[sparc64] kernel OOPS with gcc 7.1 / 7.2

Anthony Yznaga anthony.yznaga at oracle.com
Wed Aug 16 00:45:12 UTC 2017 

> On Aug 15, 2017, at 11:50 AM, Anatoly Pugachev <matorola at gmail.com> wrote:
> 
> Hello.
> 
> Together with Dmitry (ldv) , we've discovered that running test suite
> from strace produces kernel OOPS, when kernel is compiled with gcc 7.1
> or with gcc 7.2 , but not with gcc 6 :
> 
> $ git clone https://github.com/strace/strace.git
> ttip:~/strace$ ./bootstrap
> ttip:~/strace$ ./configure && make -j
> ttip:~/strace$ cd tests-m32 && make mq
> ttip:~/strace/tests-m32$ ./mq
> Killed
> 
> kernel log:
> 
> [   61.839563] Unable to handle kernel NULL pointer dereference
> [   61.839649] tsk->{mm,active_mm}->context = 000000000000040e
> [   61.839686] tsk->{mm,active_mm}->pgd = fff8004099e06000
> [   61.839721]               \|/ ____ \|/
> [   61.839721]               "@'/ .. \`@"
> [   61.839721]               /_| \__/ |_\
> [   61.839721]                  \__U_/
> [   61.839879] mq(937): Oops [#1]
> [   61.839909] CPU: 10 PID: 937 Comm: mq Not tainted
> 4.13.0-rc5-00009-gfcd07350007b #412
> [   61.839958] task: fff80040968ed940 task.stack: fff800409c26c000
> [   61.839997] TSTATE: 0000004411001600 TPC: 000000000069fb2c TNPC:
> 000000000069fb30 Y: 000002f7    Not tainted
> [   61.840062] TPC: <current_umask+0xc/0x20>
> [   61.840091] g0: fff8004096588400 g1: 00000000000143c0 g2:
> 000000000000000a g3: 0000000000000000
> [   61.840143] g4: 0000000000000000 g5: 0000000000000000 g6:
> fff800409c26c000 g7: 000000000000000a
> [   61.840196] o0: 0000000000000000 o1: 0000000000014000 o2:
> 0000000000000000 o3: 000000000000000a
> [   61.840247] o4: 0000000000000001 o5: 0000000000000000 sp:
> fff800409c26f3e1 ret_pc: 00000000007072d0
> [   61.840308] RPC: <mq_attr_ok.isra.1+0x90/0x100>
> [   61.840341] l0: 00000000000000da l1: 00000000f7c87bf0 l2:
> 00000000f7c34000 l3: 0000000000000000
> [   61.840395] l4: 00000000f7c86100 l5: 0000000000000000 l6:
> 000000017c96f087 l7: 00000000f7c86000
> [   61.840450] i0: 0000000000000000 i1: 0000000000c4e924 i2:
> fff800409c26fd58 i3: fff800409c26fd60
> [   61.840504] i4: 0000000000014000 i5: 0000000000000014 i6:
> fff800409c26f491 i7: 00000000007074fc
> [   61.840560] I7: <do_mq_open+0x1bc/0x320>
> [   61.840590] Call Trace:
> [   61.840614]  [00000000007074fc] do_mq_open+0x1bc/0x320
> [   61.840652]  [000000000070839c] compat_SyS_mq_open+0x5c/0xa0
> [   61.840694]  [00000000004061d4] linux_sparc_syscall32+0x34/0x60
> [   61.840734] Disabling lock debugging due to kernel taint
> [   61.840756] Caller[00000000007074fc]: do_mq_open+0x1bc/0x320
> [   61.840778] Caller[000000000070839c]: compat_SyS_mq_open+0x5c/0xa0
> [   61.840800] Caller[00000000004061d4]: linux_sparc_syscall32+0x34/0x60
> [   61.840824] Caller[00000000f7c3c7fc]: 0xf7c3c7fc
> [   61.840842] Instruction DUMP:
> [   61.840846]  9de3bf50
> [   61.840860]  01000000
> [   61.840872]  01000000
> [   61.840885] <c2592720>
> [   61.840897]  81cfe008
> [   61.840910]  d0406068
> [   61.840922]  01000000
> [   61.840935]  01000000
> [   61.840947]  9de3bf30
> [   61.840960]

The panic happens in current_umask() on this instruction which
fetches current->fs:

	ldx       [%g4 + 0x720], %g1

%g4 is expected to be the current task pointer, but from the log
messages above, %g4 and %g5 are 0.  %g4 and %g5 are set to the current
task pointer and the current CPU base pointer respectively in etrap and
expected to be preserved while executing in the kernel.

