lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <252c19a1-ab66-2668-f005-86c85061351b@suse.cz>
Date:   Thu, 13 Oct 2022 10:51:22 +0200
From:   Vlastimil Babka <vbabka@...e.cz>
To:     Zhaoyang Huang <huangzhaoyang@...il.com>,
        kernel test robot <oliver.sang@...el.com>
Cc:     "zhaoyang.huang" <zhaoyang.huang@...soc.com>, lkp@...ts.01.org,
        lkp@...el.com, linux-mm@...ck.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        Matthew Wilcox <willy@...radead.org>,
        linux-block@...r.kernel.org, linux-kernel@...r.kernel.org,
        ke.wang@...soc.com, steve.kang@...soc.com
Subject: Re: [mm] db8d280d38: PANIC:early_exception

On 10/13/22 10:38, Zhaoyang Huang wrote:
> @Vlastimil Could you please have an eye on this series of robot
> reports which are caused by stack_depot_init related issues. The
> problem arises from a very early access of stack_depot_save/init by
> kmemleak within setup_arch which happens even before
> stack_depot_early_init and zone related data ready. I would like to
> suggest adding a criteria at the entrance check of stack_depot_save
> which help the stackdepot API more aggregation and the caller free to
> call

>From the report it seems to me the problem is in your set_track_prepare():

+	if (!kmemleak_initialized)
+		stack_depot_init();

stack_depot_init() should be called only once and from well defined places,
this looks like neither condition is met.

