From: Qian Cai <cai@lca.pw>
To: "Paul E. McKenney" <paulmck@kernel.org>
Cc: kernel test robot <rong.a.chen@intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Ingo Molnar <mingo@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>,
lkp@lists.01.org
Subject: Re: [kernel/smp] 5408b78b7a: BUG:KASAN:out-of-bounds_in_c
Date: Mon, 6 Jul 2020 14:49:41 -0400 [thread overview]
Message-ID: <20200706184941.GA1651@lca.pw> (raw)
In-Reply-To: <20200705173703.GR9247@paulmck-ThinkPad-P72>
On Sun, Jul 05, 2020 at 10:37:03AM -0700, Paul E. McKenney wrote:
> Good catch, but someone beat you to it. This commit contains the fix:
>
> 0504bc41a62c ("kernel/smp: Provide CSD lock timeout diagnostics")
Well, I can still reproduce this on next-20200706 which contains the said fix.
CSD_LOCK_WAIT_DEBUG=n
commit 0504bc41a62c4a42b9316244da7208feca7295cb
Author: Paul E. McKenney <paulmck@kernel.org>
Date: Tue Jun 30 13:22:54 2020 -0700
kernel/smp: Provide CSD lock timeout diagnostics
This commit causes csd_lock_wait() to emit diagnostics when a CPU fails
to respond quickly enough to one of the smp_call_function() family of
function calls. These diagnostics include NMI stack traces, and so the
exclusion of idle CPUs is also removed. These diagnostics are enabled
by a new CSD_LOCK_WAIT_DEBUG Kconfig option that depends on DEBUG_KERNEL.
This commit was inspired by an earlier patch by Josef Bacik.
[ paulmck: Avoid 64-bit divides per kernel test robot feedback. ]
[ paulmck: Fix for syzbot+0f719294463916a3fc0e@syzkaller.appspotmail.com ]
Link: https://lore.kernel.org/lkml/00000000000042f21905a991ecea@google.com
Link: https://lore.kernel.org/lkml/0000000000002ef21705a9933cf3@google.com
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
[19929.567055][ T0] BUG: KASAN: out-of-bounds in flush_smp_call_function_queue+0x65f/0x7c0
csd_lock_record at kernel/smp.c:119
(inlined by) flush_smp_call_function_queue at kernel/smp.c:395
[19929.575391][ T0] Read of size 8 at addr ffffc900320879b8 by task swapper/35/0
[19929.582845][ T0]
[19929.585060][ T0] CPU: 35 PID: 0 Comm: swapper/35 Tainted: G O 5.8.0-rc3-next-20200706 #1
[19929.594784][ T0] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019
[19929.604072][ T0] Call Trace:
[19929.607253][ T0] dump_stack+0x9d/0xe0
[19929.611304][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.617355][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.623415][ T0] print_address_description.constprop.8.cold.9+0x56/0x4fc
[19929.630521][ T0] ? log_store.cold.32+0x11/0x11
[19929.635353][ T0] ? lock_downgrade+0x720/0x720
[19929.640097][ T0] ? nr_iowait_cpu+0x78/0xf0
[19929.644576][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.650625][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.656674][ T0] kasan_report.cold.10+0x37/0x7c
[19929.661587][ T0] ? flush_smp_call_function_queue+0x65f/0x7c0
[19929.667647][ T0] flush_smp_call_function_queue+0x65f/0x7c0
[19929.673535][ T0] flush_smp_call_function_from_idle+0x41/0x71
[19929.679598][ T0] do_idle+0x2d6/0x4f0
[19929.683557][ T0] ? arch_cpu_idle_exit+0x40/0x40
[19929.688480][ T0] cpu_startup_entry+0x14/0x16
[19929.693143][ T0] secondary_startup_64+0xb6/0xc0
[19929.698059][ T0]
[19929.700270][ T0]
[19929.702476][ T0] Memory state around the buggy address:
[19929.708007][ T0] ffffc90032087880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[19929.715986][ T0] ffffc90032087900: 00 00 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00
[19929.723963][ T0] >ffffc90032087980: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00
[19929.731940][ T0] ^
[19929.737999][ T0] ffffc90032087a00: 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[19929.745982][ T0] ffffc90032087a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
next prev parent reply other threads:[~2020-07-06 18:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-05 8:26 [kernel/smp] 5408b78b7a: BUG:KASAN:out-of-bounds_in_c kernel test robot
2020-07-05 17:37 ` Paul E. McKenney
2020-07-06 18:49 ` Qian Cai [this message]
2020-07-06 23:12 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200706184941.GA1651@lca.pw \
--to=cai@lca.pw \
--cc=bigeasy@linutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@lists.01.org \
--cc=mingo@kernel.org \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=rong.a.chen@intel.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox