| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Nov 2021 21:40:05 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Peter Collingbourne <pcc@...gle.com>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>, Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Juri Lelli <juri.lelli@...hat.com>,
Vincent Guittot <vincent.guittot@...aro.org>,
Dietmar Eggemann <dietmar.eggemann@....com>,
Steven Rostedt <rostedt@...dmis.org>,
Ben Segall <bsegall@...gle.com>, Mel Gorman <mgorman@...e.de>,
Daniel Bristot de Oliveira <bristot@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Andy Lutomirski <luto@...nel.org>,
Kees Cook <keescook@...omium.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Masahiro Yamada <masahiroy@...nel.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
YiFei Zhu <yifeifz2@...inois.edu>,
Colin Ian King <colin.king@...onical.com>,
Mark Rutland <mark.rutland@....com>,
Frederic Weisbecker <frederic@...nel.org>,
Viresh Kumar <viresh.kumar@...aro.org>,
Andrey Konovalov <andreyknvl@...il.com>,
Peter Collingbourne <pcc@...gle.com>,
Gabriel Krisman Bertazi <krisman@...labora.com>,
Chris Hyser <chris.hyser@...cle.com>,
Daniel Vetter <daniel.vetter@...ll.ch>,
Chris Wilson <chris@...is-wilson.co.uk>,
Arnd Bergmann <arnd@...db.de>,
Dmitry Vyukov <dvyukov@...gle.com>,
Christian Brauner <christian.brauner@...ntu.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Alexey Gladkov <legion@...nel.org>,
Ran Xiaokai <ran.xiaokai@....com.cn>,
David Hildenbrand <david@...hat.com>,
Xiaofeng Cao <caoxiaofeng@...ong.com>,
Cyrill Gorcunov <gorcunov@...il.com>,
Thomas Cedeno <thomascedeno@...gle.com>,
Marco Elver <elver@...gle.com>,
Alexander Potapenko <glider@...gle.com>,
linux-arm-kernel@...ts.infradead.org,
Evgenii Stepanov <eugenis@...gle.com>
Subject: [uaccess] 7cd6f10220: BUG:unable_to_handle_page_fault_for_address
Greeting,
FYI, we noticed the following commit (built with clang-14):
commit: 7cd6f102201f3ea35eea1b990f7543e890b7fdbb ("[PATCH v2 3/5] uaccess-buffer: add CONFIG_GENERIC_ENTRY support")
url: https://github.com/0day-ci/linux/commits/Peter-Collingbourne/kernel-introduce-uaccess-logging/20211123-131922
base: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git cb0e52b7748737b2cf6481fdd9b920ce7e1ebbdf
patch link: https://lore.kernel.org/lkml/20211123051658.3195589-4-pcc@google.com
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+----------------------------------------------------------+------------+------------+
| | e050ed271b | 7cd6f10220 |
+----------------------------------------------------------+------------+------------+
| boot_successes | 16 | 0 |
| boot_failures | 0 | 16 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 10 |
| Oops:#[##] | 0 | 10 |
| RIP:kfree | 0 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 16 |
| WARNING:at_mm/slub.c:#free_nonslab_page | 0 | 6 |
| RIP:free_nonslab_page | 0 | 6 |
| BUG:KASAN:double-free_or_invalid-free_in_dup_task_struct | 0 | 6 |
| maybe_for_address#:#[##] | 0 | 6 |
| RIP:__memcpy | 0 | 6 |
+----------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 29.153667][ T2] BUG: unable to handle page fault for address: ffffebf7d0000008
[ 29.154602][ T2] #PF: supervisor read access in kernel mode
[ 29.155284][ T2] #PF: error_code(0x0000) - not-present page
[ 29.155975][ T2] PGD 0 P4D 0
[ 29.156359][ T2] Oops: 0000 [#1] PREEMPT SMP KASAN PTI
[ 29.156771][ T2] CPU: 0 PID: 2 Comm: kthreadd Not tainted 5.16.0-rc1-00007-g7cd6f102201f #1 aaaec4470dd30d48a14d7cba8ba3e2c3760eb3bd
[ 29.156771][ T2] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 29.156771][ T2] RIP: 0010:kfree (include/linux/page-flags.h:198 include/linux/mm.h:863 mm/slub.c:4556)
[ 29.156771][ T2] Code: 00 00 80 72 09 48 8b 0d 8e 1a 69 03 eb 0a 48 b9 00 00 00 80 7f 77 00 00 48 01 d9 48 81 e9 00 00 00 80 48 c1 e9 0c 48 c1 e1 06 <4c> 8b 7c 01 08 41 f6 c7 01 0f 85 d3 00 00 00 48 01 c8 49 89 c7 49
All code
========
0: 00 00 add %al,(%rax)
2: 80 72 09 48 xorb $0x48,0x9(%rdx)
6: 8b 0d 8e 1a 69 03 mov 0x3691a8e(%rip),%ecx # 0x3691a9a
