Re: [PATCH v3 07/24] gpio: protect the descriptor label with SRCU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hello,

kernel test robot noticed "canonical_address#:#[##]" on:

commit: 04cb69cd30bb05c127e2b86b31ee778100439d14 ("[PATCH v3 07/24] gpio: protect the descriptor label with SRCU")
url: https://github.com/intel-lab-lkp/linux/commits/Bartosz-Golaszewski/gpio-protect-the-list-of-GPIO-devices-with-SRCU/20240208-180822
base: https://git.kernel.org/cgit/linux/kernel/git/brgl/linux.git gpio/for-next
patch link: https://lore.kernel.org/all/20240208095920.8035-8-brgl@xxxxxxxx/
patch subject: [PATCH v3 07/24] gpio: protect the descriptor label with SRCU

in testcase: boot

compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+----------------------------------------------------------------------------------+------------+------------+
|                                                                                  | 47b87115af | 04cb69cd30 |
+----------------------------------------------------------------------------------+------------+------------+
| canonical_address#:#[##]                                                         | 0          | 9          |
| RIP:check_init_srcu_struct                                                       | 0          | 9          |
| Kernel_panic-not_syncing:Fatal_exception                                         | 0          | 9          |
+----------------------------------------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202402122228.e607a080-lkp@xxxxxxxxx



[   53.381777][    T1] gpiochip_find_base_unlocked: found new base at 512
[   53.383799][    T1] general protection fault, probably for non-canonical address 0xdffffc000000002f: 0000 [#1] PREEMPT KASAN PTI
[   53.384902][    T1] KASAN: null-ptr-deref in range [0x0000000000000178-0x000000000000017f]
[   53.384902][    T1] CPU: 0 PID: 1 Comm: swapper Tainted: G                 N 6.8.0-rc1-00035-g04cb69cd30bb #1
[ 53.384902][ T1] RIP: 0010:check_init_srcu_struct (kernel/rcu/srcutree.c:408) 
[ 53.384902][ T1] Code: 53 48 89 fb 80 3c 02 00 0f 85 fe 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 38 48 8d bd 78 01 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ce 00 00 00 48 8b 85 78 01 00 00 a8 03 75 0b 5b
All code
========
   0:	53                   	push   %rbx
   1:	48 89 fb             	mov    %rdi,%rbx
   4:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   8:	0f 85 fe 00 00 00    	jne    0x10c
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df 
  18:	48 8b 6b 38          	mov    0x38(%rbx),%rbp
  1c:	48 8d bd 78 01 00 00 	lea    0x178(%rbp),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
  2a:*	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)		<-- trapping instruction
  2e:	0f 85 ce 00 00 00    	jne    0x102
  34:	48 8b 85 78 01 00 00 	mov    0x178(%rbp),%rax
  3b:	a8 03                	test   $0x3,%al
  3d:	75 0b                	jne    0x4a
  3f:	5b                   	pop    %rbx

