Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp1922801ybg;
        Thu, 24 Oct 2019 02:09:28 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzkAG2omvKjc1Vl/ws+t7TOTYeTWOtJpBkmM5dZ37hMsLNEDHIbgNpM5oqJ+/ObgL9N0UB4
X-Received: by 2002:aa7:d44d:: with SMTP id q13mr42778197edr.48.1571908168472;
        Thu, 24 Oct 2019 02:09:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1571908168; cv=none;
        d=google.com; s=arc-20160816;
        b=L5D2hSnuhKjt+LjcC+ytAMdGCmV5v4kSDHwwBVmgoqIcvJ7U00zqrhSsPJPvX1eJ7k
         +2mVA3BmmByf2XCmACk1d7I8Gegx4YYAewZnuRrDMJfeSq2EUv5HCgxnBJTij4Tbdv5u
         XRk20TItAiffzOGUKA5efiWZStsELc27Q4yf6M3BewQXmfPiSNDCTEpfluz6sWZG+H1o
         tNTeJYAPGDgwxcwAqvdu8PjCNR2hotA/RSihBcp/4wWLbek3bRcHJEEuunjalxrHfdYY
         aOCFEa7Ccfr4hXgPn4ZBBGrxeMeC+aamQg+rJzSY8nSA30OUMw2nidv0iKOUoJGBJMbq
         fndA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-language
         :content-transfer-encoding:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=FO1icP7++q1qCn8suzxihC3IELICMjjLnmnWE+fJqmU=;
        b=C43QrpbK1FKBksXGodhucceqY+VO0DhH4xqCiVV/Eu0ArLgdyuNl8mMfBrD3MS+pE3
         0MxjKLLJqPWhHCoCgOeM7Ux4iOTw+AG9IUuryg4YwRsfZsDgSVsrnoGIlN1R/WWn9+dD
         jwrLhHIjsuwRb7R5OkiZHJJqRjIgSZ22Gox24WPOELVKTgcpzqmHW1d+GBd0aLqEqBci
         hzY5ltZHBcw3eJD+bi0yo4Qbq5FEM/q/+znb/8n9BPeMJrTnkHUJ3LnXJrL5VsLske6y
         7wxxtmanyrJe3spukemFw8XZgNQR5zN7sFgtiUF9NmYKrm5L9N4QC0EtwGlMH1DMI7kl
         ++KQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@colorfullife-com.20150623.gappssmtp.com header.s=20150623 header.b=PjQQPBto;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j5si930123ejy.345.2019.10.24.02.09.03;
        Thu, 24 Oct 2019 02:09:28 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@colorfullife-com.20150623.gappssmtp.com header.s=20150623 header.b=PjQQPBto;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389144AbfJWS26 (ORCPT <rfc822;fezhang.suse@gmail.com>
        + 99 others); Wed, 23 Oct 2019 14:28:58 -0400
Received: from mail-wr1-f68.google.com ([209.85.221.68]:42107 "EHLO
        mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732810AbfJWS26 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Oct 2019 14:28:58 -0400
Received: by mail-wr1-f68.google.com with SMTP id r1so13389122wrs.9
        for <linux-kernel@vger.kernel.org>; Wed, 23 Oct 2019 11:28:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=colorfullife-com.20150623.gappssmtp.com; s=20150623;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-transfer-encoding:content-language;
        bh=FO1icP7++q1qCn8suzxihC3IELICMjjLnmnWE+fJqmU=;
        b=PjQQPBtoQxQl3GPqZTshvbiyW+woEGHqnpsjbQSUWAblEvf29P89Bxmv/GSr1kvoDV
         EiW+Z/zlBJdIKMgLHU5NBSTRv47eJCD7Usr+/jeSECvNmSCGvsg/wN3XWY6rbgw8POQ8
         HeWA09el0iZ8oBuDcwlA+c0hDypKGn3En2Nd6lVMEkGtidiW3iSKWwr0+7vHwakibLzW
         iM80EEeY7JrznpMdkIa7HZ6/4wP/PXOAP0Q/YJZyTXm+Y3rC2UZ7fshmBB4FQSFrcS8P
         vt80J80X2Mpw8g8w8XiYO8EkvJL8KBKqInhlucaeA941kzobper8AfmkAfAd3S6bl1p9
         Murw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding
         :content-language;
        bh=FO1icP7++q1qCn8suzxihC3IELICMjjLnmnWE+fJqmU=;
        b=aae86ZKHnSICD/EeWw8SaxJ8XYLyQ3LNc2FaFsX5ua+j0PhTqUR6uRxYwYrWPNLckp
         fjD+hcUXFxFhT4mdXXuL5g9L4ko5LQmidD1yEoyQM0gNjgxh3xQgj2bNw6BRW4vgDu7Q
         TFINTFA4hQ/HeAAMt2dvkywf2NVkYNvqtgDbJm56VRmeeKeQmf4xVqPWRi+IT/Gz2zOq
         Gmj4z9B5nIZjpTJONgtZMYUgUv2jaDCU+pkZQZPSRspzVu5xijJ7GFI5ocDhltOJn/k+
         5k6cvzLjC0ODIqm/IwqB1A3LZozIeWqUuHNYx9raadvig/mAmGHmG0pRsnhNgDjuNdtw
         HnGQ==
X-Gm-Message-State: APjAAAURyzOsz+WyqE20wwF8rTgqOzqJvKUjYnkD6upi7OnJrdAmdguQ
        YQLmVAg1aKXnhaji5aKOpxvUWg==
X-Received: by 2002:adf:c448:: with SMTP id a8mr92192wrg.233.1571855334570;
        Wed, 23 Oct 2019 11:28:54 -0700 (PDT)
Received: from linux.fritz.box (p200300D9970483001CF3BB0BE954CA02.dip0.t-ipconnect.de. [2003:d9:9704:8300:1cf3:bb0b:e954:ca02])
        by smtp.googlemail.com with ESMTPSA id r3sm38070268wre.29.2019.10.23.11.28.53
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 23 Oct 2019 11:28:53 -0700 (PDT)
Subject: Re: [ipc/sem.c] 6394de3b86:
 BUG:kernel_NULL_pointer_dereference,address
To:     kernel test robot <rong.a.chen@intel.com>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        Davidlohr Bueso <dave@stgolabs.net>,
        Waiman Long <longman@redhat.com>, 1vier1@web.de,
        Andrew Morton <akpm@linux-foundation.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Jonathan Corbet <corbet@lwn.net>, lkp@lists.01.org,
        ltp@lists.linux.it
References: <20191021083514.GE9296@shao2-debian>
From:   Manfred Spraul <manfred@colorfullife.com>
Message-ID: <d49d1940-a704-d79e-b44f-79db9f096d5c@colorfullife.com>
Date:   Wed, 23 Oct 2019 20:28:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.1.1
MIME-Version: 1.0
In-Reply-To: <20191021083514.GE9296@shao2-debian>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello,

