| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220309021531.GA22223@xsang-OptiPlex-9020>
Date: Wed, 9 Mar 2022 10:15:31 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Oliver Glitta <glittao@...il.com>
Cc: lkp@...ts.01.org, lkp@...el.com,
LKML <linux-kernel@...r.kernel.org>
Subject: [mm/slub] ae107fa919: BUG:unable_to_handle_page_fault_for_address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: ae107fa91914f098cd54ab77e68f83dd6259e901 ("mm/slub: use stackdepot to save stack trace in objects")
https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-stackdepot-v3r0
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------+------------+------------+
| | 2b303a7249 | ae107fa919 |
+---------------------------------------------+------------+------------+
| boot_successes | 10 | 0 |
| boot_failures | 0 | 10 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 10 |
| Oops:#[##] | 0 | 10 |
| EIP:__stack_depot_save | 0 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 10 |
+---------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 7.940529][ T0] BUG: unable to handle page fault for address: 003b2aa0
[ 7.941169][ T0] #PF: supervisor read access in kernel mode
[ 7.941688][ T0] #PF: error_code(0x0000) - not-present page
[ 7.942204][ T0] *pdpt = 0000000000000000 *pde = f000ff53f000e2c3
[ 7.943638][ T0] Oops: 0000 [#1] PTI
[ 7.943935][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.17.0-rc1-00003-gae107fa91914 #1 5f73b26000dc0e5442a0589d1a3fdb9ee3bc2185
[ 7.944854][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 7.945567][ T0] EIP: __stack_depot_save (lib/stackdepot.c:396)
[ 7.946736][ T0] Code: 0f 84 e0 00 00 00 83 fb 03 0f 84 d2 00 00 00 4b 90 0f 84 d4 00 00 00 a1 c0 a2 13 c3 89 f2 81 e2 ff ff 0f 00 8d 04 90 89 45 dc <8b> 18 85 db 0f 84 fd 00 00 00 8b 55 ec eb 12 8d b4 26 00 00 00 00
All code
========
0: 0f 84 e0 00 00 00 je 0xe6
6: 83 fb 03 cmp $0x3,%ebx
9: 0f 84 d2 00 00 00 je 0xe1
f: 4b 90 rex.WXB xchg %rax,%r8
11: 0f 84 d4 00 00 00 je 0xeb
17: a1 c0 a2 13 c3 89 f2 movabs 0xe281f289c313a2c0,%eax
1e: 81 e2
20: ff (bad)
21: ff 0f decl (%rdi)
23:* 00 8d 04 90 89 45 add %cl,0x45899004(%rbp) <-- trapping instruction
29: dc 8b 18 85 db 0f fmull 0xfdb8518(%rbx)
2f: 84 fd test %bh,%ch
31: 00 00 add %al,(%rax)
33: 00 8b 55 ec eb 12 add %cl,0x12ebec55(%rbx)
39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
Code starting with the faulting instruction
===========================================
0: 8b 18 mov (%rax),%ebx
2: 85 db test %ebx,%ebx
4: 0f 84 fd 00 00 00 je 0x107
a: 8b 55 ec mov -0x14(%rbp),%edx
d: eb 12 jmp 0x21
f: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
[ 7.948207][ T0] EAX: 003b2aa0 EBX: c294c1f7 ECX: dccd1bb1 EDX: 000ecaa8
[ 7.948774][ T0] ESI: 634ecaa8 EDI: c10001d1 EBP: c2449ddc ESP: c2449dac
[ 7.949279][ T0] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00210002
[ 7.949823][ T0] CR0: 80050033 CR2: 003b2aa0 CR3: 029de000 CR4: 000406b0
[ 7.950328][ T0] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 7.950833][ T0] DR6: fffe0ff0 DR7: 00000400
[ 7.951161][ T0] Call Trace:
[ 7.951389][ T0] stack_depot_save (lib/stackdepot.c:476)
[ 7.951719][ T0] set_track (mm/slub.c:742)
[ 7.952006][ T0] ? __slab_alloc+0x17/0x30
[ 7.952459][ T0] ? kmem_cache_alloc (mm/slub.c:3195 mm/slub.c:3237 mm/slub.c:3242)
[ 7.952814][ T0] ? __kmem_cache_create (mm/slub.c:3991 mm/slub.c:4231 mm/slub.c:4900)
