lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202212141556.1c5785dc-yujie.liu@intel.com>
Date:   Thu, 15 Dec 2022 09:08:21 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Eric Dumazet <edumazet@...gle.com>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        "David S. Miller" <davem@...emloft.net>,
        <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>
Subject: [linus:master] [ipv6] 6a17b961ec:
 BUG_RAWv6(Tainted:G_T):Objects_remaining_in_RAWv6_on__kmem_cache_shutdown()

Greeting,

FYI, we noticed BUG_RAWv6(Tainted:G_T):Objects_remaining_in_RAWv6_on__kmem_cache_shutdown() due to commit (built with gcc-11):

commit: 6a17b961ec19cd61ca646a6655ab93e8f6fe15c0 ("ipv6: do not use per netns icmp sockets")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linux-next/master 39ab32797f072eaf86b1faa7384ac73450684110]

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


[   13.193497][    T1] calling  inet6_init+0x0/0x95d [ipv6] @ 1
[   13.194966][    T1] NET: Registered PF_INET6 protocol family
[   13.211439][    T1] IPv6: Attempt to unregister permanent protocol 6
[   13.211986][    T1] IPv6: Attempt to unregister permanent protocol 136
[   13.212495][    T1] IPv6: Attempt to unregister permanent protocol 17
[   13.234472][    T1] NET: Unregistered PF_INET6 protocol family
[   13.235185][    T1] =============================================================================
[   13.235884][    T1] BUG RAWv6 (Tainted: G                T): Objects remaining in RAWv6 on __kmem_cache_shutdown()
[   13.236628][    T1] -----------------------------------------------------------------------------
[   13.236628][    T1] 
[   13.237448][    T1] Slab 0x(ptrval) objects=13 used=2 fp=0x(ptrval) flags=0x7d010200(slab|head|section=31|zone=1)
[   13.238219][    T1] CPU: 1 PID: 1 Comm: systemd Tainted: G                T 5.16.0-11537-g6a17b961ec19 #1
[   13.238899][    T1] Call Trace:
[   13.239151][    T1]  ? dump_stack_lvl+0x14a/0x1fa
[   13.239496][    T1]  ? dump_stack+0x1b/0x2c
[   13.239804][    T1]  ? slab_err+0x7a/0xb0
[   13.240128][    T1]  ? lock_acquire+0xcd/0x360
[   13.240486][    T1]  ? free_partial+0x4e/0x210
[   13.240847][    T1]  ? list_slab_objects+0x4a/0x540
[   13.241327][    T1]  ? _raw_spin_lock_irq+0x98/0xf0
[   13.241718][    T1]  ? free_partial+0x134/0x210
[   13.242081][    T1]  ? flush_all_cpus_locked+0x230/0x280
[   13.242500][    T1]  ? __kmem_cache_shutdown+0x40/0xd0
[   13.242898][    T1]  ? shutdown_cache+0x23/0x200
[   13.243277][    T1]  ? kmem_cache_destroy+0x9d/0x130
[   13.243650][    T1]  ? proto_unregister+0x10d/0x180
[   13.244009][    T1]  ? inet6_init+0x900/0x95d [ipv6]
[   13.244444][    T1]  ? inet6_net_init+0x1d5/0x1d5 [ipv6]
[   13.244887][    T1]  ? do_one_initcall+0x60/0x270
[   13.245208][    T1]  ? __mutex_unlock_slowpath+0x33/0x340
[   13.245552][    T1]  ? mutex_unlock+0x2c/0x40
[   13.245849][    T1]  ? __gcov_init+0x64/0xf0
[   13.246160][    T1]  ? do_init_module+0xd3/0x460
[   13.246487][    T1]  ? load_module+0xaee/0xc00
[   13.246814][    T1]  ? __do_sys_finit_module+0xa7/0x150
[   13.247205][    T1]  ? __ia32_sys_finit_module+0x23/0x40
[   13.247576][    T1]  ? __do_fast_syscall_32+0x68/0xf0
[   13.247957][    T1]  ? do_fast_syscall_32+0x29/0x60
[   13.248349][    T1]  ? do_SYSENTER_32+0x15/0x20
[   13.248683][    T1]  ? entry_SYSENTER_32+0xa6/0x112
