| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202211092324.f48c2e93-oliver.sang@intel.com>
Date: Thu, 10 Nov 2022 08:03:55 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Stephen Brennan <stephen.s.brennan@...cle.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
<linux-fsdevel@...r.kernel.org>, Jan Kara <jack@...e.cz>,
<linux-kernel@...r.kernel.org>,
Amir Goldstein <amir73il@...il.com>,
Al Viro <viro@...iv.linux.org.uk>,
Stephen Brennan <stephen.s.brennan@...cle.com>
Subject: Re: [PATCH v3 2/3] fsnotify: Protect i_fsnotify_mask and child flags
with inode rwsem
Greeting,
FYI, we noticed BUG:sleeping_function_called_from_invalid_context_at_kernel/locking/rwsem.c due to commit (built with gcc-11):
commit: 74b597a37f4b510772a2bab12572dd927bbd170a ("[PATCH v3 2/3] fsnotify: Protect i_fsnotify_mask and child flags with inode rwsem")
url: https://github.com/intel-lab-lkp/linux/commits/Stephen-Brennan/fsnotify-Use-d_find_any_alias-to-get-dentry-associated-with-inode/20221028-091105
base: https://git.kernel.org/cgit/linux/kernel/git/jack/linux-fs.git fsnotify
patch subject: [PATCH v3 2/3] fsnotify: Protect i_fsnotify_mask and child flags with inode rwsem
in testcase: trinity
version: trinity-x86_64-e63e4843-1_20220913
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202211092324.f48c2e93-oliver.sang@intel.com
[ 283.143463][ T4865] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1551
[ 283.148457][ T4865] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4865, name: trinity-c7
[ 283.153170][ T4865] preempt_count: 1, expected: 0
[ 283.157458][ T4865] CPU: 1 PID: 4865 Comm: trinity-c7 Not tainted 6.0.0-rc4-00066-g74b597a37f4b #1
[ 283.162972][ T4865] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 283.167954][ T4865] Call Trace:
[ 283.172139][ T4865] <TASK>
[ 283.175500][ T4865] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))
[ 283.178943][ T4865] __might_resched.cold (kernel/sched/core.c:9893)
[ 283.182892][ T4865] down_write (kernel/locking/rwsem.c:1551)
[ 283.186762][ T4865] ? down_write_killable (kernel/locking/rwsem.c:1550)
[ 283.189986][ T4865] ? do_lock_file_wait (fs/locks.c:2553)
[ 283.193205][ T4865] ? remove_vma (mm/mmap.c:149)
[ 283.196860][ T4865] ? kmem_cache_free (mm/slub.c:1780 mm/slub.c:3534 mm/slub.c:3551)
[ 283.200531][ T4865] ? shm_close (ipc/shm.c:381)
[ 283.204199][ T4865] fsnotify_update_children_dentry_flags (include/linux/spinlock.h:349 fs/notify/fsnotify.c:150)
[ 283.207950][ T4865] ? __fsnotify_recalc_mask (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/asm-generic/qspinlock.h:57 fs/notify/mark.c:177)
[ 283.211611][ T4865] fsnotify_recalc_mask (fs/notify/mark.c:214)
[ 283.215233][ T4865] ? fsnotify_conn_mask (fs/notify/mark.c:201)
[ 283.218760][ T4865] ? dnotify_flush (fs/notify/dnotify/dnotify.c:179)
[ 283.222189][ T4865] ? kmem_cache_free (mm/slub.c:1780 mm/slub.c:3534 mm/slub.c:3551)
[ 283.225528][ T4865] ? dnotify_recalc_inode_mask (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/asm-generic/qspinlock.h:57 fs/notify/dnotify/dnotify.c:72)
[ 283.228807][ T4865] dnotify_flush (fs/notify/dnotify/dnotify.c:180)
[ 283.231957][ T4865] filp_close (fs/open.c:1425)
[ 283.234989][ T4865] put_files_struct (fs/file.c:433 fs/file.c:447 fs/file.c:444)
[ 283.238153][ T4865] do_exit (kernel/exit.c:791)
[ 283.241154][ T4865] do_group_exit (kernel/exit.c:906)
[ 283.244104][ T4865] __x64_sys_exit_group (kernel/exit.c:934)
[ 283.247136][ T4865] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 283.252034][ T4865] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 283.256890][ T4865] RIP: 0033:0x7fcb25ee8699
[ 283.261328][ T4865] Code: Unable to access opcode bytes at RIP 0x7fcb25ee866f.
