lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220620024749.GB3669@xsang-OptiPlex-9020>
Date:   Mon, 20 Jun 2022 10:47:49 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Jens Axboe <axboe@...nel.dk>
Cc:     Ammar Faizi <ammarfaizi2@...weeb.org>,
        linux-kernel@...r.kernel.org, lkp@...ts.01.org, lkp@...el.com
Subject: [iov_iter]  8416b73063: canonical_address#:#[##]



Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: 8416b73063d19b0a1b487cb9336641b5d1dea33e ("iov_iter: import single segments iovecs as ITER_UBUF")
https://github.com/ammarfaizi2/linux-block axboe/linux-block/for-5.20/io_uring-iter

in testcase: trinity
version: trinity-x86_64-3f8670b2-1_20220518
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[   24.905349][  T526] can: broadcast manager protocol
[   25.142446][  T449] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[   25.201512][  T576] Zero length message leads to an empty skb
[   25.213383][  T576] VFS: Warning: trinity-c6 using old stat() call. Recompile your binary.
[   25.220033][  T576] Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[   26.203411][  T588] general protection fault, probably for non-canonical address 0xe0000bf8965a3800: 0000 [#1] SMP KASAN PTI
[   26.205435][  T588] KASAN: probably user-memory-access in range [0x00007fc4b2d1c000-0x00007fc4b2d1c007]
[   26.207211][  T588] CPU: 1 PID: 588 Comm: trinity-c1 Not tainted 5.19.0-rc2-00317-g8416b73063d1 #8
[   26.208955][  T588] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 26.210789][ T588] RIP: do_loop_readv_writev+0x120/0x300 
[ 26.212422][ T588] Code: 7c 01 00 00 49 8b 55 10 48 85 d2 0f 84 b8 00 00 00 48 8b 44 24 10 80 38 00 0f 85 48 01 00 00 49 8b 45 18 48 89 c1 48 c1 e9 03 <80> 3c 29 00 0f 85 12 01 00 00 48 8b 7c 24 18 48 8b 30 80 3f 00 0f
All code
========
   0:	7c 01                	jl     0x3
   2:	00 00                	add    %al,(%rax)
   4:	49 8b 55 10          	mov    0x10(%r13),%rdx
   8:	48 85 d2             	test   %rdx,%rdx
   b:	0f 84 b8 00 00 00    	je     0xc9
  11:	48 8b 44 24 10       	mov    0x10(%rsp),%rax
  16:	80 38 00             	cmpb   $0x0,(%rax)
  19:	0f 85 48 01 00 00    	jne    0x167
  1f:	49 8b 45 18          	mov    0x18(%r13),%rax
  23:	48 89 c1             	mov    %rax,%rcx
  26:	48 c1 e9 03          	shr    $0x3,%rcx
  2a:*	80 3c 29 00          	cmpb   $0x0,(%rcx,%rbp,1)		<-- trapping instruction
  2e:	0f 85 12 01 00 00    	jne    0x146
  34:	48 8b 7c 24 18       	mov    0x18(%rsp),%rdi
  39:	48 8b 30             	mov    (%rax),%rsi
  3c:	80 3f 00             	cmpb   $0x0,(%rdi)
  3f:	0f                   	.byte 0xf

Code starting with the faulting instruction
===========================================
   0:	80 3c 29 00          	cmpb   $0x0,(%rcx,%rbp,1)
   4:	0f 85 12 01 00 00    	jne    0x11c
   a:	48 8b 7c 24 18       	mov    0x18(%rsp),%rdi
   f:	48 8b 30             	mov    (%rax),%rsi
  12:	80 3f 00             	cmpb   $0x0,(%rdi)
  15:	0f                   	.byte 0xf
[   26.216124][  T588] RSP: 0018:ffffc900007cfc20 EFLAGS: 00010206
[   26.217797][  T588] RAX: 00007fc4b2d1c000 RBX: ffff888141e1d280 RCX: 00000ff8965a3800
[   26.219592][  T588] RDX: 0000000000000014 RSI: ffffc900007cfd58 RDI: ffff888141e1d2a8
[   26.221378][  T588] RBP: dffffc0000000000 R08: 0000000000000014 R09: ffffc900007cfd50
[   26.223159][  T588] R10: fffff520000f9fb5 R11: 0000000000000001 R12: 0000000000000000
[   26.224915][  T588] R13: ffffc900007cfd50 R14: ffffc900007cfec8 R15: ffff888141e1d2c4
[   26.226678][  T588] FS:  00007fc4b4971600(0000) GS:ffff88839d700000(0000) knlGS:0000000000000000
[   26.228499][  T588] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   26.230193][  T588] CR2: 00007fc4b4089f4c CR3: 0000000162456000 CR4: 00000000000406e0
[   26.231973][  T588] DR0: 00007fc4b2b1c000 DR1: 0000000000000000 DR2: 0000000000000000
[   26.233737][  T588] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[   26.235504][  T588] Call Trace:
[   26.236991][  T588]  <TASK>
[ 26.238440][ T588] do_iter_write (kbuild/src/x86_64-2/fs/read_write.c:753 kbuild/src/x86_64-2/fs/read_write.c:868) 
[ 26.239985][ T588] vfs_writev (kbuild/src/x86_64-2/fs/read_write.c:940) 
[ 26.241495][ T588] ? vfs_iter_write (kbuild/src/x86_64-2/fs/read_write.c:930) 
[ 26.243021][ T588] ? __hrtimer_start_range_ns (kbuild/src/x86_64-2/kernel/time/hrtimer.c:1258) 


To reproduce:

        # build kernel
	cd linux
	cp config-5.19.0-rc2-00317-g8416b73063d1 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp



View attachment "config-5.19.0-rc2-00317-g8416b73063d1" of type "text/plain" (167363 bytes)

View attachment "job-script" of type "text/plain" (4808 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (14908 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