lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202302061504.e8b9acac-oliver.sang@intel.com>
Date:   Mon, 6 Feb 2023 21:29:27 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Al Viro <viro@...iv.linux.org.uk>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        <linux-kernel@...r.kernel.org>
Subject: [linus:master] [iov_iter]  a41dad905e:
 WARNING:at_lib/iov_iter.c:#_copy_from_iter


Greeting,

FYI, we noticed WARNING:at_lib/iov_iter.c:#_copy_from_iter due to commit (built with gcc-11):

commit: a41dad905e5a388f88435a517de102e9b2c8e43d ("iov_iter: saner checks for attempt to copy to/from iterator")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linux-next/master ea4dabbb4ad7eb52632a2ca0b8f89f0ea7c55dcf]

in testcase: trinity
version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06
with following parameters:

	runtime: 300s
	group: group-04

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202302061504.e8b9acac-oliver.sang@intel.com


[  242.221465][ T3972] ------------[ cut here ]------------
[ 242.222124][ T3972] WARNING: CPU: 0 PID: 3972 at lib/iov_iter.c:629 _copy_from_iter (lib/iov_iter.c:629 (discriminator 1)) 
[  242.222964][ T3972] Modules linked in:
[  242.223371][ T3972] CPU: 0 PID: 3972 Comm: trinity-c1 Not tainted 6.1.0-rc6-00011-ga41dad905e5a #1 8339b44c8ec3d4f18a4319a90a0bcea7aff1ead6
[  242.224466][ T3972] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[ 242.225385][ T3972] RIP: 0010:_copy_from_iter (lib/iov_iter.c:629 (discriminator 1)) 
[ 242.225915][ T3972] Code: 5f 31 d2 31 c9 31 f6 31 ff c3 e8 d6 2d b0 fe be 79 02 00 00 48 c7 c7 80 55 96 86 e8 35 d0 e1 fe e9 5b fe ff ff e8 bb 2d b0 fe <0f> 0b 45 31 f6 eb 9a e8 af 2d b0 fe 31 ff 89 ee e8 a6 29 b0 fe 40
All code
========
   0:	5f                   	pop    %rdi
   1:	31 d2                	xor    %edx,%edx
   3:	31 c9                	xor    %ecx,%ecx
   5:	31 f6                	xor    %esi,%esi
   7:	31 ff                	xor    %edi,%edi
   9:	c3                   	retq   
   a:	e8 d6 2d b0 fe       	callq  0xfffffffffeb02de5
   f:	be 79 02 00 00       	mov    $0x279,%esi
  14:	48 c7 c7 80 55 96 86 	mov    $0xffffffff86965580,%rdi
  1b:	e8 35 d0 e1 fe       	callq  0xfffffffffee1d055
  20:	e9 5b fe ff ff       	jmpq   0xfffffffffffffe80
  25:	e8 bb 2d b0 fe       	callq  0xfffffffffeb02de5
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	45 31 f6             	xor    %r14d,%r14d
  2f:	eb 9a                	jmp    0xffffffffffffffcb
  31:	e8 af 2d b0 fe       	callq  0xfffffffffeb02de5
  36:	31 ff                	xor    %edi,%edi
  38:	89 ee                	mov    %ebp,%esi
  3a:	e8 a6 29 b0 fe       	callq  0xfffffffffeb029e5
  3f:	40                   	rex