Code starting with the faulting instruction
===========================================
[ 283.265148][ T4865] RSP: 002b:00007fffc51051e8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[ 283.268268][ T4865] RAX: ffffffffffffffda RBX: 00007fcb24882000 RCX: 00007fcb25ee8699
[ 283.271388][ T4865] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
[ 283.274101][ T4865] RBP: 00007fcb24882000 R08: ffffffffffffff80 R09: 00007fcb25fdb240
[ 283.276067][ T4865] R10: 00007fcb26008440 R11: 0000000000000206 R12: 0000000000000117
[ 283.277999][ T4865] R13: 00000000000001b8 R14: 00007fcb24882058 R15: 00007fcb24882000
[ 283.281274][ T4865] </TASK>
[ 283.308653][ T275] [main] kernel became tainted! (512/0) Last seed was 1931948248
[ 283.308671][ T275]
[ 283.318578][ T275] trinity: Detected kernel tainting. Last seed was 1931948248
[ 283.318598][ T275]
[ 283.326725][ T275] [main] exit_reason=7, but 7 children still running.
[ 283.326741][ T275]
[ 285.606969][ T275] [main] Bailing main loop because kernel became tainted..
[ 285.606998][ T275]
[ 285.696149][ T452] ==================================================================
[ 285.697615][ T452] BUG: KASAN: null-ptr-deref in _raw_spin_lock (include/linux/instrumented.h:101 include/linux/atomic/atomic-instrumented.h:542 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[ 285.698950][ T452] Write of size 4 at addr 0000000000000058 by task trinity-main/452
[ 285.700228][ T452]
[ 285.701209][ T452] CPU: 0 PID: 452 Comm: trinity-main Tainted: G W 6.0.0-rc4-00066-g74b597a37f4b #1
[ 285.702599][ T452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 285.703988][ T452] Call Trace:
[ 285.705018][ T452] <TASK>
[ 285.706003][ T452] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))
[ 285.707087][ T452] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:497)
[ 285.708158][ T452] ? _raw_spin_lock (include/linux/instrumented.h:101 include/linux/atomic/atomic-instrumented.h:542 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[ 285.709231][ T452] kasan_check_range (mm/kasan/generic.c:190)
[ 285.710311][ T452] _raw_spin_lock (include/linux/instrumented.h:101 include/linux/atomic/atomic-instrumented.h:542 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[ 285.711389][ T452] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
[ 285.712490][ T452] ? d_find_any_alias (include/linux/list.h:876 fs/dcache.c:1002 fs/dcache.c:1021)
[ 285.713575][ T452] fsnotify_update_children_dentry_flags (fs/notify/fsnotify.c:128 fs/notify/fsnotify.c:154)
[ 285.714752][ T452] fsnotify_update_object (fs/notify/mark.c:333)
[ 285.716178][ T452] fsnotify_put_mark (fs/notify/mark.c:372 (discriminator 2))
[ 285.717262][ T452] ? _atomic_dec_and_lock_irqsave (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-arch-fallback.h:1242 include/linux/atomic/atomic-arch-fallback.h:1267 include/linux/atomic/atomic-instrumented.h:608 lib/dec_and_lock.c:41)
[ 285.718393][ T452] ? fsnotify_add_mark_list+0xc90/0xc90
[ 285.720761][ T452] ? put_ucounts (kernel/ucount.c:211)
[ 285.721857][ T452] ? inotify_remove_from_idr (fs/notify/inotify/inotify_user.c:511)
[ 285.722994][ T452] fsnotify_clear_marks_by_group (include/linux/fsnotify_backend.h:266 fs/notify/mark.c:855)
[ 285.724149][ T452] ? fsnotify_add_mark (fs/notify/mark.c:827)
[ 285.725254][ T452] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
[ 285.726355][ T452] ? do_wp_page (mm/memory.c:3301 mm/memory.c:3401)
[ 285.727446][ T452] fsnotify_destroy_group (fs/notify/group.c:68)
[ 285.728571][ T452] ? fsnotify_group_stop_queueing (fs/notify/group.c:51)
[ 285.729719][ T452] ? locks_remove_file (arch/x86/include/asm/paravirt.h:596 arch/x86/include/asm/qspinlock.h:57 include/linux/spinlock.h:202 include/linux/spinlock_api_smp.h:142 include/linux/spinlock.h:389 fs/locks.c:2654)
