| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Mar 2022 17:05:20 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Oliver Glitta <glittao@...il.com>
Cc: lkp@...ts.01.org, lkp@...el.com,
LKML <linux-kernel@...r.kernel.org>
Subject: [mm/slub] 555b8c8cb3: WARNING:at_lib/stackdepot.c:#stack_depot_fetch
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 555b8c8cb3f335ec8fd9d1ffd25e1395790d102d ("mm/slub: use stackdepot to save stack trace in objects")
https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-stackdepot-v3r1
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: tasks
test-description: rcutorture is rcutorture kernel module load/unload test.
test-url: https://www.kernel.org/doc/Documentation/RCU/torture.txt
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
(please be noted the issue is random, we observed it 4 times out of 32 runs.
parent keeps clean on 32 runs.)
[ 318.532656][ T1741] WARNING: CPU: 0 PID: 1741 at lib/stackdepot.c:326 stack_depot_fetch (lib/stackdepot.c:326 (discriminator 1))
[ 318.534566][ T1741] Modules linked in: rcutorture(-) torture aesni_intel crypto_simd cryptd input_leds pcspkr qemu_fw_cfg tiny_power_button button
[ 318.537087][ T1741] CPU: 0 PID: 1741 Comm: rmmod Not tainted 5.17.0-rc1-00003-g555b8c8cb3f3 #1 1fcfbabccf3b829d5910183510efdc3cb11ab20b
[ 318.539366][ T1741] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 318.541093][ T1741] EIP: stack_depot_fetch (lib/stackdepot.c:326 (discriminator 1))
[ 318.542104][ T1741] Code: 66 81 e3 ff 03 85 c0 74 26 89 d6 89 c7 8b 15 f0 56 3e d5 81 e7 ff ff 1f 00 39 d7 7e 16 50 52 57 68 20 37 59 d4 e8 47 f4 50 00 <0f> 0b 83 c4 10 31 c0 eb 2f 81 ff ff 1f 00 00 76 0c 89 fa b8 04 bd
All code
========
0: 66 81 e3 ff 03 and $0x3ff,%bx
5: 85 c0 test %eax,%eax
7: 74 26 je 0x2f
9: 89 d6 mov %edx,%esi
b: 89 c7 mov %eax,%edi
d: 8b 15 f0 56 3e d5 mov -0x2ac1a910(%rip),%edx # 0xffffffffd53e5703
13: 81 e7 ff ff 1f 00 and $0x1fffff,%edi
19: 39 d7 cmp %edx,%edi
1b: 7e 16 jle 0x33
1d: 50 push %rax
1e: 52 push %rdx
1f: 57 push %rdi
20: 68 20 37 59 d4 pushq $0xffffffffd4593720
25: e8 47 f4 50 00 callq 0x50f471
2a:* 0f 0b ud2 <-- trapping instruction
2c: 83 c4 10 add $0x10,%esp
2f: 31 c0 xor %eax,%eax
31: eb 2f jmp 0x62
33: 81 ff ff 1f 00 00 cmp $0x1fff,%edi
39: 76 0c jbe 0x47
3b: 89 fa mov %edi,%edx
3d: b8 .byte 0xb8
3e: 04 bd add $0xbd,%al
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 83 c4 10 add $0x10,%esp
5: 31 c0 xor %eax,%eax
7: eb 2f jmp 0x38
9: 81 ff ff 1f 00 00 cmp $0x1fff,%edi
f: 76 0c jbe 0x1d
11: 89 fa mov %edi,%edx
13: b8 .byte 0xb8
14: 04 bd add $0xbd,%al
[ 318.545357][ T1741] EAX: 0000003a EBX: 0000016d ECX: 00000027 EDX: d471aa3c
[ 318.546659][ T1741] ESI: f4a31e20 EDI: 000cafae EBP: f4a31e0c ESP: f4a31df0
[ 318.547930][ T1741] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010296
[ 318.549302][ T1741] CR0: 80050033 CR2: b7234000 CR3: 3493c000 CR4: 000406d0
[ 318.550616][ T1741] Call Trace:
[ 318.551322][ T1741] kmem_obj_info (mm/slub.c:4365)
[ 318.552241][ T1741] kmem_dump_obj (mm/slab_common.c:594)
[ 318.553214][ T1741] mem_dump_obj (mm/util.c:1026)
[ 318.554068][ T1741] rcu_torture_cleanup+0x3be/0x613 rcutorture