Code starting with the faulting instruction
===========================================
   0:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   4:	0f 85 ce 00 00 00    	jne    0xd8
   a:	48 8b 85 78 01 00 00 	mov    0x178(%rbp),%rax
  11:	a8 03                	test   $0x3,%al
  13:	75 0b                	jne    0x20
  15:	5b                   	pop    %rbx
[   53.384902][    T1] RSP: 0018:ffff888103e67730 EFLAGS: 00010202
[   53.384902][    T1] RAX: dffffc0000000000 RBX: ffff88810a65f8f8 RCX: 0000000000000000
[   53.384902][    T1] RDX: 000000000000002f RSI: ffff888168ad7b40 RDI: 0000000000000178
[   53.384902][    T1] RBP: 0000000000000000 R08: 692d422d656e696c R09: 007475706e692d42
[   53.384902][    T1] R10: ffff888103e67768 R11: ffffffff8190f8d4 R12: ffff88810a65f930
[   53.384902][    T1] R13: 0000000000000000 R14: ffff88810a65f8d8 R15: 0000000000000000
[   53.384902][    T1] FS:  0000000000000000(0000) GS:ffffffff84cd1000(0000) knlGS:0000000000000000
[   53.384902][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.384902][    T1] CR2: 00007fb8169d96f4 CR3: 0000000004cac000 CR4: 00000000000406b0
[   53.384902][    T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.384902][    T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.384902][    T1] Call Trace:
[   53.384902][    T1]  <TASK>
[ 53.384902][ T1] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) 
[ 53.384902][ T1] ? exc_general_protection (arch/x86/kernel/traps.c:701 arch/x86/kernel/traps.c:643) 
[ 53.384902][ T1] ? asm_exc_general_protection (arch/x86/include/asm/idtentry.h:564) 
[ 53.384902][ T1] ? kasan_save_track (arch/x86/include/asm/current.h:42 mm/kasan/common.c:60 mm/kasan/common.c:70) 
[ 53.384902][ T1] ? check_init_srcu_struct (kernel/rcu/srcutree.c:408) 
[ 53.384902][ T1] synchronize_srcu (kernel/rcu/srcutree.c:1167 kernel/rcu/srcutree.c:1458) 
[ 53.384902][ T1] ? kstrdup (mm/util.c:62) 
[ 53.384902][ T1] gpiod_request_commit (drivers/gpio/gpiolib.c:134 drivers/gpio/gpiolib.c:2275) 
[ 53.384902][ T1] gpiochip_request_own_desc (drivers/gpio/gpiolib.c:2484) 
[ 53.384902][ T1] gpiod_hog (drivers/gpio/gpiolib.c:4474) 
[ 53.384902][ T1] ? of_find_property (drivers/of/base.c:223) 
[ 53.384902][ T1] of_gpiochip_add_hog (drivers/gpio/gpiolib-of.c:799) 
[ 53.384902][ T1] ? __pfx_of_gpiochip_add_hog (drivers/gpio/gpiolib-of.c:785) 
[ 53.384902][ T1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:4360) 
[ 53.384902][ T1] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4423) 
[ 53.384902][ T1] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:103 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) 
[ 53.384902][ T1] of_gpiochip_add (drivers/gpio/gpiolib-of.c:828 drivers/gpio/gpiolib-of.c:1143) 
[ 53.384902][ T1] ? fwnode_property_read_int_array (drivers/base/property.c:268 (discriminator 5)) 
[ 53.384902][ T1] gpiochip_add_data_with_key (drivers/gpio/gpiolib.c:985) 
[ 53.384902][ T1] ? kasan_save_track (arch/x86/include/asm/current.h:42 mm/kasan/common.c:60 mm/kasan/common.c:70) 
[ 53.384902][ T1] unittest_gpio_probe (drivers/of/unittest.c:1886) 
[ 53.384902][ T1] platform_probe (drivers/base/platform.c:1404) 
[ 53.384902][ T1] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658) 
[ 53.384902][ T1] __driver_probe_device (drivers/base/dd.c:800) 
[ 53.384902][ T1] driver_probe_device (drivers/base/dd.c:830) 
[ 53.384902][ T1] __driver_attach (drivers/base/dd.c:1217) 
[ 53.384902][ T1] ? __pfx___driver_attach (drivers/base/dd.c:1157) 
[ 53.384902][ T1] bus_for_each_dev (drivers/base/bus.c:367) 
[ 53.384902][ T1] ? lockdep_init_map_type (kernel/locking/lockdep.c:4892) 
