lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 9 Feb 2022 10:16:05 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Jim Cromie <jim.cromie@...il.com>
Cc:     lkp@...ts.01.org, lkp@...el.com,
        LKML <linux-kernel@...r.kernel.org>
Subject: [dyndbg]  5c300b654d: kernel_BUG_at_lib/dynamic_debug.c



Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: 5c300b654da5729bd0d7ac1022786fcdb3ce31d7 ("dyndbg: walk __dyndbg & __dyndbg_sites in parallel")
https://github.com/jimc/linux.git dd-diet-5b

in testcase: trinity
version: trinity-x86_64-80fb6169-1_20220207
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu Icelake-Server -smp 4 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[    1.917257][    T1] kernel BUG at lib/dynamic_debug.c:1308!
[    1.918256][    T1] invalid opcode: 0000 [#1] SMP KASAN PTI
[    1.919240][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.16.0-00026-g5c300b654da5 #1
[    1.919240][    T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1.919240][ T1] RIP: 0010:dynamic_debug_init (lib/dynamic_debug.c:1308 (discriminator 1)) 
[ 1.919240][ T1] Code: e8 be ff ff 37 00 48 c1 e8 03 48 c1 e6 2a 80 3c 30 00 74 10 48 89 ef 48 89 14 24 e8 45 db f2 fb 48 8b 14 24 48 39 5d 00 74 02 <0f> 0b 48 89 d8 b9 ff ff 37 00 41 ff c4 48 c1 e8 03 48 c1 e1 2a 80
All code
========
   0:	e8 be ff ff 37       	callq  0x37ffffc3
   5:	00 48 c1             	add    %cl,-0x3f(%rax)
   8:	e8 03 48 c1 e6       	callq  0xffffffffe6c14810
   d:	2a 80 3c 30 00 74    	sub    0x7400303c(%rax),%al
  13:	10 48 89             	adc    %cl,-0x77(%rax)
  16:	ef                   	out    %eax,(%dx)
  17:	48 89 14 24          	mov    %rdx,(%rsp)
  1b:	e8 45 db f2 fb       	callq  0xfffffffffbf2db65
  20:	48 8b 14 24          	mov    (%rsp),%rdx
  24:	48 39 5d 00          	cmp    %rbx,0x0(%rbp)
  28:	74 02                	je     0x2c
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	48 89 d8             	mov    %rbx,%rax
  2f:	b9 ff ff 37 00       	mov    $0x37ffff,%ecx
  34:	41 ff c4             	inc    %r12d
  37:	48 c1 e8 03          	shr    $0x3,%rax
  3b:	48 c1 e1 2a          	shl    $0x2a,%rcx
  3f:	80                   	.byte 0x80

