| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Jun 2022 23:12:16 +0800
From: kernel test robot <oliver.sang@...el.com>
To: "Liam R. Howlett" <Liam.Howlett@...cle.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Matthew Wilcox <willy@...radead.org>,
Catalin Marinas <catalin.marinas@....com>,
David Howells <dhowells@...hat.com>,
SeongJae Park <sj@...nel.org>,
Vlastimil Babka <vbabka@...e.cz>,
Will Deacon <will@...nel.org>,
Davidlohr Bueso <dave@...olabs.net>,
LKML <linux-kernel@...r.kernel.org>,
Linux Memory Management List <linux-mm@...ck.org>,
tboot-devel@...ts.sourceforge.net, linux-efi@...r.kernel.org,
lkp@...ts.01.org, lkp@...el.com
Subject: [mm] 5a32db2a9f: WARNING:at_mm/slub.c:#kmem_cache_free_bulk
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 5a32db2a9fbeba1aebc8a7a18cae9e38873b7994 ("mm: start tracking VMAs with maple tree")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: igt
version: igt-x86_64-7c3ceb08-1_20220518
with following parameters:
group: group-13
ucode: 0xc2
on test machine: 20 threads 1 sockets Commet Lake with 16G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
kern :warn : [ 145.520879] WARNING: CPU: 3 PID: 2749 at mm/slub.c:3643 kmem_cache_free_bulk (mm/slub.c:3643 (discriminator 1))
kern :warn : [ 145.535092] Modules linked in: netconsole intel_rapl_msr intel_rapl_common btrfs blake2b_generic xor raid6_pq x86_pkg_temp_thermal intel_powerclamp zstd_compress coretemp libcrc32c sd_mod t10_pi ipmi_devintf kvm_intel ipmi_msghandler i915 crc64_rocksoft_generic kvm crc64_rocksoft crc64 intel_gtt sg drm_buddy drm_display_helper irqbypass ttm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel drm_kms_helper sdhci_pci ahci cqhci rapl ppdev intel_wmi_thunderbolt wmi_bmof intel_cstate libahci sdhci syscopyarea parport_pc sysfillrect i2c_designware_platform mei_me intel_uncore sysimgblt serio_raw libata joydev mmc_core mei i2c_designware_core idma64 intel_pch_thermal fb_sys_fops wmi parport video acpi_tad intel_pmc_core acpi_pad drm fuse ip_tables
kern :warn : [ 145.602685] CPU: 3 PID: 2749 Comm: gem_userptr_bli Not tainted 5.18.0-11966-g5a32db2a9fbe #1
kern :warn : [ 145.611909] RIP: 0010:kmem_cache_free_bulk (mm/slub.c:3643 (discriminator 1))
kern :warn : [ 145.617773] Code: 84 48 8b 55 08 f0 48 83 2a 01 0f 85 22 ff ff ff 48 8b 55 08 48 89 ef 48 8b 52 08 ff d2 0f 1f 00 b8 00 00 00 80 e9 08 ff ff ff <0f> 0b 48 83 c4 30 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 8b 0d 1e 6b
All code
========
0: 84 48 8b test %cl,-0x75(%rax)
3: 55 push %rbp
4: 08 f0 or %dh,%al
6: 48 83 2a 01 subq $0x1,(%rdx)
a: 0f 85 22 ff ff ff jne 0xffffffffffffff32
10: 48 8b 55 08 mov 0x8(%rbp),%rdx
14: 48 89 ef mov %rbp,%rdi
17: 48 8b 52 08 mov 0x8(%rdx),%rdx
1b: ff d2 callq *%rdx
1d: 0f 1f 00 nopl (%rax)
20: b8 00 00 00 80 mov $0x80000000,%eax
25: e9 08 ff ff ff jmpq 0xffffffffffffff32
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 83 c4 30 add $0x30,%rsp
30: 5b pop %rbx
31: 5d pop %rbp
32: 41 5c pop %r12
34: 41 5d pop %r13
36: 41 5e pop %r14
38: 41 5f pop %r15
3a: c3 retq
3b: 48 rex.W
3c: 8b .byte 0x8b
3d: 0d .byte 0xd
3e: 1e (bad)
3f: 6b .byte 0x6b