> [    0.062350][    T0]  ? stack_depot_init.cold+0x5/0xbd
> [    0.063072][    T0]  ? set_track_prepare+0x6e/0x80
> [    0.063957][    T0]  ?
> __raw_callee_save___native_queued_spin_unlock+0x11/0x22
> [    0.064952][    T0]  ? write_comp_data+0x2a/0x80
> [    0.065623][    T0]  ? strncpy+0x2f/0x60
> [    0.066205][    T0]  ? __create_object+0x10c/0x3c0
> [    0.066904][    T0]  ? kmemleak_alloc_phys+0x6f/0x80
> [    0.067561][    T0]  ? memblock_alloc_range_nid+0x274/0x28f
> [    0.068396][    T0]  ? memblock_phys_alloc_range+0xa4/0xb3
> [    0.069200][    T0]  ? reserve_real_mode+0x87/0xd7
> [    0.069895][    T0]  ? setup_arch+0x6a9/0x995
> [    0.070526][    T0]  ? start_kernel+0x7c/0x854
> [    0.071195][    T0]  ? load_ucode_bsp+0x1bb/0x1c6
> [    0.071875][    T0]  ? secondary_startup_64_no_verify+0xe0/0xeb
> [    0.072682][    T0]  </TASK>
> 
> On Thu, Oct 13, 2022 at 1:58 PM kernel test robot <oliver.sang@...el.com> wrote:
>>
>>
>> Hi zhaoyang.huang,
>>
>> seems this is the fix based on our report
>>     "[mm]  0e949320db: BUG:kernel_NULL_pointer_dereference,address"
>> at
>>     https://lore.kernel.org/all/202210121406.d4ebc9bc-oliver.sang@intel.com/
>> but now it seems have new issue. report FYI
>>
>>
>> Greeting,
>>
>> FYI, we noticed the following commit (built with gcc-11):
>>
>> commit: db8d280d38efb061ad1a57ce060cbb917a4cf503 ("[RFC PATCHv2] mm: use stack_depot for recording kmemleak's backtrace")
>> url: https://github.com/intel-lab-lkp/linux/commits/zhaoyang-huang/mm-use-stack_depot-for-recording-kmemleak-s-backtrace/20221012-160458
>> base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
>> patch link: https://lore.kernel.org/linux-mm/1665561689-29498-1-git-send-email-zhaoyang.huang@unisoc.com
>> patch subject: [RFC PATCHv2] mm: use stack_depot for recording kmemleak's backtrace
>>
>> in testcase: boot
>>
>> on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>>
>> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
>>
>>
>> +-------------------------------+------------+------------+
>> |                               | 95f1b43741 | db8d280d38 |
>> +-------------------------------+------------+------------+
>> | boot_successes                | 20         | 0          |
>> | boot_failures                 | 0          | 18         |
>> | PANIC:early_exception         | 0          | 18         |
>> | RIP:nr_free_zone_pages        | 0          | 18         |
>> | BUG:kernel_hang_in_boot_stage | 0          | 18         |
>> +-------------------------------+------------+------------+
>>
>>
>> If you fix the issue, kindly add following tag
>> | Reported-by: kernel test robot <oliver.sang@...el.com>
>> | Link: https://lore.kernel.org/r/202210131309.fe5427b-oliver.sang@intel.com
>>
>>
>> [    0.029254][    T0] Scan for SMP in [mem 0x00000000-0x000003ff]
>> [    0.030178][    T0] Scan for SMP in [mem 0x0009fc00-0x0009ffff]
>> [    0.031080][    T0] Scan for SMP in [mem 0x000f0000-0x000fffff]
>> [    0.043370][    T0] found SMP MP-table at [mem 0x000f5ba0-0x000f5baf]
>> [    0.044301][    T0]   mpc: f5bb0-f5c80
>> PANIC: early exception 0x0e IP 10:ffffffff8149c282 error 0 cr2 0x1e08
>> [    0.045770][    T0] CPU: 0 PID: 0 Comm: swapper Not tainted 6.0.0-rc3-00711-gdb8d280d38ef #5
>> [    0.046970][    T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
>> [ 0.048356][ T0] RIP: 0010:nr_free_zone_pages (kbuild/src/x86_64-2/include/linux/mmzone.h:1478 kbuild/src/x86_64-2/include/linux/mmzone.h:1504 kbuild/src/x86_64-2/mm/page_alloc.c:5886)
>> [ 0.049158][ T0] Code: e9 a3 5c 0b 00 0f 1f 00 e8 9b cd be ff 65 8b 05 14 b8 b8 7e 48 98 41 54 48 8b 04 c5 e0 e4 bc 83 53 89 fb 4c 8d 80 00 1e 00 00 <3b> b8 08 1e 00 00 72 5b 49 8b 10 45 31 e4 48 85 d2 75 05 eb 35 49
>> All code
>> ========
>>    0:   e9 a3 5c 0b 00          jmpq   0xb5ca8
>>    5:   0f 1f 00                nopl   (%rax)
>>    8:   e8 9b cd be ff          callq  0xffffffffffbecda8
>>    d:   65 8b 05 14 b8 b8 7e    mov    %gs:0x7eb8b814(%rip),%eax        # 0x7eb8b828
>>   14:   48 98                   cltq
>>   16:   41 54                   push   %r12
>>   18:   48 8b 04 c5 e0 e4 bc    mov    -0x7c431b20(,%rax,8),%rax
>>   1f:   83
>>   20:   53                      push   %rbx
>>   21:   89 fb                   mov    %edi,%ebx
>>   23:   4c 8d 80 00 1e 00 00    lea    0x1e00(%rax),%r8
>>   2a:*  3b b8 08 1e 00 00       cmp    0x1e08(%rax),%edi                <-- trapping instruction
>>   30:   72 5b                   jb     0x8d
>>   32:   49 8b 10                mov    (%r8),%rdx
>>   35:   45 31 e4                xor    %r12d,%r12d
>>   38:   48 85 d2                test   %rdx,%rdx
>>   3b:   75 05                   jne    0x42
>>   3d:   eb 35                   jmp    0x74
>>   3f:   49                      rex.WB
>>
>> Code starting with the faulting instruction
>> ===========================================
>>    0:   3b b8 08 1e 00 00       cmp    0x1e08(%rax),%edi
>>    6:   72 5b                   jb     0x63
>>    8:   49 8b 10                mov    (%r8),%rdx
>>    b:   45 31 e4                xor    %r12d,%r12d
>>    e:   48 85 d2                test   %rdx,%rdx
>>   11:   75 05                   jne    0x18
>>   13:   eb 35                   jmp    0x4a
>>   15:   49                      rex.WB
>> [    0.051803][    T0] RSP: 0000:ffffffff83603d18 EFLAGS: 00010046 ORIG_RAX: 0000000000000000
>> [    0.052881][    T0] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0001ffff84b317e0
>> [    0.053932][    T0] RDX: 0000000000000485 RSI: 0001ffffffffffff RDI: 0000000000000002
>> [    0.055007][    T0] RBP: ffffffff84b077d0 R08: 0000000000001e00 R09: 0000000000000000
>> [    0.056054][    T0] R10: ffffffff81b16d30 R11: 0001ffff84b317e8 R12: 0000000000000001
>> [    0.057088][    T0] R13: ffffffff84b077d8 R14: 0000000000098000 R15: 0000000000007000
>> [    0.058160][    T0] FS:  0000000000000000(0000) GS:ffffffff842c9000(0000) knlGS:0000000000000000
>> [    0.059440][    T0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [    0.060381][    T0] CR2: 0000000000001e08 CR3: 00000000043b6000 CR4: 00000000000406a0
>> [    0.061516][    T0] Call Trace:
>> [    0.061969][    T0]  <TASK>
>> [ 0.062350][ T0] ? stack_depot_init.cold (kbuild/src/x86_64-2/lib/stackdepot.c:258)
>> [ 0.063072][ T0] ? set_track_prepare (kbuild/src/x86_64-2/mm/slub.c:752)
>> [ 0.063957][ T0] ? __raw_callee_save___native_queued_spin_unlock (??:?)
>> [ 0.064952][ T0] ? write_comp_data (kbuild/src/x86_64-2/kernel/kcov.c:236)
>>
>>
>> To reproduce:
>>
>>         # build kernel
>>         cd linux
>>         cp config-6.0.0-rc3-00711-gdb8d280d38ef .config
>>         make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
>>         make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
>>         cd <mod-install-dir>
>>         find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
>>
>>
>>         git clone https://github.com/intel/lkp-tests.git
>>         cd lkp-tests
>>         bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
>>
>>         # if come across any failure that blocks the test,
>>         # please remove ~/.lkp and /lkp dir to run from a clean state.
>>
>>
>>
>> --
>> 0-DAY CI Kernel Test Service
>> https://01.org/lkp
>>
>>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