a28cdf0460 | +----------------------------------------+------------+------------+------------+ | boot_successes | 72 | 11 | 24 | | boot_failures | 0 | 15 | | | WARNING:at_include/net/dst.h:#dst_hold | 0 | 12 | | | RIP:dst_hold | 0 | 15 | | +----------------------------------------+------------+------------+------------+ [ 11.255085] (mount,699,0):ocfs2_fill_super:1023 ERROR: superblock probe failed! [ 11.256245] (mount,699,0):ocfs2_fill_super:1211 ERROR: status = -5 Kernel tests: Boot OK! [ 24.514973] trinity-main uses obsolete (PF_INET,SOCK_PACKET) [ 24.517131] sock: process `trinity-main' is using obsolete setsockopt SO_BSDCOMPAT [ 24.520308] WARNING: CPU: 0 PID: 982 at include/net/dst.h:239 dst_hold+0xd/0x10 [ 24.521954] CPU: 0 PID: 982 Comm: trinity-main Not tainted 4.16.0-rc2-00728-g58d12b2 #1 [ 24.523345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 24.524720] RIP: 0010:dst_hold+0xd/0x10 [ 24.525387] RSP: 0018:ffffc9000155fb50 EFLAGS: 00010246 [ 24.526325] RAX: 0000000000000000 RBX: ffff88001b713dc0 RCX: 0000000000000000 [ 24.527549] RDX: 0000000000000000 RSI: ffff88001ba4bcd4 RDI: ffff88001ba4bc40 [ 24.528736] RBP: ffffc9000155fb78 R08: 00000000ffffffff R09: 0000000000000000 [ 24.529966] R10: ffffffff8115caf1 R11: 0000000000000001 R12: ffff88001ba4bc00 [ 24.531207] R13: ffff88001ba4bcc0 R14: 0000000000000000 R15: 0000000000000000 [ 24.532383] FS: 000000000203a880(0000) GS:ffff88001f800000(0000) knlGS:0000000000000000 [ 24.533712] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 24.534701] CR2: 00000000023ee018 CR3: 000000001b70c000 CR4: 00000000000006b0 [ 24.535960] DR0: 00007f8583749000 DR1: 0000000000000000 DR2: 0000000000000000 [ 24.537202] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 000000000009060a [ 24.538377] Call Trace: [ 24.538789] ? ip6_rt_copy_init+0x18a/0x23f [ 24.539461] ? ____cache_alloc+0xac/0x23e [ 24.540176] ? ip6_create_rt_rcu+0x38/0x40 [ 24.540911] ? ip6_pol_route_lookup+0x1f3/0x211 [ 24.541703] ? fib6_rule_lookup+0x15/0x45 [ 24.542355] ? rt6_lookup+0x71/0x9e [ 24.542959] ? fs_reclaim_acquire+0xd/0x30 [ 24.543671] ? ipv6_sock_ac_join+0x114/0x1eb [ 24.544431] ? do_ipv6_setsockopt+0xff/0xe17 [ 24.545317] ? do_ipv6_setsockopt+0x9b2/0xe17 [ 24.546186] ? kvm_clock_read+0x21/0x29 [ 24.546810] ? kvm_sched_clock_read+0x5/0xd [ 24.547474] ? paravirt_sched_clock+0x5/0x8 [ 24.548197] ? sched_clock_cpu+0x10/0xac [ 24.548902] ? __lock_acquire+0x22f/0x594 [ 24.549759] ? arch_local_irq_save+0x5/0x13 [ 24.550481] ? kvm_clock_read+0x21/0x29 [ 24.551110] ? kvm_clock_read+0x21/0x29 [ 24.551721] ? kvm_sched_clock_read+0x5/0xd [ 24.552386] ? paravirt_sched_clock+0x5/0x8 [ 24.553123] ? sched_clock_cpu+0x10/0xac [ 24.553836] ? __lock_acquire+0x22f/0x594 [ 24.554761] ? SYSC_setsockopt+0x6d/0x94 [ 24.555578] ? SYSC_setsockopt+0x6d/0x94 [ 24.556434] ? do_syscall_64+0x134/0x149 [ 24.557241] ? prepare_exit_to_usermode+0x5e/0xd0 [ 24.558150] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 24.559152] Code: c3 8b 17 85 d2 74 0f 8d 4a 01 89 d0 3e 0f b1 0f 74 04 89 c2 eb ed 31 c0 85 d2 0f 95 c0 c3 48 83 c7 40 e8 da ff ff ff 85 c0 75 02 <0f> 0b c3 48 83 c7 40 e8 ca ff ff ff 85 c0 0f 95 c0 c3 49 89 f9 [ 24.562674] ---[ end trace 4e292ed73d71773a ]--- [ 24.565077] dst_release: dst:000000008bef7352 refcnt:-1 # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD git bisect start 7b7fbe2e2a53b3460560d29ba71852c1a55c3eb5 4a3928c6f8a53fa1aed28ccba227742486e8ddcb -- git bisect bad 76c88a27420dbf38f6b890e776f007f1f8cdb9f6 # 14:48 B 5 8 0 0 Merge 'linux-review/Bernie-Harris/net-Allow-to-and-from-offsets-to-be-equal-in-skb_find_text/20180301-020834' into devel-spot-201803011019 git bisect bad 4a81e7408bb7a7cc41bdf66e74e323103ec44207 # 14:58 B 6 4 2 2 Merge 'omap/omap-for-v4.17/defconfig' into devel-spot-201803011019 git bisect good c8d6c71f607978852a86f38775da3a4ca7b96333 # 15:18 G 23 0 2 2 Merge 'linux-review/Shawn-Lin/mmc-core-Don-t-try-UHS-I-mode-if-4-bit-mode-isn-t-supported/20180301-081556' into devel-spot-201803011019 git bisect bad 9b81100bec50ece6c0d03ac60c22e13eb4e5cd9b # 15:42 B 10 14 0 0 Merge 'linux-review/Rolf-Evers-Fischer/pci-endpoint-Fix-double-free-in-pci_epf_create/20180301-064131' into devel-spot-201803011019 git bisect good 898276e814d54b884fca1faafdbd1c9b32cfcdda # 15:53 G 22 0 3 3 Merge 'stblinux/defconfig/next' into devel-spot-201803011019 git bisect good bd8fc52d35b982a85a325fd9293a58a125c9b2d5 # 16:09 G 23 0 2 2 Merge 'jkirsher-next-queue/dev-queue' into devel-spot-201803011019 git bisect bad ba7b88860b832594e360f1f6c5ea1f93685d6be8 # 16:19 B 1 4 0 0 Merge 'dsahern-linux/ipv6/fib6-change-rfc-v3' into devel-spot-201803011019 git bisect good 2948f3a24c8521b1b5394ad02e8d045d9f09f827 # 16:35 G 24 0 1 1 net/ipv6: Defer initialization of dst to data path git bisect good 702b6139c19ebff1cc346fb27fac2bd8fc65c6ab # 16:50 G 24 0 2 2 net/ipv6: Move dst flags to booleans in fib entries git bisect good 79f41f0d9a8bdaf346a0e16a76c2237722e92c52 # 17:19 G 24 0 1 1 net/ipv6: Add gfp_flags to route add functions git bisect bad 490b1009639f782f14112bcfb8874efdc3e725d1 # 17:30 B 5 7 1 1 net/ipv6: introduce fib6_info struct and helpers git bisect bad 58d12b27c00f65e2488b999049f23eafd0b80138 # 17:41 B 5 7 2 2 net/ipv6: Cleanup exception and cache route handling # first bad commit: [58d12b27c00f65e2488b999049f23eafd0b80138] net/ipv6: Cleanup exception and cache route handling git bisect good 79f41f0d9a8bdaf346a0e16a76c2237722e92c52 # 17:46 G 69 0 2 3 net/ipv6: Add gfp_flags to route add functions # extra tests with debug options git bisect bad 58d12b27c00f65e2488b999049f23eafd0b80138 # 18:04 B 4 4 0 1 net/ipv6: Cleanup exception and cache route handling # extra tests on HEAD of linux-devel/devel-spot-201803011019 git bisect bad 7b7fbe2e2a53b3460560d29ba71852c1a55c3eb5 # 18:05 B 3 9 0 1 0day head guard for 'devel-spot-201803011019' # extra tests on tree/branch dsahern-linux/ipv6/fib6-change-rfc-v3 git bisect good a28cdf0460c11c9883d189936a714b3b41a86bf7 # 18:28 G 23 0 3 3 net/ipv6: Remove unused code and variables for rt6_info --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