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 83 c4 30 add $0x30,%rsp
6: 5b pop %rbx
7: 5d pop %rbp
8: 41 5c pop %r12
a: 41 5d pop %r13
c: 41 5e pop %r14
e: 41 5f pop %r15
10: c3 retq
11: 48 rex.W
12: 8b .byte 0x8b
13: 0d .byte 0xd
14: 1e (bad)
15: 6b .byte 0x6b
kern :warn : [ 145.637336] RSP: 0018:ffffc90007d7f160 EFLAGS: 00010246
kern :warn : [ 145.643314] RAX: 0000000000000000 RBX: 0000000000000000 RCX: fffffbfff07c4fe0
kern :warn : [ 145.651213] RDX: ffff88844ac93450 RSI: 0000000000000000 RDI: ffff88810004e8c0
kern :warn : [ 145.659121] RBP: ffff88844ac93450 R08: ffff88844ac93450 R09: 0000000000000003
kern :warn : [ 145.667051] R10: ffff88844ac93420 R11: ffffffff83e27f03 R12: dffffc0000000000
kern :warn : [ 145.674941] R13: ffff88844ac93400 R14: 0000000000000000 R15: 0000000000000003
kern :warn : [ 145.682807] FS: 00007f1f51b36bc0(0000) GS:ffff8883a1f80000(0000) knlGS:0000000000000000
kern :warn : [ 145.691658] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kern :warn : [ 145.698162] CR2: 00007f1f540bcfe0 CR3: 0000000458db6005 CR4: 00000000003706e0
kern :warn : [ 145.706056] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
kern :warn : [ 145.713952] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
kern :warn : [ 145.721853] Call Trace:
kern :warn : [ 145.725062] <TASK>
kern :warn : [ 145.727921] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
kern :warn : [ 145.733133] ? mt_destroy_walk (lib/maple_tree.c:5454)
kern :warn : [ 145.737988] ? kmem_cache_free (mm/slub.c:1753 mm/slub.c:3507 mm/slub.c:3524)
kern :warn : [ 145.742774] mt_destroy_walk (lib/maple_tree.c:158 lib/maple_tree.c:5427)
kern :warn : [ 145.747453] ? mas_mab_cp (lib/maple_tree.c:1921)
kern :warn : [ 145.751912] ? mas_prev_entry (lib/maple_tree.c:5404)
kern :warn : [ 145.756833] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1))
kern :warn : [ 145.760738] mas_wmb_replace (lib/maple_tree.c:5472 lib/maple_tree.c:986 lib/maple_tree.c:2668)
kern :warn : [ 145.765389] mas_spanning_rebalance+0x3828/0x8300
kern :warn : [ 145.771461] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:355 arch/x86/kernel/unwind_orc.c:600)
kern :warn : [ 145.776664] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24)
kern :warn : [ 145.781433] ? mas_destroy_rebalance (lib/maple_tree.c:2876)
kern :warn : [ 145.786978] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:596)
kern :warn : [ 145.792107] ? is_bpf_text_address (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:727 kernel/bpf/core.c:716)
kern :warn : [ 145.797141] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94)
kern :warn : [ 145.802260] ? __kernel_text_address (kernel/extable.c:79)
kern :warn : [ 145.807380] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:318 arch/x86/kernel/unwind_orc.c:313)
kern :warn : [ 145.812932] ? create_prof_cpu_mask (kernel/stacktrace.c:83)
kern :warn : [ 145.818049] ? mas_update_gap+0x202/0x680
kern :warn : [ 145.823427] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1))
kern :warn : [ 145.827331] ? memcpy (mm/kasan/shadow.c:65 (discriminator 1))
kern :warn : [ 145.831234] ? mas_store_b_node (lib/maple_tree.c:2107)
kern :warn : [ 145.836269] mas_wr_spanning_store+0x50e/0xe80
