| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211114144337.GC10763@xsang-OptiPlex-9020>
Date: Sun, 14 Nov 2021 22:43:38 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Qi Zheng <zhengqi.arch@...edance.com>
Cc: lkp@...ts.01.org, lkp@...el.com, akpm@...ux-foundation.org,
tglx@...utronix.de, kirill.shutemov@...ux.intel.com,
mika.penttila@...tfour.com, david@...hat.com, jgg@...dia.com,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, songmuchun@...edance.com,
zhouchengming@...edance.com, Qi Zheng <zhengqi.arch@...edance.com>
Subject: [mm/pte_ref] afcc9fb874: kernel_BUG_at_include/linux/pte_ref.h
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: afcc9fb8741f26773a381ac1e159e0172344b7d5 ("[PATCH v3 13/15] mm/pte_ref: free user PTE page table pages")
url: https://github.com/0day-ci/linux/commits/Qi-Zheng/Free-user-PTE-page-table-pages/20211110-185837
base: https://github.com/hnaz/linux-mm master
patch link: https://lore.kernel.org/linux-doc/20211110105428.32458-14-zhengqi.arch@bytedance.com
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | e249f0fa9a | afcc9fb874 |
+------------------------------------------+------------+------------+
| boot_successes | 16 | 0 |
| boot_failures | 0 | 14 |
| kernel_BUG_at_include/linux/pte_ref.h | 0 | 14 |
| invalid_opcode:#[##] | 0 | 14 |
| RIP:destroy_args | 0 | 14 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 14 |
+------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 7.245922][ T1] kernel BUG at include/linux/pte_ref.h:56!
[ 7.269161][ T1] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 7.271019][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc7-mm1-00448-gafcc9fb8741f #1
[ 7.273761][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 7.276418][ T1] RIP: 0010:destroy_args (include/linux/pte_ref.h:56 include/linux/pte_ref.h:123 mm/debug_vm_pgtable.c:1051)
[ 7.277992][ T1] Code: 6b 58 4c 8b 2b 49 8b 3c 24 e8 c6 38 b4 fe 48 c1 e0 06 48 03 05 aa eb 4c ff 8b 50 30 81 e2 00 02 00 f0 81 fa 00 00 00 f0 74 02 <0f> 0b f0 83 68 20 01 75 15 48 89 ea 4c 89 e6 4c 89 ef 48 81 e2 00
All code
========
0: 6b 58 4c 8b imul $0xffffff8b,0x4c(%rax),%ebx
4: 2b 49 8b sub -0x75(%rcx),%ecx
7: 3c 24 cmp $0x24,%al
9: e8 c6 38 b4 fe callq 0xfffffffffeb438d4
e: 48 c1 e0 06 shl $0x6,%rax
12: 48 03 05 aa eb 4c ff add -0xb31456(%rip),%rax # 0xffffffffff4cebc3
19: 8b 50 30 mov 0x30(%rax),%edx
1c: 81 e2 00 02 00 f0 and $0xf0000200,%edx
22: 81 fa 00 00 00 f0 cmp $0xf0000000,%edx
28: 74 02 je 0x2c
2a:* 0f 0b ud2 <-- trapping instruction
2c: f0 83 68 20 01 lock subl $0x1,0x20(%rax)
31: 75 15 jne 0x48
33: 48 89 ea mov %rbp,%rdx
36: 4c 89 e6 mov %r12,%rsi
39: 4c 89 ef mov %r13,%rdi
3c: 48 rex.W
3d: 81 .byte 0x81
3e: e2 00 loop 0x40
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: f0 83 68 20 01 lock subl $0x1,0x20(%rax)
7: 75 15 jne 0x1e
9: 48 89 ea mov %rbp,%rdx
c: 4c 89 e6 mov %r12,%rsi
f: 4c 89 ef mov %r13,%rdi
12: 48 rex.W
13: 81 .byte 0x81
