Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp3827812rwr; Sat, 22 Apr 2023 12:52:04 -0700 (PDT) X-Google-Smtp-Source: AKy350aq45LbiY0TX3305xMfe21+5H/rBunmF7V+NNVfCgSxPgMUmMje2DcM5L8Uy9zpqfuBsOGi X-Received: by 2002:a17:902:e802:b0:1a6:c366:1609 with SMTP id u2-20020a170902e80200b001a6c3661609mr10791243plg.0.1682193124077; Sat, 22 Apr 2023 12:52:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1682193124; cv=none; d=google.com; s=arc-20160816; b=e7aL6HMxvGaifEujJGs8ivIEoGq/9+FtNDpYEbWQe5Si87fsXymO6pgjbVuQsrE/HA hthZRUd6yz2FzdWcz2iAdLLwsgfdnDKZq+UfkasMCS8mioJiq2ukmnmt6KVHl2wSySyv USPwXCtlY4reR+IuP54lsPKeMdet6SCehZz+tKov9nYTRPUnep6GAO0dQXJDtkbdKevV r/fl/kvKbdVoN3zbSnlbhk69k+bXrpppNOuMwKgHOiZgFCZwLscPqtlelDmcoK/XPyAG D6Y+SH663IMKVC+UtJ6MSrPopoCRyuEna5NvtyQDPWOSegUr8djnPtgDERCT5xnrpELV ai4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=sCriSCxRgt6c54/aZMrPhGXLFhCTM5p0XMg6TzpIhbY=; b=TVvj5mrKGeI3u+Jf6JjWe8xhNl+irhQHQyJGa7kc+1QvOXS+x3ojG7jfnPHEliUm2Z Cj6cyyGjancEAzJgB62ob4UnOVMCbqsfSWbLyyf5Zf4YDVJ1UHmjyJ5a/Y3v1D5K2Y6A ISoO6cFL7Ne6IfuHAb5xOvs4EDny5a9O4pKlQS/lSANYMrvdJl292xDAy5IfopVJ4zBa qlUrpTiXqC7gM4neLcuETxdvaWZ+6tXDtg+/R06f+BwCUxxjPBTGbMvYJPGCEmN9lrS/ /ioo6a9jGKI+PAyt5usOwaZt0GvB2Wm0dDgHDhGgZPFd8pfrscSS1oZgCwQeDPkm/1R3 4w8g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=u1zJkinE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q8-20020a170902a3c800b001a0442e0038si3747138plb.414.2023.04.22.12.51.53; Sat, 22 Apr 2023 12:52:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=u1zJkinE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229717AbjDVT24 (ORCPT + 99 others); Sat, 22 Apr 2023 15:28:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229621AbjDVT2z (ORCPT ); Sat, 22 Apr 2023 15:28:55 -0400 Received: from mail-yw1-x1135.google.com (mail-yw1-x1135.google.com [IPv6:2607:f8b0:4864:20::1135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14991E76 for ; Sat, 22 Apr 2023 12:28:53 -0700 (PDT) Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-54fae5e9ec7so32603637b3.1 for ; Sat, 22 Apr 2023 12:28:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; t=1682191732; x=1684783732; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=sCriSCxRgt6c54/aZMrPhGXLFhCTM5p0XMg6TzpIhbY=; b=u1zJkinE0WZES7ZbULFAq8kl4b17EZY5F1OHn0mudgK6svMvuoOCAYesMwKC6SOxR7 JDAlHJI0vNv/xQBkPEsV7b0wSR/161efkefxsl/9owctBXvtKBYROtkl5gA+IWb7mLd9 G7hUvEo28+bNXV7BGpirnlPB56iw0AJ+DtUvI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682191732; x=1684783732; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sCriSCxRgt6c54/aZMrPhGXLFhCTM5p0XMg6TzpIhbY=; b=YHEfNaiveGkzGGyj/zYnVYBictZlwim/FpH5oG3/k6teyDay+kQNDAEZ5qOCxGPH5d 72S6IaSf+fXELC9BTf7+z4RD2dmk0eFdlnNO0dRigjgw9z54pFRIy80BjxZKOHJdgyH9 GuyUcdM87MHNTTkD+pwH1r9kOw9FSGwjM7DT4/npSMkXP2P6E8vzrZ8bT6OGMHv/vN+4 lSwsNlrUU1f6Zv7wD3FTjAoD6tZKrBOtL/1ZBM2uU85O/1EUXxLKi9RuBIMP89ckg+C3 xkABZb+duAXyo8ubCXKxdke/sI8H3jJq9uo0/wM3sM9fo20mvkvPXiqIa1308l56dR5b TPtA== X-Gm-Message-State: AAQBX9cfMijPVsZ8iz6VT+lFlLRwi4lUwi0PCogmv7CA+UCcgby6plWn CY32GL57VoAD2UxWvEarJKJDdUadKQAtkIk6DYU5Fw== X-Received: by 2002:a0d:c4c3:0:b0:552:d36e:e6db with SMTP id g186-20020a0dc4c3000000b00552d36ee6dbmr4261843ywd.6.1682191732207; Sat, 