lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 17 May 2022 20:52:22 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     David Howells <dhowells@...hat.com>
Cc:     Ammar Faizi <ammarfaizi2@...weeb.org>, lkp@...ts.01.org,
        lkp@...el.com, LKML <linux-kernel@...r.kernel.org>
Subject: [cifs]  e4b60df6a1: kernel_BUG_at_fs/cifs/file.c



Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: e4b60df6a12099568c671591d36a9fa16515f6eb ("cifs: Change the I/O paths to use an iterator rather than a page list")
https://github.com/ammarfaizi2/linux-block dhowells/linux-fs/cifs-for-sfrench

in testcase: xfstests
version: xfstests-x86_64-46e1b83-1_20220516
with following parameters:

	disk: 4HDD
	fs: ext4
	fs2: smbv3
	test: generic-group-06
	ucode: 0xec

test-description: xfstests is a regression test suite for xfs and other files ystems.
test-url: git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git


on test machine: 8 threads Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz with 16G memory

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):




If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[   94.899923][ T3682] kernel BUG at fs/cifs/file.c:4690!
[   94.905070][ T3682] invalid opcode: 0000 [#1] SMP KASAN PTI
[   94.910638][ T3682] CPU: 3 PID: 3682 Comm: xfs_io Not tainted 5.18.0-rc6-00005-ge4b60df6a120 #1
[   94.919316][ T3682] Hardware name: HP HP Z240 SFF Workstation/802E, BIOS N51 Ver. 01.63 10/05/2017
[ 94.928251][ T3682] RIP: 0010:cifs_readahead (fs/cifs/file.c:4690) cifs
[ 94.934308][ T3682] Code: ff ff 83 c2 01 48 83 c0 01 88 94 24 32 01 00 00 48 89 84 24 28 01 00 00 48 85 ff 74 93 e9 42 ff ff ff 41 c7 46 24 00 00 00 00 <0f> 0b 4c 89 ff e8 27 2d c5 bf e9 c8 fc ff ff 65 48 8b 1c 25 00 6d
All code
========
   0:	ff                   	(bad)  
   1:	ff 83 c2 01 48 83    	incl   -0x7cb7fe3e(%rbx)
   7:	c0 01 88             	rolb   $0x88,(%rcx)
   a:	94                   	xchg   %eax,%esp
   b:	24 32                	and    $0x32,%al
   d:	01 00                	add    %eax,(%rax)
   f:	00 48 89             	add    %cl,-0x77(%rax)
  12:	84 24 28             	test   %ah,(%rax,%rbp,1)
  15:	01 00                	add    %eax,(%rax)
  17:	00 48 85             	add    %cl,-0x7b(%rax)
  1a:	ff 74 93 e9          	pushq  -0x17(%rbx,%rdx,4)
  1e:	42 ff                	rex.X (bad) 
  20:	ff                   	(bad)  
  21:	ff 41 c7             	incl   -0x39(%rcx)
  24:	46 24 00             	rex.RX and $0x0,%al
  27:	00 00                	add    %al,(%rax)
  29:*	00 0f                	add    %cl,(%rdi)		<-- trapping instruction
  2b:	0b 4c 89 ff          	or     -0x1(%rcx,%rcx,4),%ecx
  2f:	e8 27 2d c5 bf       	callq  0xffffffffbfc52d5b
  34:	e9 c8 fc ff ff       	jmpq   0xfffffffffffffd01
  39:	65                   	gs
  3a:	48                   	rex.W
  3b:	8b                   	.byte 0x8b
  3c:	1c 25                	sbb    $0x25,%al
  3e:	00                   	.byte 0x0
  3f:	6d                   	insl   (%dx),%es:(%rdi)

