| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202210081508.e66dd4e0-yujie.liu@intel.com>
Date: Sat, 8 Oct 2022 16:10:56 +0800
From: kernel test robot <yujie.liu@...el.com>
To: "Jason A. Donenfeld" <Jason@...c4.com>
CC: <lkp@...ts.01.org>, <lkp@...el.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Theodore Ts'o <tytso@....edu>,
"Dominik Brodowski" <linux@...inikbrodowski.net>,
Eric Biggers <ebiggers@...gle.com>,
<linux-kernel@...r.kernel.org>,
<aliyunlinux2-dev@...ux.alibaba.com>, <jane.lv@...el.com>
Subject: [random] 1f9cc6d2c6: BUG:soft_lockup-CPU##stuck_for#s![trinity-c1:#]
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 1f9cc6d2c6076297d7b0daf87870a5c86385418f ("random: absorb fast pool into input pool after fast load")
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y
in testcase: trinity
version: trinity-i386-4d2343bd-1_20200320
with following parameters:
runtime: 300s
group: group-04
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
[ 162.171609] watchdog: BUG: soft lockup - CPU#1 stuck for 23s! [trinity-c1:3658]
[ 162.172501] Modules linked in: aesni_intel aes_i586 evdev button
[ 162.173166] irq event stamp: 6681002
[ 162.173603] hardirqs last enabled at (6681001): trace_hardirqs_on_thunk (??:?)
[ 162.174671] hardirqs last disabled at (6681002): trace_hardirqs_off_thunk (??:?)
[ 162.175746] softirqs last enabled at (6670980): __do_softirq (??:?)
[ 162.176711] softirqs last disabled at (6670967): call_on_stack (irq_32.c:?)
[ 162.177619] CPU: 1 PID: 3658 Comm: trinity-c1 Not tainted 4.19.248-00087-g1f9cc6d2c607 #1
[ 162.178493] EIP: chacha20_block (??:?)
[ 162.178997] Code: 8b 15 2c d9 d2 c3 83 c0 0b 89 85 50 ff ff ff 83 d2 00 89 8d 7c ff ff ff 8b 8d 70 ff ff ff 89 95 54 ff ff ff 8d b6 00 00 00 00 <8b> b5 7c ff ff ff 8b 85 4c ff ff ff 03 45 80 8b 95 78 ff ff ff 89
All code
========
0: 8b 15 2c d9 d2 c3 mov -0x3c2d26d4(%rip),%edx # 0xffffffffc3d2d932
6: 83 c0 0b add $0xb,%eax
9: 89 85 50 ff ff ff mov %eax,-0xb0(%rbp)
f: 83 d2 00 adc $0x0,%edx
12: 89 8d 7c ff ff ff mov %ecx,-0x84(%rbp)
18: 8b 8d 70 ff ff ff mov -0x90(%rbp),%ecx
1e: 89 95 54 ff ff ff mov %edx,-0xac(%rbp)
24: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
2a:* 8b b5 7c ff ff ff mov -0x84(%rbp),%esi <-- trapping instruction
30: 8b 85 4c ff ff ff mov -0xb4(%rbp),%eax
36: 03 45 80 add -0x80(%rbp),%eax
39: 8b 95 78 ff ff ff mov -0x88(%rbp),%edx
3f: 89 .byte 0x89
Code starting with the faulting instruction
===========================================
0: 8b b5 7c ff ff ff mov -0x84(%rbp),%esi
6: 8b 85 4c ff ff ff mov -0xb4(%rbp),%eax
c: 03 45 80 add -0x80(%rbp),%eax
f: 8b 95 78 ff ff ff mov -0x88(%rbp),%edx
15: 89 .byte 0x89
[ 162.181073] EAX: 6427fd2b EBX: 1e5e39aa ECX: e5af2b96 EDX: 00000000
[ 162.181842] ESI: 4be2a3de EDI: 72a99bc6 EBP: ec861ea8 ESP: ec861dec
[ 162.182594] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00000206
[ 162.183438] CR0: 80050033 CR2: 00000001 CR3: 2c862000 CR4: 000406f0
[ 162.184229] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 162.184994] DR6: fffe0ff0 DR7: 00000400
[ 162.185481] Call Trace:
[ 162.185811] get_random_bytes_user (random.c:?)
[ 162.186367] urandom_read_nowarn+0x2a/0x2c0
[ 162.187023] ? do_int80_syscall_32 (??:?)
[ 162.187598] sys_getrandom (??:?)
[ 162.188059] do_int80_syscall_32 (??:?)
[ 162.188613] entry_INT80_32 (entry_32.o:?)
