lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 12 Jan 2021 23:07:44 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Chris Goldsworthy <cgoldswo@...eaurora.org>
Cc:     0day robot <lkp@...el.com>,
        Chris Goldsworthy <cgoldswo@...eaurora.org>,
        Matthew Wilcox <willy@...radead.org>,
        LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
        Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
        Laura Abbott <lauraa@...eaurora.org>
Subject: [fs/buffer.c]  6bb5a3cec4: WARNING:suspicious_RCU_usage


Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: 6bb5a3cec4c480f7b7d3d3cacc618bdd185ca0db ("[PATCH v2] fs/buffer.c: Revoke LRU when trying to drop buffers")
url: https://github.com/0day-ci/linux/commits/Chris-Goldsworthy/fs-buffer-c-Revoke-LRU-when-trying-to-drop-buffers/20210105-150702
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62

in testcase: kernel-selftests
version: kernel-selftests-x86_64-cb0debfe-1_20201231
with following parameters:

	group: group-02
	ucode: 0xe2

test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel.
test-url: https://www.kernel.org/doc/Documentation/kselftest.txt


on test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz with 32G memory

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


kern  :warn  : [ 1910.305179] WARNING: suspicious RCU usage
user  :notice: [ 1910.315809] ok 4 openat2 with normal struct argument [misalign=3] succeeds
kern  :warn  : [ 1910.317774] 5.11.0-rc2-g6bb5a3cec4c4 #1 Not tainted
kern  :warn  : [ 1910.317776] -----------------------------

user  :notice: [ 1910.329127] ok 5 openat2 with normal struct argument [misalign=4] succeeds
kern  :warn  : [ 1910.329489] include/linux/xarray.h:1164 suspicious rcu_dereference_check() usage!
kern  :warn  : [ 1910.329491]
other info that might help us debug this:

kern  :warn  : [ 1910.329492]
rcu_scheduler_active = 2, debug_locks = 1

user  :notice: [ 1910.338253] ok 6 openat2 with normal struct argument [misalign=5] succeeds
kern  :warn  : [ 1910.342028] 2 locks held by umount/11983:
kern  :warn  : [ 1910.342029]  #0: ffff88881309b0e0 (&type->s_umount_key#49

user  :notice: [ 1910.350849] ok 7 openat2 with normal struct argument [misalign=6] succeeds
kern  :warn  : [ 1910.357472] ){+.+.}-{3:3}

kern :warn : [ 1910.365467] , at: deactivate_super (kbuild/src/consumer/fs/super.c:366 kbuild/src/consumer/fs/super.c:362) 
kern :warn : [ 1910.365472] #1: ffff88880af6f860 (&mapping->private_lock){+.+.}-{2:2}, at: try_to_free_buffers (kbuild/src/consumer/fs/buffer.c:3316) 
user  :notice: [ 1910.373661] ok 8 openat2 with normal struct argument [misalign=7] succeeds
kern  :warn  : [ 1910.376316]
stack backtrace:

user  :notice: [ 1910.383052] ok 9 openat2 with normal struct argument [misalign=8] succeeds
kern  :warn  : [ 1910.383195] CPU: 2 PID: 11983 Comm: umount Not tainted 5.11.0-rc2-g6bb5a3cec4c4 #1
kern  :warn  : [ 1910.383198] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017
kern  :warn  : [ 1910.383199] Call Trace:
kern :warn : [ 1910.383203] dump_stack (kbuild/src/consumer/lib/dump_stack.c:122) 
kern :warn : [ 1910.383208] xas_start (kbuild/src/consumer/include/linux/xarray.h:1164 kbuild/src/consumer/include/linux/xarray.h:1162 kbuild/src/consumer/lib/xarray.c:188) 
kern :warn : [ 1910.383215] xas_load (kbuild/src/consumer/include/linux/xarray.h:169 kbuild/src/consumer/include/linux/xarray.h:1224 kbuild/src/consumer/lib/xarray.c:235) 
kern :warn : [ 1910.383218] xas_find (kbuild/src/consumer/lib/xarray.c:1244) 
kern :warn : [ 1910.383221] ? ll_rw_block (kbuild/src/consumer/fs/buffer.c:1463) 
kern :warn : [ 1910.383226] page_has_bhs_in_lru (kbuild/src/consumer/fs/buffer.c:1471) 
kern :warn : [ 1910.383232] ? ll_rw_block (kbuild/src/consumer/fs/buffer.c:1463) 
kern :warn : [ 1910.383237] smp_call_function_many_cond (kbuild/src/consumer/kernel/smp.c:665 (discriminator 1)) 
kern :warn : [ 1910.383241] ? attach_nobh_buffers (kbuild/src/consumer/fs/buffer.c:1439) 
kern :warn : [ 1910.383245] ? ll_rw_block (kbuild/src/consumer/fs/buffer.c:1463) 
kern :warn : [ 1910.383247] ? attach_nobh_buffers (kbuild/src/consumer/fs/buffer.c:1439) 
kern :warn : [ 1910.383249] on_each_cpu_cond_mask (kbuild/src/consumer/include/linux/cpumask.h:373 kbuild/src/consumer/kernel/smp.c:900) 
kern :warn : [ 1910.383255] drop_buffers (kbuild/src/consumer/fs/buffer.c:3247 kbuild/src/consumer/fs/buffer.c:3279) 
kern :warn : [ 1910.383267] try_to_free_buffers (kbuild/src/consumer/fs/buffer.c:3316) 
kern :warn : [ 1910.383273] invalidate_inode_page (kbuild/src/consumer/mm/truncate.c:212 kbuild/src/consumer/mm/truncate.c:264) 
kern :warn : [ 1910.383277] __invalidate_mapping_pages (kbuild/src/consumer/mm/truncate.c:593) 
kern :warn : [ 1910.383307] invalidate_bdev (kbuild/src/consumer/fs/block_dev.c:97) 
kern :warn : [ 1910.383311] ext4_put_super (kbuild/src/consumer/fs/ext4/super.c:1189 (discriminator 2)) ext4
kern :warn : [ 1910.383347] generic_shutdown_super (kbuild/src/consumer/include/linux/list.h:282 kbuild/src/consumer/fs/super.c:466) 
kern :warn : [ 1910.383352] kill_block_super (kbuild/src/consumer/fs/super.c:1394) 
kern :warn : [ 1910.383356] deactivate_locked_super (kbuild/src/consumer/fs/super.c:342) 

kern :warn : [ 1910.392811] cleanup_mnt (kbuild/src/consumer/fs/namespace.c:117 kbuild/src/consumer/fs/namespace.c:1119) 
kern :warn : [ 1910.392817] task_work_run (kbuild/src/consumer/kernel/task_work.c:142 (discriminator 1)) 
kern :warn : [ 1910.392821] exit_to_user_mode_prepare (kbuild/src/consumer/include/linux/tracehook.h:189 kbuild/src/consumer/kernel/entry/common.c:174 kbuild/src/consumer/kernel/entry/common.c:201) 
kern :warn : [ 1910.392828] syscall_exit_to_user_mode (kbuild/src/consumer/kernel/entry/common.c:125 kbuild/src/consumer/kernel/entry/common.c:304) 
kern :warn : [ 1910.392831] entry_SYSCALL_64_after_hwframe (kbuild/src/consumer/arch/x86/entry/entry_64.S:127) 
kern  :warn  : [ 1910.392835] RIP: 0033:0x7fd218195507
kern :warn : [ 1910.392838] Code: 19 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 59 19 0c 00 f7 d8 64 89 01 48
All code
========
   0:	19 0c 00             	sbb    %ecx,(%rax,%rax,1)
   3:	f7 d8                	neg    %eax
   5:	64 89 01             	mov    %eax,%fs:(%rcx)
   8:	48 83 c8 ff          	or     $0xffffffffffffffff,%rax
   c:	c3                   	retq   
   d:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  13:	31 f6                	xor    %esi,%esi
  15:	e9 09 00 00 00       	jmpq   0x23
  1a:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
  21:	00 00 
  23:	b8 a6 00 00 00       	mov    $0xa6,%eax
  28:	0f 05                	syscall 
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	retq   
  33:	48 8b 0d 59 19 0c 00 	mov    0xc1959(%rip),%rcx        # 0xc1993
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	retq   
   9:	48 8b 0d 59 19 0c 00 	mov    0xc1959(%rip),%rcx        # 0xc1969
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W
kern  :warn  : [ 1910.392841] RSP: 002b:00007fff92d7eac8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
kern  :warn  : [ 1910.392844] RAX: 0000000000000000 RBX: 0000559d38a02e90 RCX: 00007fd218195507
kern  :warn  : [ 1910.392845] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000559d38a030a0
kern  :warn  : [ 1910.392847] RBP: 0000000000000000 R08: 0000559d38a030c0 R09: 00007fd218216e80
kern  :warn  : [ 1910.392848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000559d38a030a0
kern  :warn  : [ 1910.392850] R13: 00007fd2182bb1c4 R14: 0000559d38a02f88 R15: 0000000000000000
user  :notice: [ 1910.618740] ok 10 openat2 with normal struct argument [misalign=9] succeeds

