| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Dec 2021 22:46:15 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Tejun Heo <tj@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>, cgroups@...r.kernel.org,
lkp@...ts.01.org, lkp@...el.com
Subject: [cgroup] f0cc344841:
WARNING:at_lib/debugobjects.c:#debug_print_object
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: f0cc344841751582ae074189b04b2b6d208a1345 ("cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv")
https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git review-migration-perms
in testcase: boot
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 25.549073][ T1] WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:505 debug_print_object (lib/debugobjects.c:505)
[ 25.550043][ T1] Modules linked in:
[ 25.550494][ T1] CPU: 0 PID: 1 Comm: systemd Not tainted 5.16.0-rc4-00165-gf0cc34484175 #2
[ 25.551435][ T1] EIP: debug_print_object (lib/debugobjects.c:505)
[ 25.552006][ T1] Code: b2 8b 0a 8b 43 0c 89 45 f0 8b 5b 08 83 fb 05 77 30 57 51 8b 45 f0 50 8b 14 9d e0 95 eb b1 52 56 68 60 8d 14 b2 e8 c2 73 5e 00 <0f> 0b 83 c4 18 ff 05 dc 4e 63 b2 8d 65 f4 5b 5e 5f 5d c3 31 ff eb
All code
========
0: b2 8b mov $0x8b,%dl
2: 0a 8b 43 0c 89 45 or 0x45890c43(%rbx),%cl
8: f0 8b 5b 08 lock mov 0x8(%rbx),%ebx
c: 83 fb 05 cmp $0x5,%ebx
f: 77 30 ja 0x41
11: 57 push %rdi
12: 51 push %rcx
13: 8b 45 f0 mov -0x10(%rbp),%eax
16: 50 push %rax
17: 8b 14 9d e0 95 eb b1 mov -0x4e146a20(,%rbx,4),%edx
1e: 52 push %rdx
1f: 56 push %rsi
20: 68 60 8d 14 b2 pushq $0xffffffffb2148d60
25: e8 c2 73 5e 00 callq 0x5e73ec
2a:* 0f 0b ud2 <-- trapping instruction
2c: 83 c4 18 add $0x18,%esp
2f: ff 05 dc 4e 63 b2 incl -0x4d9cb124(%rip) # 0xffffffffb2634f11
35: 8d 65 f4 lea -0xc(%rbp),%esp
38: 5b pop %rbx
39: 5e pop %rsi
3a: 5f pop %rdi
3b: 5d pop %rbp
3c: c3 retq
3d: 31 ff xor %edi,%edi
3f: eb .byte 0xeb
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 83 c4 18 add $0x18,%esp
5: ff 05 dc 4e 63 b2 incl -0x4d9cb124(%rip) # 0xffffffffb2634ee7
b: 8d 65 f4 lea -0xc(%rbp),%esp
e: 5b pop %rbx
f: 5e pop %rsi
10: 5f pop %rdi
11: 5d pop %rbp
12: c3 retq
13: 31 ff xor %edi,%edi
15: eb .byte 0xeb
[ 25.554244][ T1] EAX: 00000061 EBX: 00000003 ECX: 00000000 EDX: 00000001
[ 25.555033][ T1] ESI: b213547c EDI: b1079f00 EBP: b366bd8c ESP: b366bd60
[ 25.555853][ T1] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010292
[ 25.556966][ T1] CR0: 80050033 CR2: 0164527c CR3: 05959000 CR4: 00040690
[ 25.557709][ T1] Call Trace:
[ 25.558055][ T1] ? rescuer_thread (kernel/workqueue.c:1641)
[ 25.558578][ T1] __debug_check_no_obj_freed (lib/debugobjects.c:993)
[ 25.559202][ T1] debug_check_no_obj_freed (lib/debugobjects.c:1024)
[ 25.559750][ T1] kfree (mm/slub.c:1713 mm/slub.c:1749 mm/slub.c:3513 mm/slub.c:4561)
[ 25.560220][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 25.560783][ T1] cgroup_file_release (kernel/cgroup/cgroup.c:3844)
[ 25.561334][ T1] kernfs_release_file+0x2c/0x80
[ 25.561927][ T1] kernfs_fop_release (fs/kernfs/file.c:757)
[ 25.562475][ T1] __fput (fs/file_table.c:281)