On 10/21/19 10:35 AM, kernel test robot wrote:
> FYI, we noticed the following commit (built with gcc-7):
>
> commit: 6394de3b868537a90dd9128607192b0e97109f6b ("[PATCH 4/5] ipc/sem.c: Document and update memory barriers")
> url: https://github.com/0day-ci/linux/commits/Manfred-Spraul/wake_q-Cleanup-Documentation-update/20191014-055627

Yes, known issue:

> @@ -2148,9 +2176,11 @@ static long do_semtimedop(int semid, struct 
> sembuf __user *tsops,
> ??????? }
>
> ??????? do {
> -?????????????? WRITE_ONCE(queue.status, -EINTR);
> +?????????????? /* memory ordering ensured by the lock in sem_lock() */
> +?????????????? queue.status = EINTR;
> ??????????????? queue.sleeper = current;
>
> +?????????????? /* memory ordering is ensured by the lock in sem_lock() */
> ??????????????? __set_current_state(TASK_INTERRUPTIBLE);
> ??????????????? sem_unlock(sma, locknum);
> ??????????????? rcu_read_unlock();
It must be "-EINTR", not "EINTR".

If there is a timeout or a spurious wakeup, then the do_semtimedop() 
returns to user space without unlinking everything properly.

I was able to reproduce the issue: V1 of the series ends up with the 
shown error.

V3 as now merged doesn't fail.

--

 ??? Manfred