[ 7.953180][ T0] ? create_boot_cache (mm/slab_common.c:656)
[ 7.953532][ T0] ? kmem_cache_init (mm/slub.c:4847)
[ 7.953869][ T0] ? start_kernel (init/main.c:845 init/main.c:985)
[ 7.954197][ T0] ? i386_start_kernel (arch/x86/kernel/head32.c:57)
[ 7.954545][ T0] ? startup_32_smp (arch/x86/kernel/head_32.S:328)
[ 7.954889][ T0] alloc_debug_processing (mm/slub.c:1315)
[ 7.955260][ T0] ? __kmem_cache_create (mm/slub.c:3991 mm/slub.c:4231 mm/slub.c:4900)
[ 7.955625][ T0] ? __kmem_cache_create (mm/slub.c:3991 mm/slub.c:4231 mm/slub.c:4900)
[ 7.955988][ T0] ___slab_alloc+0x838/0xc60
[ 7.956404][ T0] ? __kmem_cache_create (mm/slub.c:3991 mm/slub.c:4231 mm/slub.c:4900)
[ 7.956771][ T0] ? __mutex_unlock_slowpath (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-long.h:523 include/linux/atomic/atomic-instrumented.h:1266 kernel/locking/mutex.c:902)
[ 7.957162][ T0] ? __kmem_cache_create (mm/slub.c:3991 mm/slub.c:4231 mm/slub.c:4900)
[ 7.957535][ T0] ? rcu_read_lock_sched_held (kernel/rcu/update.c:104 kernel/rcu/update.c:123)
[ 7.957970][ T0] ? pcpu_alloc (mm/percpu.c:1917)
[ 7.958291][ T0] __slab_alloc+0x17/0x30
[ 7.958716][ T0] kmem_cache_alloc (mm/slub.c:3195 mm/slub.c:3237 mm/slub.c:3242)
[ 7.959060][ T0] ? calculate_sizes+0x98/0x4b0
[ 7.959477][ T0] ? __kmem_cache_create (mm/slub.c:3991 mm/slub.c:4231 mm/slub.c:4900)
[ 7.959880][ T0] __kmem_cache_create (mm/slub.c:3991 mm/slub.c:4231 mm/slub.c:4900)
[ 7.960283][ T0] ? __kmem_cache_create (mm/slub.c:4905)
[ 7.960699][ T0] create_boot_cache (mm/slab_common.c:656)
[ 7.961081][ T0] kmem_cache_init (mm/slub.c:4847)
[ 7.961413][ T0] start_kernel (init/main.c:845 init/main.c:985)
[ 7.961727][ T0] ? early_idt_handler_common (arch/x86/kernel/head_32.S:417)
[ 7.962115][ T0] i386_start_kernel (arch/x86/kernel/head32.c:57)
[ 7.962463][ T0] startup_32_smp (arch/x86/kernel/head_32.S:328)
[ 7.962790][ T0] Modules linked in:
[ 7.963063][ T0] CR2: 00000000003b2aa0
[ 7.964125][ T0] ---[ end trace 0000000000000000 ]---
[ 7.964536][ T0] EIP: __stack_depot_save (lib/stackdepot.c:396)
[ 7.964917][ T0] Code: 0f 84 e0 00 00 00 83 fb 03 0f 84 d2 00 00 00 4b 90 0f 84 d4 00 00 00 a1 c0 a2 13 c3 89 f2 81 e2 ff ff 0f 00 8d 04 90 89 45 dc <8b> 18 85 db 0f 84 fd 00 00 00 8b 55 ec eb 12 8d b4 26 00 00 00 00
All code
========
0: 0f 84 e0 00 00 00 je 0xe6
6: 83 fb 03 cmp $0x3,%ebx
9: 0f 84 d2 00 00 00 je 0xe1
f: 4b 90 rex.WXB xchg %rax,%r8
11: 0f 84 d4 00 00 00 je 0xeb
17: a1 c0 a2 13 c3 89 f2 movabs 0xe281f289c313a2c0,%eax
1e: 81 e2
20: ff (bad)
21: ff 0f decl (%rdi)
23:* 00 8d 04 90 89 45 add %cl,0x45899004(%rbp) <-- trapping instruction
29: dc 8b 18 85 db 0f fmull 0xfdb8518(%rbx)
2f: 84 fd test %bh,%ch
31: 00 00 add %al,(%rax)
33: 00 8b 55 ec eb 12 add %cl,0x12ebec55(%rbx)
39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
Code starting with the faulting instruction
===========================================
0: 8b 18 mov (%rax),%ebx
2: 85 db test %ebx,%ebx
4: 0f 84 fd 00 00 00 je 0x107
a: 8b 55 ec mov -0x14(%rbp),%edx
d: eb 12 jmp 0x21
f: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
To reproduce:
# build kernel
cd linux
cp config-5.17.0-rc1-00003-gae107fa91914 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.17.0-rc1-00003-gae107fa91914" of type "text/plain" (140594 bytes)
View attachment "job-script" of type "text/plain" (4681 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (4560 bytes)
Powered by blists - more mailing lists