| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 May 2022 10:52:19 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Joanne Koong <joannelkoong@...il.com>
Cc: Jakub Kicinski <kuba@...nel.org>,
Eric Dumazet <edumazet@...gle.com>,
Kuniyuki Iwashima <kuniyu@...zon.co.jp>,
LKML <linux-kernel@...r.kernel.org>, netdev@...r.kernel.org,
dccp@...r.kernel.org, lkp@...ts.01.org, lkp@...el.com
Subject: [net] d5a42de8bd: BUG:unable_to_handle_page_fault_for_address
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: d5a42de8bdbe25081f07b801d8b35f4d75a791f4 ("net: Add a second bind table hashed by port and address")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: netperf
version: netperf-x86_64-2.7-0_20220502
with following parameters:
ip: ipv4
runtime: 300s
nr_threads: 16
cluster: cs-localhost
test: TCP_CRR
cpufreq_governor: performance
ucode: 0x7002402
test-description: Netperf is a benchmark that can be use to measure various aspect of networking performance.
test-url: http://www.netperf.org/netperf/
on test machine: 144 threads 4 sockets Intel(R) Xeon(R) Gold 5318H CPU @ 2.50GHz with 128G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 54.916314][ T6840] BUG: unable to handle page fault for address: 00007f9251155fe0
[ 54.924136][ T6840] #PF: supervisor read access in kernel mode
[ 54.930148][ T6840] #PF: error_code(0x0000) - not-present page
[ 54.936113][ T6840] PGD 104c3a067 P4D 104c3a067 PUD 0
[ 54.941381][ T6840] Oops: 0000 [#1] SMP NOPTI
[ 54.945874][ T6840] CPU: 92 PID: 6840 Comm: netperf Not tainted 5.18.0-rc7-01831-gd5a42de8bdbe #1
[ 54.954875][ T6840] RIP: 0010:inet_bind2_bucket_find (include/net/net_namespace.h:361 include/net/inet_hashtables.h:116 net/ipv4/inet_hashtables.c:765 net/ipv4/inet_hashtables.c:819)
[ 54.960937][ T6840] Code: 57 ff 21 d0 49 8b 55 30 48 8d 34 c2 48 8b 06 48 85 c0 75 10 eb 45 48 39 d3 74 57 48 8b 40 20 48 85 c0 74 37 48 83 e8 20 74 31 <48> 8b 10 66 83 fd 0a 75 e3 48 39 d3 75 e3 66 3b 48 0c 75 dd 44 3b
All code
========
0: 57 push %rdi
1: ff 21 jmpq *(%rcx)
3: d0 49 8b rorb -0x75(%rcx)
6: 55 push %rbp
7: 30 48 8d xor %cl,-0x73(%rax)
a: 34 c2 xor $0xc2,%al
c: 48 8b 06 mov (%rsi),%rax
f: 48 85 c0 test %rax,%rax
12: 75 10 jne 0x24
14: eb 45 jmp 0x5b
16: 48 39 d3 cmp %rdx,%rbx
19: 74 57 je 0x72
1b: 48 8b 40 20 mov 0x20(%rax),%rax
1f: 48 85 c0 test %rax,%rax
22: 74 37 je 0x5b
24: 48 83 e8 20 sub $0x20,%rax
28: 74 31 je 0x5b
2a:* 48 8b 10 mov (%rax),%rdx <-- trapping instruction
2d: 66 83 fd 0a cmp $0xa,%bp
31: 75 e3 jne 0x16
33: 48 39 d3 cmp %rdx,%rbx
36: 75 e3 jne 0x1b
38: 66 3b 48 0c cmp 0xc(%rax),%cx
3c: 75 dd jne 0x1b
3e: 44 rex.R
3f: 3b .byte 0x3b
Code starting with the faulting instruction
===========================================
0: 48 8b 10 mov (%rax),%rdx
3: 66 83 fd 0a cmp $0xa,%bp