[ 25.562902][ T1] ? _raw_spin_unlock_irq (arch/x86/include/asm/irqflags.h:45 arch/x86/include/asm/irqflags.h:80 include/linux/spinlock_api_smp.h:159 kernel/locking/spinlock.c:202)
[ 25.563495][ T1] ____fput (fs/file_table.c:314)
[ 25.563939][ T1] task_work_run (kernel/task_work.c:166 (discriminator 1))
[ 25.564426][ T1] exit_to_user_mode_prepare (include/linux/tracehook.h:189 kernel/entry/common.c:175 kernel/entry/common.c:207)
[ 25.565003][ T1] syscall_exit_to_user_mode (kernel/entry/common.c:126 kernel/entry/common.c:302)
[ 25.565589][ T1] do_int80_syscall_32 (arch/x86/entry/common.c:136)
[ 25.566094][ T1] ? kernfs_fop_read_iter (fs/kernfs/file.c:241)
[ 25.566659][ T1] ? rw_verify_area (fs/read_write.c:387)
[ 25.567167][ T1] ? vfs_read (include/linux/fs.h:2156 fs/read_write.c:400 fs/read_write.c:481)
[ 25.567631][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 25.568270][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136)
[ 25.568810][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 25.569416][ T1] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4354)
[ 25.569971][ T1] ? syscall_exit_to_user_mode (kernel/entry/common.c:303)
[ 25.570587][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136)
[ 25.571128][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136)
[ 25.571689][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136)
[ 25.576358][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136)
[ 25.576911][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136)
[ 25.577476][ T1] ? do_int80_syscall_32 (arch/x86/entry/common.c:136)
[ 25.578018][ T1] entry_INT80_32 (arch/x86/entry/entry_32.S:981)
[ 25.578513][ T1] EIP: 0xa7f6ca02
[ 25.578896][ T1] Code: 95 01 00 05 25 36 02 00 83 ec 14 8d 80 e8 99 ff ff 50 6a 02 e8 1f ff 00 00 c7 04 24 7f 00 00 00 e8 7e 87 01 00 66 90 90 cd 80 <c3> 8d b6 00 00 00 00 8d bc 27 00 00 00 00 8b 1c 24 c3 8d b6 00 00
All code
========
0: 95 xchg %eax,%ebp
1: 01 00 add %eax,(%rax)
3: 05 25 36 02 00 add $0x23625,%eax
8: 83 ec 14 sub $0x14,%esp
b: 8d 80 e8 99 ff ff lea -0x6618(%rax),%eax
11: 50 push %rax
12: 6a 02 pushq $0x2
14: e8 1f ff 00 00 callq 0xff38
19: c7 04 24 7f 00 00 00 movl $0x7f,(%rsp)
20: e8 7e 87 01 00 callq 0x187a3
25: 66 90 xchg %ax,%ax
27: 90 nop
28: cd 80 int $0x80
2a:* c3 retq <-- trapping instruction
2b: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
31: 8d bc 27 00 00 00 00 lea 0x0(%rdi,%riz,1),%edi
38: 8b 1c 24 mov (%rsp),%ebx
3b: c3 retq
3c: 8d .byte 0x8d
3d: b6 00 mov $0x0,%dh
...
Code starting with the faulting instruction
===========================================
0: c3 retq
1: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
7: 8d bc 27 00 00 00 00 lea 0x0(%rdi,%riz,1),%edi
e: 8b 1c 24 mov (%rsp),%ebx
11: c3 retq
12: 8d .byte 0x8d
13: b6 00 mov $0x0,%dh
To reproduce:
# build kernel
cd linux
cp config-5.16.0-rc4-00165-gf0cc34484175 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.16.0-rc4-00165-gf0cc34484175" of type "text/plain" (139077 bytes)
View attachment "job-script" of type "text/plain" (4771 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (14416 bytes)
Powered by blists - more mailing lists