[ 285.730844][ T452] ? fcntl_setlk (fs/locks.c:2634)
[ 285.731942][ T452] inotify_release (fs/notify/inotify/inotify_user.c:312)
[ 285.733034][ T452] __fput (fs/file_table.c:320)
[ 285.734087][ T452] task_work_run (kernel/task_work.c:179 (discriminator 1))
[ 285.735629][ T452] exit_to_user_mode_loop (include/linux/resume_user_mode.h:49 kernel/entry/common.c:169)
[ 285.736785][ T452] exit_to_user_mode_prepare (kernel/entry/common.c:201)
[ 285.737897][ T452] syscall_exit_to_user_mode (arch/x86/include/asm/jump_label.h:27 include/linux/context_tracking_state.h:106 include/linux/context_tracking.h:41 kernel/entry/common.c:132 kernel/entry/common.c:296)
[ 285.739000][ T452] do_syscall_64 (arch/x86/entry/common.c:87)
[ 285.740040][ T452] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 285.741147][ T452] RIP: 0033:0x7fcb25f0c6c3
[ 285.742176][ T452] Code: e9 37 ff ff ff e8 4d e0 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
All code
========
0: e9 37 ff ff ff jmpq 0xffffffffffffff3c
5: e8 4d e0 01 00 callq 0x1e057
a: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
11: 00 00 00
14: 0f 1f 00 nopl (%rax)
17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax
1e: 00
1f: 85 c0 test %eax,%eax
21: 75 14 jne 0x37
23: b8 03 00 00 00 mov $0x3,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 45 ja 0x77
32: c3 retq
33: 0f 1f 40 00 nopl 0x0(%rax)
37: 48 83 ec 18 sub $0x18,%rsp
3b: 89 7c 24 0c mov %edi,0xc(%rsp)
3f: e8 .byte 0xe8
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 45 ja 0x4d
8: c3 retq
9: 0f 1f 40 00 nopl 0x0(%rax)
d: 48 83 ec 18 sub $0x18,%rsp
11: 89 7c 24 0c mov %edi,0xc(%rsp)
15: e8 .byte 0xe8
[ 285.744865][ T452] RSP: 002b:00007fffc5105bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 285.746155][ T452] RAX: 0000000000000000 RBX: 00000000000031c0 RCX: 00007fcb25f0c6c3
[ 285.747456][ T452] RDX: 000055b1cd7aaf80 RSI: 000055b1cfa68000 RDI: 0000000000000111
[ 285.748732][ T452] RBP: 000055b1cfa67fc0 R08: 0000000000000007 R09: 0000000000000039
[ 285.749982][ T452] R10: 00007fcb26008440 R11: 0000000000000246 R12: 000000000000000c
[ 285.751254][ T452] R13: 000055b1cfa68000 R14: 000055b1cfa68040 R15: 000000000000000c
[ 285.752618][ T452] </TASK>
[ 285.753630][ T452] ==================================================================
[ 285.754950][ T452] Disabling lock debugging due to kernel taint
[ 285.756126][ T452] BUG: kernel NULL pointer dereference, address: 0000000000000058
[ 285.757361][ T452] #PF: supervisor write access in kernel mode
[ 285.758500][ T452] #PF: error_code(0x0002) - not-present page
[ 285.759641][ T452] PGD 80000001d16fa067 P4D 80000001d16fa067 PUD 0
[ 285.760811][ T452] Oops: 0002 [#1] SMP KASAN PTI
[ 285.761858][ T452] CPU: 0 PID: 452 Comm: trinity-main Tainted: G B W 6.0.0-rc4-00066-g74b597a37f4b #1
[ 285.763289][ T452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 285.764646][ T452] RIP: 0010:_raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[ 285.765766][ T452] Code: be 04 00 00 00 c7 44 24 20 00 00 00 00 e8 ae 63 3f fe be 04 00 00 00 48 8d 7c 24 20 e8 9f 63 3f fe ba 01 00 00 00 8b 44 24 20 <f0> 0f b1 55 00 75 29 48 b8 00 00 00 00 00 fc ff df 48 c7 04 03 00
All code
========
0: be 04 00 00 00 mov $0x4,%esi
5: c7 44 24 20 00 00 00 movl $0x0,0x20(%rsp)
c: 00
d: e8 ae 63 3f fe callq 0xfffffffffe3f63c0
12: be 04 00 00 00 mov $0x4,%esi
17: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi
1c: e8 9f 63 3f fe callq 0xfffffffffe3f63c0
21: ba 01 00 00 00 mov $0x1,%edx
26: 8b 44 24 20 mov 0x20(%rsp),%eax
2a:* f0 0f b1 55 00 lock cmpxchg %edx,0x0(%rbp) <-- trapping instruction
2f: 75 29 jne 0x5a
31: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
38: fc ff df
3b: 48 rex.W
3c: c7 .byte 0xc7
3d: 04 03 add $0x3,%al
...
