lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri, 25 Feb 2022 12:54:39 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc:     lkp@...ts.01.org, lkp@...el.com,
        LKML <linux-kernel@...r.kernel.org>
Subject: [mm/memcg]  e8f2ee7bd2:
 WARNING:at_mm/memcontrol.c:#__mod_memcg_lruvec_state



Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: e8f2ee7bd2dde6f9853d6cc064357e3c788388cf ("mm/memcg: protect per-CPU counter by disabling preemption on PREEMPT_RT where needed.")
https://github.com/hnaz/linux-mm master

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[ 6.934340][ T2491] WARNING: CPU: 1 PID: 2491 at mm/memcontrol.c:748 __mod_memcg_lruvec_state (mm/memcontrol.c:748 (discriminator 1)) 
[    6.935310][ T2491] Modules linked in: sr_mod cdrom sg ata_generic
[    6.935936][ T2491] CPU: 1 PID: 2491 Comm: dpkg-deb Not tainted 5.17.0-rc5-mm1-00133-ge8f2ee7bd2dd #1
[    6.936856][ T2491] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 6.937768][ T2491] RIP: 0010:__mod_memcg_lruvec_state (mm/memcontrol.c:748 (discriminator 1)) 
[ 6.938397][ T2491] Code: ef 4c 8b 8f 20 04 00 00 41 89 d0 83 f8 01 77 12 65 8b 05 f4 ec e1 7e a9 00 01 ff 00 74 0e 0f 0b eb 0a 9c 58 0f ba e0 09 73 02 <0f> 0b 49 8b 91 10 0e 00 00 89 f6 49 63 c0 48 c1 e6 03 48 01 f2 65
All code
========
   0:	ef                   	out    %eax,(%dx)
   1:	4c 8b 8f 20 04 00 00 	mov    0x420(%rdi),%r9
   8:	41 89 d0             	mov    %edx,%r8d
   b:	83 f8 01             	cmp    $0x1,%eax
   e:	77 12                	ja     0x22
  10:	65 8b 05 f4 ec e1 7e 	mov    %gs:0x7ee1ecf4(%rip),%eax        # 0x7ee1ed0b
  17:	a9 00 01 ff 00       	test   $0xff0100,%eax
  1c:	74 0e                	je     0x2c
  1e:	0f 0b                	ud2    
  20:	eb 0a                	jmp    0x2c
  22:	9c                   	pushfq 
  23:	58                   	pop    %rax
  24:	0f ba e0 09          	bt     $0x9,%eax
  28:	73 02                	jae    0x2c
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	49 8b 91 10 0e 00 00 	mov    0xe10(%r9),%rdx
  33:	89 f6                	mov    %esi,%esi
  35:	49 63 c0             	movslq %r8d,%rax
  38:	48 c1 e6 03          	shl    $0x3,%rsi
  3c:	48 01 f2             	add    %rsi,%rdx
  3f:	65                   	gs

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	49 8b 91 10 0e 00 00 	mov    0xe10(%r9),%rdx
   9:	89 f6                	mov    %esi,%esi
   b:	49 63 c0             	movslq %r8d,%rax
   e:	48 c1 e6 03          	shl    $0x3,%rsi
  12:	48 01 f2             	add    %rsi,%rdx
  15:	65                   	gs
[    6.940329][ T2491] RSP: 0000:ffffc90000303d60 EFLAGS: 00010207
[    6.940933][ T2491] RAX: 0000000000000206 RBX: ffffea0005e90000 RCX: 0000001c822e3b5a
[    6.941744][ T2491] RDX: 0000000000000200 RSI: 000000000000001c RDI: ffff88810c864000
[    6.942555][ T2491] RBP: 000000000000001c R08: 0000000000000200 R09: ffff88810c9c1000
[    6.943382][ T2491] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000200
[    6.944467][ T2491] R13: ffffea0005e90000 R14: ffff88843fff0000 R15: 800000017a4000e7
[    6.945294][ T2491] FS:  0000000000000000(0000) GS:ffff88842fd00000(0063) knlGS:00000000f7d7b700
[    6.946194][ T2491] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[    6.946853][ T2491] CR2: 00000000f7400000 CR3: 000000012e2bc000 CR4: 00000000000406e0
[    6.947662][ T2491] Call Trace:
[    6.948035][ T2491]  <TASK>
[ 6.948375][ T2491] __mod_lruvec_page_state (mm/memcontrol.c:802) 
[ 6.948919][ T2491] page_add_new_anon_rmap (mm/rmap.c:1222) 
[ 6.949455][ T2491] __do_huge_pmd_anonymous_page (mm/huge_memory.c:651) 
[ 6.950055][ T2491] __handle_mm_fault (mm/memory.c:4441 mm/memory.c:4676) 
[ 6.950569][ T2491] handle_mm_fault (mm/memory.c:4803) 
[ 6.951102][ T2491] do_user_addr_fault (include/linux/sched/signal.h:404 arch/x86/mm/fault.c:1399) 
[ 6.951619][ T2491] exc_page_fault (arch/x86/include/asm/irqflags.h:40 arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1492 arch/x86/mm/fault.c:1540) 
[ 6.952106][ T2491] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:568) 
[ 6.952617][ T2491] asm_exc_page_fault (arch/x86/include/asm/idtentry.h:568) 
[    6.953120][ T2491] RIP: 0023:0xf7ec7e66
[ 6.953553][ T2491] Code: 04 8d 76 00 75 30 85 c9 74 38 0f b6 18 f6 c1 02 88 1a 74 2e 0f b7 5c 08 fe 66 89 5c 0a fe eb 22 f3 0f 7e 00 f3 0f 7e 4c 08 f8 <66> 0f d6 02 66 0f d6 4c 0a f8 eb 0c 8b 18 89 1a 8b 5c 08 fc 89 5c
All code
========
   0:	04 8d                	add    $0x8d,%al
   2:	76 00                	jbe    0x4
   4:	75 30                	jne    0x36
   6:	85 c9                	test   %ecx,%ecx
   8:	74 38                	je     0x42
   a:	0f b6 18             	movzbl (%rax),%ebx
   d:	f6 c1 02             	test   $0x2,%cl
  10:	88 1a                	mov    %bl,(%rdx)
  12:	74 2e                	je     0x42
  14:	0f b7 5c 08 fe       	movzwl -0x2(%rax,%rcx,1),%ebx
  19:	66 89 5c 0a fe       	mov    %bx,-0x2(%rdx,%rcx,1)
  1e:	eb 22                	jmp    0x42
  20:	f3 0f 7e 00          	movq   (%rax),%xmm0
  24:	f3 0f 7e 4c 08 f8    	movq   -0x8(%rax,%rcx,1),%xmm1
  2a:*	66 0f d6 02          	movq   %xmm0,(%rdx)		<-- trapping instruction
  2e:	66 0f d6 4c 0a f8    	movq   %xmm1,-0x8(%rdx,%rcx,1)
  34:	eb 0c                	jmp    0x42
  36:	8b 18                	mov    (%rax),%ebx
  38:	89 1a                	mov    %ebx,(%rdx)
  3a:	8b 5c 08 fc          	mov    -0x4(%rax,%rcx,1),%ebx
  3e:	89                   	.byte 0x89
  3f:	5c                   	pop    %rsp