22 Apr 2023 12:28:52 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Joel Fernandes Date: Sat, 22 Apr 2023 21:28:39 +0200 Message-ID: Subject: Re: BUG : PowerPC RCU: torture test failed with __stack_chk_fail To: Zhouyi Zhou Cc: linuxppc-dev , rcu , linux-kernel , lance@osuosl.org, "Paul E. McKenney" , Michael Ellerman Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NORMAL_HTTP_TO_IP, NUMERIC_HTTP_ADDR,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Apr 22, 2023 at 2:47=E2=80=AFPM Zhouyi Zhou = wrote: > > Dear PowerPC and RCU developers: > During the RCU torture test on mainline (on the VM of Opensource Lab > of Oregon State University), SRCU-P failed with __stack_chk_fail: > [ 264.381952][ T99] [c000000006c7bab0] [c0000000010c67c0] > dump_stack_lvl+0x94/0xd8 (unreliable) > [ 264.383786][ T99] [c000000006c7bae0] [c00000000014fc94] panic+0x19c/= 0x468 > [ 264.385128][ T99] [c000000006c7bb80] [c0000000010fca24] > __stack_chk_fail+0x24/0x30 > [ 264.386610][ T99] [c000000006c7bbe0] [c0000000002293b4] > srcu_gp_start_if_needed+0x5c4/0x5d0 > [ 264.388188][ T99] [c000000006c7bc70] [c00000000022f7f4] > srcu_torture_call+0x34/0x50 > [ 264.389611][ T99] [c000000006c7bc90] [c00000000022b5e8] > rcu_torture_fwd_prog+0x8c8/0xa60 > [ 264.391439][ T99] [c000000006c7be00] [c00000000018e37c] kthread+0x15= c/0x170 > [ 264.392792][ T99] [c000000006c7be50] [c00000000000df94] > ret_from_kernel_thread+0x5c/0x64 > The kernel config file can be found in [1]. > And I write a bash script to accelerate the bug reproducing [2]. > After a week's debugging, I found the cause of the bug is because the > register r10 used to judge for stack overflow is not constant between > context switches. > The assembly code for srcu_gp_start_if_needed is located at [3]: > c000000000226eb4: 78 6b aa 7d mr r10,r13 > c000000000226eb8: 14 42 29 7d add r9,r9,r8 > c000000000226ebc: ac 04 00 7c hwsync > c000000000226ec0: 10 00 7b 3b addi r27,r27,16 > c000000000226ec4: 14 da 29 7d add r9,r9,r27 > c000000000226ec8: a8 48 00 7d ldarx r8,0,r9 > c000000000226ecc: 01 00 08 31 addic r8,r8,1 > c000000000226ed0: ad 49 00 7d stdcx. r8,0,r9 > c000000000226ed4: f4 ff c2 40 bne- c000000000226ec8 > > c000000000226ed8: 28 00 21 e9 ld r9,40(r1) > c000000000226edc: 78 0c 4a e9 ld r10,3192(r10) > c000000000226ee0: 79 52 29 7d xor. r9,r9,r10 > c000000000226ee4: 00 00 40 39 li r10,0 > c000000000226ee8: b8 03 82 40 bne c0000000002272a0 > > by debugging, I see the r10 is assigned with r13 on c000000000226eb4, > but if there is a context-switch before c000000000226edc, a false > positive will be reported. > > [1] http://154.220.3.115/logs/0422/configformainline.txt > [2] 154.220.3.115/logs/0422/whilebash.sh > [3] http://154.220.3.115/logs/0422/srcu_gp_start_if_needed.txt > > My analysis and debugging may not be correct, but the bug is easily > reproducible. If this is a bug in the stack smashing protection as you seem to hint, I wonder if you see the issue with a specific gcc version and is a compiler-specific issue. It's hard to say, but considering this I think it's important for you to mention the compiler version in your report (along with kernel version, kernel logs etc.) thanks, - Joel - Joel