7: 75 e3 jne 0xffffffffffffffec
9: 48 39 d3 cmp %rdx,%rbx
c: 75 e3 jne 0xfffffffffffffff1
e: 66 3b 48 0c cmp 0xc(%rax),%cx
12: 75 dd jne 0xfffffffffffffff1
14: 44 rex.R
15: 3b .byte 0x3b
[ 54.980691][ T6840] RSP: 0018:ffffc90023997d98 EFLAGS: 00010202
[ 54.986781][ T6840] RAX: 00007f9251155fe0 RBX: ffffffff837ac900 RCX: 000000000000de4b
[ 54.994782][ T6840] RDX: ffffffff82201160 RSI: ffffc90009e23078 RDI: 0000000000010000
[ 55.002785][ T6840] RBP: 0000000000000002 R08: 000000000000de4b R09: ffffc90023997df0
[ 55.010785][ T6840] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8888957808c0
[ 55.018781][ T6840] R13: ffffffff837af540 R14: 0000000000000000 R15: ffffc90023997df0
[ 55.026784][ T6840] FS: 00007fb1e688d740(0000) GS:ffff88905f900000(0000) knlGS:0000000000000000
[ 55.035748][ T6840] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.042367][ T6840] CR2: 00007f9251155fe0 CR3: 000000017a86c001 CR4: 00000000007706e0
[ 55.050381][ T6840] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.058397][ T6840] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.066417][ T6840] PKRU: 55555554
[ 55.070014][ T6840] Call Trace:
[ 55.073349][ T6840] <TASK>
[ 55.076340][ T6840] inet_csk_get_port (net/ipv4/inet_connection_sock.c:492)
[ 55.081331][ T6840] __inet_bind (net/ipv4/af_inet.c:525)
[ 55.085801][ T6840] __sys_bind (net/socket.c:1744)
[ 55.090093][ T6840] ? __sys_setsockopt (include/linux/file.h:32 net/socket.c:2231)
[ 55.095074][ T6840] __x64_sys_bind (net/socket.c:1755 net/socket.c:1753 net/socket.c:1753)
[ 55.099616][ T6840] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 55.104070][ T6840] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115)
[ 55.110000][ T6840] RIP: 0033:0x7fb1e6989ec7
[ 55.114459][ T6840] Code: ff ff ff ff c3 48 8b 15 c7 ff 0b 00 f7 d8 64 89 02 b8 ff ff ff ff eb ba 66 2e 0f 1f 84 00 00 00 00 00 90 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 99 ff 0b 00 f7 d8 64 89 01 48
All code
========
0: ff (bad)
1: ff (bad)
2: ff (bad)
3: ff c3 inc %ebx
5: 48 8b 15 c7 ff 0b 00 mov 0xbffc7(%rip),%rdx # 0xbffd3
c: f7 d8 neg %eax
e: 64 89 02 mov %eax,%fs:(%rdx)
11: b8 ff ff ff ff mov $0xffffffff,%eax
16: eb ba jmp 0xffffffffffffffd2
18: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
1f: 00 00 00
22: 90 nop
23: b8 31 00 00 00 mov $0x31,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 retq
33: 48 8b 0d 99 ff 0b 00 mov 0xbff99(%rip),%rcx # 0xbffd3
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 retq
9: 48 8b 0d 99 ff 0b 00 mov 0xbff99(%rip),%rcx # 0xbffa9
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 55.134300][ T6840] RSP: 002b:00007ffea9914708 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 55.142774][ T6840] RAX: ffffffffffffffda RBX: 000055ede299b508 RCX: 00007fb1e6989ec7