4 years, 2 months

1
0
0 / 0

Re: [LKP] [lkp-robot] [printk] c162d5b433: BUG:KASAN:use-after-scope_in_c

by Dmitry Vyukov

On Thu, Mar 1, 2018 at 11:06 AM, Tetsuo Handa <from-linux-mm(a)i-love.sakura.ne.jp> wrote: > Dmitry Vyukov wrote: >> Hi Shun, >> >> The report says "job-script is attached in this email", but I don't >> see it attached. Did you forget to attach it? How can I reproduce this >> exact build? >> Could you post a symbolized report with inlines frames? >> > > Forwarded by penguin-kernel(a)i-love.sakura.ne.jp > ----------------------- Original Message ----------------------- > From: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> > To: Petr Mladek <pmladek(a)suse.com> > Cc: kernel test robot <shun.hao(a)intel.com>, Cong Wang <xiyou.wangcong(a)gmail.com>, Dave Hansen <dave.hansen(a)intel.com>, Johannes Weiner <hannes(a)cmpxchg.org>, Mel Gorman <mgorman(a)suse.de>, Michal Hocko <mhocko(a)kernel.org>, Vlastimil Babka <vbabka(a)suse.cz>, Peter Zijlstra <peterz(a)infradead.org>, Linus Torvalds <torvalds(a)linux-foundation.org>, Jan Kara <jack(a)suse.cz>, Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>, Byungchul Park <byungchul.park(a)lge.com>, Tejun Heo <tj(a)kernel.org>, Pavel Machek <pavel(a)ucw.cz>, Steven Rostedt <rostedt(a)goodmis.org>, Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com>, LKML <linux-kernel(a)vger.kernel.org>, lkp(a)01.org > Date: Thu, 01 Mar 2018 10:08:19 +0900 > Subject: Re: [lkp-robot] [printk] c162d5b433: BUG:KASAN:use-after-scope_in_c > ---- > > Petr Mladek wrote: >> I am really curious what code is proceed on the line >> console_unlock+0x185/0x960. > > I can reproduce this warning with VMware environment. > Something is happening inside __asan_store1() before calling raw_spin_lock(&console_owner_lock) ? > > > > [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.14.0-12953-gc162d5b root=UUID=98df1583-260a-423a-a193-182dade5d085 ro crashkernel=256M security=none sysrq_always_enabled console=ttyS0,115200n8 console=tty0 LANG=en_US.UTF-8 > [ 0.000000] sysrq: sysrq always enabled. > [ 0.000000] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes) > [ 0.000000] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes) > [ 0.000000] Memory: 3045216K/4193716K available (15633K kernel code, 6278K rwdata, 6948K rodata, 3592K init, 24228K bss, 1148500K reserved, 0K cma-reserved) > [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=64, Nodes=1 > [ 0.000000] ftrace: allocating 34522 entries in 135 pages > [ 0.003333] Running RCU self tests > [ 0.003333] Hierarchical RCU implementation. > [ 0.003333] RCU event tracing is enabled. > [ 0.003333] RCU dyntick-idle grace-period acceleration is enabled. > [ 0.003333] RCU lockdep checking is enabled. > [ 0.003333] Tasks RCU enabled. > [ 0.003333] NR_IRQS: 4352, nr_irqs: 936, preallocated irqs: 16 > [ 0.003333] Offload RCU callbacks from CPUs: . > [ 0.003333] ================================================================== > [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x185/0x960 > [ 0.003333] Write of size 1 at addr ffffffff828079b8 by task swapper/0 > [ 0.003333] > [ 0.003333] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-12953-gc162d5b #414 > [ 0.003333] Call Trace: > [ 0.003333] ? dump_stack+0x11d/0x1c5 > [ 0.003333] ? printk+0xb5/0xd1 > [ 0.003333] ? arch_local_irq_restore+0x17/0x17 > [ 0.003333] ? do_raw_spin_unlock+0x137/0x169 > [ 0.003333] ? irq_trace+0x2e/0x32 > [ 0.003333] ? console_unlock+0x185/0x960 > [ 0.003333] ? print_address_description+0x6e/0x23b > [ 0.003333] ? console_unlock+0x185/0x960 > [ 0.003333] ? kasan_report+0x223/0x249 > [ 0.003333] ? console_unlock+0x185/0x960 > [ 0.003333] ? wake_up_klogd+0xdf/0xdf > [ 0.003333] ? do_raw_spin_unlock+0x145/0x169 > [ 0.003333] ? do_raw_spin_trylock+0xed/0xed > [ 0.003333] ? irq_trace+0x2e/0x32 > [ 0.003333] ? _raw_spin_unlock_irqrestore+0x3b/0x54 > [ 0.003333] ? time_hardirqs_off+0x12/0x2d > [ 0.003333] ? arch_local_save_flags+0x7/0x8 > [ 0.003333] ? trace_hardirqs_off_caller+0x127/0x139 > [ 0.003333] ? irq_trace+0x2e/0x32 > [ 0.003333] ? vprintk_emit+0x579/0x823 > [ 0.003333] ? __down_trylock_console_sem+0x90/0xa4 > [ 0.003333] ? __down_trylock_console_sem+0x9d/0xa4 > [ 0.003333] ? vprintk_emit+0x7ec/0x823 > [ 0.003333] ? console_unlock+0x960/0x960 > [ 0.003333] ? memblock_merge_regions+0x2d/0x154 > [ 0.003333] ? memblock_add_range+0x322/0x333 > [ 0.003333] ? memblock_reserve+0xbb/0xe1 > [ 0.003333] ? memblock_add+0xe1/0xe1 > [ 0.003333] ? set_pte+0x24/0x27 > [ 0.003333] ? vprintk_func+0x94/0xa5 > [ 0.003333] ? printk+0xb5/0xd1 > [ 0.003333] ? show_regs_print_info+0x41/0x41 > [ 0.003333] ? kasan_populate_zero_shadow+0x37b/0x3f6 > [ 0.003333] ? native_flush_tlb_global+0x74/0x80 > [ 0.003333] ? kasan_init+0x211/0x22d > [ 0.003333] ? setup_arch+0xdfa/0xf3c > [ 0.003333] ? css_set_populated+0x79/0x79 > [ 0.003333] ? reserve_standard_io_resources+0x39/0x39 > [ 0.003333] ? vprintk_func+0x9d/0xa5 > [ 0.003333] ? printk+0xb5/0xd1 > [ 0.003333] ? show_regs_print_info+0x41/0x41 > [ 0.003333] ? start_kernel+0xa2/0x515 > [ 0.003333] ? mem_encrypt_init+0xa/0xa > [ 0.003333] ? x86_family+0x2e/0x33 > [ 0.003333] ? load_ucode_bsp+0x58/0xec > [ 0.003333] ? secondary_startup_64+0xa5/0xb0 > [ 0.003333] > [ 0.003333] > [ 0.003333] Memory state around the buggy address: > [ 0.003333] ffffffff82807880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > [ 0.003333] ffffffff82807900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > [ 0.003333] >ffffffff82807980: 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 