Code starting with the faulting instruction
===========================================
0: f0 0f b1 55 00 lock cmpxchg %edx,0x0(%rbp)
5: 75 29 jne 0x30
7: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
e: fc ff df
11: 48 rex.W
12: c7 .byte 0xc7
13: 04 03 add $0x3,%al
...
[ 285.768539][ T452] RSP: 0018:ffffc90000fb7ad8 EFLAGS: 00010297
[ 285.769791][ T452] RAX: 0000000000000000 RBX: 1ffff920001f6f5b RCX: ffffffff834964d1
[ 285.771150][ T452] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000fb7af8
[ 285.772495][ T452] RBP: 0000000000000058 R08: 0000000000000001 R09: ffffc90000fb7afb
[ 285.773839][ T452] R10: fffff520001f6f5f R11: 0000000000000001 R12: ffff8881dd241d40
[ 285.775201][ T452] R13: 0000000000000000 R14: ffff8881cef5bde6 R15: ffff8881cef5bde0
[ 285.776555][ T452] FS: 00007fcb25fe3600(0000) GS:ffff88839d600000(0000) knlGS:0000000000000000
[ 285.777961][ T452] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 285.779265][ T452] CR2: 0000000000000058 CR3: 00000001d642e000 CR4: 00000000000406f0
[ 285.780646][ T452] DR0: 00007fcb24182000 DR1: 0000000000000000 DR2: 0000000000000000
[ 285.782004][ T452] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 285.783371][ T452] Call Trace:
[ 285.784516][ T452] <TASK>
[ 285.785622][ T452] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
[ 285.786879][ T452] ? d_find_any_alias (include/linux/list.h:876 fs/dcache.c:1002 fs/dcache.c:1021)
[ 285.788089][ T452] fsnotify_update_children_dentry_flags (fs/notify/fsnotify.c:128 fs/notify/fsnotify.c:154)
[ 285.789394][ T452] fsnotify_update_object (fs/notify/mark.c:333)
[ 285.790616][ T452] fsnotify_put_mark (fs/notify/mark.c:372 (discriminator 2))
[ 285.791835][ T452] ? _atomic_dec_and_lock_irqsave (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-arch-fallback.h:1242 include/linux/atomic/atomic-arch-fallback.h:1267 include/linux/atomic/atomic-instrumented.h:608 lib/dec_and_lock.c:41)
[ 285.793096][ T452] ? fsnotify_add_mark_list+0xc90/0xc90
[ 285.794401][ T452] ? put_ucounts (kernel/ucount.c:211)
[ 285.795619][ T452] ? inotify_remove_from_idr (fs/notify/inotify/inotify_user.c:511)
[ 285.796885][ T452] fsnotify_clear_marks_by_group (include/linux/fsnotify_backend.h:266 fs/notify/mark.c:855)
[ 285.798164][ T452] ? fsnotify_add_mark (fs/notify/mark.c:827)
[ 285.799439][ T452] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
[ 285.800686][ T452] ? do_wp_page (mm/memory.c:3301 mm/memory.c:3401)
[ 285.801899][ T452] fsnotify_destroy_group (fs/notify/group.c:68)
[ 285.803161][ T452] ? fsnotify_group_stop_queueing (fs/notify/group.c:51)
[ 285.804443][ T452] ? locks_remove_file (arch/x86/include/asm/paravirt.h:596 arch/x86/include/asm/qspinlock.h:57 include/linux/spinlock.h:202 include/linux/spinlock_api_smp.h:142 include/linux/spinlock.h:389 fs/locks.c:2654)
[ 285.805651][ T452] ? fcntl_setlk (fs/locks.c:2634)
[ 285.806797][ T452] inotify_release (fs/notify/inotify/inotify_user.c:312)
[ 285.807937][ T452] __fput (fs/file_table.c:320)
[ 285.809029][ T452] task_work_run (kernel/task_work.c:179 (discriminator 1))
[ 285.810138][ T452] exit_to_user_mode_loop (include/linux/resume_user_mode.h:49 kernel/entry/common.c:169)
[ 285.811303][ T452] exit_to_user_mode_prepare (kernel/entry/common.c:201)
[ 285.812468][ T452] syscall_exit_to_user_mode (arch/x86/include/asm/jump_label.h:27 include/linux/context_tracking_state.h:106 include/linux/context_tracking.h:41 kernel/entry/common.c:132 kernel/entry/common.c:296)
[ 285.813631][ T452] do_syscall_64 (arch/x86/entry/common.c:87)
[ 285.814731][ T452] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 285.815922][ T452] RIP: 0033:0x7fcb25f0c6c3
