| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YtLGmrJEJy2pnLaO@xsang-OptiPlex-9020>
Date: Sat, 16 Jul 2022 22:09:30 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Dylan Yudaken <dylany@...com>
Cc: 0day robot <lkp@...el.com>, Paolo Abeni <pabeni@...hat.com>,
LKML <linux-kernel@...r.kernel.org>, netdev@...r.kernel.org,
lkp@...ts.01.org, Jens Axboe <axboe@...nel.dk>,
Pavel Begunkov <asml.silence@...il.com>, davem@...emloft.net,
edumazet@...gle.com, kuba@...nel.org, io-uring@...r.kernel.org,
Kernel-team@...com, Dylan Yudaken <dylany@...com>
Subject: [net] 65a1e5c409: canonical_address#:#[##]
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 65a1e5c409f2b56b025f913b9cfbc8ae3a717c9a ("[PATCH v3 for-next 2/3] net: copy from user before calling __get_compat_msghdr")
url: https://github.com/intel-lab-lkp/linux/commits/Dylan-Yudaken/io_uring-multishot-recvmsg/20220714-190504
patch link: https://lore.kernel.org/io-uring/20220714110258.1336200-3-dylany@fb.com
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 39.046823][ T1] selinux=0
[ 39.047412][ T1] softlockup_panic=1
[ 39.048102][ T1] prompt_ramdisk=0
[ 39.048745][ T1] vga=normal
[ 39.607050][ C1] random: crng init done
[ 39.708691][ T1] general protection fault, probably for non-canonical address 0xdffffc001ff4b7e2: 0000 [#1] SMP KASAN PTI
[ 39.710012][ T1] KASAN: probably user-memory-access in range [0x00000000ffa5bf10-0x00000000ffa5bf17]
[ 39.711077][ T1] CPU: 0 PID: 1 Comm: init Not tainted 5.19.0-rc6-00166-g65a1e5c409f2 #1
[ 39.712082][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 39.713257][ T1] RIP: 0010:get_compat_msghdr (kbuild/src/consumer/net/compat.c:42 kbuild/src/consumer/net/compat.c:92)
[ 39.714447][ T1] Code: 8b 04 25 28 00 00 00 48 89 84 24 80 00 00 00 31 c0 e8 76 5e 22 ff 48 85 c0 0f 85 90 03 00 00 48 8d 7d 18 48 89 f8 48 c1 e8 03 <42> 0f b6 14 30 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
All code
========
0: 8b 04 25 28 00 00 00 mov 0x28,%eax
7: 48 89 84 24 80 00 00 mov %rax,0x80(%rsp)
e: 00
f: 31 c0 xor %eax,%eax
11: e8 76 5e 22 ff callq 0xffffffffff225e8c
16: 48 85 c0 test %rax,%rax
19: 0f 85 90 03 00 00 jne 0x3af
1f: 48 8d 7d 18 lea 0x18(%rbp),%rdi
23: 48 89 f8 mov %rdi,%rax
26: 48 c1 e8 03 shr $0x3,%rax
2a:* 42 0f b6 14 30 movzbl (%rax,%r14,1),%edx <-- trapping instruction
2f: 48 89 f8 mov %rdi,%rax
32: 83 e0 07 and $0x7,%eax
35: 83 c0 03 add $0x3,%eax
38: 38 d0 cmp %dl,%al
3a: 7c 08 jl 0x44
3c: 84 d2 test %dl,%dl
3e: 0f .byte 0xf
3f: 85 .byte 0x85
Code starting with the faulting instruction
===========================================
0: 42 0f b6 14 30 movzbl (%rax,%r14,1),%edx
5: 48 89 f8 mov %rdi,%rax
8: 83 e0 07 and $0x7,%eax
b: 83 c0 03 add $0x3,%eax
e: 38 d0 cmp %dl,%al
10: 7c 08 jl 0x1a
12: 84 d2 test %dl,%dl
14: 0f .byte 0xf
15: 85 .byte 0x85
[ 39.719043][ T1] RSP: 0018:ffffc9000001fac0 EFLAGS: 00010206
[ 39.724598][ T1] RAX: 000000001ff4b7e2 RBX: ffffc9000001fd30 RCX: 0000000000000000
[ 39.726495][ T1] RDX: 0000000000000004 RSI: 00000000ffa5bf14 RDI: 00000000ffa5bf10
[ 39.728416][ T1] RBP: 00000000ffa5bef8 R08: 0000000000000001 R09: ffffc9000001fb03
[ 39.730382][ T1] R10: fffff52000003f60 R11: 0000000000000001 R12: 1ffff92000003f59
[ 39.731938][ T1] R13: ffffc9000001fbd0 R14: dffffc0000000000 R15: ffffc9000001fbb0
[ 39.732878][ T1] FS: 0000000000000000(0000) GS:ffff88839d600000(0063) knlGS:00000000f7d1a6c0
[ 39.733932][ T1] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 39.734692][ T1] CR2: 00000000f7fa00b4 CR3: 000000010b170000 CR4: 00000000000406f0
[ 39.735659][ T1] Call Trace:
[ 39.736111][ T1] <TASK>
[ 39.736518][ T1] ? __get_compat_msghdr (kbuild/src/consumer/net/compat.c:85)
[ 39.737161][ T1] ? wait_task_zombie (kbuild/src/consumer/kernel/exit.c:1114)
[ 39.737822][ T1] ___sys_recvmsg (kbuild/src/consumer/net/socket.c:2666 kbuild/src/consumer/net/socket.c:2740)
[ 39.738408][ T1] ? copy_msghdr_from_user (kbuild/src/consumer/net/socket.c:2734)
To reproduce:
# build kernel
cd linux
cp config-5.19.0-rc6-00166-g65a1e5c409f2 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-rc6-00166-g65a1e5c409f2" of type "text/plain" (164624 bytes)
View attachment "job-script" of type "text/plain" (4731 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (12908 bytes)
Powered by blists - more mailing lists