01 > [ 0.003333] ^ > [ 0.003333] ffffffff82807a00: f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00 > [ 0.003333] ffffffff82807a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 > [ 0.003333] ================================================================== > [ 0.003333] Disabling lock debugging due to kernel taint > [ 0.003333] ================================================================== > [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x185/0x960 > [ 0.003333] Write of size 1 at addr ffffffff828079b8 by task swapper/0 > [ 0.003333] > [ 0.003333] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-12953-gc162d5b #414 > [ 0.003333] Call Trace: > [ 0.003333] ? dump_stack+0x11d/0x1c5 > [ 0.003333] ? printk+0xb5/0xd1 > [ 0.003333] ? arch_local_irq_restore+0x17/0x17 > [ 0.003333] ? do_raw_spin_unlock+0x137/0x169 > [ 0.003333] ? irq_trace+0x2e/0x32 > [ 0.003333] ? console_unlock+0x185/0x960 > [ 0.003333] ? print_address_description+0x6e/0x23b > [ 0.003333] ? console_unlock+0x185/0x960 > [ 0.003333] ? kasan_report+0x223/0x249 > [ 0.003333] ? console_unlock+0x185/0x960 > [ 0.003333] ? wake_up_klogd+0xdf/0xdf > [ 0.003333] ? do_raw_spin_unlock+0x145/0x169 > [ 0.003333] ? do_raw_spin_trylock+0xed/0xed > [ 0.003333] ? irq_trace+0x2e/0x32 > [ 0.003333] ? _raw_spin_unlock_irqrestore+0x3b/0x54 > [ 0.003333] ? time_hardirqs_off+0x12/0x2d > [ 0.003333] ? arch_local_save_flags+0x7/0x8 > [ 0.003333] ? trace_hardirqs_off_caller+0x127/0x139 > [ 0.003333] ? irq_trace+0x2e/0x32 > [ 0.003333] ? vprintk_emit+0x579/0x823 > [ 0.003333] ? __down_trylock_console_sem+0x90/0xa4 > [ 0.003333] ? __down_trylock_console_sem+0x9d/0xa4 > [ 0.003333] ? vprintk_emit+0x7ec/0x823 > [ 0.003333] ? console_unlock+0x960/0x960 > [ 0.003333] ? memblock_merge_regions+0x2d/0x154 > [ 0.003333] ? memblock_add_range+0x322/0x333 > [ 0.003333] ? memblock_reserve+0xbb/0xe1 > [ 0.003333] ? memblock_add+0xe1/0xe1 > [ 0.003333] ? set_pte+0x24/0x27 > [ 0.003333] ? vprintk_func+0x94/0xa5 > [ 0.003333] ? printk+0xb5/0xd1 > [ 0.003333] ? show_regs_print_info+0x41/0x41 > [ 0.003333] ? kasan_populate_zero_shadow+0x37b/0x3f6 > [ 0.003333] ? native_flush_tlb_global+0x74/0x80 > [ 0.003333] ? kasan_init+0x211/0x22d > [ 0.003333] ? setup_arch+0xdfa/0xf3c > [ 0.003333] ? css_set_populated+0x79/0x79 > [ 0.003333] ? reserve_standard_io_resources+0x39/0x39 > [ 0.003333] ? vprintk_func+0x9d/0xa5 > [ 0.003333] ? printk+0xb5/0xd1 > [ 0.003333] ? show_regs_print_info+0x41/0x41 > [ 0.003333] ? start_kernel+0xa2/0x515 > [ 0.003333] ? mem_encrypt_init+0xa/0xa > [ 0.003333] ? x86_family+0x2e/0x33 > [ 0.003333] ? load_ucode_bsp+0x58/0xec > [ 0.003333] ? secondary_startup_64+0xa5/0xb0 > [ 0.003333] > [ 0.003333] > [ 0.003333] Memory state around the buggy address: > [ 0.003333] ffffffff82807880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > [ 0.003333] ffffffff82807900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > [ 0.003333] >ffffffff82807980: 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 01 > [ 0.003333] ^ > [ 0.003333] ffffffff82807a00: f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00 > [ 0.003333] ffffffff82807a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 > [ 0.003333] ================================================================== > [ 0.003333] Disabling lock debugging due to kernel taint > [ 0.003333] ================================================================== > > > > # ./scripts/faddr2line vmlinux console_unlock+0x185/0x960 > console_unlock+0x185/0x960: > console_lock_spinning_disable_and_check at kernel/printk/printk.c:1600 > (inlined by) console_unlock at kernel/printk/printk.c:2386 > > > > ffffffff81190da4 <console_unlock>: > * If there is output waiting, we wake /dev/kmsg and syslog() users. > * > * console_unlock(); may be called from any context. > */ > void console_unlock(void) > { > ffffffff81190da4: e8 57 e1 da 00 callq ffffffff81f3ef00 <__fentry__> > ffffffff81190da9: 55 push %rbp > ffffffff81190daa: 48 89 e5 mov %rsp,%rbp > ffffffff81190dad: 41 57 push %r15 > ffffffff81190daf: 41 56 push %r14 > ffffffff81190db1: 48 8d 85 f8 fe ff ff lea -0x108(%rbp),%rax > ffffffff81190db8: 41 55 push %r13 > ffffffff81190dba: 41 54 push %r12 > ffffffff81190dbc: 53 push %rbx > ffffffff81190dbd: 48 bb 00 00 00 00 00 movabs $0xdffffc0000000000,%rbx > ffffffff81190dc4: fc ff df > ffffffff81190dc7: 48 c1 e8 03 shr $0x3,%rax > ffffffff81190dcb: 48 81 ec 20 01 00 00 sub $0x120,%rsp > ffffffff81190dd2: 48 89 85 d0 fe ff ff mov %rax,-0x130(%rbp) > ffffffff81190dd9: 48 01 d8 add %rbx,%rax > ffffffff81190ddc: 48 c7 85 f8 fe ff ff movq $0x41b58ab3,-0x108(%rbp) > ffffffff81190de3: b3 8a b5 41 > ffffffff81190de7: 48 c7 85 00 ff ff ff movq $0xffffffff825fb4c2,-0x100(%rbp) > ffffffff81190dee: c2 b4 5f 82 > ffffffff81190df2: 48 c7 85 08 ff ff ff movq $0xffffffff81190da4,-0xf8(%rbp) > ffffffff81190df9: a4 0d 19 81 > ffffffff81190dfd: c7 00 f1 f1 f1 f1 movl $0xf1f1f1f1,(%rax) > ffffffff81190e03: c7 40 04 01 f2 f2 f2 movl $0xf2f2f201,0x4(%rax) > ffffffff81190e0a: c7 40 08 f2 f2 f2 f2 movl $0xf2f2f2f2,0x8(%rax) > ffffffff81190e11: c7 40 0c 01 f2 f2 f2 movl $0xf2f2f201,0xc(%rax) > ffffffff81190e18: c7 40 10 f2 f2 f2 f2 movl $0xf2f2f2f2,0x10(%rax) > ffffffff81190e1f: c7 40 14 00 f2 f2 f2 movl $0xf2f2f200,0x14(%rax) > ffffffff81190e26: c7 40 18 f3 f3 f3 f3 movl $0xf3f3f3f3,0x18(%rax) > static u64 seen_seq; > unsigned long flags; > bool wake_klogd = false; > bool do_cond_resched, retry; > > if (console_suspended) { > ffffffff81190e2d: e8 3f 82 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190e32: 83 3d a7 c2 14 03 00 cmpl $0x0,0x314c2a7(%rip) # ffffffff842dd0e0 <console_suspended> > ffffffff81190e39: 74 0a je ffffffff81190e45 <console_unlock+0xa1> > up_console_sem(); > ffffffff81190e3b: e8 31 82 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190e40: