| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yt/s8PWN0Z4Lz0Qy@xsang-OptiPlex-9020>
Date: Tue, 26 Jul 2022 21:32:32 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
CC: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
<linux-kernel@...r.kernel.org>, <lkp@...ts.01.org>, <lkp@...el.com>
Subject: [x86,static_call] c1c80aabc7:
WARNING:at_arch/x86/kernel/alternative.c:#apply_returns
(please be noted we reported
[x86,static_call] ee88d363d1: WARNING:at_arch/x86/kernel/alternative.c:#apply_returns
upon mainline at
https://lore.kernel.org/all/Ys58BxHxoDZ7rfpr@xsang-OptiPlex-9020/
and we noticed there are some discussion based on it.
this report FYI the similar issue happens on linux-5.15.y branch)
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: c1c80aabc7b968ccae5c134b4e4a30739e32efda ("x86,static_call: Use alternative RET encoding")
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 2.635232][ T0] ------------[ cut here ]------------
[ 2.636176][ T0] WARNING: CPU: 0 PID: 0 at arch/x86/kernel/alternative.c:556 apply_returns (arch/x86/kernel/alternative.c:556 (discriminator 1))
[ 2.636187][ T0] Modules linked in:
[ 2.636973][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.56-00032-gc1c80aabc7b9 #1
[ 2.637186][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 2.638187][ T0] RIP: 0010:apply_returns (arch/x86/kernel/alternative.c:556 (discriminator 1))
[ 2.639187][ T0] Code: ff ff 74 cb 48 83 c5 04 49 39 ee 0f 87 81 fe ff ff e9 22 ff ff ff 0f 0b 48 83 c5 04 49 39 ee 0f 87 6d fe ff ff e9 0e ff ff ff <0f> 0b 48 83 c5 04 49 39 ee 0f 87 59 fe ff ff e9 fa fe ff ff 48 89
All code
========
0: ff (bad)
1: ff 74 cb 48 pushq 0x48(%rbx,%rcx,8)
5: 83 c5 04 add $0x4,%ebp
8: 49 39 ee cmp %rbp,%r14
b: 0f 87 81 fe ff ff ja 0xfffffffffffffe92
11: e9 22 ff ff ff jmpq 0xffffffffffffff38
16: 0f 0b ud2
18: 48 83 c5 04 add $0x4,%rbp
1c: 49 39 ee cmp %rbp,%r14
1f: 0f 87 6d fe ff ff ja 0xfffffffffffffe92
25: e9 0e ff ff ff jmpq 0xffffffffffffff38
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 83 c5 04 add $0x4,%rbp
30: 49 39 ee cmp %rbp,%r14
33: 0f 87 59 fe ff ff ja 0xfffffffffffffe92
39: e9 fa fe ff ff jmpq 0xffffffffffffff38
3e: 48 rex.W
3f: 89 .byte 0x89
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 83 c5 04 add $0x4,%rbp
6: 49 39 ee cmp %rbp,%r14
9: 0f 87 59 fe ff ff ja 0xfffffffffffffe68
f: e9 fa fe ff ff jmpq 0xffffffffffffff0e
14: 48 rex.W
15: 89 .byte 0x89
[ 2.640188][ T0] RSP: 0000:ffffffffa6607d50 EFLAGS: 00010206
[ 2.641176][ T0] RAX: 0000000000000000 RBX: ffffffffa5979dc5 RCX: 0000000000000000
[ 2.642182][ T0] RDX: 000000000000000f RSI: ffffffffa5644060 RDI: ffffffffa5979dc5
[ 2.643176][ T0] RBP: ffffffffa80eac58 R08: 0000000000000001 R09: ffffffffa5979dc5
[ 2.643187][ T0] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa5979dc0
[ 2.644187][ T0] R13: dffffc0000000000 R14: ffffffffa80fec68 R15: 1ffffffff4cc0fad
[ 2.645187][ T0] FS: 0000000000000000(0000) GS:ffff88839d400000(0000) knlGS:0000000000000000
[ 2.646193][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.647185][ T0] CR2: ffff88843ffff000 CR3: 0000000098a2a000 CR4: 00000000000406f0
