| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210118060614.GB7554@xsang-OptiPlex-9020>
Date: Mon, 18 Jan 2021 14:06:14 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Alexey Gladkov <gladkov.alexey@...il.com>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, io-uring@...r.kernel.org,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
Linux Containers <containers@...ts.linux-foundation.org>,
linux-mm@...ck.org, Alexey Gladkov <legion@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Christian Brauner <christian.brauner@...ntu.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
Jann Horn <jannh@...gle.com>, Jens Axboe <axboe@...nel.dk>,
Kees Cook <keescook@...omium.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Oleg Nesterov <oleg@...hat.com>
Subject: c25050162e: WARNING:at_lib/refcount.c:#refcount_warn_saturate
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: c25050162e76334c7ec2d23bf1b3ed73aae84744 ("[RFC PATCH v3 1/8] Use refcount_t for ucounts reference counting")
url: https://github.com/0day-ci/linux/commits/Alexey-Gladkov/Count-rlimits-in-each-user-namespace/20210115-230051
base: https://git.kernel.org/cgit/linux/kernel/git/shuah/linux-kselftest.git next
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------------+------------+------------+
| | df00d02989 | c25050162e |
+---------------------------------------------------+------------+------------+
| boot_successes | 4 | 0 |
| boot_failures | 0 | 4 |
| WARNING:at_lib/refcount.c:#refcount_warn_saturate | 0 | 4 |
| RIP:refcount_warn_saturate | 0 | 4 |
+---------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 0.411125] WARNING: CPU: 0 PID: 0 at lib/refcount.c:25 refcount_warn_saturate (kbuild/src/consumer/lib/refcount.c:25 (discriminator 3))
[ 0.411125] Modules linked in:
[ 0.411125] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.11.0-rc2-00003-gc25050162e76 #1
[ 0.411125] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 0.411125] RIP: 0010:refcount_warn_saturate (kbuild/src/consumer/lib/refcount.c:25 (discriminator 3))
[ 0.411125] Code: 05 64 40 66 01 01 e8 b5 5d 63 00 0f 0b c3 80 3d 54 40 66 01 00 75 d3 48 c7 c7 c8 0c 3b 82 c6 05 44 40 66 01 01 e8 96 5d 63 00 <0f> 0b c3 80 3d 37 40 66 01 00 75 b4 48 c7 c7 a0 0c 3b 82 c6 05 27
All code
========
0: 05 64 40 66 01 add $0x1664064,%eax
5: 01 e8 add %ebp,%eax
7: b5 5d mov $0x5d,%ch
9: 63 00 movslq (%rax),%eax
b: 0f 0b ud2
d: c3 retq
e: 80 3d 54 40 66 01 00 cmpb $0x0,0x1664054(%rip) # 0x1664069
15: 75 d3 jne 0xffffffffffffffea
17: 48 c7 c7 c8 0c 3b 82 mov $0xffffffff823b0cc8,%rdi
1e: c6 05 44 40 66 01 01 movb $0x1,0x1664044(%rip) # 0x1664069
25: e8 96 5d 63 00 callq 0x635dc0
2a:* 0f 0b ud2 <-- trapping instruction
2c: c3 retq
2d: 80 3d 37 40 66 01 00 cmpb $0x0,0x1664037(%rip) # 0x166406b
34: 75 b4 jne 0xffffffffffffffea
36: 48 c7 c7 a0 0c 3b 82 mov $0xffffffff823b0ca0,%rdi
3d: c6 .byte 0xc6
3e: 05 .byte 0x5
3f: 27 (bad)
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: c3 retq
3: 80 3d 37 40 66 01 00 cmpb $0x0,0x1664037(%rip) # 0x1664041
a: 75 b4 jne 0xffffffffffffffc0
c: 48 c7 c7 a0 0c 3b 82 mov $0xffffffff823b0ca0,%rdi
13: c6 .byte 0xc6
14: 05 .byte 0x5
15: 27 (bad)
