| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Ys5qvzi693ssYfsn@xsang-OptiPlex-9020>
Date: Wed, 13 Jul 2022 14:48:31 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: LKML <linux-kernel@...r.kernel.org>,
Linux Memory Management List <linux-mm@...ck.org>,
lkp@...ts.01.org, lkp@...el.com
Subject: [ITER_PIPE] 3d246b875f: WARNING:at_lib/iov_iter.c:#iov_iter_pipe
(please be noted we reported
"[ITER_PIPE] 06ce57f332: WARNING:at_lib/iov_iter.c:#iov_iter_pipe"
on
https://lore.kernel.org/all/YsGoBV%2F92rlRo+il@xsang-OptiPlex-9020/
now we noticed this commit has been merged to linux-next, but the issue still
exists.
report again FYI.)
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 3d246b875f31c56256fd05552f09ed82e144f844 ("ITER_PIPE: allocate buffers as we go in copy-to-pipe primitives")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 93.265529][ T487] ------------[ cut here ]------------
[ 93.267186][ T487] WARNING: CPU: 0 PID: 487 at lib/iov_iter.c:1096 iov_iter_pipe (lib/iov_iter.c:1096 (discriminator 1))
[ 93.269956][ T487] Modules linked in: intel_rapl_msr bochs intel_rapl_common drm_vram_helper drm_ttm_helper crct10dif_pclmul crc32_pclmul ttm crc32c_intel drm_kms_helper ghash_clmulni_intel syscopyarea rapl sysfillrect sysimgblt fb_sys_fops ppdev joydev drm sr_mod i6300esb i2c_piix4 serio_raw cdrom parport_pc parport
[ 93.279713][ T487] CPU: 0 PID: 487 Comm: cp Not tainted 5.19.0-rc4-00037-g3d246b875f31 #1
[ 93.286535][ T487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 93.290112][ T487] RIP: 0010:iov_iter_pipe (lib/iov_iter.c:1096 (discriminator 1))
[ 93.291786][ T487] Code: 7b 20 48 8d 7b 24 e8 e1 8d 8f ff 44 89 7b 24 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 19 84 7b ff 0f 0b e8 12 84 7b ff <0f> 0b e9 66 ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 41 57 4d 89
All code
========
0: 7b 20 jnp 0x22
2: 48 8d 7b 24 lea 0x24(%rbx),%rdi
6: e8 e1 8d 8f ff callq 0xffffffffff8f8dec
b: 44 89 7b 24 mov %r15d,0x24(%rbx)
f: 48 83 c4 08 add $0x8,%rsp
13: 5b pop %rbx
14: 5d pop %rbp
15: 41 5c pop %r12
17: 41 5d pop %r13
19: 41 5e pop %r14
1b: 41 5f pop %r15
1d: c3 retq
1e: e8 19 84 7b ff callq 0xffffffffff7b843c
23: 0f 0b ud2
25: e8 12 84 7b ff callq 0xffffffffff7b843c
2a:* 0f 0b ud2 <-- trapping instruction
2c: e9 66 ff ff ff jmpq 0xffffffffffffff97
31: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
38: 00 00 00 00
3c: 41 57 push %r15
3e: 4d rex.WRB
3f: 89 .byte 0x89
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: e9 66 ff ff ff jmpq 0xffffffffffffff6d
7: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1)
e: 00 00 00 00
12: 41 57 push %r15
14: 4d rex.WRB
15: 89 .byte 0x89
[ 93.298144][ T487] RSP: 0000:ffffc9000219fc28 EFLAGS: 00010293
[ 93.300409][ T487] RAX: 0000000000000000 RBX: ffffc9000219fc80 RCX: 0000000000000000
[ 93.303083][ T487] RDX: ffff8881410acc80 RSI: ffffffff81b15b7e RDI: 0000000000000003
[ 93.306157][ T487] RBP: 0000000000000010 R08: ffffffff84780108 R09: 0000000000000000
[ 93.308875][ T487] R10: ffffffff81b15acb R11: 0001ffffffffffff R12: 0000000000000010
[ 93.311741][ T487] R13: ffff8881008bef00 R14: 0000000000000000 R15: 0000000000000010
[ 93.314727][ T487] FS: 0000000000000000(0000) GS:ffff88842fc00000(0063) knlGS:00000000f7f31540
[ 93.359874][ T487] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 93.396736][ T487] CR2: 00000000fff88a7c CR3: 0000000100da6000 CR4: 00000000000406f0
