From: Sven Schnelle <svens@linux.ibm.com>
To: Ajay Kaher <akaher@vmware.com>
Cc: rostedt@goodmis.org, shuah@kernel.org, mhiramat@kernel.org,
chinglinyu@google.com, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org,
linux-trace-kernel@vger.kernel.org, lkp@intel.com,
namit@vmware.com, oe-lkp@lists.linux.dev, amakhalov@vmware.com,
er.ajay.kaher@gmail.com, srivatsa@csail.mit.edu,
tkundu@vmware.com, vsirnapalli@vmware.com
Subject: Re: [PATCH v4 09/10] eventfs: Move tracing/events to eventfs
Date: Fri, 08 Sep 2023 14:14:20 +0200 [thread overview]
Message-ID: <yt9dr0n8kgkj.fsf@linux.ibm.com> (raw)
In-Reply-To: <1689248004-8158-10-git-send-email-akaher@vmware.com> (Ajay Kaher's message of "Thu, 13 Jul 2023 17:03:23 +0530")
Ajay Kaher <akaher@vmware.com> writes:
> Till now /sys/kernel/debug/tracing/events is a part of tracefs,
> with-in this patch creating 'events' and it's sub-dir as eventfs.
> Basically replacing tracefs calls with eventfs calls for 'events'.
>
> Signed-off-by: Ajay Kaher <akaher@vmware.com>
> Co-developed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
> Tested-by: Ching-lin Yu <chinglinyu@google.com>
> ---
> fs/tracefs/inode.c | 18 ++++++++++
> include/linux/trace_events.h | 1 +
> kernel/trace/trace.h | 2 +-
> kernel/trace/trace_events.c | 67 +++++++++++++++++++-----------------
> 4 files changed, 55 insertions(+), 33 deletions(-)
With this patchset in next-20230908 the following crash is observed on
s390 while running ftracetest test.d/instances/instance-event.tc:
(It also crashes without KASAN, just not on every try)
[ 26.728436] ==================================================================
[ 26.728450] BUG: KASAN: slab-use-after-free in __ftrace_event_enable_disable+0x56c/0x648
[ 26.728460] Read of size 8 at addr 00000000107d3838 by task ftracetest/514
[ 26.728465]
[ 26.728468] CPU: 1 PID: 514 Comm: ftracetest Not tainted 6.5.0-rc4-00014-g27152bceea1d #958
[ 26.728474] Hardware name: IBM 3931 A01 704 (z/VM 7.3.0)
[ 26.728478] Call Trace:
[ 26.728482] [<000000000262349e>] dump_stack_lvl+0x106/0x1c8
[ 26.728490] [<00000000009e3b8c>] print_address_description.constprop.0+0x34/0x378
[ 26.728498] [<00000000009e3f7c>] print_report+0xac/0x240
[ 26.728504] [<00000000009e42fa>] kasan_report+0xf2/0x130
[ 26.728509] [<00000000005c61c4>] __ftrace_event_enable_disable+0x56c/0x648
[ 26.728516] [<00000000005c6d02>] event_enable_write+0x132/0x218
[ 26.728522] [<0000000000a89598>] vfs_write+0x208/0x930
[ 26.728528] [<0000000000a8a148>] ksys_write+0x118/0x200
[ 26.728535] [<000000000010c5fc>] do_syscall+0x22c/0x328
[ 26.728547] [<000000000268e8b2>] __do_syscall+0x9a/0xf8
[ 26.728553] [<00000000026c1d28>] system_call+0x70/0x98
[ 26.728559] 3 locks held by ftracetest/514:
[ 26.728562] #0: 00000000226addd8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x84/0xa0
[ 26.728577] #1: 0000000008f19440 (sb_writers#14){.+.+}-{0:0}, at: ksys_write+0x118/0x200
[ 26.728594] #2: 00000000033205d0 (event_mutex){+.+.}-{3:3}, at: event_enable_write+0xdc/0x218
[ 26.728609]
[ 26.728613] Allocated by task 515:
[ 26.728617] kasan_save_stack+0x40/0x68
[ 26.728627] kasan_set_track+0x36/0x48
[ 26.728632] __kasan_slab_alloc+0x8e/0xb8
[ 26.728638] kmem_cache_alloc+0x1ec/0x568
[ 26.728643] trace_create_new_event+0x88/0x3d8
[ 26.728648] event_trace_add_tracer+0x13a/0x2a0
[ 26.728654] trace_array_create_dir+0x80/0x1a0
[ 26.728660] trace_array_create+0x344/0x700
[ 26.728665] instance_mkdir+0xbe/0x118
[ 26.728670] tracefs_syscall_mkdir+0xa8/0xf8
[ 26.728678] vfs_mkdir+0x454/0x6c0
[ 26.728685] do_mkdirat+0x24e/0x2a8
[ 26.728692] __s390x_sys_mkdir+0xf4/0x168
[ 26.728696] do_syscall+0x22c/0x328
[ 26.728700] __do_syscall+0x9a/0xf8
[ 26.728704] system_call+0x70/0x98
[ 26.728710]
[ 26.728713] Freed by task 553:
[ 26.728716] kasan_save_stack+0x40/0x68
[ 26.728721] kasan_set_track+0x36/0x48
[ 26.728726] kasan_save_free_info+0x42/0x60
[ 26.728733] ____kasan_slab_free+0x17c/0x1e0
[ 26.728741] __kasan_slab_free+0x24/0x30
[ 26.728747] slab_free_freelist_hook+0x272/0x3a0
[ 26.728751] kmem_cache_free+0xec/0x540
[ 26.728757] event_trace_del_tracer+0x108/0x1f8
[ 26.728763] __remove_instance+0x242/0x668
[ 26.728781] instance_rmdir+0xc4/0x108
[ 26.728788] tracefs_syscall_rmdir+0xd4/0x160
[ 26.728796] vfs_rmdir+0x18a/0x538
[ 26.728802] do_rmdir+0x2c0/0x358
[ 26.728807] __s390x_sys_rmdir+0xd2/0x138
[ 26.728811] do_syscall+0x22c/0x328
[ 26.728817] __do_syscall+0x9a/0xf8
[ 26.728823] system_call+0x70/0x98
[ 26.728829]
[ 26.728833] The buggy address belongs to the object at 00000000107d3828
[ 26.728833] which belongs to the cache trace_event_file of size 96
[ 26.728841] The buggy address is located 16 bytes inside of
[ 26.728841] freed 96-byte region [00000000107d3828, 00000000107d3888)
[ 26.728846]
[ 26.728848] The buggy address belongs to the physical page:
[ 26.728851] page:000040000041f4c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107d3
[ 26.728871] flags: 0x1ffff00000000200(slab|node=0|zone=0|lastcpupid=0x1ffff)
[ 26.728880] page_type: 0xffffffff()
[ 26.728889] raw: 1ffff00000000200 0000000005a2c100 0000400000891490 00004000006a89d0
[ 26.728894] raw: 0000000000000000 0013002600000000 ffffffff00000001 0000000000000000
[ 26.728898] page dumped because: kasan: bad access detected
[ 26.728902]
[ 26.728906] Memory state around the buggy address:
[ 26.728912] 00000000107d3700: fc fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb
[ 26.728919] 00000000107d3780: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc
[ 26.728928] >00000000107d3800: fc fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb
[ 26.728933] ^
[ 26.728940] 00000000107d3880: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fa
[ 26.728943] 00000000107d3900: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[ 26.728946] ==================================================================
[ 26.728955] Disabling lock debugging due to kernel taint
[ 27.089717] Unable to handle kernel pointer dereference in virtual kernel address space
[ 27.089725] Failing address: 0d896d6d6d6d6000 TEID: 0d896d6d6d6d6803
[ 27.089729] Fault in home space mode while using kernel ASCE.
