lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220130025449.GE1351@xsang-OptiPlex-9020>
Date:   Sun, 30 Jan 2022 10:54:49 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Michel Lespinasse <michel@...pinasse.org>
Cc:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org, Linux-MM <linux-mm@...ck.org>,
        Andrew Morton <akpm@...ux-foundation.org>, kernel-team@...com,
        Laurent Dufour <ldufour@...ux.ibm.com>,
        Jerome Glisse <jglisse@...gle.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Michal Hocko <mhocko@...e.com>,
        Vlastimil Babka <vbabka@...e.cz>,
        Davidlohr Bueso <dave@...olabs.net>,
        Matthew Wilcox <willy@...radead.org>,
        Liam Howlett <liam.howlett@...cle.com>,
        Rik van Riel <riel@...riel.com>,
        Paul McKenney <paulmck@...nel.org>,
        Song Liu <songliubraving@...com>,
        Suren Baghdasaryan <surenb@...gle.com>,
        Minchan Kim <minchan@...gle.com>,
        Joel Fernandes <joelaf@...gle.com>,
        David Rientjes <rientjes@...gle.com>,
        Axel Rasmussen <axelrasmussen@...gle.com>,
        Andy Lutomirski <luto@...nel.org>,
        Michel Lespinasse <michel@...pinasse.org>
Subject: [mm]  fa5331bae2: canonical_address#:#[##]



Greeting,

FYI, we noticed the following commit (built with clang-14):

commit: fa5331bae2e49ce86eff959390b451b7401f9156 ("[PATCH v2 18/35] mm: implement speculative handling in do_anonymous_page()")
url: https://github.com/0day-ci/linux/commits/Michel-Lespinasse/Speculative-page-faults/20220128-212122
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 145d9b498fc827b79c1260b4caa29a8e59d4c2b9
patch link: https://lore.kernel.org/linux-mm/20220128131006.67712-19-michel@lespinasse.org

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu Icelake-Server -smp 4 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------+------------+------------+
|                                          | b19284b7ad | fa5331bae2 |
+------------------------------------------+------------+------------+
| canonical_address#:#[##]                 | 0          | 10         |
| RIP:__handle_mm_fault                    | 0          | 10         |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 10         |
+------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>



[  331.159834][    T1] rtc-test rtc-test.2: registered as rtc3
[  331.161803][    T1] sdhci: Secure Digital Host Controller Interface driver
[  331.162959][    T1] sdhci: Copyright(c) Pierre Ossman
[  331.165687][    T1] sdhci-pltfm: SDHCI platform and OF driver helper
[  331.168206][    T1] leds_apu: No PC Engines APUv1 board detected. For APUv2,3 support, enable CONFIG_PCENGINES_APU2
[  331.179298][   T61] general protection fault, probably for non-canonical address 0xf555515555555555: 0000 [#1] KASAN PTI
[  331.180173][   T61] KASAN: maybe wild-memory-access in range [0xaaaaaaaaaaaaaaa8-0xaaaaaaaaaaaaaaaf]
[  331.180173][   T61] CPU: 0 PID: 61 Comm: kworker/u2:1 Not tainted 5.17.0-rc1-00248-gfa5331bae2e4 #1 48e2d12faa7f614111ba8a377c1a6d47b436f5c7
[  331.180173][   T61] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 331.180173][ T61] RIP: 0010:__handle_mm_fault (memory.c:?) 
[ 331.180173][ T61] Code: 0c 00 4c 89 f0 48 83 c8 42 41 f6 04 24 02 49 0f 44 c6 48 89 45 c0 48 b8 55 55 55 55 55 51 55 f5 49 bf aa aa aa aa aa aa aa aa <80> 38 00 74 08 4c 89 ff e8 43 2e 0c 00 49 8b 1f 48 83 c3 40 48 89
All code
========
   0:	0c 00                	or     $0x0,%al
   2:	4c 89 f0             	mov    %r14,%rax
   5:	48 83 c8 42          	or     $0x42,%rax
   9:	41 f6 04 24 02       	testb  $0x2,(%r12)
   e:	49 0f 44 c6          	cmove  %r14,%rax
  12:	48 89 45 c0          	mov    %rax,-0x40(%rbp)
  16:	48 b8 55 55 55 55 55 	movabs $0xf555515555555555,%rax
  1d:	51 55 f5 
  20:	49 bf aa aa aa aa aa 	movabs $0xaaaaaaaaaaaaaaaa,%r15
  27:	aa aa aa 
  2a:*	80 38 00             	cmpb   $0x0,(%rax)		<-- trapping instruction
  2d:	74 08                	je     0x37
  2f:	4c 89 ff             	mov    %r15,%rdi
  32:	e8 43 2e 0c 00       	callq  0xc2e7a
  37:	49 8b 1f             	mov    (%r15),%rbx
  3a:	48 83 c3 40          	add    $0x40,%rbx
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89

Code starting with the faulting instruction
===========================================
   0:	80 38 00             	cmpb   $0x0,(%rax)
   3:	74 08                	je     0xd
   5:	4c 89 ff             	mov    %r15,%rdi
   8:	e8 43 2e 0c 00       	callq  0xc2e50
   d:	49 8b 1f             	mov    (%r15),%rbx
  10:	48 83 c3 40          	add    $0x40,%rbx
  14:	48                   	rex.W
  15:	89                   	.byte 0x89
[  331.180173][   T61] RSP: 0000:ffffc9000101fab0 EFLAGS: 00010202
[  331.180173][   T61] RAX: f555515555555555 RBX: 00000003ed304000 RCX: 0000000000000000
[  331.180173][   T61] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff96587108
[  331.180173][   T61] RBP: ffffc9000101fbd0 R08: dffffc0000000000 R09: fffff94001f69821
[  331.180173][   T61] R10: dffff54001f69822 R11: 1ffffd4001f69820 R12: ffff88815ece4058
[  331.180173][   T61] R13: 1ffff1102bd9c80b R14: 80000003ed304025 R15: aaaaaaaaaaaaaaaa
[  331.180173][   T61] FS:  0000000000000000(0000) GS:ffffffff95883000(0000) knlGS:0000000000000000
[  331.180173][   T61] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  331.180173][   T61] CR2: ffff88843ffff000 CR3: 000000001a636001 CR4: 0000000000170eb0
[  331.180173][   T61] Call Trace:
[  331.180173][   T61]  <TASK>
[ 331.180173][ T61] do_handle_mm_fault (??:?) 
[ 331.180173][ T61] __get_user_pages (gup.c:?) 
[ 331.180173][ T61] __get_user_pages_remote (gup.c:?) 
[ 331.180173][ T61] get_user_pages_remote (??:?) 


To reproduce:

        # build kernel
	cd linux
	cp config-5.17.0-rc1-00248-gfa5331bae2e4 .config
	make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.17.0-rc1-00248-gfa5331bae2e4" of type "text/plain" (144018 bytes)

View attachment "job-script" of type "text/plain" (4932 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (11532 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