public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "feng.tang at intel dot com" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c/108552] New: Linux i386 kernel 5.14 memory corruption for pre_compound_page() when gcov is enabled Date: Thu, 26 Jan 2023 08:00:28 +0000 [thread overview] Message-ID: <bug-108552-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108552 Bug ID: 108552 Summary: Linux i386 kernel 5.14 memory corruption for pre_compound_page() when gcov is enabled Product: gcc Version: 11.3.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: feng.tang at intel dot com Target Milestone: --- Created attachment 54345 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54345&action=edit objdump of prep_compound_page() 0Day found a i386 Linux kernel boot issue, and bisection shows the first bad commit is 7118fc2906e29 ("hugetlb: address ref count racing in prep_compound_gigantic_page"). It happens 94 times out of 999 runs. Details and some debug analysis from Linus/Vlastimil and us could be found in the following link: https://lore.kernel.org/lkml/202301170941.49728982-oliver.sang@intel.com/t/ Debug shows it is related with one function prep_compound_page() in mm/page_alloc.c: * If we use '#pragma GCC optimize ("O1")' for that function (kernel normally uses O2), the issue will be gone * If we disable GCOV for page_alloc.c, can't reproduce it * If we disable UBSAN for page_alloc.c, can't reproduce it * Not reproducable for x86_64 build It seems to be a loop corruption, the pesudo code is: for (i = 1; i < nr_pages; i++) set_meta_data(page[i]; It should happen for page[1]...page[nr_pages - 1], but from memory dump, seems that one more page, the page[nr_pages] is also called with set_meta_data[]. https://lore.kernel.org/all/202212312021.bc1efe86-oliver.sang@intel.com/t/ The kernel log, i386 config and the objdump of prep_compound_page() of first bad commit are attached, please let know if you need more info, thanks!
next reply other threads:[~2023-01-26 8:00 UTC|newest] Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-01-26 8:00 feng.tang at intel dot com [this message] 2023-01-26 8:01 ` [Bug c/108552] " feng.tang at intel dot com 2023-01-26 8:02 ` [Bug target/108552] " pinskia at gcc dot gnu.org 2023-01-26 8:05 ` pinskia at gcc dot gnu.org 2023-01-26 8:13 ` feng.tang at intel dot com 2023-01-26 8:19 ` pinskia at gcc dot gnu.org 2023-01-26 11:35 ` feng.tang at intel dot com 2023-01-26 11:37 ` feng.tang at intel dot com 2023-01-26 11:39 ` feng.tang at intel dot com 2023-01-26 16:03 ` feng.tang at intel dot com 2023-01-26 16:07 ` feng.tang at intel dot com 2023-01-26 19:06 ` pinskia at gcc dot gnu.org 2023-01-26 19:22 ` torvalds@linux-foundation.org 2023-01-27 9:52 ` ubizjak at gmail dot com 2023-01-27 10:47 ` ubizjak at gmail dot com 2023-01-27 10:56 ` ubizjak at gmail dot com 2023-01-27 12:23 ` ubizjak at gmail dot com 2023-01-27 12:29 ` ubizjak at gmail dot com 2023-01-27 12:31 ` [Bug tree-optimization/108552] " ubizjak at gmail dot com 2023-01-27 12:51 ` ubizjak at gmail dot com 2023-01-27 12:52 ` ubizjak at gmail dot com 2023-01-27 13:17 ` jakub at gcc dot gnu.org 2023-01-27 13:40 ` ubizjak at gmail dot com 2023-01-27 14:14 ` jakub at gcc dot gnu.org 2023-01-27 14:59 ` rguenth at gcc dot gnu.org 2023-01-27 15:01 ` rguenth at gcc dot gnu.org 2023-01-27 15:13 ` rguenth at gcc dot gnu.org 2023-01-27 15:15 ` jakub at gcc dot gnu.org 2023-01-27 15:18 ` rguenth at gcc dot gnu.org 2023-01-27 15:20 ` jakub at gcc dot gnu.org 2023-01-27 17:00 ` torvalds@linux-foundation.org 2023-01-27 17:05 ` torvalds@linux-foundation.org 2023-01-27 17:15 ` torvalds@linux-foundation.org 2023-01-27 17:19 ` jakub at gcc dot gnu.org 2023-01-27 17:29 ` jakub at gcc dot gnu.org 2023-01-27 22:30 ` vmakarov at gcc dot gnu.org 2023-01-28 14:20 ` feng.tang at intel dot com 2023-01-28 14:27 ` feng.tang at intel dot com 2023-01-28 14:29 ` feng.tang at intel dot com 2023-01-28 23:40 ` hubicka at ucw dot cz 2023-01-29 10:08 ` jakub at gcc dot gnu.org 2023-01-30 7:05 ` rguenth at gcc dot gnu.org 2023-01-30 7:09 ` rguenth at gcc dot gnu.org 2023-01-30 8:06 ` torvalds@linux-foundation.org 2023-01-30 8:30 ` jakub at gcc dot gnu.org 2023-01-30 8:44 ` rguenth at gcc dot gnu.org 2023-01-30 8:46 ` rguenther at suse dot de 2023-01-30 18:54 ` torvalds@linux-foundation.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-108552-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).