14: e2 00 loop 0x16
[ 7.283473][ T1] RSP: 0000:ffffc90000013da0 EFLAGS: 00010206
[ 7.285295][ T1] RAX: ffffea0000000000 RBX: ffffc90000013dc8 RCX: 0000000000000000
[ 7.287675][ T1] RDX: 00000000f0000200 RSI: ffffffff823848b5 RDI: 0000000000000000
[ 7.290056][ T1] RBP: 000024b4af3bd000 R08: 0000000000000001 R09: 0000000000000040
[ 7.292449][ T1] R10: ffff88842fc2fb60 R11: ffffc90000013d00 R12: ffff88812da63000
[ 7.294926][ T1] R13: ffff88810ca08c00 R14: 0000000140000067 R15: 0000000000000027
[ 7.297349][ T1] FS: 0000000000000000(0000) GS:ffff88842fc00000(0000) knlGS:0000000000000000
[ 7.300020][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7.301949][ T1] CR2: 0000000000000000 CR3: 0000000002612000 CR4: 00000000000006f0
[ 7.304153][ T1] Call Trace:
[ 7.306975][ T1] <TASK>
[ 7.307966][ T1] debug_vm_pgtable (mm/debug_vm_pgtable.c:1334)
[ 7.309435][ T1] ? init_args (mm/debug_vm_pgtable.c:1241)
[ 7.310773][ T1] do_one_initcall (init/main.c:1303)
[ 7.312212][ T1] kernel_init_freeable (init/main.c:1377 init/main.c:1394 init/main.c:1413 init/main.c:1618)
[ 7.313728][ T1] ? rest_init (init/main.c:1499)
[ 7.315002][ T1] kernel_init (init/main.c:1509)
[ 7.316368][ T1] ret_from_fork (arch/x86/entry/entry_64.S:301)
[ 7.317692][ T1] </TASK>
[ 7.318697][ T1] Modules linked in:
[ 7.320060][ T1] ---[ end trace 1f2bbe378e842286 ]---
[ 7.321766][ T1] RIP: 0010:destroy_args (include/linux/pte_ref.h:56 include/linux/pte_ref.h:123 mm/debug_vm_pgtable.c:1051)
[ 7.323325][ T1] Code: 6b 58 4c 8b 2b 49 8b 3c 24 e8 c6 38 b4 fe 48 c1 e0 06 48 03 05 aa eb 4c ff 8b 50 30 81 e2 00 02 00 f0 81 fa 00 00 00 f0 74 02 <0f> 0b f0 83 68 20 01 75 15 48 89 ea 4c 89 e6 4c 89 ef 48 81 e2 00
All code
========
0: 6b 58 4c 8b imul $0xffffff8b,0x4c(%rax),%ebx
4: 2b 49 8b sub -0x75(%rcx),%ecx
7: 3c 24 cmp $0x24,%al
9: e8 c6 38 b4 fe callq 0xfffffffffeb438d4
e: 48 c1 e0 06 shl $0x6,%rax
12: 48 03 05 aa eb 4c ff add -0xb31456(%rip),%rax # 0xffffffffff4cebc3
19: 8b 50 30 mov 0x30(%rax),%edx
1c: 81 e2 00 02 00 f0 and $0xf0000200,%edx
22: 81 fa 00 00 00 f0 cmp $0xf0000000,%edx
28: 74 02 je 0x2c
2a:* 0f 0b ud2 <-- trapping instruction
2c: f0 83 68 20 01 lock subl $0x1,0x20(%rax)
31: 75 15 jne 0x48
33: 48 89 ea mov %rbp,%rdx
36: 4c 89 e6 mov %r12,%rsi
39: 4c 89 ef mov %r13,%rdi
3c: 48 rex.W
3d: 81 .byte 0x81
3e: e2 00 loop 0x40
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: f0 83 68 20 01 lock subl $0x1,0x20(%rax)
7: 75 15 jne 0x1e
9: 48 89 ea mov %rbp,%rdx
c: 4c 89 e6 mov %r12,%rsi
f: 4c 89 ef mov %r13,%rdi
12: 48 rex.W
13: 81 .byte 0x81
14: e2 00 loop 0x16
To reproduce:
# build kernel
cd linux
cp config-5.15.0-rc7-mm1-00448-gafcc9fb8741f .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.15.0-rc7-mm1-00448-gafcc9fb8741f" of type "text/plain" (121995 bytes)
View attachment "job-script" of type "text/plain" (4680 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (11632 bytes)
Powered by blists - more mailing lists