[ 285.817006][ T452] Code: e9 37 ff ff ff e8 4d e0 01 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
All code
========
0: e9 37 ff ff ff jmpq 0xffffffffffffff3c
5: e8 4d e0 01 00 callq 0x1e057
a: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
11: 00 00 00
14: 0f 1f 00 nopl (%rax)
17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax
1e: 00
1f: 85 c0 test %eax,%eax
21: 75 14 jne 0x37
23: b8 03 00 00 00 mov $0x3,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 45 ja 0x77
32: c3 retq
33: 0f 1f 40 00 nopl 0x0(%rax)
37: 48 83 ec 18 sub $0x18,%rsp
3b: 89 7c 24 0c mov %edi,0xc(%rsp)
3f: e8 .byte 0xe8
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 45 ja 0x4d
8: c3 retq
9: 0f 1f 40 00 nopl 0x0(%rax)
d: 48 83 ec 18 sub $0x18,%rsp
11: 89 7c 24 0c mov %edi,0xc(%rsp)
15: e8 .byte 0xe8
[ 285.819779][ T452] RSP: 002b:00007fffc5105bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[ 285.821140][ T452] RAX: 0000000000000000 RBX: 00000000000031c0 RCX: 00007fcb25f0c6c3
[ 285.822465][ T452] RDX: 000055b1cd7aaf80 RSI: 000055b1cfa68000 RDI: 0000000000000111
[ 285.823807][ T452] RBP: 000055b1cfa67fc0 R08: 0000000000000007 R09: 0000000000000039
[ 285.825104][ T452] R10: 00007fcb26008440 R11: 0000000000000246 R12: 000000000000000c
[ 285.826387][ T452] R13: 000055b1cfa68000 R14: 000055b1cfa68040 R15: 000000000000000c
[ 285.827658][ T452] </TASK>
[ 285.828661][ T452] Modules linked in: bridge 8021q garp stp mrp llc af_key mpls_router ip_tunnel vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vmw_vmci can_bcm can_raw can crypto_user ib_core nfnetlink scsi_transport_iscsi atm sctp ip6_udp_tunnel udp_tunnel libcrc32c sr_mod cdrom bochs sg drm_vram_helper drm_ttm_helper intel_rapl_msr ttm ppdev intel_rapl_common crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ata_generic rapl drm_kms_helper syscopyarea parport_pc ipmi_devintf ata_piix parport ipmi_msghandler joydev sysfillrect libata sysimgblt i2c_piix4 serio_raw fb_sys_fops drm fuse ip_tables
[ 285.836095][ T452] CR2: 0000000000000058
[ 285.837309][ T452] ---[ end trace 0000000000000000 ]---
[ 285.838565][ T452] RIP: 0010:_raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[ 285.839819][ T452] Code: be 04 00 00 00 c7 44 24 20 00 00 00 00 e8 ae 63 3f fe be 04 00 00 00 48 8d 7c 24 20 e8 9f 63 3f fe ba 01 00 00 00 8b 44 24 20 <f0> 0f b1 55 00 75 29 48 b8 00 00 00 00 00 fc ff df 48 c7 04 03 00
All code
========
0: be 04 00 00 00 mov $0x4,%esi
5: c7 44 24 20 00 00 00 movl $0x0,0x20(%rsp)
c: 00
d: e8 ae 63 3f fe callq 0xfffffffffe3f63c0
12: be 04 00 00 00 mov $0x4,%esi
17: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi
1c: e8 9f 63 3f fe callq 0xfffffffffe3f63c0
21: ba 01 00 00 00 mov $0x1,%edx
26: 8b 44 24 20 mov 0x20(%rsp),%eax
2a:* f0 0f b1 55 00 lock cmpxchg %edx,0x0(%rbp) <-- trapping instruction
2f: 75 29 jne 0x5a
31: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
38: fc ff df
3b: 48 rex.W
3c: c7 .byte 0xc7
3d: 04 03 add $0x3,%al
...
Code starting with the faulting instruction
===========================================
0: f0 0f b1 55 00 lock cmpxchg %edx,0x0(%rbp)
5: 75 29 jne 0x30
7: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
e: fc ff df
11: 48 rex.W
12: c7 .byte 0xc7
13: 04 03 add $0x3,%al
To reproduce:
# build kernel
cd linux
cp config-6.0.0-rc4-00066-g74b597a37f4b .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-6.0.0-rc4-00066-g74b597a37f4b" of type "text/plain" (168730 bytes)
View attachment "job-script" of type "text/plain" (4820 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (35104 bytes)
Powered by blists - more mailing lists