| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yt6bEoB9ZRV8VE3i@xsang-OptiPlex-9020>
Date: Mon, 25 Jul 2022 21:30:58 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Christophe JAILLET <christophe.jaillet@...adoo.fr>
CC: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
<lkp@...ts.01.org>, <akpm@...ux-foundation.org>,
<feng.tang@...el.com>,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>, <linux-mm@...ck.org>,
<kernel-janitors@...r.kernel.org>,
Christophe JAILLET <christophe.jaillet@...adoo.fr>
Subject: [devres] 3d0e198cd7: WARNING:at_drivers/base/devres.c:#devm_kfree
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 3d0e198cd7dc63c6ddbf06c028ba04e5ed43e470 ("[RFC PATCH] devres: avoid over memory allocation with managed memory allocation")
url: https://github.com/intel-lab-lkp/linux/commits/Christophe-JAILLET/devres-avoid-over-memory-allocation-with-managed-memory-allocation/20220723-181707
base: https://git.kernel.org/cgit/linux/kernel/git/gregkh/driver-core.git 3fcbf1c77d089fcf0331fd8f3cbbe6c436a3edbd
patch link: https://lore.kernel.org/lkml/92ec2f78e8d38f68da95d9250cf3f86b2fbe78ad.1658570017.git.christophe.jaillet@wanadoo.fr
in testcase: nvml
version: nvml-x86_64-3de7d358f-1_20211217
with following parameters:
test: pmem
group: util
nr_pmem: 1
fs: ext4
mount_option: dax
bp_memmap: 32G!4G
ucode: 0x700001c
on test machine: 16 threads 1 sockets Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz with 48G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 33.935602][ T339] ------------[ cut here ]------------
[ 33.935605][ T339] WARNING: CPU: 10 PID: 339 at drivers/base/devres.c:1092 devm_kfree (drivers/base/devres.c:1092)
[ 33.935615][ T339] Modules linked in: nd_pmem(+) sysimgblt ahci(+) fb_sys_fops dax_pmem nd_btt libahci nd_e820 acpi_ipmi mei_me intel_uncore(+) libnvdimm drm mxm_wmi libata acpi_cpufreq(-) joydev gpio_ich intel_pch_thermal ipmi_si(+) mei ioatdma(+) dca ipmi_devintf ipmi_msghandler wmi acpi_pad ip_tables
[ 33.935652][ T339] CPU: 10 PID: 339 Comm: systemd-udevd Tainted: G S 5.19.0-rc1-00059-g3d0e198cd7dc #1
[ 33.935656][ T339] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016
[ 33.935659][ T339] RIP: 0010:devm_kfree (drivers/base/devres.c:1092)
[ 33.935663][ T339] Code: 00 fc ff df 48 8d 78 d8 48 89 f9 48 c1 e9 03 80 3c 11 00 75 1d 48 8b 40 d8 48 39 c7 75 09 48 83 c4 10 e9 97 81 31 ff 0f 0b c3 <0f> 0b 48 83 c4 10 c3 c3 48 89 44 24 08 48 89 3c 24 e8 be 16 32 ff
All code
========
0: 00 fc add %bh,%ah
2: ff (bad)
3: df 48 8d fisttps -0x73(%rax)
6: 78 d8 js 0xffffffffffffffe0
8: 48 89 f9 mov %rdi,%rcx
b: 48 c1 e9 03 shr $0x3,%rcx
f: 80 3c 11 00 cmpb $0x0,(%rcx,%rdx,1)
13: 75 1d jne 0x32
15: 48 8b 40 d8 mov -0x28(%rax),%rax
19: 48 39 c7 cmp %rax,%rdi
1c: 75 09 jne 0x27
1e: 48 83 c4 10 add $0x10,%rsp
22: e9 97 81 31 ff jmpq 0xffffffffff3181be
27: 0f 0b ud2
29: c3 retq
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 83 c4 10 add $0x10,%rsp
30: c3 retq
31: c3 retq
32: 48 89 44 24 08 mov %rax,0x8(%rsp)
37: 48 89 3c 24 mov %rdi,(%rsp)
3b: e8 be 16 32 ff callq 0xffffffffff3216fe
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 83 c4 10 add $0x10,%rsp
6: c3 retq
7: c3 retq
8: 48 89 44 24 08 mov %rax,0x8(%rsp)
d: 48 89 3c 24 mov %rdi,(%rsp)
11: e8 be 16 32 ff callq 0xffffffffff3216d4
[ 33.935666][ T339] RSP: 0018:ffffc90001f67840 EFLAGS: 00010246
[ 33.935670][ T339] RAX: 0000000000000000 RBX: ffff888906f51358 RCX: dffffc0000000000
[ 33.935672][ T339] RDX: 1ffff11120dea256 RSI: 0000000000000246 RDI: ffff888906f512a4
[ 33.935675][ T339] RBP: ffff888906f51370 R08: ffff888906f512a8 R09: ffffc90001f6779b
[ 33.935677][ T339] R10: fffff520003ecef3 R11: 0000000000000001 R12: ffff888906f51008
[ 33.935679][ T339] R13: ffff88893057eb1c R14: ffff88893057e830 R15: 0000000000000000
