| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220616134303.GC25633@xsang-OptiPlex-9020>
Date: Thu, 16 Jun 2022 21:43:03 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org,
lkp@...ts.01.org, lkp@...el.com
Subject: [ftrace] bc70bf84b8:
WARNING:at_include/trace/events/preemptirq.h:#trace_hardirqs_on
Greeting,
FYI, we noticed the following commit (built with clang-15):
commit: bc70bf84b842b1feb0df2a5225ba55792146b3e0 ("ftrace: WARN on rcuidle")
https://git.kernel.org/cgit/linux/kernel/git/peterz/queue.git sched/idle
in testcase: trinity
version: trinity-static-i386-x86_64-f93256fb_2019-08-28
with following parameters:
runtime: 300s
group: group-01
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 17.086623][ T3598] ------------[ cut here ]------------
[ 17.086626][ T3598] WARNING: CPU: 0 PID: 3598 at include/trace/events/preemptirq.h:42 trace_hardirqs_on (bus_numa.c:?)
[ 17.087884][ T3598] Modules linked in: rtc_cmos input_leds led_class crc32_pclmul mac_hid
[ 17.088497][ T3598] CPU: 0 PID: 3598 Comm: trinity-main Tainted: G T 5.19.0-rc2-00035-gbc70bf84b842 #1
[ 17.089258][ T3598] EIP: trace_hardirqs_on (bus_numa.c:?)
[ 17.089615][ T3598] Code: a1 b8 27 2e c2 a9 00 00 f0 00 75 05 cc 8d 74 26 00 c7 05 b0 8f 2e c2 00 00 00 00 e8 a4 c9 f8 ff 8b 45 04 e8 4c 98 c0 00 5d c3 <0f> 0b eb e3 00 00 cc cc 00 00 55 89 e5 a1 b0 8f 2e c2 85 c0 74 02
All code
========
0: a1 b8 27 2e c2 a9 00 movabs 0xf00000a9c22e27b8,%eax
7: 00 f0
9: 00 75 05 add %dh,0x5(%rbp)
c: cc int3
d: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi
11: c7 05 b0 8f 2e c2 00 movl $0x0,-0x3dd17050(%rip) # 0xffffffffc22e8fcb
18: 00 00 00
1b: e8 a4 c9 f8 ff callq 0xfffffffffff8c9c4
20: 8b 45 04 mov 0x4(%rbp),%eax
23: e8 4c 98 c0 00 callq 0xc09874
28: 5d pop %rbp
29: c3 retq
2a:* 0f 0b ud2 <-- trapping instruction
2c: eb e3 jmp 0x11
2e: 00 00 add %al,(%rax)
30: cc int3
31: cc int3
32: 00 00 add %al,(%rax)
34: 55 push %rbp
35: 89 e5 mov %esp,%ebp
37: a1 b0 8f 2e c2 85 c0 movabs 0x274c085c22e8fb0,%eax
3e: 74 02
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: eb e3 jmp 0xffffffffffffffe7
4: 00 00 add %al,(%rax)
6: cc int3
7: cc int3
8: 00 00 add %al,(%rax)
a: 55 push %rbp
b: 89 e5 mov %esp,%ebp
d: a1 b0 8f 2e c2 85 c0 movabs 0x274c085c22e8fb0,%eax
14: 74 02
[ 17.091048][ T3598] EAX: 80000001 EBX: c111b2f8 ECX: 00000001 EDX: ec8bdd4f
[ 17.091536][ T3598] ESI: 00000286 EDI: ecb8c980 EBP: ec8bdcd0 ESP: ec8bdcd0
[ 17.092060][ T3598] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046
[ 17.092612][ T3598] CR0: 80050033 CR2: 08d7a04c CR3: 2c8ac000 CR4: 00040690
[ 17.093119][ T3598] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 17.093617][ T3598] DR6: fffe0ff0 DR7: 00000400
[ 17.093972][ T3598] Call Trace:
[ 17.094223][ T3598] __text_poke (alternative.c:?)
[ 17.094557][ T3598] ? trace_hardirqs_on (bus_numa.c:?)
[ 17.094925][ T3598] ? __text_poke (alternative.c:?)
[ 17.095247][ T3598] text_poke_bp_batch (alternative.c:?)
[ 17.095594][ T3598] ? mutex_lock_nested (bus_numa.c:?)
[ 17.095977][ T3598] text_poke_finish (bus_numa.c:?)
[ 17.096319][ T3598] __jump_label_update (jump_label.c:?)
[ 17.096697][ T3598] jump_label_update (jump_label.c:?)
[ 17.097049][ T3598] static_key_enable_cpuslocked (bus_numa.c:?)
[ 17.097464][ T3598] tracepoint_add_func (tracepoint.c:?)
[ 17.097837][ T3598] ? trace_event_raw_event_preemptirq_template (trace_preemptirq.c:?)
[ 17.098321][ T3598] tracepoint_probe_register (bus_numa.c:?)
[ 17.098699][ T3598] ? trace_event_raw_event_preemptirq_template (trace_preemptirq.c:?)
[ 17.099184][ T3598] trace_event_reg (bus_numa.c:?)
[ 17.099505][ T3598] perf_trace_init (bus_numa.c:?)
[ 17.099866][ T3598] perf_tp_event_init (core.c:?)
[ 17.100221][ T3598] perf_try_init_event (core.c:?)
[ 17.100583][ T3598] perf_event_alloc (core.c:?)
[ 17.100944][ T3598] __ia32_sys_perf_event_open (bus_numa.c:?)
[ 17.101361][ T3598] ? print_vma_addr (bus_numa.c:?)
[ 17.101702][ T3598] __do_fast_syscall_32 (common.c:?)
[ 17.102054][ T3598] ? irqentry_exit_to_user_mode (bus_numa.c:?)
[ 17.102447][ T3598] ? irqentry_exit (bus_numa.c:?)
[ 17.102768][ T3598] do_fast_syscall_32 (bus_numa.c:?)
[ 17.103106][ T3598] do_SYSENTER_32 (bus_numa.c:?)
[ 17.103420][ T3598] entry_SYSENTER_32 (??:?)
[ 17.103775][ T3598] EIP: 0xb7fbe509
[ 17.104043][ T3598] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 retq
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
39: 00 00 00
3c: 0f .byte 0xf
3d: 1f (bad)
3e: 44 rex.R
...
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 retq
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
f: 00 00 00
12: 0f .byte 0xf
13: 1f (bad)
14: 44 rex.R
To reproduce:
# build kernel
cd linux
cp config-5.19.0-rc2-00035-gbc70bf84b842 .config
make HOSTCC=clang-15 CC=clang-15 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=clang-15 CC=clang-15 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-rc2-00035-gbc70bf84b842" of type "text/plain" (151464 bytes)
View attachment "job-script" of type "text/plain" (4622 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (14772 bytes)
View attachment "trinity" of type "text/plain" (6244 bytes)
Powered by blists - more mailing lists