I compiled a kernel with gcc 7 and found that the compiler inserted a
call to __multi3() in mq_attr_ok().  The sparc64 implementation of
__multi3() was added by 1b4af13ff2cc specifically for gcc 7 and later,
but it clobbers %g4 and %g5.  Not sure if that was intended but it
looks like __multi3() is not safe to call from kernel code.

Anthony

> 
> And if kernel is compiled with gcc 6 , test ends in other way:
> 
> ttip:~$ cd strace/tests-m32/ && ./mq
> mq_open("strace-mq-910.sample", O_RDONLY|O_CREAT, 0700, NULL) = 0
> mq_getsetattr(0, NULL, {mq_flags=0, mq_maxmsg=10, mq_msgsize=8192,
> mq_curmsgs=0}) = 0
> mq_getsetattr(0, {mq_flags=0, mq_maxmsg=10, mq_msgsize=8192,
> mq_curmsgs=0}, NULL) = 0
> mq_unlink("strace-mq-910.sample") = 0
> +++ exited with 0 +++
> 
> and nothing is printed in kernel logs.
> 
> versions of used gcc and kernels:
> 
> gcc 6 compiled kernel is git 4.13.0-rc5
> gcc 7.2 compiled kernel is git 4.13.0-rc5-00009-gfcd07350007b
> 
> $ gcc-6 -v
> Using built-in specs.
> COLLECT_GCC=gcc-6
> COLLECT_LTO_WRAPPER=/usr/lib/gcc/sparc64-linux-gnu/6/lto-wrapper
> Target: sparc64-linux-gnu
> Configured with: ../src/configure -v --with-pkgversion='Debian
> 6.4.0-3' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs
> --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++
> --prefix=/usr --program-suffix=-6 --program-prefix=sparc64-linux-gnu-
> --enable-shared --enable-linker-build-id --libexecdir=/usr/lib
> --without-included-gettext --enable-threads=posix --libdir=/usr/lib
> --enable-nls --with-sysroot=/ --enable-clocale=gnu
> --enable-libstdcxx-debug --enable-libstdcxx-time=yes
> --with-default-libstdcxx-abi=new --enable-gnu-unique-object
> --disable-libquadmath --enable-plugin --enable-default-pie
> --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk
> --enable-gtk-cairo
> --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-sparc64/jre
> --enable-java-home
> --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-sparc64
> --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-sparc64
> --with-arch-directory=sparc64
> --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc=auto
> --enable-multiarch --enable-targets=all --with-cpu-32=ultrasparc
> --with-long-double-128 --enable-multilib --enable-checking=release
> --build=sparc64-linux-gnu --host=sparc64-linux-gnu
> --target=sparc64-linux-gnu
> Thread model: posix
> gcc version 6.4.0 20170805 (Debian 6.4.0-3)
> 
> $ gcc-7 -v
> Using built-in specs.
> COLLECT_GCC=gcc-7
> COLLECT_LTO_WRAPPER=/usr/lib/gcc/sparc64-linux-gnu/7/lto-wrapper
> Target: sparc64-linux-gnu
> Configured with: ../src/configure -v --with-pkgversion='Debian
> 7.1.0-13' --with-bugurl=file:///usr/share/doc/gcc-7/README.Bugs
> --enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++ --prefix=/usr
> --with-gcc-major-version-only --program-suffix=-7
> --program-prefix=sparc64-linux-gnu- --enable-shared
> --enable-linker-build-id --libexecdir=/usr/lib
> --without-included-gettext --enable-threads=posix --libdir=/usr/lib
> --enable-nls --with-sysroot=/ --enable-clocale=gnu
> --enable-libstdcxx-debug --enable-libstdcxx-time=yes
> --with-default-libstdcxx-abi=new --enable-gnu-unique-object
> --disable-libquadmath --enable-plugin --enable-default-pie
> --with-system-zlib --enable-objc-gc=auto --enable-multiarch
> --disable-werror --with-cpu-32=ultrasparc --enable-targets=all
> --with-long-double-128 --enable-multilib --enable-checking=release
> --build=sparc64-linux-gnu --host=sparc64-linux-gnu
> --target=sparc64-linux-gnu
> Thread model: posix
> gcc version 7.1.0 (Debian 7.1.0-13)
> 
> $ gcc -v
> Using built-in specs.
> COLLECT_GCC=gcc
> COLLECT_LTO_WRAPPER=/opt/gcc72/libexec/gcc/sparc64-unknown-linux-gnu/7.2.0/lto-wrapper
> Target: sparc64-unknown-linux-gnu
> Configured with: ../gcc-7.2.0/configure --prefix=/opt/gcc72
> Thread model: posix
> gcc version 7.2.0 (GCC)
> 
> Machine is LDOM debian sid sparc64.
> --
> To unsubscribe from this list: send the line "unsubscribe sparclinux" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Strace-devel mailing list