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	48 89 d8             	mov    %rbx,%rax
   5:	b9 ff ff 37 00       	mov    $0x37ffff,%ecx
   a:	41 ff c4             	inc    %r12d
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	48 c1 e1 2a          	shl    $0x2a,%rcx
  15:	80                   	.byte 0x80
[    1.919240][    T1] RSP: 0000:ffffc9000001fcf8 EFLAGS: 00010216
[    1.919240][    T1] RAX: 1ffffffff39327f9 RBX: ffffffff9c980488 RCX: ffffffff9adcb000
[    1.919240][    T1] RDX: ffffffff9b23b020 RSI: dffffc0000000000 RDI: ffffc9000001fc70
[    1.919240][    T1] RBP: ffffffff9c993fc8 R08: 0000000000000001 R09: fffff52000003f8f
[    1.919240][    T1] R10: ffffc9000001fc77 R11: fffff52000003f8e R12: 000000000000004c
[    1.919240][    T1] R13: 000000000000000d R14: ffffffff9c993fa0 R15: 0000000000000001
[    1.919240][    T1] FS:  0000000000000000(0000) GS:ffff8883dd600000(0000) knlGS:0000000000000000
[    1.919240][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.919240][    T1] CR2: ffff8883db801000 CR3: 00000003d9c14001 CR4: 0000000000060ef0
[    1.919240][    T1] Call Trace:
[    1.919240][    T1]  <TASK>
[ 1.919240][ T1] ? dynamic_debug_init_control (lib/dynamic_debug.c:1292) 
[ 1.919240][ T1] do_one_initcall (init/main.c:1297) 
[ 1.919240][ T1] ? perf_trace_initcall_level (init/main.c:1288) 
[ 1.919240][ T1] ? migrate_swap_stop (kernel/sched/core.c:3971) 
[ 1.919240][ T1] ? proc_create (fs/proc/generic.c:616) 
[ 1.919240][ T1] kernel_init_freeable (init/main.c:1413 init/main.c:1599) 
[ 1.919240][ T1] ? console_on_rootfs (init/main.c:1581) 
[ 1.919240][ T1] ? _raw_spin_lock_irq (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:513 include/asm-generic/qspinlock.h:82 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:120 kernel/locking/spinlock.c:170) 
[ 1.919240][ T1] ? _raw_spin_lock_bh (kernel/locking/spinlock.c:169) 
[ 1.919240][ T1] ? rest_init (init/main.c:1491) 
[ 1.919240][ T1] kernel_init (init/main.c:1501) 
[ 1.919240][ T1] ret_from_fork (arch/x86/entry/entry_64.S:301) 
[    1.919240][    T1]  </TASK>
[    1.919240][    T1] Modules linked in:
[    1.919268][    T1] ---[ end trace 6061b176ef201515 ]---
[ 1.920250][ T1] RIP: 0010:dynamic_debug_init (lib/dynamic_debug.c:1308 (discriminator 1)) 
[ 1.921253][ T1] Code: e8 be ff ff 37 00 48 c1 e8 03 48 c1 e6 2a 80 3c 30 00 74 10 48 89 ef 48 89 14 24 e8 45 db f2 fb 48 8b 14 24 48 39 5d 00 74 02 <0f> 0b 48 89 d8 b9 ff ff 37 00 41 ff c4 48 c1 e8 03 48 c1 e1 2a 80
All code
========
   0:	e8 be ff ff 37       	callq  0x37ffffc3
   5:	00 48 c1             	add    %cl,-0x3f(%rax)
   8:	e8 03 48 c1 e6       	callq  0xffffffffe6c14810
   d:	2a 80 3c 30 00 74    	sub    0x7400303c(%rax),%al
  13:	10 48 89             	adc    %cl,-0x77(%rax)
  16:	ef                   	out    %eax,(%dx)
  17:	48 89 14 24          	mov    %rdx,(%rsp)
  1b:	e8 45 db f2 fb       	callq  0xfffffffffbf2db65
  20:	48 8b 14 24          	mov    (%rsp),%rdx
  24:	48 39 5d 00          	cmp    %rbx,0x0(%rbp)
  28:	74 02                	je     0x2c
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	48 89 d8             	mov    %rbx,%rax
  2f:	b9 ff ff 37 00       	mov    $0x37ffff,%ecx
  34:	41 ff c4             	inc    %r12d
  37:	48 c1 e8 03          	shr    $0x3,%rax
  3b:	48 c1 e1 2a          	shl    $0x2a,%rcx
  3f:	80                   	.byte 0x80

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	48 89 d8             	mov    %rbx,%rax
   5:	b9 ff ff 37 00       	mov    $0x37ffff,%ecx
   a:	41 ff c4             	inc    %r12d
   d:	48 c1 e8 03          	shr    $0x3,%rax
  11:	48 c1 e1 2a          	shl    $0x2a,%rcx
  15:	80                   	.byte 0x80


To reproduce:

        # build kernel
	cd linux
	cp config-5.16.0-00026-g5c300b654da5 .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.16.0-00026-g5c300b654da5" of type "text/plain" (177643 bytes)

View attachment "job-script" of type "text/plain" (4591 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (6288 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