[ 162.189063] EIP: 0xb7fbca02
[ 162.189428] Code: 95 01 00 05 25 36 02 00 83 ec 14 8d 80 e8 99 ff ff 50 6a 02 e8 1f ff 00 00 c7 04 24 7f 00 00 00 e8 7e 87 01 00 66 90 90 cd 80 <c3> 8d b6 00 00 00 00 8d bc 27 00 00 00 00 8b 1c 24 c3 8d b6 00 00
All code
========
0: 95 xchg %eax,%ebp
1: 01 00 add %eax,(%rax)
3: 05 25 36 02 00 add $0x23625,%eax
8: 83 ec 14 sub $0x14,%esp
b: 8d 80 e8 99 ff ff lea -0x6618(%rax),%eax
11: 50 push %rax
12: 6a 02 pushq $0x2
14: e8 1f ff 00 00 callq 0xff38
19: c7 04 24 7f 00 00 00 movl $0x7f,(%rsp)
20: e8 7e 87 01 00 callq 0x187a3
25: 66 90 xchg %ax,%ax
27: 90 nop
28: cd 80 int $0x80
2a:* c3 retq <-- trapping instruction
2b: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
31: 8d bc 27 00 00 00 00 lea 0x0(%rdi,%riz,1),%edi
38: 8b 1c 24 mov (%rsp),%ebx
3b: c3 retq
3c: 8d .byte 0x8d
3d: b6 00 mov $0x0,%dh
...
Code starting with the faulting instruction
===========================================
0: c3 retq
1: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
7: 8d bc 27 00 00 00 00 lea 0x0(%rdi,%riz,1),%edi
e: 8b 1c 24 mov (%rsp),%ebx
11: c3 retq
12: 8d .byte 0x8d
13: b6 00 mov $0x0,%dh
...
[ 162.191402] EAX: ffffffda EBX: b7039000 ECX: 0007b000 EDX: 00000000
[ 162.192085] ESI: 000000c7 EDI: fffffff6 EBP: 2a2a2a2a ESP: bf87d688
[ 162.192818] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000292
[ 162.193613] Kernel panic - not syncing: softlockup: hung tasks
[ 162.194257] CPU: 1 PID: 3658 Comm: trinity-c1 Tainted: G L 4.19.248-00087-g1f9cc6d2c607 #1
[ 162.195377] Call Trace:
[ 162.195624] dump_stack (??:?)
[ 162.196007] panic (??:?)
[ 162.196377] watchdog_timer_fn.cold (watchdog.c:?)
[ 162.196878] __run_hrtimer (hrtimer.c:?)
[ 162.197329] ? softlockup_fn (watchdog.c:?)
[ 162.197714] __hrtimer_run_queues (hrtimer.c:?)
[ 162.198113] hrtimer_run_queues (??:?)
[ 162.198567] run_local_timers (??:?)
[ 162.198960] update_process_times (??:?)
[ 162.199471] tick_sched_handle (tick-sched.c:?)
[ 162.199928] tick_nohz_handler (tick-sched.c:?)
[ 162.200311] smp_apic_timer_interrupt (??:?)
[ 162.200889] apic_timer_interrupt (??:?)
[ 162.201396] EIP: chacha20_block (??:?)
[ 162.201874] Code: 8b 15 2c d9 d2 c3 83 c0 0b 89 85 50 ff ff ff 83 d2 00 89 8d 7c ff ff ff 8b 8d 70 ff ff ff 89 95 54 ff ff ff 8d b6 00 00 00 00 <8b> b5 7c ff ff ff 8b 85 4c ff ff ff 03 45 80 8b 95 78 ff ff ff 89
All code
========
0: 8b 15 2c d9 d2 c3 mov -0x3c2d26d4(%rip),%edx # 0xffffffffc3d2d932
6: 83 c0 0b add $0xb,%eax
9: 89 85 50 ff ff ff mov %eax,-0xb0(%rbp)
f: 83 d2 00 adc $0x0,%edx
12: 89 8d 7c ff ff ff mov %ecx,-0x84(%rbp)
18: 8b 8d 70 ff ff ff mov -0x90(%rbp),%ecx
1e: 89 95 54 ff ff ff mov %edx,-0xac(%rbp)
24: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
2a:* 8b b5 7c ff ff ff mov -0x84(%rbp),%esi <-- trapping instruction
30: 8b 85 4c ff ff ff mov -0xb4(%rbp),%eax
36: 03 45 80 add -0x80(%rbp),%eax
39: 8b 95 78 ff ff ff mov -0x88(%rbp),%edx
3f: 89 .byte 0x89
Code starting with the faulting instruction
===========================================
0: 8b b5 7c ff ff ff mov -0x84(%rbp),%esi
6: 8b 85 4c ff ff ff mov -0xb4(%rbp),%eax
c: 03 45 80 add -0x80(%rbp),%eax
f: 8b 95 78 ff ff ff mov -0x88(%rbp),%edx
15: 89 .byte 0x89
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/r/202210081508.e66dd4e0-yujie.liu@intel.com
To reproduce:
# build kernel
cd linux
cp config-4.19.248-00087-g1f9cc6d2c607 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-4.19.248-00087-g1f9cc6d2c607" of type "text/plain" (115393 bytes)
View attachment "job-script" of type "text/plain" (4481 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (32808 bytes)
Powered by blists - more mailing lists