Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 5c300b654da5729bd0d7ac1022786fcdb3ce31d7 ("dyndbg: walk __dyndbg & __dyndbg_sites in parallel")
https://github.com/jimc/linux.git dd-diet-5b
in testcase: trinity
version: trinity-x86_64-80fb6169-1_20220207
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu Icelake-Server -smp 4 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <[email protected]>
[ 1.917257][ T1] kernel BUG at lib/dynamic_debug.c:1308!
[ 1.918256][ T1] invalid opcode: 0000 [#1] SMP KASAN PTI
[ 1.919240][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.16.0-00026-g5c300b654da5 #1
[ 1.919240][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1.919240][ T1] RIP: 0010:dynamic_debug_init (lib/dynamic_debug.c:1308 (discriminator 1))
[ 1.919240][ T1] Code: e8 be ff ff 37 00 48 c1 e8 03 48 c1 e6 2a 80 3c 30 00 74 10 48 89 ef 48 89 14 24 e8 45 db f2 fb 48 8b 14 24 48 39 5d 00 74 02 <0f> 0b 48 89 d8 b9 ff ff 37 00 41 ff c4 48 c1 e8 03 48 c1 e1 2a 80
All code
========
0: e8 be ff ff 37 callq 0x37ffffc3
5: 00 48 c1 add %cl,-0x3f(%rax)
8: e8 03 48 c1 e6 callq 0xffffffffe6c14810
d: 2a 80 3c 30 00 74 sub 0x7400303c(%rax),%al
13: 10 48 89 adc %cl,-0x77(%rax)
16: ef out %eax,(%dx)
17: 48 89 14 24 mov %rdx,(%rsp)
1b: e8 45 db f2 fb callq 0xfffffffffbf2db65
20: 48 8b 14 24 mov (%rsp),%rdx
24: 48 39 5d 00 cmp %rbx,0x0(%rbp)
28: 74 02 je 0x2c
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 89 d8 mov %rbx,%rax
2f: b9 ff ff 37 00 mov $0x37ffff,%ecx
34: 41 ff c4 inc %r12d
37: 48 c1 e8 03 shr $0x3,%rax
3b: 48 c1 e1 2a shl $0x2a,%rcx
3f: 80 .byte 0x80
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 89 d8 mov %rbx,%rax
5: b9 ff ff 37 00 mov $0x37ffff,%ecx
a: 41 ff c4 inc %r12d
d: 48 c1 e8 03 shr $0x3,%rax
11: 48 c1 e1 2a shl $0x2a,%rcx
15: 80 .byte 0x80
[ 1.919240][ T1] RSP: 0000:ffffc9000001fcf8 EFLAGS: 00010216
[ 1.919240][ T1] RAX: 1ffffffff39327f9 RBX: ffffffff9c980488 RCX: ffffffff9adcb000
[ 1.919240][ T1] RDX: ffffffff9b23b020 RSI: dffffc0000000000 RDI: ffffc9000001fc70
[ 1.919240][ T1] RBP: ffffffff9c993fc8 R08: 0000000000000001 R09: fffff52000003f8f
[ 1.919240][ T1] R10: ffffc9000001fc77 R11: fffff52000003f8e R12: 000000000000004c
[ 1.919240][ T1] R13: 000000000000000d R14: ffffffff9c993fa0 R15: 0000000000000001
[ 1.919240][ T1] FS: 0000000000000000(0000) GS:ffff8883dd600000(0000) knlGS:0000000000000000
[ 1.919240][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.919240][ T1] CR2: ffff8883db801000 CR3: 00000003d9c14001 CR4: 0000000000060ef0
[ 1.919240][ T1] Call Trace:
[ 1.919240][ T1] <TASK>
[ 1.919240][ T1] ? dynamic_debug_init_control (lib/dynamic_debug.c:1292)
[ 1.919240][ T1] do_one_initcall (init/main.c:1297)
[ 1.919240][ T1] ? perf_trace_initcall_level (init/main.c:1288)
[ 1.919240][ T1] ? migrate_swap_stop (kernel/sched/core.c:3971)
[ 1.919240][ T1] ? proc_create (fs/proc/generic.c:616)
[ 1.919240][ T1] kernel_init_freeable (init/main.c:1413 init/main.c:1599)
[ 1.919240][ T1] ? console_on_rootfs (init/main.c:1581)
[ 1.919240][ T1] ? _raw_spin_lock_irq (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:513 include/asm-generic/qspinlock.h:82 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:120 kernel/locking/spinlock.c:170)
[ 1.919240][ T1] ? _raw_spin_lock_bh (kernel/locking/spinlock.c:169)
[ 1.919240][ T1] ? rest_init (init/main.c:1491)
[ 1.919240][ T1] kernel_init (init/main.c:1501)
[ 1.919240][ T1] ret_from_fork (arch/x86/entry/entry_64.S:301)
[ 1.919240][ T1] </TASK>
[ 1.919240][ T1] Modules linked in:
[ 1.919268][ T1] ---[ end trace 6061b176ef201515 ]---
[ 1.920250][ T1] RIP: 0010:dynamic_debug_init (lib/dynamic_debug.c:1308 (discriminator 1))
[ 1.921253][ T1] Code: e8 be ff ff 37 00 48 c1 e8 03 48 c1 e6 2a 80 3c 30 00 74 10 48 89 ef 48 89 14 24 e8 45 db f2 fb 48 8b 14 24 48 39 5d 00 74 02 <0f> 0b 48 89 d8 b9 ff ff 37 00 41 ff c4 48 c1 e8 03 48 c1 e1 2a 80
All code
========
0: e8 be ff ff 37 callq 0x37ffffc3
5: 00 48 c1 add %cl,-0x3f(%rax)
8: e8 03 48 c1 e6 callq 0xffffffffe6c14810
d: 2a 80 3c 30 00 74 sub 0x7400303c(%rax),%al
13: 10 48 89 adc %cl,-0x77(%rax)
16: ef out %eax,(%dx)
17: 48 89 14 24 mov %rdx,(%rsp)
1b: e8 45 db f2 fb callq 0xfffffffffbf2db65
20: 48 8b 14 24 mov (%rsp),%rdx
24: 48 39 5d 00 cmp %rbx,0x0(%rbp)
28: 74 02 je 0x2c
2a:* 0f 0b ud2 <-- trapping instruction
2c: 48 89 d8 mov %rbx,%rax
2f: b9 ff ff 37 00 mov $0x37ffff,%ecx
34: 41 ff c4 inc %r12d
37: 48 c1 e8 03 shr $0x3,%rax
3b: 48 c1 e1 2a shl $0x2a,%rcx
3f: 80 .byte 0x80
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 48 89 d8 mov %rbx,%rax
5: b9 ff ff 37 00 mov $0x37ffff,%ecx
a: 41 ff c4 inc %r12d
d: 48 c1 e8 03 shr $0x3,%rax
11: 48 c1 e1 2a shl $0x2a,%rcx
15: 80 .byte 0x80
To reproduce:
# build kernel
cd linux
cp config-5.16.0-00026-g5c300b654da5 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/[email protected] Intel Corporation
Thanks,
Oliver Sang