| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Dec 2021 17:22:55 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Tejun Heo <tj@...nel.org>
Cc: 0day robot <lkp@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
torvalds@...uxfoundation.org, ebiederm@...ssion.com,
mkoutny@...e.com, axboe@...nel.dk, keescook@...omium.org,
oleg@...hat.com, peterz@...radead.org, tglx@...utronix.de,
jnewsome@...project.org, legion@...nel.org, luto@...capital.net,
jannh@...gle.com, security@...nel.org, kernel-team@...com,
Tejun Heo <tj@...nel.org>
Subject: [cgroup] 27183b4e07: WARNING:at_mm/slab.c:#___cache_free
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 27183b4e0735229f7ab300f000f78c9badf2a110 ("[PATCH 2/6] cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv")
url: https://github.com/0day-ci/linux/commits/Tejun-Heo/cgroup-Use-open-time-credentials-for-process-migraton-perm-checks/20211214-041859
base: https://git.kernel.org/cgit/linux/kernel/git/tj/cgroup.git for-next
patch link: https://lore.kernel.org/lkml/20211213191833.916632-3-tj@kernel.org
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 52.345653][ T1] WARNING: CPU: 0 PID: 1 at mm/slab.c:597 ___cache_free (mm/slab.c:597 mm/slab.c:3492)
[ 52.346695][ T1] Modules linked in:
[ 52.347196][ T1] CPU: 0 PID: 1 Comm: systemd Not tainted 5.16.0-rc1-00009-g27183b4e0735 #1
[ 52.348386][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 52.349576][ T1] RIP: 0010:___cache_free (mm/slab.c:597 mm/slab.c:3492)
[ 52.350274][ T1] Code: 50 ff 48 83 05 8b c8 4b 06 01 4c 39 7c d3 10 75 cd 48 83 05 84 c8 4b 06 01 48 83 05 8c c8 4b 06 01 90 48 83 05 8b c8 4b 06 01 <0f> 0b 48 83 05 89 c8 4b 06 01 48 83 05 89 c8 4b 06 01 90 48 83 05
All code
========
0: 50 push %rax
1: ff 48 83 decl -0x7d(%rax)
4: 05 8b c8 4b 06 add $0x64bc88b,%eax
9: 01 4c 39 7c add %ecx,0x7c(%rcx,%rdi,1)
d: d3 10 rcll %cl,(%rax)
f: 75 cd jne 0xffffffffffffffde
11: 48 83 05 84 c8 4b 06 addq $0x1,0x64bc884(%rip) # 0x64bc89d
18: 01
19: 48 83 05 8c c8 4b 06 addq $0x1,0x64bc88c(%rip) # 0x64bc8ad
20: 01
21: 90 nop
22: 48 83 05 8b c8 4b 06 addq $0x1,0x64bc88b(%rip) # 0x64bc8b5
29: 01
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 83 05 89 c8 4b 06 addq $0x1,0x64bc889(%rip) # 0x64bc8bd
33: 01
34: 48 83 05 89 c8 4b 06 addq $0x1,0x64bc889(%rip) # 0x64bc8c5
3b: 01
3c: 90 nop
3d: 48 rex.W
3e: 83 .byte 0x83
3f: 05 .byte 0x5
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 83 05 89 c8 4b 06 addq $0x1,0x64bc889(%rip) # 0x64bc893
9: 01
a: 48 83 05 89 c8 4b 06 addq $0x1,0x64bc889(%rip) # 0x64bc89b
11: 01
12: 90 nop
13: 48 rex.W
14: 83 .byte 0x83
15: 05 .byte 0x5
[ 52.352800][ T1] RSP: 0018:ffff888100363d40 EFLAGS: 00010002
[ 52.353567][ T1] RAX: 0000000000000004 RBX: ffff888100258000 RCX: 0000000000000000
[ 52.354553][ T1] RDX: 0000000000000003 RSI: ffff8881298a9f00 RDI: ffff8881000403c0
[ 52.355577][ T1] RBP: ffff888100363d98 R08: ffff88810004f3e8 R09: ffff888100958d20
[ 52.356627][ T1] R10: 0000000000000000 R11: ffffffff87bab640 R12: ffff8881000403c0
[ 52.357643][ T1] R13: ffff8881000403c0 R14: ffffffff812c055d R15: ffff8881298a9f00
[ 52.358670][ T1] FS: 0000000000000000(0000) GS:ffffffff854fa000(0063) knlGS:00000000f784b6c0
[ 52.359828][ T1] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 52.360680][ T1] CR2: 00000000f7ddce32 CR3: 0000000129f42000 CR4: 00000000000406b0
[ 52.361731][ T1] Call Trace:
[ 52.362185][ T1] <TASK>
[ 52.362580][ T1] ? debug_check_no_obj_freed (lib/debugobjects.c:1002 lib/debugobjects.c:1023)
[ 52.363317][ T1] ? cgroup_file_release (kernel/cgroup/cgroup.c:3843)