[ 27.089737] AS:00000000046b800b R2:0000000000000028
[ 27.089770] Oops: 0038 ilc:2 [#1] PREEMPT SMP
[ 27.089779] Modules linked in:
[ 27.089784] CPU: 1 PID: 514 Comm: ftracetest Tainted: G B 6.5.0-rc4-00014-g27152bceea1d #958
[ 27.089790] Hardware name: IBM 3931 A01 704 (z/VM 7.3.0)
[ 27.089794] Krnl PSW : 0404e00180000000 00000000005c4488 (trace_event_buffer_reserve+0xf0/0x3e8)
[ 27.089804] R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
[ 27.089810] Krnl GPRS: 0000000000000001 0000000000000001 6b6b6b6b6b6b6c5b 001c000000000000
[ 27.089816] 0d896d6d6d6d6d8b 00000000005c4702 001bff80013cf170 6b6b6b6b6b6b6b6b
[ 27.089822] 6b6b6b6b6b6b6b6b 00037ff000279e26 00000000107d3828 001bff80013cf208
[ 27.089827] 00000000031669f8 00000000026c1c1c 00000000005c4702 001bff80013cf078
[ 27.089843] Krnl Code: 00000000005c447a: 412080f0 la %r2,240(%r8)
[ 27.089843] 00000000005c447e: eb420003000c srlg %r4,%r2,3
[ 27.089843] #00000000005c4484: b9080043 agr %r4,%r3
[ 27.089843] >00000000005c4488: 95004000 cli 0(%r4),0
[ 27.089843] 00000000005c448c: a7740142 brc 7,00000000005c4710
[ 27.089843] 00000000005c4490: e3e080f00004 lg %r14,240(%r8)
[ 27.089843] 00000000005c4496: e3e0f0a80024 stg %r14,168(%r15)
[ 27.089843] 00000000005c449c: 412080f8 la %r2,248(%r8)
[ 27.089885] Call Trace:
[ 27.089890] [<00000000005c4488>] trace_event_buffer_reserve+0xf0/0x3e8
[ 27.089897] ([<00000000005c4702>] trace_event_buffer_reserve+0x36a/0x3e8)
[ 27.089903] [<000000000028979e>] trace_event_raw_event_sched_switch+0xce/0x430
[ 27.089910] [<00000000026a1cd4>] __schedule+0xba4/0x1f58
[ 27.089916] [<00000000026a4544>] preempt_schedule_irq+0xdc/0x190
[ 27.089925] [<000000000268f99c>] irqentry_exit+0xac/0x128
[ 27.089931] [<00000000026c1fac>] ext_int_handler+0xc4/0xf0
[ 27.089936] [<0000000000135a98>] __unwind_start+0x190/0x568
[ 27.089944] ([<0000000000135a7c>] __unwind_start+0x174/0x568)
[ 27.089950] [<000000000013bb90>] arch_stack_walk+0x130/0x1d0
[ 27.089957] [<0000000000424198>] stack_trace_save+0xc8/0xf8
[ 27.089968] [<00000000009d3468>] set_track_prepare+0x38/0x58
[ 27.089974] [<00000000009df35a>] free_to_partial_list+0x1ea/0x2f0
[ 27.089979] [<00000000009df656>] __slab_free+0x1f6/0x3c0
[ 27.089984] [<00000000009e19e8>] ___cache_free+0x158/0x188
[ 27.089989] [<00000000009e6df6>] qlist_free_all+0x7e/0x150
[ 27.089994] [<00000000009e752a>] kasan_quarantine_reduce+0x17a/0x1d8
[ 27.089999] [<00000000009e3488>] __kasan_slab_alloc+0x98/0xb8
[ 27.090005] [<00000000009de3fc>] kmem_cache_alloc+0x1ec/0x568
[ 27.090011] [<0000000000ab1d8e>] getname_flags.part.0+0x56/0x420
[ 27.090018] [<0000000000a81244>] do_sys_openat2+0xc4/0x178
00: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop from CPU 00.
00: HCPGSP2629I The virtual machine is placed in CP mode due to a SIGP stop from CPU 01.
[ 27.090027] [<0000000000a815ae>] do_sys_open+0xce/0x118
[ 27.090033] [<000000000010c5fc>] do_syscall+0x22c/0x328
[ 27.090040] [<000000000268e8b2>] __do_syscall+0x9a/0xf8
[ 27.090048] [<00000000026c1d28>] system_call+0x70/0x98
[ 27.090056] INFO: lockdep is turned off.