[   13.249052][    T1] Disabling lock debugging due to kernel taint
[   13.249463][    T1] Object 0x(ptrval) @offset=0
[   13.249784][    T1] Object 0x(ptrval) @offset=1216
[   13.250186][    T1] ------------[ cut here ]------------
[   13.250580][    T1] kmem_cache_destroy RAWv6: Slab cache still has objects when called from proto_unregister+0x10d/0x180
[   13.250611][    T1] WARNING: CPU: 1 PID: 1 at mm/slab_common.c:502 kmem_cache_destroy+0xee/0x130
[   13.252012][    T1] Modules linked in: ipv6(+)
[   13.252355][    T1] CPU: 1 PID: 1 Comm: systemd Tainted: G    B           T 5.16.0-11537-g6a17b961ec19 #1
[   13.253086][    T1] EIP: kmem_cache_destroy+0xee/0x130
[   13.253512][    T1] Code: 44 01 83 15 14 06 6d 44 00 83 05 18 06 6d 44 01 83 15 1c 06 6d 44 00 e8 36 f1 2e 01 83 05 20 06 6d 44 01 83 15 24 06 6d 44 00 <0f> 0b 83 05 28 06 6d 44 01 83 15 2c 06 6d 44 00 83 c4 10 e9 4e ff
[   13.254904][    T1] EAX: 00000064 EBX: 481f80c0 ECX: 00000000 EDX: 00000000
[   13.255422][    T1] ESI: 00000028 EDI: 00000000 EBP: 4511be44 ESP: 4511be30
[   13.255925][    T1] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00210246
[   13.256487][    T1] CR0: 80050033 CR2: 3892c060 CR3: 7eccf000 CR4: 00040690
[   13.256985][    T1] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   13.257496][    T1] DR6: fffe0ff0 DR7: 00000400
[   13.257827][    T1] Call Trace:
[   13.258071][    T1]  ? proto_unregister+0x10d/0x180
[   13.258470][    T1]  ? proto_unregister+0x10d/0x180
[   13.258849][    T1]  ? inet6_init+0x900/0x95d [ipv6]
[   13.259346][    T1]  ? inet6_net_init+0x1d5/0x1d5 [ipv6]
[   13.276018][    T1]  ? do_one_initcall+0x60/0x270
[   13.276406][    T1]  ? __mutex_unlock_slowpath+0x33/0x340
[   13.276835][    T1]  ? mutex_unlock+0x2c/0x40
[   13.277174][    T1]  ? __gcov_init+0x64/0xf0
[   13.277547][    T1]  ? do_init_module+0xd3/0x460
[   13.277892][    T1]  ? load_module+0xaee/0xc00
[   13.278232][    T1]  ? __do_sys_finit_module+0xa7/0x150
[   13.278652][    T1]  ? __ia32_sys_finit_module+0x23/0x40
[   13.279050][    T1]  ? __do_fast_syscall_32+0x68/0xf0
[   13.279489][    T1]  ? do_fast_syscall_32+0x29/0x60
[   13.279884][    T1]  ? do_SYSENTER_32+0x15/0x20
[   13.280206][    T1]  ? entry_SYSENTER_32+0xa6/0x112
[   13.280579][    T1] irq event stamp: 935656
[   13.280876][    T1] hardirqs last  enabled at (935655): [<427ede68>] _raw_spin_unlock_irq+0x68/0xb0
[   13.281531][    T1] hardirqs last disabled at (935656): [<427ed913>] _raw_spin_lock_irq+0xd3/0xf0
[   13.282124][    T1] softirqs last  enabled at (935632): [<ef5305db>] inet6_unregister_protosw+0x8b/0xd0 [ipv6]
[   13.282906][    T1] softirqs last disabled at (935630): [<ef53057d>] inet6_unregister_protosw+0x2d/0xd0 [ipv6]
[   13.283699][    T1] ---[ end trace 0000000000000000 ]---
[   13.284340][    T1] initcall inet6_init+0x0/0x95d [ipv6] returned -2 after 88118 usecs


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202212141556.1c5785dc-yujie.liu@intel.com


To reproduce:

        # build kernel
	cd linux
	cp config-5.16.0-11537-g6a17b961ec19 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.


-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config-5.16.0-11537-g6a17b961ec19" of type "text/plain" (158235 bytes)

View attachment "job-script" of type "text/plain" (4889 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (36700 bytes)

Powered by blists - more mailing lists