From: Qian Cai <cai@lca.pw>
To: "Paul E. McKenney" <paulmck@kernel.org>
Cc: kernel test robot <rong.a.chen@intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>,
lkp@lists.01.org
Subject: Re: [kernel/smp] 5408b78b7a: BUG:KASAN:out-of-bounds_in_c
Date: Mon, 6 Jul 2020 14:49:41 -0400 [thread overview]
Message-ID: <20200706184941.GA1651@lca.pw> (raw)
In-Reply-To: <20200705173703.GR9247@paulmck-ThinkPad-P72>
On Sun, Jul 05, 2020 at 10:37:03AM -0700, Paul E. McKenney wrote:
> Good catch, but someone beat you to it. This commit contains the fix:
>
> 0504bc41a62c ("kernel/smp: Provide CSD lock timeout diagnostics")
Well, I can still reproduce this on next-20200706 which contains the said fix.
CSD_LOCK_WAIT_DEBUG=n
commit 0504bc41a62c4a42b9316244da7208feca7295cb
Author: Paul E. McKenney <paulmck@kernel.org>
Date: Tue Jun 30 13:22:54 2020 -0700
kernel/smp: Provide CSD lock timeout diagnostics
This commit causes csd_lock_wait() to emit diagnostics when a CPU fails
to respond quickly enough to one of the smp_call_function() family of
function calls. These diagnostics include NMI stack traces, and so the
exclusion of idle CPUs is also removed. These diagnostics are enabled
by a new CSD_LOCK_WAIT_DEBUG Kconfig option that depends on DEBUG_KERNEL.
This commit was inspired by an earlier patch by Josef Bacik.
[ paulmck: Avoid 64-bit divides per kernel test robot feedback. ]
[ paulmck: Fix for syzbot+0f719294463916a3fc0e@syzkaller.appspotmail.com ]
Link: https://lore.kernel.org/lkml/00000000000042f21905a991ecea@google.com
Link: https://lore.kernel.org/lkml/0000000000002ef21705a9933cf3@google.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
[19929.567055][ T0] BUG: KASAN: out-of-bounds in flush_smp_call_function_queue+0x65f/0x7c0
csd_lock_record at kernel/smp.c:119
(inlined by) flush_smp_call_function_queue at kernel/smp.c:395
[19929.575391][ T0] Read of size 8 at addr ffffc900320879b8 by task swapper/35/0
[19929.582845][ T0]
[19929.585060][ T0] CPU: 35 PID: 0 Comm: swapper/35 Tainted: G O 5.8.0-rc3-next-20200706 #1
[19929.594784][ T0] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019
[19929.604072][ T0] Call Trace:
[19929.607253][ T0] dump_stack+0x9d/0xe0
[19929.611304][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.617355][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.623415][ T0] print_address_description.constprop.8.cold.9+0x56/0x4fc
[19929.630521][ T0] ? log_store.cold.32+0x11/0x11
[19929.635353][ T0] ? lock_downgrade+0x720/0x720
[19929.640097][ T0] ? nr_iowait_cpu+0x78/0xf0
[19929.644576][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.650625][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.656674][ T0] kasan_report.cold.10+0x37/0x7c
[19929.661587][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.667647][ T0] flush_smp_call_function_queue+0x65f/0x7c0
[19929.673535][ T0] flush_smp_call_function_from_idle+0x41/0x71
[19929.679598][ T0] do_idle+0x2d6/0x4f0
[19929.683557][ T0] ? arch_cpu_idle_exit+0x40/0x40
[19929.688480][ T0] cpu_startup_entry+0x14/0x16
[19929.693143][ T0] secondary_startup_64+0xb6/0xc0
[19929.698059][ T0]
[19929.700270][ T0]
[19929.702476][ T0] Memory state around the buggy address:
[19929.708007][ T0] ffffc90032087880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[19929.715986][ T0] ffffc90032087900: 00 00 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
[19929.723963][ T0] >ffffc90032087980: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
[19929.731940][ T0] ^
[19929.737999][ T0] ffffc90032087a00: 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[19929.745982][ T0] ffffc90032087a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
next prev parent reply other threads:[~2020-07-06 18:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-05 8:26 [kernel/smp] 5408b78b7a: BUG:KASAN:out-of-bounds_in_c kernel test robot
2020-07-05 17:37 ` Paul E. McKenney
2020-07-06 18:49 ` Qian Cai [this message]
2020-07-06 23:12 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200706184941.GA1651@lca.pw \
--to=cai@lca.pw \
--cc=bigeasy@linutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@lists.01.org \
--cc=mingo@kernel.org \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=rong.a.chen@intel.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.