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	4c 89 ff             	mov    %r15,%rdi
   5:	e8 27 2d c5 bf       	callq  0xffffffffbfc52d31
   a:	e9 c8 fc ff ff       	jmpq   0xfffffffffffffcd7
   f:	65                   	gs
  10:	48                   	rex.W
  11:	8b                   	.byte 0x8b
  12:	1c 25                	sbb    $0x25,%al
  14:	00                   	.byte 0x0
  15:	6d                   	insl   (%dx),%es:(%rdi)
[   94.953701][ T3682] RSP: 0018:ffffc90007faf650 EFLAGS: 00010246
[   94.959609][ T3682] RAX: 0000000000000000 RBX: 0000000000000020 RCX: fffff52000ff5f50
[   94.967414][ T3682] RDX: fffff940015e9b07 RSI: 000000000000dfc0 RDI: ffffea000af4d834
[   94.975220][ T3682] RBP: 0000000000000007 R08: 0000000000000001 R09: ffffea000af4d837
[   94.983025][ T3682] R10: fffff940015e9b06 R11: 0000000000000001 R12: dffffc0000000000
[   94.990834][ T3682] R13: fffff52000ff5f51 R14: ffffc90007fafa68 R15: ffffea000af4d800
[   94.998652][ T3682] FS:  00007f72c8eb5e40(0000) GS:ffff8883c2d80000(0000) knlGS:0000000000000000
[   95.007417][ T3682] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   95.013848][ T3682] CR2: 00000000025ad000 CR3: 00000001212f2005 CR4: 00000000003706e0
[   95.021661][ T3682] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   95.029475][ T3682] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   95.037289][ T3682] Call Trace:
[   95.040425][ T3682]  <TASK>
[ 95.043219][ T3682] ? cifs_readdata_release (fs/cifs/file.c:4567) cifs
[ 95.049043][ T3682] ? __mod_lruvec_page_state (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:726 mm/memcontrol.c:777) 
[ 95.054521][ T3682] ? __filemap_add_folio (mm/filemap.c:915) 
[ 95.059649][ T3682] read_pages (mm/readahead.c:163) 
[ 95.063831][ T3682] ? __alloc_pages_slowpath+0x1540/0x1540 
[ 95.070433][ T3682] ? pagevec_add_and_need_flush (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/linux/swap.h:365 mm/swap.c:235 mm/swap.c:230) 
[ 95.076085][ T3682] ? file_ra_state_init (mm/readahead.c:146) 
[ 95.081123][ T3682] ? folio_add_lru (mm/swap.c:466) 
[ 95.085558][ T3682] ? policy_node (include/linux/nodemask.h:265 mm/mempolicy.c:1857) 
[ 95.089914][ T3682] page_cache_ra_unbounded (include/linux/fs.h:815 mm/readahead.c:262) 
[ 95.095216][ T3682] filemap_get_pages (include/linux/instrumented.h:71 include/asm-generic/bitops/instrumented-non-atomic.h:134 include/linux/page-flags.h:700 mm/filemap.c:2612) 
[ 95.100004][ T3682] ? filemap_add_folio (mm/filemap.c:2574) 
[ 95.104966][ T3682] filemap_read (mm/filemap.c:2679) 
[ 95.109319][ T3682] ? __alloc_pages_slowpath+0x1540/0x1540 
[ 95.115914][ T3682] ? filemap_get_pages (mm/filemap.c:2647) 
[ 95.120878][ T3682] cifs_strict_readv (fs/cifs/file.c:4221) cifs
[ 95.126330][ T3682] new_sync_read (fs/read_write.c:402 (discriminator 1)) 
[ 95.130772][ T3682] ? __ia32_sys_llseek (fs/read_write.c:391) 
[ 95.135726][ T3682] ? tcp_data_queue_ofo (net/ipv4/tcp_input.c:4826) 
[ 95.140854][ T3682] ? sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1097) 
[ 95.146506][ T3682] ? asm_sysvec_apic_timer_interrupt (arch/x86/include/asm/idtentry.h:645) 
[ 95.152504][ T3682] ? fsnotify_perm+0x13b/0x4c0 
[ 95.157724][ T3682] vfs_read (fs/read_write.c:482) 
[ 95.161729][ T3682] __x64_sys_pread64 (fs/read_write.c:672 fs/read_write.c:682 fs/read_write.c:679 fs/read_write.c:679) 
[ 95.166513][ T3682] ? vfs_read (fs/read_write.c:679) 
[ 95.170698][ T3682] ? switch_fpu_return (arch/x86/include/asm/bitops.h:75 include/asm-generic/bitops/instrumented-atomic.h:42 include/linux/thread_info.h:94 arch/x86/kernel/fpu/context.h:80 arch/x86/kernel/fpu/core.c:740) 
[ 95.175572][ T3682] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) 
[ 95.179840][ T3682] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) 
[   95.185573][ T3682] RIP: 0033:0x7f72c961be2f
[ 95.189842][ T3682] Code: 41 54 49 89 d4 55 48 89 f5 53 89 fb 48 83 ec 18 e8 76 f3 ff ff 4d 89 ea 4c 89 e2 48 89 ee 41 89 c0 89 df b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 ac f3 ff ff 48
All code
========
   0:	41 54                	push   %r12
   2:	49 89 d4             	mov    %rdx,%r12
   5:	55                   	push   %rbp
   6:	48 89 f5             	mov    %rsi,%rbp
   9:	53                   	push   %rbx
   a:	89 fb                	mov    %edi,%ebx
   c:	48 83 ec 18          	sub    $0x18,%rsp
  10:	e8 76 f3 ff ff       	callq  0xfffffffffffff38b
  15:	4d 89 ea             	mov    %r13,%r10
  18:	4c 89 e2             	mov    %r12,%rdx
  1b:	48 89 ee             	mov    %rbp,%rsi
  1e:	41 89 c0             	mov    %eax,%r8d
  21:	89 df                	mov    %ebx,%edi
  23:	b8 11 00 00 00       	mov    $0x11,%eax
  28:	0f 05                	syscall 
  2a:*	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax		<-- trapping instruction
  30:	77 35                	ja     0x67
  32:	44 89 c7             	mov    %r8d,%edi
  35:	48 89 44 24 08       	mov    %rax,0x8(%rsp)
  3a:	e8 ac f3 ff ff       	callq  0xfffffffffffff3eb
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 00 f0 ff ff    	cmp    $0xfffffffffffff000,%rax
   6:	77 35                	ja     0x3d
   8:	44 89 c7             	mov    %r8d,%edi
   b:	48 89 44 24 08       	mov    %rax,0x8(%rsp)
  10:	e8 ac f3 ff ff       	callq  0xfffffffffffff3c1
  15:	48                   	rex.W


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        sudo bin/lkp install job.yaml           # job file is attached in this email
        bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
        sudo bin/lkp run generated-yaml-file

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp



View attachment "config-5.18.0-rc6-00005-ge4b60df6a120" of type "text/plain" (166090 bytes)

View attachment "job-script" of type "text/plain" (5892 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (26888 bytes)

View attachment "xfstests" of type "text/plain" (93491 bytes)

View attachment "job.yaml" of type "text/plain" (4664 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