[ 52.363974][ T1] kfree (mm/slab.c:3453 mm/slab.c:3803)
[ 52.364459][ T1] cgroup_file_release (kernel/cgroup/cgroup.c:3843)
[ 52.365119][ T1] kernfs_release_file+0x40/0xc0
[ 52.365866][ T1] kernfs_fop_release (fs/kernfs/file.c:757)
[ 52.366506][ T1] __fput (fs/file_table.c:281)
[ 52.367019][ T1] ____fput (fs/file_table.c:313)
[ 52.367541][ T1] task_work_run (kernel/task_work.c:166 (discriminator 1))
[ 52.368166][ T1] exit_to_user_mode_prepare (include/linux/tracehook.h:189 kernel/entry/common.c:175 kernel/entry/common.c:207)
[ 52.368910][ T1] syscall_exit_to_user_mode (kernel/entry/common.c:301)
[ 52.369622][ T1] __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 52.370272][ T1] do_fast_syscall_32 (arch/x86/entry/common.c:203)
[ 52.370886][ T1] do_SYSENTER_32 (arch/x86/entry/common.c:247)
[ 52.371481][ T1] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:141)
[ 52.372337][ T1] RIP: 0023:0xf7fb7549
[ 52.372878][ T1] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
0: 03 74 c0 01 add 0x1(%rax,%rax,8),%esi
4: 10 05 03 74 b8 01 adc %al,0x1b87403(%rip) # 0x1b8740d
a: 10 06 adc %al,(%rsi)
c: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
10: 10 07 adc %al,(%rdi)
12: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
16: 10 08 adc %cl,(%rax)
18: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
1c: 00 00 add %al,(%rax)
1e: 00 00 add %al,(%rax)
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 retq
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 retq
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
f: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
[ 52.375395][ T1] RSP: 002b:00000000fff9a478 EFLAGS: 00000206 ORIG_RAX: 0000000000000006
[ 52.376465][ T1] RAX: 0000000000000000 RBX: 000000000000001c RCX: 0000000000000660
[ 52.377503][ T1] RDX: 00000000f7c48300 RSI: 00000000f7c48960 RDI: 0000000000000000
[ 52.378542][ T1] RBP: 00000000f7c4a000 R08: 0000000000000000 R09: 0000000000000000
[ 52.379652][ T1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 52.380688][ T1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.381710][ T1] </TASK>
[ 52.382097][ T1] irq event stamp: 47735052
[ 52.382649][ T1] hardirqs last enabled at (47735051): _raw_spin_unlock_irq (include/linux/spinlock_api_smp.h:159 kernel/locking/spinlock.c:202)
[ 52.383953][ T1] hardirqs last disabled at (47735052): kfree (mm/slab.c:3793 (discriminator 1))
[ 52.385104][ T1] softirqs last enabled at (47734810): cgroup_idr_replace (kernel/cgroup/cgroup.c:339)
[ 52.386365][ T1] softirqs last disabled at (47734808): cgroup_idr_replace (kernel/cgroup/cgroup.c:336)
[ 52.387667][ T1] ---[ end trace 08fad742e8d71fba ]---
Mounting RPC Pipe File System...
[ OK ] Reached target Swap.
[ OK ] Listening on udev Kernel Socket.
[ OK ] Listening on Journal Socket.
Starting Remount Root and Kernel File Systems...
Starting Journal Service...
Starting Load Kernel Modules...
Starting Create Static Device Nodes in /dev...
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Reached target Paths.
[ OK ] Listening on RPCbind Server Activation Socket.
[ OK ] Mounted RPC Pipe File System.
[ OK ] Started Remount Root and Kernel File Systems.
[ OK ] Started Load Kernel Modules.
[ OK ] Started Create Static Device Nodes in /dev.
To reproduce:
# build kernel
cd linux
cp config-5.16.0-rc1-00009-g27183b4e0735 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.16.0-rc1-00009-g27183b4e0735" of type "text/plain" (150459 bytes)
View attachment "job-script" of type "text/plain" (4892 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (20948 bytes)
Powered by blists - more mailing lists