[ 0.411125] RSP: 0000:ffffffff82603e50 EFLAGS: 00010082
[ 0.411125] RAX: 0000000000000000 RBX: 0000000000000000 RCX: c0000000ffff7fff
[ 0.411125] RDX: ffffffff82603c70 RSI: 00000000ffff7fff RDI: 0000000000000046
[ 0.411125] RBP: 0000000000000005 R08: 0000000000000000 R09: ffffffff82603c68
[ 0.411125] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888100134360
[ 0.411125] R13: 00000000000003e7 R14: ffffffff833a6300 R15: ffffffff8265e380
[ 0.411125] FS: 0000000000000000(0000) GS:ffff88823fc00000(0000) knlGS:0000000000000000
[ 0.411125] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.411125] CR2: ffff88823ffff000 CR3: 000000000260a000 CR4: 00000000000406b0
[ 0.411125] Call Trace:
[ 0.411125] inc_ucount (kbuild/src/consumer/include/linux/refcount.h:199 kbuild/src/consumer/include/linux/refcount.h:250 kbuild/src/consumer/include/linux/refcount.h:267 kbuild/src/consumer/kernel/ucount.c:156 kbuild/src/consumer/kernel/ucount.c:191)
[ 0.411125] alloc_mnt_ns (kbuild/src/consumer/fs/namespace.c:3261)
[ 0.411125] mnt_init (kbuild/src/consumer/fs/namespace.c:3798 kbuild/src/consumer/fs/namespace.c:3849)
[ 0.411125] vfs_caches_init (kbuild/src/consumer/fs/dcache.c:3242)
[ 0.411125] start_kernel (kbuild/src/consumer/init/main.c:1042)
[ 0.411125] secondary_startup_64_no_verify (kbuild/src/consumer/arch/x86/kernel/head_64.S:283)
[ 0.411125] ---[ end trace 5b3ffa3578b7d906 ]---
[ 0.411525] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
[ 0.412130] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0
[ 0.413133] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 0.414132] Spectre V2 : Mitigation: Full generic retpoline
[ 0.415129] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 0.416129] Speculative Store Bypass: Vulnerable
[ 0.417133] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
[ 0.418333] Freeing SMP alternatives memory: 44K
[ 0.422600] smpboot: CPU0: Intel Xeon E312xx (Sandy Bridge) (family: 0x6, model: 0x2a, stepping: 0x1)
[ 0.423317] Performance Events: unsupported p6 CPU model 42 no PMU driver, software events only.
[ 0.424198] rcu: Hierarchical SRCU implementation.
[ 0.425646] NMI watchdog: Perf NMI watchdog permanently disabled
[ 0.426242] smp: Bringing up secondary CPUs ...
[ 0.427313] x86: Booting SMP configuration:
[ 0.428132] .... node #0, CPUs: #1
[ 0.127154] kvm-clock: cpu 1, msr 337d041, secondary cpu clock
[ 0.127154] masked ExtINT on CPU#1
[ 0.127154] smpboot: CPU 1 Converting physical 0 to logical die 1
[ 0.453531] kvm-guest: stealtime: cpu 1, msr 23fd18540
[ 0.454218] smp: Brought up 1 node, 2 CPUs
[ 0.455134] smpboot: Max logical packages: 2
[ 0.456112] smpboot: Total of 2 processors activated (11999.99 BogoMIPS)
[ 0.457900] ------------[ cut here ]------------
[ 0.458125] refcount_t: saturated; leaking memory.
To reproduce:
# build kernel
cd linux
cp config-5.11.0-rc2-00003-gc25050162e76 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Oliver Sang
View attachment "config-5.11.0-rc2-00003-gc25050162e76" of type "text/plain" (191552 bytes)
View attachment "job-script" of type "text/plain" (4232 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (14660 bytes)
Powered by blists - more mailing lists