[ 33.935681][ T339] FS: 00007f76e113bd40(0000) GS:ffff888bb7900000(0000) knlGS:0000000000000000
[ 33.935684][ T339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.935686][ T339] CR2: 00007f19575cb050 CR3: 0000000c78540001 CR4: 00000000003706e0
[ 33.935689][ T339] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.935690][ T339] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.935693][ T339] Call Trace:
[ 33.935694][ T339] <TASK>
[ 33.935696][ T339] ? devres_release (drivers/base/devres.c:426)
[ 33.935700][ T339] badblocks_exit (block/badblocks.c:599)
[ 33.935706][ T339] devm_nsio_disable (include/linux/badblocks.h:64 drivers/nvdimm/claim.c:336) libnvdimm
[ 33.935730][ T339] nd_pmem_probe (drivers/nvdimm/pmem.c:652) nd_pmem
[ 33.935736][ T339] nvdimm_bus_probe (drivers/nvdimm/bus.c:91) libnvdimm
[ 33.935753][ T339] really_probe (drivers/base/dd.c:530 drivers/base/dd.c:609)
[ 33.935758][ T339] __driver_probe_device (drivers/base/dd.c:748)
[ 33.935763][ T339] driver_probe_device (drivers/base/dd.c:778)
[ 33.935767][ T339] __driver_attach (drivers/base/dd.c:1151)
[ 33.935772][ T339] ? __device_attach_driver (drivers/base/dd.c:1100)
[ 33.935777][ T339] bus_for_each_dev (drivers/base/bus.c:301)
[ 33.935781][ T339] ? subsys_dev_iter_exit (drivers/base/bus.c:290)
[ 33.935785][ T339] ? klist_add_tail (include/linux/list.h:69 include/linux/list.h:102 lib/klist.c:104 lib/klist.c:137)
[ 33.935790][ T339] bus_add_driver (drivers/base/bus.c:618)
[ 33.935795][ T339] driver_register (drivers/base/driver.c:240)
[ 33.935798][ T339] ? 0xffffffffc108a000
[ 33.935801][ T339] do_one_initcall (init/main.c:1295)
[ 33.935806][ T339] ? trace_event_raw_event_initcall_level (init/main.c:1286)
[ 33.935810][ T339] ? kasan_unpoison (mm/kasan/shadow.c:108 mm/kasan/shadow.c:142)
[ 33.935817][ T339] ? kasan_unpoison (mm/kasan/shadow.c:108 mm/kasan/shadow.c:142)
[ 33.935821][ T339] do_init_module (kernel/module/main.c:2434)
[ 33.935827][ T339] load_module (kernel/module/main.c:2829)
[ 33.935832][ T339] ? layout_and_allocate (kernel/module/main.c:2652)
[ 33.935835][ T339] ? kernel_read_file (arch/x86/include/asm/atomic.h:95 include/linux/atomic/atomic-instrumented.h:191 include/linux/fs.h:2838 fs/kernel_read_file.c:122)
[ 33.935841][ T339] ? __x64_sys_fspick (fs/kernel_read_file.c:38)
[ 33.935845][ T339] ? mmap_region (mm/mmap.c:1889)
[ 33.935851][ T339] ? __do_sys_finit_module (kernel/module/main.c:2930)
[ 33.935854][ T339] __do_sys_finit_module (kernel/module/main.c:2930)
[ 33.935858][ T339] ? __ia32_sys_init_module (kernel/module/main.c:2898)
[ 33.935862][ T339] ? __seccomp_filter (arch/x86/include/asm/bitops.h:214 include/asm-generic/bitops/instrumented-non-atomic.h:135 kernel/seccomp.c:354 kernel/seccomp.c:381 kernel/seccomp.c:413 kernel/seccomp.c:1210)
[ 33.935866][ T339] ? vm_mmap_pgoff (mm/util.c:556)
[ 33.935873][ T339] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 33.935879][ T339] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115)
[ 33.935884][ T339] RIP: 0033:0x7f76e1925f59
[ 33.935887][ T339] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 07 6f 0c 00 f7 d8 64 89 01 48
All code
========
0: 00 c3 add %al,%bl
2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
9: 00 00 00
c: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 retq
33: 48 8b 0d 07 6f 0c 00 mov 0xc6f07(%rip),%rcx # 0xc6f41
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 retq
9: 48 8b 0d 07 6f 0c 00 mov 0xc6f07(%rip),%rcx # 0xc6f17
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-rc1-00059-g3d0e198cd7dc" of type "text/plain" (167541 bytes)
View attachment "job-script" of type "text/plain" (6173 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (31444 bytes)
View attachment "job.yaml" of type "text/plain" (4882 bytes)
View attachment "reproduce" of type "text/plain" (2790 bytes)
Powered by blists - more mailing lists