[ 318.555861][ T1741] ? rcu_read_lock_sched_held (kernel/rcu/update.c:125)
[ 318.557037][ T1741] ? prepare_to_wait_exclusive (kernel/sched/wait.c:415)
[ 318.558077][ T1741] rcu_torture_cleanup (kernel/rcu/rcutorture.c:3008) rcutorture
[ 318.559763][ T1741] __ia32_sys_delete_module (kernel/module.c:969 kernel/module.c:912 kernel/module.c:912)
[ 318.560840][ T1741] ? lock_release (kernel/locking/lockdep.c:5315 kernel/locking/lockdep.c:5659)
[ 318.561769][ T1741] ? __might_fault (mm/memory.c:5272 mm/memory.c:5257)
[ 318.562605][ T1741] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178)
[ 318.563575][ T1741] do_fast_syscall_32 (arch/x86/entry/common.c:203)
[ 318.564559][ T1741] do_SYSENTER_32 (arch/x86/entry/common.c:247)
[ 318.565406][ T1741] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:869)
[ 318.566306][ T1741] EIP: 0xb7edb549
[ 318.567141][ T1741] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
0: 03 74 c0 01 add 0x1(%rax,%rax,8),%esi
4: 10 05 03 74 b8 01 adc %al,0x1b87403(%rip) # 0x1b8740d
a: 10 06 adc %al,(%rsi)
c: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
10: 10 07 adc %al,(%rdi)
12: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
16: 10 08 adc %cl,(%rax)
18: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
1c: 00 00 add %al,(%rax)
1e: 00 00 add %al,(%rax)
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 retq
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 retq
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
f: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
[ 318.570837][ T1741] EAX: ffffffda EBX: b7f2ee44 ECX: 00000800 EDX: b7f15949
[ 318.572303][ T1741] ESI: b7f2ee08 EDI: b7f2ee08 EBP: bfedfe99 ESP: bfede158
[ 318.573645][ T1741] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000202
[ 318.575211][ T1741] irq event stamp: 4771
[ 318.576062][ T1741] hardirqs last enabled at (4779): __up_console_sem (arch/x86/include/asm/irqflags.h:45 (discriminator 1) arch/x86/include/asm/irqflags.h:80 (discriminator 1) arch/x86/include/asm/irqflags.h:138 (discriminator 1) kernel/printk/printk.c:256 (discriminator 1))
[ 318.578008][ T1741] hardirqs last disabled at (4788): __up_console_sem (kernel/printk/printk.c:254 (discriminator 3))
[ 318.579667][ T1741] softirqs last enabled at (4654): __do_softirq (arch/x86/include/asm/preempt.h:27 kernel/softirq.c:402 kernel/softirq.c:587)
[ 318.581320][ T1741] softirqs last disabled at (4645): do_softirq_own_stack (arch/x86/kernel/irq_32.c:60 arch/x86/kernel/irq_32.c:150)
[ 318.583074][ T1741] ---[ end trace 0000000000000000 ]---
[ 318.584139][ T1741] ------------[ cut here ]------------
[ 318.585205][ T1741] slab index 568234 out of bounds (73) for stack id a9a8abaa
To reproduce:
# build kernel
cd linux
cp config-5.17.0-rc1-00003-g555b8c8cb3f3 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.17.0-rc1-00003-g555b8c8cb3f3" of type "text/plain" (174214 bytes)
View attachment "job-script" of type "text/plain" (4744 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (20840 bytes)
View attachment "rcutorture" of type "text/plain" (9367 bytes)
Powered by blists - more mailing lists