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	45 31 f6             	xor    %r14d,%r14d
   5:	eb 9a                	jmp    0xffffffffffffffa1
   7:	e8 af 2d b0 fe       	callq  0xfffffffffeb02dbb
   c:	31 ff                	xor    %edi,%edi
   e:	89 ee                	mov    %ebp,%esi
  10:	e8 a6 29 b0 fe       	callq  0xfffffffffeb029bb
  15:	40                   	rex
[  242.227582][ T3972] RSP: 0018:ffffc90006ad77f8 EFLAGS: 00010246
[  242.228150][ T3972] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  242.228892][ T3972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  242.229631][ T3972] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  242.230364][ T3972] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90006ad7c90
[  242.231109][ T3972] R13: ffff888167d8d8d0 R14: 0000000000000000 R15: ffff88810ae52c10
[  242.231843][ T3972] FS:  0000000000000000(0000) GS:ffffffff87d1b000(0063) knlGS:0000000008acb840
[  242.232662][ T3972] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  242.233259][ T3972] CR2: 0000000000000004 CR3: 00000001762d0000 CR4: 00000000000406f0
[  242.233996][ T3972] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  242.234738][ T3972] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  242.235475][ T3972] Call Trace:
[  242.235830][ T3972]  <TASK>
[ 242.236165][ T3972] ? write_comp_data (kernel/kcov.c:236) 
[ 242.236643][ T3972] ? memset (mm/kasan/shadow.c:44) 
[ 242.237057][ T3972] ? __build_skb_around (include/linux/skbuff.h:5033 (discriminator 4) net/core/skbuff.c:296 (discriminator 4)) 
[ 242.237563][ T3972] ? _copy_mc_to_iter (lib/iov_iter.c:628) 
[ 242.238062][ T3972] ? __alloc_skb (net/core/skbuff.c:479) 
[ 242.238521][ T3972] ? kmalloc_reserve (net/core/skbuff.c:479) 
[ 242.238998][ T3972] ? __lock_release (kernel/locking/lockdep.c:5344) 
[ 242.239470][ T3972] ? tipc_node_find (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/linux/refcount.h:147 include/linux/refcount.h:152 include/linux/refcount.h:227 include/linux/refcount.h:245 include/linux/kref.h:111 net/tipc/node.c:342) 
[ 242.239947][ T3972] ? write_comp_data (kernel/kcov.c:236) 
[ 242.240418][ T3972] ? write_comp_data (kernel/kcov.c:236) 
[ 242.240892][ T3972] ? __check_object_size (mm/usercopy.c:218) 
[ 242.241399][ T3972] tipc_msg_build (include/linux/uio.h:192 net/tipc/msg.c:404) 
[ 242.241871][ T3972] ? tipc_msg_assemble (net/tipc/msg.c:370) 
[ 242.242361][ T3972] ? tipc_node_find_by_name+0x420/0x420 
[ 242.242975][ T3972] ? tipc_node_get_mtu (net/tipc/node.c:230) 
[ 242.243479][ T3972] __tipc_sendmsg (net/tipc/socket.c:1506) 
[ 242.243964][ T3972] ? tipc_sendmcast (net/tipc/socket.c:1410) 
[ 242.244442][ T3972] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5670) 
[ 242.244904][ T3972] ? lock_sock_nested (include/net/sock.h:1820 net/core/sock.c:3451) 
[ 242.245388][ T3972] ? find_held_lock (kernel/locking/lockdep.c:5158) 
[ 242.245866][ T3972] ? autoremove_wake_function (kernel/sched/wait.c:478) 
[ 242.246419][ T3972] ? mark_lock (arch/x86/include/asm/bitops.h:228 (discriminator 3) arch/x86/include/asm/bitops.h:240 (discriminator 3) include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 3) kernel/locking/lockdep.c:227 (discriminator 3) kernel/locking/lockdep.c:4612 (discriminator 3)) 
[ 242.246864][ T3972] ? mark_held_locks (kernel/locking/lockdep.c:4236) 
[ 242.247337][ T3972] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4262 kernel/locking/lockdep.c:4321) 
[ 242.247900][ T3972] ? write_comp_data (kernel/kcov.c:236) 
[ 242.248378][ T3972] tipc_connect (net/tipc/socket.c:2625) 
[ 242.248828][ T3972] ? tipc_sendmsg (net/tipc/socket.c:2572) 
[ 242.249278][ T3972] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4262 kernel/locking/lockdep.c:4321) 
[ 242.249844][ T3972] ? write_comp_data (kernel/kcov.c:236) 
[ 242.250317][ T3972] ? security_socket_connect (security/security.c:2216 (discriminator 14)) 
[ 242.250843][ T3972] ? tipc_sendmsg (net/tipc/socket.c:2572) 
[ 242.251297][ T3972] __sys_connect_file (net/socket.c:1976) 
[ 242.251794][ T3972] __sys_connect (net/socket.c:1993) 
[ 242.252258][ T3972] ? __sys_connect_file (net/socket.c:1983) 
[ 242.252771][ T3972] ? find_held_lock (kernel/locking/lockdep.c:5158) 
[ 242.253245][ T3972] ? __lock_release (kernel/locking/lockdep.c:5344) 
[ 242.253714][ T3972] ? __task_pid_nr_ns (include/linux/rcupdate.h:99 include/linux/rcupdate.h:770 kernel/pid.c:501) 
[ 242.254209][ T3972] __ia32_sys_connect (net/socket.c:2000) 
[ 242.254687][ T3972] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178) 
[ 242.255182][ T3972] ? __task_pid_nr_ns (include/linux/rcupdate.h:99 include/linux/rcupdate.h:770 kernel/pid.c:501) 
[ 242.255676][ T3972] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4262 kernel/locking/lockdep.c:4321) 
[ 242.256244][ T3972] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 242.256748][ T3972] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183) 
[ 242.257253][ T3972] do_fast_syscall_32 (arch/x86/entry/common.c:203) 
[ 242.257734][ T3972] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:122) 
[  242.258318][ T3972] RIP: 0023:0xf7fb5549
[ 242.258730][ T3972] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
   0:	03 74 c0 01          	add    0x1(%rax,%rax,8),%esi
   4:	10 05 03 74 b8 01    	adc    %al,0x1b87403(%rip)        # 0x1b8740d
   a:	10 06                	adc    %al,(%rsi)
   c:	03 74 b4 01          	add    0x1(%rsp,%rsi,4),%esi
  10:	10 07                	adc    %al,(%rdi)
  12:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
  16:	10 08                	adc    %cl,(%rax)
  18:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
  1c:	00 00                	add    %al,(%rax)
  1e:	00 00                	add    %al,(%rax)
  20:	00 51 52             	add    %dl,0x52(%rcx)
  23:	55                   	push   %rbp
  24:	89 e5                	mov    %esp,%ebp
  26:	0f 34                	sysenter 
  28:	cd 80                	int    $0x80
  2a:*	5d                   	pop    %rbp		<-- trapping instruction
  2b:	5a                   	pop    %rdx
  2c:	59                   	pop    %rcx
  2d:	c3                   	retq   
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  39:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi

Code starting with the faulting instruction
===========================================
   0:	5d                   	pop    %rbp
   1:	5a                   	pop    %rdx
   2:	59                   	pop    %rcx
   3:	c3                   	retq   
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
   f:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi


To reproduce:

        # build kernel
	cd linux
	cp config-6.1.0-rc6-00011-ga41dad905e5a .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests



View attachment "config-6.1.0-rc6-00011-ga41dad905e5a" of type "text/plain" (162058 bytes)

View attachment "job-script" of type "text/plain" (4661 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (58072 bytes)

View attachment "trinity" of type "text/plain" (6856 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