e9 85 08 00 00 jmpq ffffffff811916ca <console_unlock+0x926> > * > * console_trylock() is not able to detect the preemptive > * context reliably. Therefore the value must be stored before > * and cleared after the the "again" goto label. > */ > do_cond_resched = console_may_schedule; > ffffffff81190e45: e8 27 82 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190e4a: 8b 05 b0 c0 14 03 mov 0x314c0b0(%rip),%eax # ffffffff842dcf00 <console_may_schedule> > { > static char ext_text[CONSOLE_EXT_LOG_MAX]; > static char text[LOG_LINE_MAX + PREFIX_MAX]; > static u64 seen_seq; > unsigned long flags; > bool wake_klogd = false; > ffffffff81190e50: 45 31 ed xor %r13d,%r13d > ffffffff81190e53: 48 89 9d e8 fe ff ff mov %rbx,-0x118(%rbp) > * > * console_trylock() is not able to detect the preemptive > * context reliably. Therefore the value must be stored before > * and cleared after the the "again" goto label. > */ > do_cond_resched = console_may_schedule; > ffffffff81190e5a: 89 85 cc fe ff ff mov %eax,-0x134(%rbp) > again: > console_may_schedule = 0; > ffffffff81190e60: e8 0c 82 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > * unless they're explicitly marked as being able to cope (CON_ANYTIME) don't > * call them until this CPU is officially up. > */ > static inline int can_use_console(void) > { > return cpu_online(raw_smp_processor_id()) || have_callable_console(); > ffffffff81190e65: 65 8b 05 bc 22 e8 7e mov %gs:0x7ee822bc(%rip),%eax # 13128 <cpu_number> > * context reliably. Therefore the value must be stored before > * and cleared after the the "again" goto label. > */ > do_cond_resched = console_may_schedule; > again: > console_may_schedule = 0; > ffffffff81190e6c: c7 05 8a c0 14 03 00 movl $0x0,0x314c08a(%rip) # ffffffff842dcf00 <console_may_schedule> > ffffffff81190e73: 00 00 00 > * > * Returns 1 if @cpu is set in @cpumask, else returns 0 > */ > static inline int cpumask_test_cpu(int cpu, const struct cpumask *cpumask) > { > return test_bit(cpumask_check(cpu), cpumask_bits((cpumask))); > ffffffff81190e76: 89 c0 mov %eax,%eax > > static __always_inline bool variable_test_bit(long nr, volatile const unsigned long *addr) > { > bool oldbit; > > asm volatile("bt %2,%1" > ffffffff81190e78: 48 0f a3 05 a8 ad c8 bt %rax,0x1c8ada8(%rip) # ffffffff82e1bc28 <__cpu_online_mask> > ffffffff81190e7f: 01 > ffffffff81190e80: 49 c7 c6 28 bc e1 82 mov $0xffffffff82e1bc28,%r14 > * unless they're explicitly marked as being able to cope (CON_ANYTIME) don't > * call them until this CPU is officially up. > */ > static inline int can_use_console(void) > { > return cpu_online(raw_smp_processor_id()) || have_callable_console(); > ffffffff81190e87: 0f 82 a3 01 00 00 jb ffffffff81191030 <console_unlock+0x28c> > */ > static int have_callable_console(void) > { > struct console *con; > > for_each_console(con) > ffffffff81190e8d: e8 df 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190e92: 48 8b 1d 07 c3 14 03 mov 0x314c307(%rip),%rbx # ffffffff842dd1a0 <console_drivers> > ffffffff81190e99: e8 d3 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190e9e: 48 85 db test %rbx,%rbx > ffffffff81190ea1: 0f 84 14 08 00 00 je ffffffff811916bb <console_unlock+0x917> > if ((con->flags & CON_ENABLED) && > ffffffff81190ea7: e8 c5 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190eac: 48 8d 7b 40 lea 0x40(%rbx),%rdi > ffffffff81190eb0: e8 bd 51 1f 00 callq ffffffff81386072 <__asan_load2> > ffffffff81190eb5: 8b 43 40 mov 0x40(%rbx),%eax > ffffffff81190eb8: 83 e0 14 and $0x14,%eax > ffffffff81190ebb: 66 83 f8 14 cmp $0x14,%ax > ffffffff81190ebf: 0f 84 6b 01 00 00 je ffffffff81191030 <console_unlock+0x28c> > */ > static int have_callable_console(void) > { > struct console *con; > > for_each_console(con) > ffffffff81190ec5: e8 a7 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190eca: 48 8d 7b 50 lea 0x50(%rbx),%rdi > ffffffff81190ece: e8 89 53 1f 00 callq ffffffff8138625c <__asan_load8> > ffffffff81190ed3: 48 8b 5b 50 mov 0x50(%rbx),%rbx > ffffffff81190ed7: eb c0 jmp ffffffff81190e99 <console_unlock+0xf5> > ffffffff81190ed9: e8 93 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190ede: 65 8b 05 43 22 e8 7e mov %gs:0x7ee82243(%rip),%eax # 13128 <cpu_number> > ffffffff81190ee5: 89 c0 mov %eax,%eax > ffffffff81190ee7: 49 0f a3 06 bt %rax,(%r14) > ffffffff81190eeb: 0f 82 6c 04 00 00 jb ffffffff8119135d <console_unlock+0x5b9> > { > struct console *con; > > trace_console_rcuidle(text, len); > > if (!console_drivers) > ffffffff81190ef1: e8 7b 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190ef6: 48 8b 1d a3 c2 14 03 mov 0x314c2a3(%rip),%rbx # ffffffff842dd1a0 <console_drivers> > ffffffff81190efd: 48 85 db test %rbx,%rbx > ffffffff81190f00: 0f 85 5c 05 00 00 jne ffffffff81191462 <console_unlock+0x6be> > ffffffff81190f06: 48 8d 9d 18 ff ff ff lea -0xe8(%rbp),%rbx > ffffffff81190f0d: 4c 8d a5 58 ff ff ff lea -0xa8(%rbp),%r12 > */ > console_lock_spinning_enable(); > > stop_critical_timings(); /* don't trace print latency */ > call_console_drivers(ext_text, ext_len, text, len); > start_critical_timings(); > ffffffff81190f14: e8 58 81 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190f19: e8 18 a2 0c 00 callq ffffffff8125b136 <start_critical_timings> > ffffffff81190f1e: 48 89 df mov %rbx,%rdi > static int console_lock_spinning_disable_and_check(void) > { > int waiter; > > raw_spin_lock(&console_owner_lock); > waiter = READ_ONCE(console_waiter); > ffffffff81190f21: 49 89 df mov %rbx,%r15 > ffffffff81190f24: e8 04 51 1f 00 callq ffffffff8138602d <__asan_store1> > ffffffff81190f29: 4c 89 e7 mov %r12,%rdi /*** console_unlock+0x185/0x960 ***/ > ffffffff81190f2c: c6 85 18 ff ff ff 00 movb $0x0,-0xe8(%rbp) > ffffffff81190f33: 49 c1 ef 03 shr $0x3,%r15 > ffffffff81190f37: e8 f1 50 1f 00 callq ffffffff8138602d <__asan_store1> > */ > static int console_lock_spinning_disable_and_check(void) > { > int waiter; > > raw_spin_lock(&console_owner_lock); > ffffffff81190f3c: 48 c7 c7 e0 96 95 82 mov $0xffffffff829596e0,%rdi /*** ffffffff829596e0 d console_owner_lock ***/ > ffffffff81190f43: c6 85 58 ff ff ff 00 movb $0x0,-0xa8(%rbp) > ffffffff81190f4a: e8 9a bd da 00 callq ffffffff81f3cce9 <_raw_spin_lock> > waiter = READ_ONCE(console_waiter); > ffffffff81190f4f: 4c 03 bd e8 fe ff ff add -0x118(%rbp),%r15 > ffffffff81190f56: 8a 05 c4 bb 04 03 mov 0x304bbc4(%rip),%al # ffffffff841dcb20 <console_waiter> > ffffffff81190f5c: 48 89 df mov %rbx,%rdi > ffffffff81190f5f: 88 85 e0 fe ff ff mov %al,-0x120(%rbp) > ffffffff81190f65: 41 c6 07 01 movb $0x1,(%r15) > ffffffff81190f69: e8 bf 50 1f 00 callq ffffffff8138602d <__asan_store1> > ffffffff81190f6e: 8a 85 e0 fe ff ff mov -0x120(%rbp),%al > ffffffff81190f74: 48 89 df mov %rbx,%rdi > ffffffff81190f77: 88 85 18 ff ff ff mov %al,-0xe8(%rbp) > ffffffff81190f7d: e8 69 50 1f 00 callq ffffffff81385feb <__asan_load1> > ffffffff81190f82: 8a 85 18 ff ff ff mov -0xe8(%rbp),%al > console_owner = NULL; > raw_spin_unlock(&console_owner_lock); > ffffffff81190f88: 48 c7 c7 e0 96 95 82 mov $0xffffffff829596e0,%rdi > ffffffff81190f8f: 41 c6 07 f8 movb $0xf8,(%r15) > { > int waiter; > > raw_spin_lock(&console_owner_lock); > waiter = READ_ONCE(console_waiter); > console_owner = NULL; > ffffffff81190f93: 48 c7 05 c2 bb 04 03 movq $0x0,0x304bbc2(%rip) # ffffffff841dcb60 <console_owner> > ffffffff81190f9a: 00 00 00 00 > static int console_lock_spinning_disable_and_check(void) > { > int waiter; > > raw_spin_lock(&console_owner_lock); > waiter = READ_ONCE(console_waiter); > ffffffff81190f9e: 88 85 e0 fe ff ff mov %al,-0x120(%rbp) > console_owner = NULL; > raw_spin_unlock(&console_owner_lock); > ffffffff81190fa4: e8 9b bf da 00 callq ffffffff81f3cf44 <_raw_spin_unlock> > ffffffff81190fa9: 48 8b 9d f0 fe ff ff mov -0x110(%rbp),%rbx > > if (!waiter) { > ffffffff81190fb0: 8a 85 e0 fe ff ff mov -0x120(%rbp),%al > ffffffff81190fb6: 81 e3 00 02 00 00 and $0x200,%ebx > ffffffff81190fbc: 84 c0 test %al,%al > ffffffff81190fbe: 0f 85 54 05 00 00 jne ffffffff81191518 <console_unlock+0x774> > spin_release(&console_owner_dep_map, 1, _THIS_IP_); > ffffffff81190fc4: e8 a8 80 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190fc9: 48 c7 c2 c4 0f 19 81 mov $0xffffffff81190fc4,%rdx > ffffffff81190fd0: be 01 00 00 00 mov $0x1,%esi > ffffffff81190fd5: 48 c7 c7 60 97 95 82 mov $0xffffffff82959760,%rdi > ffffffff81190fdc: e8 0d 19 fe ff callq ffffffff811728ee <lock_release> > if (console_lock_spinning_disable_and_check()) { > printk_safe_exit_irqrestore(flags); > return; > } > > printk_safe_exit_irqrestore(flags); > ffffffff81190fe1: e8 82 2d 00 00 callq ffffffff81193d68 <__printk_safe_exit> > ffffffff81190fe6: 48 85 db test %rbx,%rbx > ffffffff81190fe9: 0f 85 d6 05 00 00 jne ffffffff811915c5 <console_unlock+0x821> > ffffffff81190fef: e8 7d 80 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81190ff4: 48 8b bd f0 fe ff ff mov -0x110(%rbp),%rdi > ffffffff81190ffb: e8 48 ca ff ff callq ffffffff8118da48 <arch_local_irq_restore> > ffffffff81191000: e8 42 9f fd ff callq ffffffff8116af47 <trace_hardirqs_off> > > if (do_cond_resched) > ffffffff81191005: e8 67 80 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff8119100a: 83 bd cc fe ff ff 00 cmpl $0x0,-0x134(%rbp) > ffffffff81191011: 74 1d je ffffffff81191030 <console_unlock+0x28c> > cond_resched(); > ffffffff81191013: e8 59 80 08 00 callq ffffffff81219071 <__sanitizer_cov_trace_pc> > ffffffff81191018: 31 d2 xor %edx,%edx > ffffffff8119101a: be 5a 09 00 00 mov $0x95a,%esi > ffffffff8119101f: 48 c7 c7 00 65 07 82 mov $0xffffffff82076500,%rdi > ffffffff81191026: e8 91 77 fa ff callq ffffffff811387bc <___might_sleep> > ffffffff8119102b: e8 43 66 da 00 callq ffffffff81f37673 <_cond_resched> > > > > Forwarded by penguin-kernel(a)i-love.sakura.ne.jp > ----------------------- Original Message ----------------------- > From: Tetsuo Handa <penguin-kernel(a)i-love.sakura.ne.jp> > To: Petr Mladek <pmladek(a)suse.com> > Cc: kernel test robot <shun.hao(a)intel.com>, Cong Wang <xiyou.wangcong(a)gmail.com>, Dave Hansen <dave.hansen(a)intel.com>, Johannes Weiner <hannes(a)cmpxchg.org>, Mel Gorman <mgorman(a)suse.de>, Michal Hocko <mhocko(a)kernel.org>, Vlastimil Babka <vbabka(a)suse.cz>, Peter Zijlstra <peterz(a)infradead.org>, Linus Torvalds <torvalds(a)linux-foundation.org>, Jan Kara <jack(a)suse.cz>, Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>, Byungchul Park <byungchul.park(a)lge.com>, Tejun Heo <tj(a)kernel.org>, Pavel Machek <pavel(a)ucw.cz>, Steven Rostedt <rostedt(a)goodmis.org>, Sergey Senozhatsky <sergey.senozhatsky(a)gmail.com>, LKML <linux-kernel(a)vger.kernel.org>, lkp(a)01.org > Date: Thu, 01 Mar 2018 12:26:15 +0900 > Subject: Re: [lkp-robot] [printk] c162d5b433: BUG:KASAN:use-after-scope_in_c > ---- > > Tetsuo Handa wrote: >> Petr Mladek wrote: >> > I am really curious what code is proceed on the line >> > console_unlock+0x185/0x960. >> >> I can reproduce this warning with VMware environment. >> Something is happening inside __asan_store1() before calling raw_spin_lock(&console_owner_lock) ? >> > > Interesting thing is that as of commit 97ace515f01439d4 on linux.git, there is no > such __asan_store1() before calling raw_spin_lock(&console_owner_lock) and hence > cannot reproduce this warning. Maybe a KASAN bug as of commit c162d5b4338d72de ? > > > > ffffffff8115d3a1 <console_unlock>: > * If there is output waiting, we wake /dev/kmsg and syslog() users. > * > * console_unlock(); may be called from any context. > */ > void console_unlock(void) > { > ffffffff8115d3a1: e8 5a 44 ca 00 callq ffffffff81e01800 <__fentry__> > ffffffff8115d3a6: 41 57 push %r15 > ffffffff8115d3a8: 41 56 push %r14 > ffffffff8115d3aa: 41 55 push %r13 > ffffffff8115d3ac: 41 54 push %r12 > ffffffff8115d3ae: 55 push %rbp > ffffffff8115d3af: 53 push %rbx > ffffffff8115d3b0: 48 83 ec 28 sub $0x28,%rsp > static u64 seen_seq; > unsigned long flags; > bool wake_klogd = false; > bool do_cond_resched, retry; > > if (console_suspended) { > ffffffff8115d3b4: e8 6e e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d3b9: 83 3d 60 e1 34 03 00 cmpl $0x0,0x334e160(%rip) # ffffffff844ab520 <console_suspended> > ffffffff8115d3c0: 74 0a je ffffffff8115d3cc <console_unlock+0x2b> > up_console_sem(); > ffffffff8115d3c2: e8 60 e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d3c7: e9 4d 07 00 00 jmpq ffffffff8115db19 <console_unlock+0x778> > * > * console_trylock() is not able to detect the preemptive > * context reliably. Therefore the value must be stored before > * and cleared after the the "again" goto label. > */ > do_cond_resched = console_may_schedule; > ffffffff8115d3cc: e8 56 e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d3d1: 8b 05 69 df 34 03 mov 0x334df69(%rip),%eax # ffffffff844ab340 <console_may_schedule> > { > static char ext_text[CONSOLE_EXT_LOG_MAX]; > static char text[LOG_LINE_MAX + PREFIX_MAX]; > static u64 seen_seq; > unsigned long flags; > bool wake_klogd = false; > ffffffff8115d3d7: 45 31 f6 xor %r14d,%r14d > > static __always_inline bool variable_test_bit(long nr, volatile const unsigned long *addr) > { > bool oldbit; > > asm volatile("bt %2,%1" > ffffffff8115d3da: 49 c7 c5 e8 92 01 83 mov $0xffffffff830192e8,%r13 > * > * console_trylock() is not able to detect the preemptive > * context reliably. Therefore the value must be stored before > * and cleared after the the "again" goto label. > */ > do_cond_resched = console_may_schedule; > ffffffff8115d3e1: 89 44 24 18 mov %eax,0x18(%rsp) > again: > console_may_schedule = 0; > ffffffff8115d3e5: e8 3d e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > * unless they're explicitly marked as being able to cope (CON_ANYTIME) don't > * call them until this CPU is officially up. > */ > static inline int can_use_console(void) > { > return cpu_online(raw_smp_processor_id()) || have_callable_console(); > ffffffff8115d3ea: 65 8b 05 3f ad eb 7e mov %gs:0x7eebad3f(%rip),%eax # 18130 <cpu_number> > * context reliably. Therefore the value must be stored before > * and cleared after the the "again" goto label. > */ > do_cond_resched = console_may_schedule; > again: > console_may_schedule = 0; > ffffffff8115d3f1: c7 05 45 df 34 03 00 movl $0x0,0x334df45(%rip) # ffffffff844ab340 <console_may_schedule> > ffffffff8115d3f8: 00 00 00 > * > * Returns 1 if @cpu is set in @cpumask, else returns 0 > */ > static inline int cpumask_test_cpu(int cpu, const struct cpumask *cpumask) > { > return test_bit(cpumask_check(cpu), cpumask_bits((cpumask))); > ffffffff8115d3fb: 89 c0 mov %eax,%eax > ffffffff8115d3fd: 49 0f a3 45 00 bt %rax,0x0(%r13) > * unless they're explicitly marked as being able to cope (CON_ANYTIME) don't > * call them until this CPU is officially up. > */ > static inline int can_use_console(void) > { > return cpu_online(raw_smp_processor_id()) || have_callable_console(); > ffffffff8115d402: 0f 82 26 01 00 00 jb ffffffff8115d52e <console_unlock+0x18d> > */ > static int have_callable_console(void) > { > struct console *con; > > for_each_console(con) > ffffffff8115d408: e8 1a e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d40d: 48 8b 1d cc e1 34 03 mov 0x334e1cc(%rip),%rbx # ffffffff844ab5e0 <console_drivers> > ffffffff8115d414: e8 0e e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d419: 48 85 db test %rbx,%rbx > ffffffff8115d41c: 0f 84 e8 06 00 00 je ffffffff8115db0a <console_unlock+0x769> > if ((con->flags & CON_ENABLED) && > ffffffff8115d422: e8 00 e6 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d427: 48 8d 7b 40 lea 0x40(%rbx),%rdi > ffffffff8115d42b: e8 4c 1c 1a 00 callq ffffffff812ff07c <__asan_load2> > ffffffff8115d430: 8b 43 40 mov 0x40(%rbx),%eax > ffffffff8115d433: 83 e0 14 and $0x14,%eax > ffffffff8115d436: 66 83 f8 14 cmp $0x14,%ax > ffffffff8115d43a: 0f 84 ee 00 00 00 je ffffffff8115d52e <console_unlock+0x18d> > */ > static int have_callable_console(void) > { > struct console *con; > > for_each_console(con) > ffffffff8115d440: e8 e2 e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d445: 48 8d 7b 50 lea 0x50(%rbx),%rdi > ffffffff8115d449: e8 18 1e 1a 00 callq ffffffff812ff266 <__asan_load8> > ffffffff8115d44e: 48 8b 5b 50 mov 0x50(%rbx),%rbx > ffffffff8115d452: eb c0 jmp ffffffff8115d414 <console_unlock+0x73> > ffffffff8115d454: e8 ce e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d459: 65 8b 05 d0 ac eb 7e mov %gs:0x7eebacd0(%rip),%eax # 18130 <cpu_number> > ffffffff8115d460: 89 c0 mov %eax,%eax > ffffffff8115d462: 49 0f a3 45 00 bt %rax,0x0(%r13) > ffffffff8115d467: 0f 82 b1 03 00 00 jb ffffffff8115d81e <console_unlock+0x47d> > { > struct console *con; > > trace_console_rcuidle(text, len); > > if (!console_drivers) > ffffffff8115d46d: e8 b5 e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d472: 48 8b 1d 67 e1 34 03 mov 0x334e167(%rip),%rbx # ffffffff844ab5e0 <console_drivers> > ffffffff8115d479: 48 85 db test %rbx,%rbx > ffffffff8115d47c: 0f 85 63 04 00 00 jne ffffffff8115d8e5 <console_unlock+0x544> > */ > console_lock_spinning_enable(); > > stop_critical_timings(); /* don't trace print latency */ > call_console_drivers(ext_text, ext_len, text, len); > start_critical_timings(); > ffffffff8115d482: e8 a0 e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d487: e8 ce 49 0a 00 callq ffffffff81201e5a <start_critical_timings> > */ > static int console_lock_spinning_disable_and_check(void) > { > int waiter; > > raw_spin_lock(&console_owner_lock); > ffffffff8115d48c: 48 c7 c7 00 38 b5 82 mov $0xffffffff82b53800,%rdi /*** ffffffff82b53800 