| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Mar 2023 13:48:00 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Anna-Maria Behnsen <anna-maria@...utronix.de>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
Ammar Faizi <ammarfaizi2@...weeb.org>,
GNU/Weeb Mailing List <gwml@...r.gnuweeb.org>,
"Paul E. McKenney" <paulmck@...nel.org>,
Richard Cochran <richardcochran@...il.com>,
Frederic Weisbecker <frederic@...nel.org>,
<linux-kernel@...r.kernel.org>
Subject: [ammarfaizi2-block:paulmck/linux-rcu/anna-maria.2023.03.01a] [timer]
2ecfcc0c3e: WARNING:at_kernel/time/timer.c:#add_timer_on
Greeting,
FYI, we noticed WARNING:at_kernel/time/timer.c:#add_timer_on due to commit (built with gcc-11):
commit: 2ecfcc0c3e51e8b111ce4ff105ca969d25c9574f ("timer: Keep the pinned timers separate from the others")
https://github.com/ammarfaizi2/linux-block paulmck/linux-rcu/anna-maria.2023.03.01a
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202303061307.26114a00-oliver.sang@intel.com
[ 8.576635][ T1] ------------[ cut here ]------------
[ 8.577440][ T1] TIMER_PINNED flag for add_timer_on() is missing: timer=(____ptrval____) function=entropy_timer
[ 8.577458][ T1] WARNING: CPU: 1 PID: 1 at kernel/time/timer.c:1279 add_timer_on (kernel/time/timer.c:1279 (discriminator 3))
[ 8.579777][ T1] Modules linked in: ip_tables
[ 8.580386][ T1] CPU: 1 PID: 1 Comm: systemd Not tainted 6.2.0-rc1-00251-g2ecfcc0c3e51 #1
[ 8.581442][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[ 8.582662][ T1] RIP: 0010:add_timer_on (kernel/time/timer.c:1279 (discriminator 3))
[ 8.583323][ T1] Code: 0b eb c4 80 3d 9b f6 d7 01 00 0f 85 e2 fe ff ff 48 8b 57 18 48 89 fe 48 c7 c7 60 d1 6d 82 c6 05 80 f6 d7 01 01 e8 29 8d cc 00 <0f> 0b 8b 45 20 e9 be fe ff ff 0f 0b e9 60 ff ff ff e8 31 33 d3 00
All code
========
0: 0b eb or %ebx,%ebp
2: c4 (bad)
3: 80 3d 9b f6 d7 01 00 cmpb $0x0,0x1d7f69b(%rip) # 0x1d7f6a5
a: 0f 85 e2 fe ff ff jne 0xfffffffffffffef2
10: 48 8b 57 18 mov 0x18(%rdi),%rdx
14: 48 89 fe mov %rdi,%rsi
17: 48 c7 c7 60 d1 6d 82 mov $0xffffffff826dd160,%rdi
1e: c6 05 80 f6 d7 01 01 movb $0x1,0x1d7f680(%rip) # 0x1d7f6a5
25: e8 29 8d cc 00 callq 0xcc8d53
2a:* 0f 0b ud2 <-- trapping instruction
2c: 8b 45 20 mov 0x20(%rbp),%eax
2f: e9 be fe ff ff jmpq 0xfffffffffffffef2
34: 0f 0b ud2
36: e9 60 ff ff ff jmpq 0xffffffffffffff9b
3b: e8 31 33 d3 00 callq 0xd33371
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 8b 45 20 mov 0x20(%rbp),%eax
5: e9 be fe ff ff jmpq 0xfffffffffffffec8
a: 0f 0b ud2
c: e9 60 ff ff ff jmpq 0xffffffffffffff71
11: e8 31 33 d3 00 callq 0xd33347
[ 8.585505][ T1] RSP: 0018:ffffc90000013960 EFLAGS: 00010286
[ 8.586244][ T1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: c0000000ffff7fff
[ 8.587223][ T1] RDX: 0000000000000000 RSI: 0000000000027ffb RDI: 0000000000000001
[ 8.588206][ T1] RBP: ffffc90000013dc8 R08: 0000000000000000 R09: 00000000ffff7fff
[ 8.589477][ T1] R10: ffffc90000013810 R11: ffffffff82dd6ea8 R12: 0000000000000002
[ 8.590902][ T1] R13: ffffc900000139a0 R14: ffffc90000013dc8 R15: ffff88810022cf80
[ 8.591763][ T1] FS: 00007f5a3c5c8900(0000) GS:ffff88842fd00000(0000) knlGS:0000000000000000
[ 8.592703][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.593397][ T1] CR2: 000055ab84153038 CR3: 000000015c8d8000 CR4: 00000000000406e0
[ 8.594263][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 8.595120][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 8.595982][ T1] Call Trace:
[ 8.596952][ T1] <TASK>
[ 8.597335][ T1] try_to_generate_entropy (arch/x86/include/asm/preempt.h:85 drivers/char/random.c:1323)
[ 8.597936][ T1] ? crng_fast_key_erasure (include/linux/string.h:237 drivers/char/random.c:309)
[ 8.598517][ T1] ? __cond_resched (kernel/sched/core.c:8419)
[ 8.599049][ T1] ? slab_pre_alloc_hook+0xfa/0x1f0
[ 8.599717][ T1] ? __d_alloc (fs/dcache.c:1769)
[ 8.600211][ T1] ? kmem_cache_alloc_lru (mm/slub.c:3454 mm/slub.c:3460 mm/slub.c:3467 mm/slub.c:3483)
[ 8.601783][ T1] ? __cond_resched (kernel/sched/core.c:8419)
[ 8.602262][ T1] ? slab_pre_alloc_hook+0xfa/0x1f0
[ 8.602869][ T1] ? __cond_resched (kernel/sched/core.c:8419)
[ 8.603350][ T1] ? slab_pre_alloc_hook+0xfa/0x1f0
[ 8.603960][ T1] ? __cond_resched (kernel/sched/core.c:8419)
[ 8.604436][ T1] ? slab_pre_alloc_hook+0xfa/0x1f0
[ 8.605042][ T1] ? __wake_up_common_lock (kernel/sched/wait.c:141 (discriminator 1))
[ 8.605576][ T1] ? __cond_resched (kernel/sched/core.c:8419)
[ 8.606056][ T1] ? exact_lock (fs/char_dev.c:356 fs/char_dev.c:466)
[ 8.606510][ T1] ? __pfx_exact_match (fs/char_dev.c:458)
[ 8.607012][ T1] ? kobj_lookup (drivers/base/map.c:127)
[ 8.607477][ T1] ? __pfx_memory_open (drivers/char/mem.c:723)
[ 8.607983][ T1] ? chrdev_open (fs/char_dev.c:415)
[ 8.608450][ T1] ? __pfx_chrdev_open (fs/char_dev.c:374)
[ 8.608960][ T1] ? file_ra_state_init (mm/readahead.c:142)
[ 8.609466][ T1] ? do_dentry_open (fs/open.c:903)
[ 8.609963][ T1] ? terminate_walk (fs/namei.c:681)
[ 8.610459][ T1] ? path_openat (fs/namei.c:3715)
[ 8.610938][ T1] ? do_filp_open (fs/namei.c:3741)
[ 8.611408][ T1] ? __pfx_entropy_timer (drivers/char/random.c:1253)
[ 8.611927][ T1] ? apparmor_file_permission (arch/x86/include/asm/current.h:41 security/apparmor/include/cred.h:76 security/apparmor/include/cred.h:109 security/apparmor/lsm.c:513 security/apparmor/lsm.c:526)
[ 8.612484][ T1] urandom_read_iter.cold (drivers/char/random.c:1442)
[ 8.613019][ T1] vfs_read (include/linux/fs.h:2180 fs/read_write.c:389 fs/read_write.c:470)
[ 8.613976][ T1] ksys_read (fs/read_write.c:613)
[ 8.614363][ T1] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 8.614775][ T1] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 8.615285][ T1] RIP: 0033:0x7f5a3cd95e8e
[ 8.615703][ T1] Code: c0 e9 b6 fe ff ff 50 48 8d 3d 6e 18 0a 00 e8 89 e8 01 00 66 0f 1f 84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28
All code
========
0: c0 e9 b6 shr $0xb6,%cl
3: fe (bad)
4: ff (bad)
5: ff 50 48 callq *0x48(%rax)
8: 8d 3d 6e 18 0a 00 lea 0xa186e(%rip),%edi # 0xa187c
e: e8 89 e8 01 00 callq 0x1e89c
13: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
1a: 00 00
1c: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax
23: 00
24: 85 c0 test %eax,%eax
26: 75 14 jne 0x3c
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 5a ja 0x8c
32: c3 retq
33: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
3a: 00 00
3c: 48 83 ec 28 sub $0x28,%rsp
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 5a ja 0x62
8: c3 retq
9: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
10: 00 00
12: 48 83 ec 28 sub $0x28,%rsp
To reproduce:
# build kernel
cd linux
cp config-6.2.0-rc1-00251-g2ecfcc0c3e51 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
View attachment "config-6.2.0-rc1-00251-g2ecfcc0c3e51" of type "text/plain" (167392 bytes)
View attachment "job-script" of type "text/plain" (4842 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (30392 bytes)
Powered by blists - more mailing lists