[ 55.150812][ T6840] RDX: 0000000000000010 RSI: 000055ede404b350 RDI: 0000000000000006
[ 55.158856][ T6840] RBP: 00007ffea9914760 R08: 0000000000000004 R09: 0000000000000000
[ 55.166900][ T6840] R10: 00007ffea9914730 R11: 0000000000000246 R12: 000055ede299b4d8
[ 55.174944][ T6840] R13: 00007ffea9914ac0 R14: 0000000000000000 R15: 0000000000000000
[ 55.182998][ T6840] </TASK>
[ 55.186105][ T6840] Modules linked in: binfmt_misc btrfs blake2b_generic xor raid6_pq intel_rapl_msr zstd_compress ipmi_ssif intel_rapl_common libcrc32c ast drm_vram_helper drm_ttm_helper ttm skx_edac nfit drm_kms_helper nvme libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel rapl intel_cstate nvme_core syscopyarea t10_pi sysfillrect ahci sysimgblt crc64_rocksoft_generic fb_sys_fops libahci mei_me crc64_rocksoft intel_uncore ioatdma drm crc64 mei intel_pch_thermal acpi_ipmi libata joydev dca wmi ipmi_si ipmi_devintf ipmi_msghandler acpi_pad acpi_power_meter ip_tables
[ 55.245877][ T6840] CR2: 00007f9251155fe0
[ 55.250154][ T6840] ---[ end trace 0000000000000000 ]---
[ 55.287285][ T6840] RIP: 0010:inet_bind2_bucket_find (include/net/net_namespace.h:361 include/net/inet_hashtables.h:116 net/ipv4/inet_hashtables.c:765 net/ipv4/inet_hashtables.c:819)
[ 55.293481][ T6840] Code: 57 ff 21 d0 49 8b 55 30 48 8d 34 c2 48 8b 06 48 85 c0 75 10 eb 45 48 39 d3 74 57 48 8b 40 20 48 85 c0 74 37 48 83 e8 20 74 31 <48> 8b 10 66 83 fd 0a 75 e3 48 39 d3 75 e3 66 3b 48 0c 75 dd 44 3b
All code
========
0: 57 push %rdi
1: ff 21 jmpq *(%rcx)
3: d0 49 8b rorb -0x75(%rcx)
6: 55 push %rbp
7: 30 48 8d xor %cl,-0x73(%rax)
a: 34 c2 xor $0xc2,%al
c: 48 8b 06 mov (%rsi),%rax
f: 48 85 c0 test %rax,%rax
12: 75 10 jne 0x24
14: eb 45 jmp 0x5b
16: 48 39 d3 cmp %rdx,%rbx
19: 74 57 je 0x72
1b: 48 8b 40 20 mov 0x20(%rax),%rax
1f: 48 85 c0 test %rax,%rax
22: 74 37 je 0x5b
24: 48 83 e8 20 sub $0x20,%rax
28: 74 31 je 0x5b
2a:* 48 8b 10 mov (%rax),%rdx <-- trapping instruction
2d: 66 83 fd 0a cmp $0xa,%bp
31: 75 e3 jne 0x16
33: 48 39 d3 cmp %rdx,%rbx
36: 75 e3 jne 0x1b
38: 66 3b 48 0c cmp 0xc(%rax),%cx
3c: 75 dd jne 0x1b
3e: 44 rex.R
3f: 3b .byte 0x3b
Code starting with the faulting instruction
===========================================
0: 48 8b 10 mov (%rax),%rdx
3: 66 83 fd 0a cmp $0xa,%bp
7: 75 e3 jne 0xffffffffffffffec
9: 48 39 d3 cmp %rdx,%rbx
c: 75 e3 jne 0xfffffffffffffff1
e: 66 3b 48 0c cmp 0xc(%rax),%cx
12: 75 dd jne 0xfffffffffffffff1
14: 44 rex.R
15: 3b .byte 0x3b
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.18.0-rc7-01831-gd5a42de8bdbe" of type "text/plain" (162850 bytes)
View attachment "job-script" of type "text/plain" (8488 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (37848 bytes)
View attachment "job.yaml" of type "text/plain" (5676 bytes)
Powered by blists - more mailing lists