user  :notice: [ 1910.628617] ok 11 openat2 with normal struct argument [misalign=11] succeeds

user  :notice: [ 1910.638701] ok 12 openat2 with normal struct argument [misalign=17] succeeds

user  :notice: [ 1910.648749] ok 13 openat2 with normal struct argument [misalign=87] succeeds

user  :notice: [ 1910.659303] ok 14 openat2 with bigger struct (zeroed out) argument [misalign=0] succeeds

user  :notice: [ 1910.670867] ok 15 openat2 with bigger struct (zeroed out) argument [misalign=1] succeeds

user  :notice: [ 1910.682337] ok 16 openat2 with bigger struct (zeroed out) argument [misalign=2] succeeds

user  :notice: [ 1910.693720] ok 17 openat2 with bigger struct (zeroed out) argument [misalign=3] succeeds

user  :notice: [ 1910.705011] ok 18 openat2 with bigger struct (zeroed out) argument [misalign=4] succeeds

user  :notice: [ 1910.716296] ok 19 openat2 with bigger struct (zeroed out) argument [misalign=5] succeeds

user  :notice: [ 1910.727643] ok 20 openat2 with bigger struct (zeroed out) argument [misalign=6] succeeds

user  :notice: [ 1910.738998] ok 21 openat2 with bigger struct (zeroed out) argument [misalign=7] succeeds

user  :notice: [ 1910.750428] ok 22 openat2 with bigger struct (zeroed out) argument [misalign=8] succeeds

user  :notice: [ 1910.761787] ok 23 openat2 with bigger struct (zeroed out) argument [misalign=9] succeeds

user  :notice: [ 1910.773213] ok 24 openat2 with bigger struct (zeroed out) argument [misalign=11] succeeds

user  :notice: [ 1910.784687] ok 25 openat2 with bigger struct (zeroed out) argument [misalign=17] succeeds

user  :notice: [ 1910.796172] ok 26 openat2 with bigger struct (zeroed out) argument [misalign=87] succeeds

user  :notice: [ 1910.808006] ok 27 openat2 with zero-sized 'struct' argument [misalign=0] fails with -22 (Invalid argument)

user  :notice: [ 1910.821279] ok 28 openat2 with zero-sized 'struct' argument [misalign=1] fails with -22 (Invalid argument)

user  :notice: [ 1910.834603] ok 29 openat2 with zero-sized 'struct' argument [misalign=2] fails with -22 (Invalid argument)

user  :notice: [ 1910.848015] ok 30 openat2 with zero-sized 'struct' argument [misalign=3] fails with -22 (Invalid argument)

user  :notice: [ 1910.861381] ok 31 openat2 with zero-sized 'struct' argument [misalign=4] fails with -22 (Invalid argument)

user  :notice: [ 1910.874736] ok 32 openat2 with zero-sized 'struct' argument [misalign=5] fails with -22 (Invalid argument)

user  :notice: [ 1910.887944] ok 33 openat2 with zero-sized 'struct' argument [misalign=6] fails with -22 (Invalid argument)

user  :notice: [ 1910.901316] ok 34 openat2 with zero-sized 'struct' argument [misalign=7] fails with -22 (Invalid argument)

user  :notice: [ 1910.914802] ok 35 openat2 with zero-sized 'struct' argument [misalign=8] fails with -22 (Invalid argument)

user  :notice: [ 1910.928188] ok 36 openat2 with zero-sized 'struct' argument [misalign=9] fails with -22 (Invalid argument)

user  :notice: [ 1910.941651] ok 37 openat2 with zero-sized 'struct' argument [misalign=11] fails with -22 (Invalid argument)


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp install job.yaml  # job file is attached in this email
        bin/lkp run     job.yaml



Thanks,
Oliver Sang


View attachment "config-5.11.0-rc2-g6bb5a3cec4c4" of type "text/plain" (212582 bytes)

View attachment "job-script" of type "text/plain" (7144 bytes)

Download attachment "kmsg.xz" of type "application/x-xz" (1662036 bytes)

View attachment "kernel-selftests" of type "text/plain" (193203 bytes)

View attachment "job.yaml" of type "text/plain" (6124 bytes)

View attachment "reproduce" of type "text/plain" (597 bytes)

Powered by blists - more mailing lists