d console_owner_lock ***/ > ffffffff8115d493: 48 89 eb mov %rbp,%rbx > ffffffff8115d496: e8 5e b3 bf 00 callq ffffffff81d587f9 <_raw_spin_lock> > ffffffff8115d49b: 44 8a 25 7e da 24 03 mov 0x324da7e(%rip),%r12b # ffffffff843aaf20 <console_waiter> > waiter = READ_ONCE(console_waiter); > console_owner = NULL; > raw_spin_unlock(&console_owner_lock); > ffffffff8115d4a2: 48 c7 c7 00 38 b5 82 mov $0xffffffff82b53800,%rdi > { > int waiter; > > raw_spin_lock(&console_owner_lock); > waiter = READ_ONCE(console_waiter); > console_owner = NULL; > ffffffff8115d4a9: 48 c7 05 ac da 24 03 movq $0x0,0x324daac(%rip) # ffffffff843aaf60 <console_owner> > ffffffff8115d4b0: 00 00 00 00 > ffffffff8115d4b4: 81 e3 00 02 00 00 and $0x200,%ebx > raw_spin_unlock(&console_owner_lock); > ffffffff8115d4ba: e8 95 b5 bf 00 callq ffffffff81d58a54 <_raw_spin_unlock> > > if (!waiter) { > ffffffff8115d4bf: 45 84 e4 test %r12b,%r12b > ffffffff8115d4c2: 0f 85 cf 04 00 00 jne ffffffff8115d997 <console_unlock+0x5f6> > spin_release(&console_owner_dep_map, 1, _THIS_IP_); > ffffffff8115d4c8: e8 5a e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d4cd: 48 c7 c2 c8 d4 15 81 mov $0xffffffff8115d4c8,%rdx > ffffffff8115d4d4: be 01 00 00 00 mov $0x1,%esi > ffffffff8115d4d9: 48 c7 c7 80 38 b5 82 mov $0xffffffff82b53880,%rdi > ffffffff8115d4e0: e8 97 82 fe ff callq ffffffff8114577c <lock_release> > if (console_lock_spinning_disable_and_check()) { > printk_safe_exit_irqrestore(flags); > return; > } > > printk_safe_exit_irqrestore(flags); > ffffffff8115d4e5: e8 f3 25 00 00 callq ffffffff8115fadd <__printk_safe_exit> > ffffffff8115d4ea: 48 85 db test %rbx,%rbx > ffffffff8115d4ed: 0f 85 22 05 00 00 jne ffffffff8115da15 <console_unlock+0x674> > ffffffff8115d4f3: e8 2f e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d4f8: 48 89 ef mov %rbp,%rdi > ffffffff8115d4fb: e8 f4 cf ff ff callq ffffffff8115a4f4 <arch_local_irq_restore> > ffffffff8115d500: e8 94 25 fe ff callq ffffffff8113fa99 <trace_hardirqs_off> > > if (do_cond_resched) > ffffffff8115d505: e8 1d e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d50a: 83 7c 24 18 00 cmpl $0x0,0x18(%rsp) > ffffffff8115d50f: 74 1d je ffffffff8115d52e <console_unlock+0x18d> > cond_resched(); > ffffffff8115d511: e8 11 e5 06 00 callq ffffffff811cba27 <__sanitizer_cov_trace_pc> > ffffffff8115d516: 31 d2 xor %edx,%edx > ffffffff8115d518: be 66 09 00 00 mov $0x966,%esi > ffffffff8115d51d: 48 c7 c7 20 85 27 82 mov $0xffffffff82278520,%rdi > ffffffff8115d524: e8 24 8b fb ff callq ffffffff8111604d <___might_sleep> > ffffffff8115d529: e8 ad 68 bf 00 callq ffffffff81d53ddb <_cond_resched> +Ard, Kees This is a problem with GCC_PLUGIN_STRUCTLEAK_BYREF_ALL. It inserts an initializing write for __u used in READ_ONCE outside of live scope of the variable. Below "movb $0x1,0x0(%r13)" and "movb $0xf8,0x0(%r13)" denote live scope of the variable __u (the 0xf8 that appears in the KASAN report). But the initializing store at ffffffff811a5f84 (and the corresponding KASAN check) are outside of that scope, which causes the KASAN report. ffffffff811a5f61: 49 8d 9f 40 ff ff ff lea -0xc0(%r15),%rbx ffffffff811a5f68: 4d 8d 67 80 lea -0x80(%r15),%r12 kernel/printk/printk.c:1600 waiter = READ_ONCE(console_waiter); ffffffff811a5f79: 49 89 dd mov %rbx,%r13 ffffffff811a5f7c: e8 d3 4e 21 00 callq ffffffff813bae54 <__asan_store1> ffffffff811a5f81: 4c 89 e7 mov %r12,%rdi ffffffff811a5f84: 41 c6 87 40 ff ff ff movb $0x0,-0xc0(%r15) ffffffff811a5f8b: 00 ffffffff811a5f8c: 49 c1 ed 03 shr $0x3,%r13 ffffffff811a5f90: e8 bf 4e 21 00 callq ffffffff813bae54 <__asan_store1> kernel/printk/printk.c:1599 raw_spin_lock(&console_owner_lock); ffffffff811a5f95: 48 c7 c7 e0 90 b5 82 mov $0xffffffff82b590e0,%rdi ffffffff811a5f9c: 41 c6 47 80 00 movb $0x0,-0x80(%r15) ffffffff811a5fa1: e8 92 a9 e7 00 callq ffffffff82020938 <_raw_spin_lock> kernel/printk/printk.c:1600 waiter = READ_ONCE(console_waiter); ffffffff811a5fa6: 4c 03 ad e8 fe ff ff add -0x118(%rbp),%r13 __read_once_size(): ./include/linux/compiler.h:178 }) static __always_inline void __read_once_size(const volatile void *p, void *res, int size) { __READ_ONCE_SIZE; ffffffff811a5fad: 44 8a 35 2c 7b e6 02 mov 0x2e67b2c(%rip),%r14b # ffffffff8400dae0 <console_waiter> ffffffff811a5fb4: 48 89 df mov %rbx,%rdi console_lock_spinning_disable_and_check(): kernel/printk/printk.c:1600 ffffffff811a5fb7: 41 c6 45 00 01 movb $0x1,0x0(%r13) __read_once_size(): ./include/linux/compiler.h:178 ffffffff811a5fbc: e8 93 4e 21 00 callq ffffffff813bae54 <__asan_store1> console_lock_spinning_disable_and_check(): kernel/printk/printk.c:1600 ffffffff811a5fc1: 48 89 df mov %rbx,%rdi __read_once_size(): ./include/linux/compiler.h:178 ffffffff811a5fc4: 45 88 b7 40 ff ff ff mov %r14b,-0xc0(%r15) console_lock_spinning_disable_and_check(): kernel/printk/printk.c:1600 ffffffff811a5fcb: e8 3d 4e 21 00 callq ffffffff813bae0d <__asan_load1> ffffffff811a5fd0: 45 8a b7 40 ff ff ff mov -0xc0(%r15),%r14b kernel/printk/printk.c:1602 raw_spin_unlock(&console_owner_lock); ffffffff811a5fd7: 48 c7 c7 e0 90 b5 82 mov $0xffffffff82b590e0,%rdi ffffffff811a5fde: 41 c6 45 00 f8 movb $0xf8,0x0(%r13) kernel/printk/printk.c:1601 console_owner = NULL; ffffffff811a5fe3: 48 c7 05 32 7b e6 02 movq $0x0,0x2e67b32(%rip) # ffffffff8400db20 <console_owner> ffffffff811a5fea: 00 00 00 00 kernel/printk/printk.c:1602 raw_spin_unlock(&console_owner_lock); ffffffff811a5fee: e8 d1 ab e7 00 callq ffffffff82020bc4 <_raw_spin_unlock> We either need to fix GCC_PLUGIN_STRUCTLEAK_BYREF_ALL (and probably GCC_PLUGIN_STRUCTLEAK) to insert initialization at proper places or run before KASAN instrumentation (though, since the initializing stores are instrumented, it already runs partially before KASAN), or declare GCC_PLUGIN_STRUCTLEAK incompatible with KASAN (it's not the first time we debug this).