c: eb 0a jmp 0x18
e: 48 b9 00 00 00 80 7f movabs $0x777f80000000,%rcx
15: 77 00 00
18: 48 01 d9 add %rbx,%rcx
1b: 48 81 e9 00 00 00 80 sub $0xffffffff80000000,%rcx
22: 48 c1 e9 0c shr $0xc,%rcx
26: 48 c1 e1 06 shl $0x6,%rcx
2a:* 4c 8b 7c 01 08 mov 0x8(%rcx,%rax,1),%r15 <-- trapping instruction
2f: 41 f6 c7 01 test $0x1,%r15b
33: 0f 85 d3 00 00 00 jne 0x10c
39: 48 01 c8 add %rcx,%rax
3c: 49 89 c7 mov %rax,%r15
3f: 49 rex.WB
Code starting with the faulting instruction
===========================================
0: 4c 8b 7c 01 08 mov 0x8(%rcx,%rax,1),%r15
5: 41 f6 c7 01 test $0x1,%r15b
9: 0f 85 d3 00 00 00 jne 0xe2
f: 48 01 c8 add %rcx,%rax
12: 49 89 c7 mov %rax,%r15
15: 49 rex.WB
[ 29.156771][ T2] RSP: 0000:ffffc9000002fc08 EFLAGS: 00010206
[ 29.156771][ T2] RAX: ffffea0000000000 RBX: 0000067400000161 RCX: 000001f7d0000000
[ 29.156771][ T2] RDX: dffffc0000000000 RSI: ffffffff83c824e0 RDI: ffffffff841d22a0
[ 29.156771][ T2] RBP: ffff888131593628 R08: dffffc0000000000 R09: fffffbfff0a326f9
[ 29.156771][ T2] R10: dffff7fff0a326fa R11: 1ffffffff0a326f8 R12: ffff8881315a0000
[ 29.156771][ T2] R13: dffffc0000000000 R14: ffffffff81190728 R15: ffff8881315a26c0
[ 29.156771][ T2] FS: 0000000000000000(0000) GS:ffff8883ae800000(0000) knlGS:0000000000000000
[ 29.156771][ T2] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.156771][ T2] CR2: ffffebf7d0000008 CR3: 0000000004c16000 CR4: 00000000000406f0
[ 29.156771][ T2] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 29.156771][ T2] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 29.156771][ T2] Call Trace:
[ 29.156771][ T2] <TASK>
[ 29.156771][ T2] ? find_vm_area (mm/vmalloc.c:2497)
[ 29.156771][ T2] dup_task_struct (include/linux/sched/task.h:148 kernel/fork.c:896)
[ 29.156771][ T2] copy_process (kernel/fork.c:?)
[ 29.156771][ T2] ? __lock_acquire (kernel/locking/lockdep.c:?)
[ 29.156771][ T2] kernel_clone (kernel/fork.c:2585)
[ 29.156771][ T2] ? sched_clock_cpu (kernel/sched/clock.c:292 kernel/sched/clock.c:382)
[ 29.156771][ T2] ? kthread_unuse_mm (kernel/kthread.c:272)
[ 29.156771][ T2] kernel_thread (kernel/fork.c:2637)
[ 29.156771][ T2] ? kthread_unuse_mm (kernel/kthread.c:272)
[ 29.156771][ T2] kthreadd (kernel/kthread.c:351 kernel/kthread.c:685)
[ 29.156771][ T2] ? trace_sched_kthread_stop_ret (kernel/kthread.c:658)
[ 29.156771][ T2] ret_from_fork (??:?)
[ 29.156771][ T2] </TASK>
[ 29.156771][ T2] Modules linked in:
[ 29.156771][ T2] CR2: ffffebf7d0000008
[ 29.156771][ T2] ---[ end trace a8dc7679c1d35edd ]---
[ 29.156771][ T2] RIP: 0010:kfree (include/linux/page-flags.h:198 include/linux/mm.h:863 mm/slub.c:4556)
[ 29.156771][ T2] Code: 00 00 80 72 09 48 8b 0d 8e 1a 69 03 eb 0a 48 b9 00 00 00 80 7f 77 00 00 48 01 d9 48 81 e9 00 00 00 80 48 c1 e9 0c 48 c1 e1 06 <4c> 8b 7c 01 08 41 f6 c7 01 0f 85 d3 00 00 00 48 01 c8 49 89 c7 49
All code
========
0: 00 00 add %al,(%rax)
2: 80 72 09 48 xorb $0x48,0x9(%rdx)
6: 8b 0d 8e 1a 69 03 mov 0x3691a8e(%rip),%ecx # 0x3691a9a
c: eb 0a jmp 0x18
e: 48 b9 00 00 00 80 7f movabs $0x777f80000000,%rcx
15: 77 00 00
18: 48 01 d9 add %rbx,%rcx
1b: 48 81 e9 00 00 00 80 sub $0xffffffff80000000,%rcx
22: 48 c1 e9 0c shr $0xc,%rcx
26: 48 c1 e1 06 shl $0x6,%rcx
2a:* 4c 8b 7c 01 08 mov 0x8(%rcx,%rax,1),%r15 <-- trapping instruction
2f: 41 f6 c7 01 test $0x1,%r15b
33: 0f 85 d3 00 00 00 jne 0x10c
39: 48 01 c8 add %rcx,%rax
3c: 49 89 c7 mov %rax,%r15
3f: 49 rex.WB
Code starting with the faulting instruction
===========================================
0: 4c 8b 7c 01 08 mov 0x8(%rcx,%rax,1),%r15
5: 41 f6 c7 01 test $0x1,%r15b
9: 0f 85 d3 00 00 00 jne 0xe2
f: 48 01 c8 add %rcx,%rax
12: 49 89 c7 mov %rax,%r15
15: 49 rex.WB
To reproduce:
# build kernel
cd linux
cp config-5.16.0-rc1-00007-g7cd6f102201f .config
make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.16.0-rc1-00007-g7cd6f102201f" of type "text/plain" (123820 bytes)
View attachment "job-script" of type "text/plain" (5109 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (9016 bytes)
Powered by blists - more mailing lists