[ 27.090060] Last Breaking-Event-Address:
[ 27.090066] [<00000000005c4702>] trace_event_buffer_reserve+0x36a/0x3e8
[ 27.090077] Kernel panic - not syncing: Fatal exception: panic_on_oops
next prev parent reply other threads:[~2023-09-08 12:14 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-13 11:33 [PATCH v4 00/10] tracing: introducing eventfs Ajay Kaher
2023-07-13 11:33 ` [PATCH v4 01/10] tracing: Require all trace events to have a TRACE_SYSTEM Ajay Kaher
2023-07-13 11:33 ` [PATCH v4 02/10] tracefs: Rename some tracefs function Ajay Kaher
2023-07-14 15:11 ` Steven Rostedt
2023-07-13 11:33 ` [PATCH v4 03/10] eventfs: Implement eventfs dir creation functions Ajay Kaher
2023-07-14 15:44 ` Steven Rostedt
2023-07-13 11:33 ` [PATCH v4 04/10] eventfs: Implement eventfs file add functions Ajay Kaher
2023-07-14 16:23 ` Steven Rostedt
2023-07-13 11:33 ` [PATCH v4 05/10] eventfs: Implement eventfs file, directory remove function Ajay Kaher
2023-07-14 16:35 ` Steven Rostedt
2023-07-13 11:33 ` [PATCH v4 06/10] eventfs: Implement functions to create eventfs files and directories Ajay Kaher
2023-07-14 16:47 ` Steven Rostedt
2023-07-13 11:33 ` [PATCH v4 07/10] eventfs: Implement eventfs lookup, read, open functions Ajay Kaher
2023-07-14 20:17 ` Steven Rostedt
2023-07-13 11:33 ` [PATCH v4 08/10] eventfs: Implement tracefs_inode_cache Ajay Kaher
2023-07-14 20:27 ` Steven Rostedt
2023-07-13 11:33 ` [PATCH v4 09/10] eventfs: Move tracing/events to eventfs Ajay Kaher
2023-07-14 21:06 ` Steven Rostedt
2023-07-19 11:08 ` Ajay Kaher
2023-07-19 11:08 ` Ajay Kaher
2023-09-08 12:14 ` Sven Schnelle [this message]
2023-09-08 12:31 ` Steven Rostedt
2023-07-13 11:33 ` [PATCH v4 10/10] test: ftrace: Fix kprobe test for eventfs Ajay Kaher
2023-07-14 2:37 ` Steven Rostedt
2023-07-14 13:27 ` Masami Hiramatsu
2023-07-17 5:24 ` Ajay Kaher
2023-07-17 12:24 ` Steven Rostedt
2023-07-14 22:58 ` [PATCH v4 00/10] tracing: introducing eventfs Steven Rostedt
2023-07-16 17:32 ` Ajay Kaher
2023-07-18 13:40 ` Steven Rostedt
2023-07-19 10:25 ` Ajay Kaher
2023-07-19 14:23 ` Steven Rostedt
2023-07-19 18:37 ` Ajay Kaher
2023-07-19 18:40 ` Steven Rostedt
2023-07-21 12:48 ` Steven Rostedt
2023-07-21 13:16 ` Steven Rostedt
2023-07-21 13:19 ` Steven Rostedt
2023-07-21 17:17 ` Nadav Amit
2023-07-21 17:24 ` Steven Rostedt
2023-07-21 17:30 ` Steven Rostedt
2023-07-21 20:40 ` Steven Rostedt
2023-07-26 18:54 ` Ajay Kaher
2023-07-21 13:18 ` Steven Rostedt
2023-07-21 19:14 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=yt9dr0n8kgkj.fsf@linux.ibm.com \
--to=svens@linux.ibm.com \
--cc=akaher@vmware.com \
--cc=amakhalov@vmware.com \
--cc=chinglinyu@google.com \
--cc=er.ajay.kaher@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=mhiramat@kernel.org \
--cc=namit@vmware.com \
--cc=oe-lkp@lists.linux.dev \
--cc=rostedt@goodmis.org \
--cc=shuah@kernel.org \
--cc=srivatsa@csail.mit.edu \
--cc=tkundu@vmware.com \
--cc=vsirnapalli@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.