Code starting with the faulting instruction
===========================================
   0:	66 0f d6 02          	movq   %xmm0,(%rdx)
   4:	66 0f d6 4c 0a f8    	movq   %xmm1,-0x8(%rdx,%rcx,1)
   a:	eb 0c                	jmp    0x18
   c:	8b 18                	mov    (%rax),%ebx
   e:	89 1a                	mov    %ebx,(%rdx)
  10:	8b 5c 08 fc          	mov    -0x4(%rax,%rcx,1),%ebx
  14:	89                   	.byte 0x89
  15:	5c                   	pop    %rsp
[    6.956538][ T2491] RSP: 002b:00000000ffa1d1f8 EFLAGS: 00010202
[    6.957149][ T2491] RAX: 00000000f73ffd24 RBX: 00000000f7f94000 RCX: 0000000000000009
[    6.957973][ T2491] RDX: 00000000f73ffffd RSI: 0000000000000704 RDI: 000000005664e248
[    6.958789][ T2491] RBP: 00000000ffa1d5f3 R08: 0000000000000000 R09: 0000000000000000
[    6.959605][ T2491] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[    6.960414][ T2491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[    6.961233][ T2491]  </TASK>
[    6.961578][ T2491] ---[ end trace 0000000000000000 ]---
Starting LSB: Load kernel image with kexec...
[  OK  ] Started Getty on tty1.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started Login Service.
[  OK  ] Started LSB: Load kernel image with kexec.
LKP: ttyS0: 2407:  /lkp/lkp/src/bin/run-lkp /lkp/jobs/scheduled/vm-snb-144/boot-1-debian-i386-20191205.cgz-e8f2ee7bd2dde6f9853d6cc064357e3c788388cf-20220225-68315-1awnjh0-1.yaml
[   14.012050][ T2432] LKP: stdout: 2407: Kernel tests: Boot OK!
[   14.012059][ T2432]
LKP: ttyS0: 2407: LKP: rebooting forcely
[   18.605714][ T2432] LKP: stdout: 2407: HOSTNAME vm-snb-144, MAC 72:07:66:71:6c:4b, kernel 5.17.0-rc5-mm1-00133-ge8f2ee7bd2dd 1
[   18.605724][ T2432]
[   18.610194][ T2432] install debs round one: dpkg -i --force-confdef --force-depends /opt/deb/gawk_1%3a4.1.4+dfsg-1_i386.deb
[   18.610198][ T2432]
[   18.612770][ T2432] Selecting previously unselected package gawk.
[   18.612773][ T2432]
[   18.615644][ T2432] (Reading database ... 16210 files and directories currently installed.)
[   18.615648][ T2432]
[   18.618324][ T2432] Preparing to unpack .../gawk_1%3a4.1.4+dfsg-1_i386.deb ...
[   18.618327][ T2432]
[   18.620241][ T2432] Unpacking gawk (1:4.1.4+dfsg-1) ...
[   18.620244][ T2432]
[   18.622011][ T2432] Setting up gawk (1:4.1.4+dfsg-1) ...
[   18.622014][ T2432]
[   18.999231][ T2407] sysrq: Emergency Sync
[   18.999750][ T2407] sysrq: Resetting

Kboot worker: lkp-worker30
Elapsed time: 60

kvm=(
qemu-system-x86_64
-enable-kvm
-cpu SandyBridge
-kernel $kernel
-initrd initrd-vm-snb-144.cgz
-m 16384
-smp 2
-device e1000,netdev=net0
-netdev user,id=net0,hostfwd=tcp::32032-:22
-boot order=nc
-no-reboot
-watchdog i6300esb
-watchdog-action debug
-rtc base=localtime
-serial stdio
-display none
-monitor null


To reproduce:

        # build kernel
	cd linux
	cp config-5.17.0-rc5-mm1-00133-ge8f2ee7bd2dd .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.17.0-rc5-mm1-00133-ge8f2ee7bd2dd" of type "text/plain" (122265 bytes)

View attachment "job-script" of type "text/plain" (4503 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (13996 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