[ 2.648187][ T0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2.649186][ T0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2.650186][ T0] Call Trace:
[ 2.651186][ T0] <TASK>
[ 2.652186][ T0] ? synchronize_rcu (arch/x86/include/asm/preempt.h:80 (discriminator 11) kernel/rcu/tree.c:3686 (discriminator 11) kernel/rcu/tree.c:3749 (discriminator 11))
[ 2.653186][ T0] ? apply_retpolines (arch/x86/kernel/alternative.c:537)
[ 2.654186][ T0] ? lock_downgrade (kernel/locking/lockdep.c:5281)
[ 2.655198][ T0] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4489)
[ 2.656185][ T0] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:50 (discriminator 22))
[ 2.657186][ T0] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/irqflags.h:45 arch/x86/include/asm/irqflags.h:80 arch/x86/include/asm/irqflags.h:140 include/linux/spinlock_api_smp.h:160 kernel/locking/spinlock.c:194)
[ 2.658192][ T0] alternative_instructions (arch/x86/kernel/alternative.c:896)
[ 2.659188][ T0] ? int3_exception_notify (arch/x86/kernel/alternative.c:841)
[ 2.660186][ T0] ? check_bugs (arch/x86/kernel/cpu/bugs.c:149)
[ 2.661201][ T0] ? lock_release (kernel/locking/lockdep.c:436 kernel/locking/lockdep.c:5649)
[ 2.662193][ T0] check_bugs (arch/x86/kernel/cpu/bugs.c:159)
[ 2.663194][ T0] start_kernel (init/main.c:1138)
[ 2.664193][ T0] secondary_startup_64_no_verify (arch/x86/kernel/head_64.S:283)
[ 2.665211][ T0] </TASK>
[ 2.666185][ T0] irq event stamp: 86319
[ 2.667183][ T0] hardirqs last enabled at (86329): __up_console_sem (arch/x86/include/asm/irqflags.h:45 (discriminator 1) arch/x86/include/asm/irqflags.h:80 (discriminator 1) arch/x86/include/asm/irqflags.h:140 (discriminator 1) kernel/printk/printk.c:257 (discriminator 1))
[ 2.669182][ T0] hardirqs last disabled at (86340): __up_console_sem (kernel/printk/printk.c:255 (discriminator 1))
[ 2.670186][ T0] softirqs last enabled at (2614): cgroup_idr_alloc+0x5b/0x1c0
[ 2.671190][ T0] softirqs last disabled at (2612): cgroup_idr_alloc+0x2e/0x1c0
[ 2.672205][ T0] ---[ end trace 1cdfcc5109588503 ]---
[ 2.689717][ T0] Freeing SMP alternatives memory: 44K
[ 2.692175][ T1] smpboot: CPU0: Intel Xeon E312xx (Sandy Bridge) (family: 0x6, model: 0x2a, stepping: 0x1)
[ 2.695225][ T1] Running RCU-tasks wait API self tests
[ 2.696381][ T1] Performance Events: unsupported p6 CPU model 42 no PMU driver, software events only.
[ 2.697805][ T1] rcu: Hierarchical SRCU implementation.
[ 2.703363][ T12] Callback from call_rcu_tasks_trace() invoked.
[ 2.705274][ T1] NMI watchdog: Perf NMI watchdog permanently disabled
[ 2.707401][ T1] smp: Bringing up secondary CPUs ...
[ 2.710475][ T1] x86: Booting SMP configuration:
[ 2.711196][ T1] .... node #0, CPUs: #1
[ 0.146171][ T0] kvm-clock: cpu 1, msr 9a596041, secondary cpu clock
[ 0.146171][ T0] masked ExtINT on CPU#1
[ 2.716639][ T18] kvm-guest: stealtime: cpu 1, msr 39d527500
[ 2.718574][ T1] smp: Brought up 1 node, 2 CPUs
[ 2.719229][ T1] smpboot: Max logical packages: 1
[ 2.720205][ T1] smpboot: Total of 2 processors activated (9577.49 BogoMIPS)
[ 2.809386][ T11] Callback from call_rcu_tasks_rude() invoked.
