FYI, we noticed the following commit (built with gcc-7): commit: e19dfdc83b60f196e0653d683499f7bc5548128f ("kernfs: initialize security of newly created nodes") https://git.kernel.org/cgit/linux/kernel/git/pcmoore/selinux.git next in testcase: locktorture with following parameters: runtime: 300s test: default test-description: This torture test consists of creating a number of kernel threads which acquire the lock and hold it for specific amount of time, thus simulating different critical region behaviors. test-url: https://www.kernel.org/doc/Documentation/locking/locktorture.txt on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +-------------------------------------------------+------------+------------+ | | ec882da5cd | e19dfdc83b | +-------------------------------------------------+------------+------------+ | boot_successes | 0 | 0 | | boot_failures | 8 | 8 | | BUG:kernel_reboot-without-warning_in_test_stage | 8 | | | BUG:KASAN:global-out-of-bounds_in_s | 0 | 8 | +-------------------------------------------------+------------+------------+ [ 27.938038] BUG: KASAN: global-out-of-bounds in strcmp+0x97/0xa0 [ 27.940755] Read of size 1 at addr ffffffff946a83d7 by task systemd/1 [ 27.943554] [ 27.944603] CPU: 0 PID: 1 Comm: systemd Not tainted 5.1.0-rc1-00010-ge19dfdc #1 [ 27.948091] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 27.951946] Call Trace: [ 27.953353] ? strcmp+0x97/0xa0 [ 27.955026] print_address_description+0x22/0x270 [ 27.957203] ? strcmp+0x97/0xa0 [ 27.958841] kasan_report+0x13b/0x1d0 [ 27.960759] ? strcmp+0x97/0xa0 [ 27.962378] ? strcmp+0x97/0xa0 [ 27.963976] strcmp+0x97/0xa0 [ 27.965846] simple_xattr_get+0x7b/0x120 [ 27.967473] selinux_kernfs_init_security+0x108/0x440 [ 27.969360] ? __radix_tree_replace+0x9a/0x230 [ 27.971200] ? selinux_secctx_to_secid+0x20/0x20 [ 27.973011] ? __fprop_inc_percpu_max+0x190/0x190 [ 27.975563] ? kvm_sched_clock_read+0x12/0x20 [ 27.977907] ? sched_clock+0x5/0x10 [ 27.979867] ? sched_clock_cpu+0x24/0xb0 [ 27.982048] ? idr_alloc_cyclic+0xcb/0x190 [ 27.984229] ? lock_downgrade+0x620/0x620 [ 27.986388] security_kernfs_init_security+0x3c/0x70 [ 27.989012] __kernfs_new_node+0x403/0x5e0 [ 27.991195] ? kernfs_dop_revalidate+0x330/0x330 [ 27.993589] ? css_next_child+0xec/0x260 [ 27.995685] ? css_next_descendant_pre+0x36/0x110 [ 27.998115] ? cgroup_propagate_control+0x2d6/0x460 [ 28.000662] kernfs_new_node+0x72/0x140 [ 28.002818] ? lockdep_hardirqs_on+0x379/0x560 [ 28.005171] ? cgroup_idr_replace+0x35/0x40 [ 28.007417] kernfs_create_dir_ns+0x26/0x130 [ 28.009690] cgroup_mkdir+0x3b9/0xef0 [ 28.011764] ? cgroup_destroy_locked+0x5e0/0x5e0 [ 28.014196] kernfs_iop_mkdir+0x12f/0x1b0 [ 28.016396] vfs_mkdir+0x2e6/0x510 [ 28.018317] do_mkdirat+0x19b/0x1f0 [ 28.020284] ? __x64_sys_mknod+0xb0/0xb0 [ 28.022437] do_syscall_64+0xe5/0x10d0 [ 28.024408] ? syscall_return_slowpath+0x790/0x790 [ 28.026874] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 28.029504] ? trace_hardirqs_off_caller+0x58/0x200 [ 28.031993] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.034438] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 28.036748] RIP: 0033:0x7f38cab6f447 [ 28.038825] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 49 da 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 21 da 2b 00 f7 d8 64 89 01 48 [ 28.047736] RSP: 002b:00007ffeef143d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 28.051776] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f38cab6f447 [ 28.055117] RDX: 00007ffeef143c30 RSI: 00000000000001ed RDI: 000055a7b0458560 [ 28.058533] RBP: 0000000000000040 R08: 0000000000000000 R09: 2f73662f7379732f [ 28.062031] R10: 732f70756f726763 R11: 0000000000000246 R12: 000055a7b04b30a0 [ 28.065528] R13: 0000000000000000 R14: 000055a7b046bb88 R15: 000055a7b046b540 [ 28.068977] [ 28.070240] The buggy address belongs to the variable: [ 28.072491] securityfs_super_operations+0x4917/0x6220 [ 28.075171] [ 28.076286] Memory state around the buggy address: [ 28.078861] ffffffff946a8280: fa fa fa fa 00 01 fa fa fa fa fa fa 00 02 fa fa [ 28.082610] ffffffff946a8300: fa fa fa fa 00 02 fa fa fa fa fa fa 00 01 fa fa [ 28.086669] >ffffffff946a8380: fa fa fa fa 00 03 fa fa fa fa fa fa 00 fa fa fa [ 28.090587] ^ [ 28.093576] ffffffff946a8400: fa fa fa fa 00 00 00 00 00 00 05 fa fa fa fa fa [ 28.097599] ffffffff946a8480: 00 00 01 fa fa fa fa fa 00 00 00 00 00 00 00 00 [ 28.101453] ================================================================== [ 28.105478] Disabling lock debugging due to kernel taint Starting Load Kernel Modules... Mounting Debug File System... ] Listening on RPCbind Server Activation Socket. Starting Remount Root and Kernel File Systems... Starting Journal Service... Mounting RPC Pipe File System... [ 28.508319] _warn_unseeded_randomness: 131 callbacks suppressed [ 28.508335] random: get_random_u64 called from copy_process+0x596/0x6450 with crng_init=1 Starting Create Static Device Nodes in /dev... [ 28.552988] random: get_random_u64 called from arch_pick_mmap_layout+0x4a1/0x600 with crng_init=1 [ 28.556785] random: get_random_u64 called from arch_pick_mmap_layout+0x446/0x600 with crng_init=1 Starting Load/Save Random Seed... Starting udev Coldplug all Devices... Mounting FUSE Control File System... Starting Apply Kernel Variables... Mounting Configuration File System... Starting Raise network interfaces... Starting Preprocess NFS configuration... Starting udev Kernel Device Manager... Starting Flush Journal to Persistent Storage... Starting Create Volatile Files and Directories... [ 29.523554] random: get_random_u64 called from arch_pick_mmap_layout+0x446/0x600 with crng_init=1 [ 29.527262] random: get_random_u64 called from load_elf_binary+0x1281/0x2f30 with crng_init=1 Starting RPC bind portmap service... Starting Network Time Synchronization... Starting Update UTMP about System Boot/Shutdown... [ 30.574449] _warn_unseeded_randomness: 154 callbacks suppressed [ 30.574479] random: get_random_u32 called from bucket_table_alloc+0x149/0x370 with crng_init=1 [ 32.628754] random: get_random_u64 called from arch_pick_mmap_layout+0x4a1/0x600 with crng_init=1 [ 32.632973] random: get_random_u64 called from arch_pick_mmap_layout+0x446/0x600 with crng_init=1 [ 32.637364] random: get_random_u64 called from load_elf_binary+0x1281/0x2f30 with crng_init=1 Starting Login Service... Starting LSB: Start and stop bmc-watchdog... Starting LSB: Execute the kexec -e command to reboot system... To reproduce: # build kernel cd linux cp config-5.1.0-rc1-00010-ge19dfdc .config make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email Thanks, Rong Chen