[ 53.384902][ T1] ? __pfx_bus_for_each_dev (drivers/base/bus.c:356) 
[ 53.384902][ T1] ? bus_add_driver (drivers/base/bus.c:672) 
[ 53.384902][ T1] bus_add_driver (drivers/base/bus.c:674) 
[ 53.384902][ T1] driver_register (drivers/base/driver.c:246) 
[ 53.384902][ T1] of_unittest_overlay_gpio (drivers/of/unittest.c:1969 (discriminator 4)) 
[ 53.384902][ T1] of_unittest_overlay (drivers/of/unittest.c:2189 drivers/of/unittest.c:3217) 
[ 53.384902][ T1] ? __pfx_of_unittest_overlay (drivers/of/unittest.c:3155) 
[ 53.384902][ T1] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:4360) 
[ 53.384902][ T1] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4423) 
[ 53.384902][ T1] of_unittest (drivers/of/unittest.c:4129) 
[ 53.384902][ T1] ? __pfx_of_unittest (drivers/of/unittest.c:4080) 
[ 53.384902][ T1] ? add_device_randomness (drivers/char/random.c:918) 
[ 53.384902][ T1] ? __pfx_of_unittest (drivers/of/unittest.c:4080) 
[ 53.384902][ T1] do_one_initcall (init/main.c:1236) 
[ 53.384902][ T1] ? __pfx_do_one_initcall (init/main.c:1227) 
[ 53.384902][ T1] do_initcalls (init/main.c:1297 init/main.c:1314) 
[ 53.384902][ T1] kernel_init_freeable (init/main.c:1555) 
[ 53.384902][ T1] ? __pfx_kernel_init (init/main.c:1433) 
[ 53.384902][ T1] kernel_init (init/main.c:1443) 
[ 53.384902][ T1] ? _raw_spin_unlock_irq (arch/x86/include/asm/preempt.h:103 include/linux/spinlock_api_smp.h:160 kernel/locking/spinlock.c:202) 
[ 53.384902][ T1] ret_from_fork (arch/x86/kernel/process.c:153) 
[ 53.384902][ T1] ? __pfx_kernel_init (init/main.c:1433) 
[ 53.384902][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:250) 
[   53.384902][    T1]  </TASK>
[   53.384902][    T1] Modules linked in:
[   53.485664][    T1] ---[ end trace 0000000000000000 ]---
[ 53.486974][ T1] RIP: 0010:check_init_srcu_struct (kernel/rcu/srcutree.c:408) 
[ 53.488507][ T1] Code: 53 48 89 fb 80 3c 02 00 0f 85 fe 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 38 48 8d bd 78 01 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ce 00 00 00 48 8b 85 78 01 00 00 a8 03 75 0b 5b
All code
========
   0:	53                   	push   %rbx
   1:	48 89 fb             	mov    %rdi,%rbx
   4:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   8:	0f 85 fe 00 00 00    	jne    0x10c
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df 
  18:	48 8b 6b 38          	mov    0x38(%rbx),%rbp
  1c:	48 8d bd 78 01 00 00 	lea    0x178(%rbp),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
  2a:*	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)		<-- trapping instruction
  2e:	0f 85 ce 00 00 00    	jne    0x102
  34:	48 8b 85 78 01 00 00 	mov    0x178(%rbp),%rax
  3b:	a8 03                	test   $0x3,%al
  3d:	75 0b                	jne    0x4a
  3f:	5b                   	pop    %rbx

Code starting with the faulting instruction
===========================================
   0:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   4:	0f 85 ce 00 00 00    	jne    0xd8
   a:	48 8b 85 78 01 00 00 	mov    0x178(%rbp),%rax
  11:	a8 03                	test   $0x3,%al
  13:	75 0b                	jne    0x20
  15:	5b                   	pop    %rbx


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240212/202402122228.e607a080-lkp@xxxxxxxxx



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
[Index of Archives]     [Linux SPI]     [Linux Kernel]     [Linux ARM (vger)]     [Linux ARM MSM]     [Linux Omap]     [Linux Arm]     [Linux Tegra]     [Fedora ARM]     [Linux for Samsung SOC]     [eCos]     [Linux Fastboot]     [Gcc Help]     [Git]     [DCCP]     [IETF Announce]     [Security]     [Linux MIPS]     [Yosemite Campsites]

  Powered by Linux