[ 2.929586][ T23] node 0 deferred pages initialised in 204ms
[ 3.061559][ T1] allocated 201326592 bytes of page_ext
[ 3.062457][ T1] Node 0, zone DMA: page owner found early allocated 0 pages
[ 3.066884][ T1] Node 0, zone DMA32: page owner found early allocated 11 pages
[ 3.090102][ T1] Node 0, zone Normal: page owner found early allocated 50477 pages
[ 3.092230][ T1] devtmpfs: initialized
[ 3.093607][ T1] x86/mm: Memory block size: 128MB
[ 3.134743][ T1] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275000 ns
[ 3.135273][ T1] futex hash table entries: 512 (order: 4, 65536 bytes, linear)
[ 3.137250][ T1] pinctrl core: initialized pinctrl subsystem
[ 3.141704][ T1] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[ 3.144725][ T1] audit: initializing netlink subsys (disabled)
[ 3.146250][ T28] audit: type=2000 audit(1658670597.139:1): state=initialized audit_enabled=0 res=1
[ 3.146176][ T1] thermal_sys: Registered thermal governor 'fair_share'
[ 3.147194][ T1] thermal_sys: Registered thermal governor 'bang_bang'
[ 3.148196][ T1] thermal_sys: Registered thermal governor 'step_wise'
[ 3.149195][ T1] thermal_sys: Registered thermal governor 'user_space'
[ 3.150510][ T1] cpuidle: using governor menu
[ 3.154706][ T1] ACPI: bus type PCI registered
[ 3.155191][ T1] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[ 3.158915][ T1] PCI: Using configuration type 1 for base access
[ 3.225473][ T1] Kprobes globally optimized
[ 3.231495][ T1] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[ 3.246176][ T1] cryptd: max_cpu_qlen set to 1000
[ 3.253893][ T1] ACPI: Added _OSI(Module Device)
[ 3.254192][ T1] ACPI: Added _OSI(Processor Device)
[ 3.255151][ T1] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 3.255191][ T1] ACPI: Added _OSI(Processor Aggregator Device)
[ 3.256225][ T1] ACPI: Added _OSI(Linux-Dell-Video)
[ 3.257206][ T1] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[ 3.258201][ T1] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[ 3.310987][ T1] ACPI: 1 ACPI AML tables successfully acquired and loaded
[ 3.327595][ T1] ACPI: Interpreter enabled
[ 3.328514][ T1] ACPI: PM: (supports S0 S3 S4 S5)
[ 3.329229][ T1] ACPI: Using IOAPIC for interrupt routing
[ 3.330455][ T1] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[ 3.334014][ T1] ACPI: Enabled 2 GPEs in block 00 to 0F
[ 3.424768][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[ 3.425257][ T1] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI HPX-Type3]
[ 3.426591][ T1] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge.
[ 3.437107][ T1] acpiphp: Slot [3] registered
[ 3.437497][ T1] acpiphp: Slot [4] registered
[ 3.439267][ T1] acpiphp: Slot [5] registered
[ 3.440236][ T1] acpiphp: Slot [6] registered
[ 3.441372][ T1] acpiphp: Slot [7] registered
[ 3.442556][ T1] acpiphp: Slot [8] registered
[ 3.443612][ T1] acpiphp: Slot [9] registered
[ 3.444591][ T1] acpiphp: Slot [10] registered
[ 3.445500][ T1] acpiphp: Slot [11] registered
[ 3.446453][ T1] acpiphp: Slot [12] registered
[ 3.447504][ T1] acpiphp: Slot [13] registered
[ 3.448503][ T1] acpiphp: Slot [14] registered
[ 3.449456][ T1] acpiphp: Slot [15] registered
[ 3.450339][ T1] acpiphp: Slot [16] registered
[ 3.451208][ T1] acpiphp: Slot [17] registered
[ 3.452492][ T1] acpiphp: Slot [18] registered
[ 3.453447][ T1] acpiphp: Slot [19] registered
[ 3.454591][ T1] acpiphp: Slot [20] registered
[ 3.455553][ T1] acpiphp: Slot [21] registered
[ 3.456551][ T1] acpiphp: Slot [22] registered
[ 3.457496][ T1] acpiphp: Slot [23] registered
[ 3.458483][ T1] acpiphp: Slot [24] registered
[ 3.459602][ T1] acpiphp: Slot [25] registered
[ 3.460580][ T1] acpiphp: Slot [26] registered
[ 3.461500][ T1] acpiphp: Slot [27] registered
[ 3.462541][ T1] acpiphp: Slot [28] registered
To reproduce:
# build kernel
cd linux
cp config-5.15.56-00032-gc1c80aabc7b9 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.15.56-00032-gc1c80aabc7b9" of type "text/plain" (163788 bytes)
View attachment "job-script" of type "text/plain" (4856 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (15116 bytes)
Powered by blists - more mailing lists