search

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
Other
82 stars 5 forks source link

[kernel test robot] Kernel panic #73

Closed GustavoARSilva closed 4 years ago

GustavoARSilva commented 4 years ago

Kernel Test Robot reported the following issue(https://lists.01.org/hyperkitty/list/lkp@lists.01.org/thread/WYV5QXE2DR75HXTCAZ7YYMYZFD3IMGLJ/):

Greeting,

FYI, we noticed the following commit (built with gcc-7):

commit: 509c0326e04ff7096a9f3346bc9adcff9859e089 ("treewide: Replace one-element
array with flexible-array")
https://git.kernel.org/cgit/linux/kernel/git/gustavoars/linux.git testing/fam1

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):

If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen(a)intel.com&gt;

[    0.395752] ACPI: Interpreter enabled
[    0.396239] ACPI: (supports S0 S3 S4 S5)
[    0.396522] ACPI: Using IOAPIC for interrupt routing
[    0.397140] PCI: Using host bridge windows from ACPI; if necessary, use
"pci=nocrs" and report a bug
[    0.397643] ACPI: Enabled 2 GPEs in block 00 to 0F
[    0.398308] stack segment: 0000 [#1] SMP PTI
[    0.398518] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.7.0-rc3-00001-g509c0326e04ff
#1
[    0.398518] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1
04/01/2014
[    0.398518] RIP: 0010:__kmalloc_track_caller+0x98/0x270
[    0.398518] Code: 01 00 00 4d 8b 07 65 49 8b 50 08 65 4c 03 05 67 54 d7 7e 49 8b 28 48
85 ed 0f 84 9d 01 00 00 41 8b 47 20 4d 8b 07 48 8d 4a 01 <48> 8b 5c 05 00 48 89 e8
65 49 0f c7 08 0f 94 c0 84 c0 74 c5 41 8b
[    0.398518] RSP: 0000:ffffc90000013a38 EFLAGS: 00010206
[    0.398518] RAX: 0000000000000008 RBX: 0000000000000cc0 RCX: 0000000000000470
[    0.398518] RDX: 000000000000046f RSI: 0000000000000cc0 RDI: ffff88822a403a40
[    0.398518] RBP: 0035304130504e50 R08: 00000000000300c0 R09: 0000000000000000
[    0.398518] R10: 0000000000000000 R11: ffff88822a059438 R12: 0000000000000cc0
[    0.398518] R13: 000000000000000c R14: ffff88822a403a40 R15: ffff88822a403a40
[    0.398518] FS:  0000000000000000(0000) GS:ffff88823fc00000(0000)
knlGS:0000000000000000
[    0.398518] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.398518] CR2: 0000000000000000 CR3: 000000000260a000 CR4: 00000000000406f0
[    0.398518] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.398518] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    0.398518] Call Trace:
[    0.398518]  ? __kernfs_new_node+0x40/0x1e0
[    0.398518]  kstrdup+0x2d/0x60
[    0.398518]  __kernfs_new_node+0x40/0x1e0
[    0.398518]  ? kernfs_create_dir_ns+0x50/0x80
[    0.398518]  ? acpi_ns_lookup+0x81b/0x874
[    0.398518]  ? _cond_resched+0x19/0x30
[    0.398518]  ? kernfs_activate+0x63/0x80
[    0.398518]  kernfs_new_node+0x34/0x60
[    0.398518]  kernfs_create_link+0x35/0xb0
[    0.398518]  sysfs_do_create_link_sd+0x67/0xc0
[    0.398518]  bus_add_device+0x6e/0x150
[    0.398518]  device_add+0x38b/0x840
[    0.398518]  ? kmem_cache_alloc_trace+0x21e/0x230
[    0.398518]  acpi_device_add+0x1dc/0x3f0
[    0.398518]  ? acpi_free_pnp_ids+0x50/0x50
[    0.398518]  acpi_add_single_object+0x25c/0x6d0
[    0.398518]  ? acpi_ut_release_mutex+0x122/0x128
[    0.398518]  ? acpi_get_data_full+0x7e/0x90
[    0.398518]  ? rdinit_setup+0x2b/0x2b
[    0.398518]  acpi_bus_check_add+0xd2/0x260
[    0.398518]  ? acpi_ev_gpe_detect+0x140/0x152
[    0.398518]  ? acpi_sleep_proc_init+0x24/0x24
[    0.398518]  acpi_bus_scan+0x31/0x90
[    0.398518]  acpi_scan_init+0xec/0x232
[    0.398518]  ? acpi_sleep_proc_init+0x24/0x24
[    0.398518]  acpi_init+0x2f4/0x354
[    0.398518]  do_one_initcall+0x46/0x220
[    0.398518]  kernel_init_freeable+0x206/0x280
[    0.398518]  ? rest_init+0xd0/0xd0
[    0.398518]  kernel_init+0xa/0x110
[    0.398518]  ret_from_fork+0x35/0x40
[    0.398518] Modules linked in:
[    0.398532] ---[ end trace 2101f75645609710 ]---
[    0.399057] RIP: 0010:__kmalloc_track_caller+0x98/0x270
[    0.399522] Code: 01 00 00 4d 8b 07 65 49 8b 50 08 65 4c 03 05 67 54 d7 7e 49 8b 28 48
85 ed 0f 84 9d 01 00 00 41 8b 47 20 4d 8b 07 48 8d 4a 01 <48> 8b 5c 05 00 48 89 e8
65 49 0f c7 08 0f 94 c0 84 c0 74 c5 41 8b
[    0.400522] RSP: 0000:ffffc90000013a38 EFLAGS: 00010206
[    0.401096] RAX: 0000000000000008 RBX: 0000000000000cc0 RCX: 0000000000000470
[    0.401521] RDX: 000000000000046f RSI: 0000000000000cc0 RDI: ffff88822a403a40
[    0.402254] RBP: 0035304130504e50 R08: 00000000000300c0 R09: 0000000000000000
[    0.402520] R10: 0000000000000000 R11: ffff88822a059438 R12: 0000000000000cc0
[    0.403256] R13: 000000000000000c R14: ffff88822a403a40 R15: ffff88822a403a40
[    0.403522] FS:  0000000000000000(0000) GS:ffff88823fc00000(0000)
knlGS:0000000000000000
[    0.404423] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.404520] CR2: 0000000000000000 CR3: 000000000260a000 CR4: 00000000000406f0
[    0.405253] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.405520] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    0.406263] Kernel panic - not syncing: Fatal exception