kern :warn : [ 145.842081] ? orc_find+0x1ed/0x300
kern :warn : [ 145.846951] ? mas_commit_b_node+0xcc0/0xcc0
kern :warn : [ 145.852589] ? unwind_next_frame (arch/x86/kernel/unwind_orc.c:596)
kern :warn : [ 145.857674] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:885) drm
kern :warn : [ 145.862580] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:885) drm
kern :warn : [ 145.867476] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:24)
kern :warn : [ 145.872243] ? is_bpf_text_address (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:727 kernel/bpf/core.c:716)
kern :warn : [ 145.877240] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94)
kern :warn : [ 145.882356] ? __radix_tree_delete (arch/x86/include/asm/bitops.h:68 include/asm-generic/bitops/instrumented-non-atomic.h:28 lib/radix-tree.c:101 lib/radix-tree.c:943 lib/radix-tree.c:1372)
kern :warn : [ 145.887556] ? mas_wr_store_entry+0x36e/0x1540
kern :warn : [ 145.893365] ? kasan_unpoison (mm/kasan/shadow.c:108 mm/kasan/shadow.c:142)
kern :warn : [ 145.897953] mas_store_prealloc (lib/maple_tree.c:248 lib/maple_tree.c:5570)
kern :warn : [ 145.902806] ? mas_destroy (lib/maple_tree.c:5564)
kern :warn : [ 145.907281] __do_munmap (mm/mmap.c:2913 mm/mmap.c:3105)
kern :warn : [ 145.911701] ? drm_ioctl (drivers/gpu/drm/drm_ioctl.c:886) drm
kern :warn : [ 145.916567] ? split_vma (mm/mmap.c:3027)
kern :warn : [ 145.920982] ? security_mmap_file (security/security.c:1592)
kern :warn : [ 145.925983] __vm_munmap (mm/mmap.c:3140)
kern :warn : [ 145.930234] ? __do_munmap (mm/mmap.c:3132)
kern :warn : [ 145.934887] __x64_sys_munmap (mm/mmap.c:3162)
kern :warn : [ 145.939478] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
kern :warn : [ 145.943781] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115)
kern :warn : [ 145.949567] RIP: 0033:0x7f1f53d9fbf7
kern :warn : [ 145.953873] Code: 38 eb 85 48 8b 15 99 52 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb 85 66 2e 0f 1f 84 00 00 00 00 00 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 69 52 0c 00 f7 d8 64 89 01 48
All code
========
0: 38 eb cmp %ch,%bl
2: 85 48 8b test %ecx,-0x75(%rax)
5: 15 99 52 0c 00 adc $0xc5299,%eax
a: f7 d8 neg %eax
c: 64 89 02 mov %eax,%fs:(%rdx)
f: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
16: eb 85 jmp 0xffffffffffffff9d
18: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
1f: 00 00 00
22: 90 nop
23: b8 0b 00 00 00 mov $0xb,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 retq
33: 48 8b 0d 69 52 0c 00 mov 0xc5269(%rip),%rcx # 0xc52a3
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 retq
9: 48 8b 0d 69 52 0c 00 mov 0xc5269(%rip),%rcx # 0xc5279
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.18.0-11966-g5a32db2a9fbe" of type "text/plain" (167269 bytes)
View attachment "job-script" of type "text/plain" (5276 bytes)
Download attachment "kmsg.xz" of type "application/x-xz" (57972 bytes)
View attachment "igt" of type "text/plain" (224278 bytes)
View attachment "job.yaml" of type "text/plain" (4329 bytes)
View attachment "reproduce" of type "text/plain" (13920 bytes)
Powered by blists - more mailing lists