[ 93.437290][ T487] Call Trace:
[ 93.472809][ T487] <TASK>
[ 93.507700][ T487] generic_file_splice_read (include/linux/fs.h:2207 fs/splice.c:307)
[ 93.542901][ T487] ? fsnotify_perm+0x168/0x360
[ 93.577294][ T487] ? security_file_permission (security/security.c:1522)
[ 93.612593][ T487] ? add_to_pipe (fs/splice.c:301)
[ 93.646745][ T487] do_splice_to (fs/splice.c:793)
[ 93.680103][ T487] splice_direct_to_actor (fs/splice.c:868)
[ 93.693189][ T391] export NO_NETWORK=1 due to no initramfs-tools
[ 93.693189][ T391] LKP: stdout: 361: /lkp/lkp/src/bin/run-lkp /lkp/jobs/scheduled/vm-snb-10/boot-1-yocto-i386-minimal-20190520.cgz-3d246b875f31c56256fd05552f09ed82e144f844-20220708-63419-q7wiq5-0.yaml
[ 93.713345][ T487] ? do_splice_direct (fs/splice.c:930)
[ 93.852060][ T487] do_splice_direct (fs/splice.c:977)
[ 93.887639][ T487] do_sendfile (fs/read_write.c:1260)
[ 93.922309][ T487] __ia32_sys_sendfile64 (fs/read_write.c:1325 fs/read_write.c:1311 fs/read_write.c:1311)
[ 93.956738][ T487] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132)
[ 93.990834][ T487] entry_INT80_compat (arch/x86/entry/entry_64_compat.S:342)
[ 94.026348][ T487] RIP: 0023:0xf7d72dd9
[ 94.059141][ T487] Code: ff 0f 83 0a 0a f4 ff c3 66 90 66 90 66 90 66 90 90 56 53 8b 74 24 18 8b 54 24 14 8b 4c 24 10 8b 5c 24 0c b8 ef 00 00 00 cd 80 <5b> 5e 3d 01 f0 ff ff 0f 83 da 09 f4 ff c3 66 90 66 90 66 90 66 90
All code
========
0: ff 0f decl (%rdi)
2: 83 0a 0a orl $0xa,(%rdx)
5: f4 hlt
6: ff c3 inc %ebx
8: 66 90 xchg %ax,%ax
a: 66 90 xchg %ax,%ax
c: 66 90 xchg %ax,%ax
e: 66 90 xchg %ax,%ax
10: 90 nop
11: 56 push %rsi
12: 53 push %rbx
13: 8b 74 24 18 mov 0x18(%rsp),%esi
17: 8b 54 24 14 mov 0x14(%rsp),%edx
1b: 8b 4c 24 10 mov 0x10(%rsp),%ecx
1f: 8b 5c 24 0c mov 0xc(%rsp),%ebx
23: b8 ef 00 00 00 mov $0xef,%eax
28: cd 80 int $0x80
2a:* 5b pop %rbx <-- trapping instruction
2b: 5e pop %rsi
2c: 3d 01 f0 ff ff cmp $0xfffff001,%eax
31: 0f 83 da 09 f4 ff jae 0xfffffffffff40a11
37: c3 retq
38: 66 90 xchg %ax,%ax
3a: 66 90 xchg %ax,%ax
3c: 66 90 xchg %ax,%ax
3e: 66 90 xchg %ax,%ax
Code starting with the faulting instruction
===========================================
0: 5b pop %rbx
1: 5e pop %rsi
2: 3d 01 f0 ff ff cmp $0xfffff001,%eax
7: 0f 83 da 09 f4 ff jae 0xfffffffffff409e7
d: c3 retq
e: 66 90 xchg %ax,%ax
10: 66 90 xchg %ax,%ax
12: 66 90 xchg %ax,%ax
14: 66 90 xchg %ax,%ax
[ 94.128710][ T487] RSP: 002b:00000000fff88a54 EFLAGS: 00000246 ORIG_RAX: 00000000000000ef
[ 94.165613][ T487] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003
[ 94.200883][ T487] RDX: 0000000000000000 RSI: 0000000001000000 RDI: 0000000000000000
[ 94.237695][ T487] RBP: 0000000001000000 R08: 0000000000000000 R09: 0000000000000000
[ 94.272397][ T487] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 94.305942][ T487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 94.342261][ T487] </TASK>
[ 94.375274][ T487] ---[ end trace 0000000000000000 ]---
To reproduce:
# build kernel
cd linux
cp config-5.19.0-rc4-00037-g3d246b875f31 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-rc4-00037-g3d246b875f31" of type "text/plain" (181465 bytes)
View attachment "job-script" of type "text/plain" (4553 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (14544 bytes)
Powered by blists - more mailing lists