Elapsed time: 60

qemu-img create -f qcow2 disk-vm-snb-ssd-55-0 256G
qemu-img create -f qcow2 disk-vm-snb-ssd-55-1 256G

To reproduce:

        # build kernel
    cd linux
    cp config-5.7.0-rc3-00001-g509c0326e04ff .config
    make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email

Thanks,
Rong Chen
GustavoARSilva commented 4 years ago

Apparently, this issue is triggered by the following changes:

diff --git a/include/acpi/actypes.h b/include/acpi/actypes.h
index 4defed58ea338..c7bcda0ad366a 100644
--- a/include/acpi/actypes.h
+++ b/include/acpi/actypes.h
@@ -1145,7 +1145,7 @@ struct acpi_pnp_device_id {
 struct acpi_pnp_device_id_list {
    u32 count;      /* Number of IDs in Ids array */
    u32 list_size;      /* Size of list, including ID strings */
-   struct acpi_pnp_device_id ids[1];   /* ID array */
+   struct acpi_pnp_device_id ids[];    /* ID array */
 };

 /*

I've removed this changes from the treewide patch[1], for now.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git/commit/?h=testing/fam1

GustavoARSilva commented 4 years ago

I've sent a patch for this:

https://lore.kernel.org/lkml/20200518222722.GA7791@embeddedor/

GustavoARSilva commented 4 years ago

The fix for this is already in mainline:

ACPICA: Replace one-element array with flexible-array