4 years, 2 months

3
2
0 / 0

[lkp-robot] [bisect done] cee56fc43f [ 9.734901] BUG: unable to handle kernel NULL pointer dereference at 0000005c

by kernel test robot

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is https://github.com/bbrezillon/linux-0day mraynal/nand-scan commit cee56fc43fb48d9301e5854f8bdcae8161fb212c Author: Miquel Raynal <miquel.raynal(a)bootlin.com> AuthorDate: Sun Feb 25 12:12:28 2018 +0100 Commit: Miquel Raynal <miquel.raynal(a)bootlin.com> CommitDate: Sun Feb 25 22:40:01 2018 +0100 mtd: rawnand: convert nandsim driver to nand_scan() Two helpers have been added to the core to make ECC-related configuration between the detection phase and the final NAND scan. Use these hooks and convert the driver to just use nand_scan() instead of both nand_scan_ident() and nand_scan_tail(). Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> 19dde88b6e mtd: rawnand: convert mxc_nand driver to nand_scan() cee56fc43f mtd: rawnand: convert nandsim driver to nand_scan() 1b343794d3 mtd: rawnand: do not export nand_scan_[ident|tail]() anymore +------------------------------------------+------------+------------+------------+ | | 19dde88b6e | cee56fc43f | 1b343794d3 | +------------------------------------------+------------+------------+------------+ | boot_successes | 36 | 0 | 0 | | boot_failures | 0 | 26 | 13 | | BUG:unable_to_handle_kernel | 0 | 26 | 13 | | Oops:#[##] | 0 | 26 | 13 | | EIP:ns_init_module | 0 | 26 | 13 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 26 | 13 | +------------------------------------------+------------+------------+------------+ [ 9.697418] mtdoops: mtd device (mtddev=name/number) must be supplied [ 9.698231] L440GX flash mapping: failed to find PIIX4 ISA bridge, cannot continue [ 9.699255] platform physmap-flash.0: failed to claim resource 0: [mem 0x08000000-0x07ffffff] [ 9.700263] SBC-GXx flash: IO:0x258-0x259 MEM:0xdc000-0xdffff [ 9.734215] No valid DiskOnChip devices found [ 9.734901] BUG: unable to handle kernel NULL pointer dereference at 0000005c [ 9.735018] IP: ns_init_module+0x9ab/0x1d1f [ 9.735018] *pdpt = 0000000000000000 *pde = f000ff53f000ff53 [ 9.735018] Oops: 0002 [#1] [ 9.735018] CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1-00059-gcee56fc #527 [ 9.735018] EIP: ns_init_module+0x9ab/0x1d1f [ 9.735018] EFLAGS: 00210246 CPU: 0 [ 9.735018] EAX: 00000000 EBX: 0dbad7dd ECX: cd550008 EDX: 00000001 [ 9.735018] ESI: ee4fa98a EDI: 00000000 EBP: cf4cbf28 ESP: cf4cbef0 [ 9.735018] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 [ 9.735018] CR0: 80050033 CR2: 0000005c CR3: 029b7000 CR4: 001406f0 [ 9.735018] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 9.735018] DR6: fffe0ff0 DR7: 00000400 [ 9.735018] Call Trace: [ 9.735018] ? add_device_randomness+0x2d1/0x331 [ 9.735018] ? get_partition_name+0x56/0x56 [ 9.735018] ? do_one_initcall+0x138/0x34a [ 9.735018] ? parse_args+0x398/0x57c [ 9.735018] ? kernel_init_freeable+0x254/0x42d [ 9.735018] ? kernel_init_freeable+0x284/0x42d [ 9.735018] ? rest_init+0x241/0x241 [ 9.735018] ? kernel_init+0x1b/0x23a [ 9.735018] ? ret_from_fork+0x2e/0x38 [ 9.735018] Code: 0b 81 ee 11 aa c9 14 e9 87 12 00 00 8b 45 e8 c1 ce 02 ba 01 00 00 00 83 05 b0 be 55 c3 01 8b 80 88 05 00 00 83 15 b4 be 55 c3 00 <c7> 40 5c 5a 1c 7b c1 a1 10 c0 55 c3 e8 37 97 ea fe 85 c0 89 45 [ 9.735018] EIP: ns_init_module+0x9ab/0x1d1f SS:ESP: 0068:cf4cbef0 [ 9.735018] CR2: 000000000000005c [ 9.735018] ---[ end trace 63f708b002728ac1 ]--- [ 9.735018] Kernel panic - not syncing: Fatal exception # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD git bisect start 1b343794d3239889441b4053416fefe9b1d79d7d 4da712e702941daa849ccd7fbcaa677dce7855b2 -- git bisect good 9f59747b68478467960976fa32cbecf15caf0813 # 19:51 G 11 0 0 1 mtd: rawnand: convert jz4780_nand driver to nand_scan() git bisect bad 12e572832c7a9941f12a02977b474ad385c809de # 20:00 B 0 11 47 11 mtd: rawnand: move all NAND chip related setup in one function git bisect good 19dde88b6e46811204d432f8b73c2dc0674dea33 # 20:05 G 11 0 1 1 mtd: rawnand: convert mxc_nand driver to nand_scan() git bisect bad 20ae8399060a48d82b17d96227ade09cfd68e934 # 20:10 B 0 11 32 8 mtd: rawnand: convert omap2 driver to nand_scan() git bisect bad cee56fc43fb48d9301e5854f8bdcae8161fb212c # 20:17 B 0 11 49 11 mtd: rawnand: convert nandsim driver to nand_scan() # first bad commit: [cee56fc43fb48d9301e5854f8bdcae8161fb212c] mtd: rawnand: convert nandsim driver to nand_scan() git bisect good 19dde88b6e46811204d432f8b73c2dc0674dea33 # 20:21 G 30 0 0 1 mtd: rawnand: convert mxc_nand driver to nand_scan() # extra tests with debug options git bisect bad cee56fc43fb48d9301e5854f8bdcae8161fb212c # 20:26 B 0 11 24 0 mtd: rawnand: convert nandsim driver to nand_scan() # extra tests on HEAD of bbrezillon-0day/mraynal/nand-scan git bisect bad 1b343794d3239889441b4053416fefe9b1d79d7d # 20:26 B 0 13 29 0 mtd: rawnand: do not export nand_scan_[ident|tail]() anymore # extra tests on tree/branch bbrezillon-0day/mraynal/nand-scan git bisect bad 1b343794d3239889441b4053416fefe9b1d79d7d # 20:27 B 0 13 29 0 mtd: rawnand: do not export nand_scan_[ident|tail]() anymore # extra tests with first bad commit reverted --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

4 years, 2 months

1
0
0 / 0

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

LKP March 2018