| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Feb 2023 22:48:44 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
<linux-kernel@...r.kernel.org>, Ingo Molnar <mingo@...nel.org>,
Tony Lindgren <tony@...mide.com>,
Ulf Hansson <ulf.hansson@...aro.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
Frederic Weisbecker <frederic@...nel.org>,
<kasan-dev@...glegroups.com>
Subject: [linus:master] [entry, kasan, x86] 69d4c0d321:
BUG:unable_to_handle_page_fault_for_address
Greeting,
FYI, we noticed BUG:unable_to_handle_page_fault_for_address due to commit (built with gcc-11):
commit: 69d4c0d3218692ffa56b0e1b9c76c50c699d7044 ("entry, kasan, x86: Disallow overriding mem*() functions")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
[test failed on linus/master f3a2439f20d918930cc4ae8f76fe1c1afd26958f]
[test failed on linux-next/master 7f7a8831520f12a3cf894b0627641fad33971221]
[test failed on fix 443ed4c302fff6a26af980300463343a7adc9ee8]
in testcase: kunit
version:
with following parameters:
group: group-00
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202302282133.fb3644d4-oliver.sang@intel.com
[ 59.712237][ T861] BUG: unable to handle page fault for address: ffff88816c600000
[ 59.712481][ T279] sed[279]: segfault at 5a40fe44 ip 0000000056616232 sp 00000000ffae20e0 error 5
[ 59.712686][ T861] #PF: supervisor write access in kernel mode
[ 59.713265][ T279] in sed[5660b000+13000]
[ 59.713876][ T861] #PF: error_code(0x0003) - permissions violation
[ 59.713880][ T861] PGD 8e01067 P4D 8e01067 PUD 8e06067 PMD 16c5a0063 PTE 6c60106380000001
[ 59.713893][ T861] Oops: 0003 [#1] SMP KASAN PTI
[ 59.714336][ T279] likely on CPU 0 (core 0, socket 0)
[ 59.714650][ T861] CPU: 1 PID: 861 Comm: kunit_try_catch Tainted: G B N 6.2.0-rc1-00083-g69d4c0d32186 #1 ed3fbe37f7c05ecb3d379e1396de0254ba429268
[ 59.715108][ T279]
[ 59.715694][ T861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[ 59.715700][ T861] RIP: 0010:memmove (??:?)
[ 59.716046][ T279] Code: 81 83 78 04 00 74 34 90 8b 00 8b 0c 24 8b 54 d8 04 8b 04 d8 83 c3 01 e8 6c ee ff ff 8b 95 d8 02 00 00 8b 8d e4 02 00 00 01 fa <8b> 42 04 8b 04 30 8d 04 40 8d 04 81 39 58 04 77 cd 83 44 24 04 01
All code
========
0: 81 83 78 04 00 74 34 addl $0x8b9034,0x74000478(%rbx)
7: 90 8b 00
a: 8b 0c 24 mov (%rsp),%ecx
d: 8b 54 d8 04 mov 0x4(%rax,%rbx,8),%edx
11: 8b 04 d8 mov (%rax,%rbx,8),%eax
14: 83 c3 01 add $0x1,%ebx
17: e8 6c ee ff ff callq 0xffffffffffffee88
1c: 8b 95 d8 02 00 00 mov 0x2d8(%rbp),%edx
22: 8b 8d e4 02 00 00 mov 0x2e4(%rbp),%ecx
28: 01 fa add %edi,%edx
2a:* 8b 42 04 mov 0x4(%rdx),%eax <-- trapping instruction
2d: 8b 04 30 mov (%rax,%rsi,1),%eax
30: 8d 04 40 lea (%rax,%rax,2),%eax
33: 8d 04 81 lea (%rcx,%rax,4),%eax
36: 39 58 04 cmp %ebx,0x4(%rax)
39: 77 cd ja 0x8
3b: 83 44 24 04 01 addl $0x1,0x4(%rsp)
Code starting with the faulting instruction
===========================================
0: 8b 42 04 mov 0x4(%rdx),%eax
3: 8b 04 30 mov (%rax,%rsi,1),%eax
6: 8d 04 40 lea (%rax,%rax,2),%eax
9: 8d 04 81 lea (%rcx,%rax,4),%eax
c: 39 58 04 cmp %ebx,0x4(%rax)
f: 77 cd ja 0xffffffffffffffde
11: 83 44 24 04 01 addl $0x1,0x4(%rsp)
[ 59.716416][ T861] Code: 00 48 81 fa a8 02 00 00 72 05 40 38 fe 74 48 48 83 ea 20 48 83 ea 20 4c 8b 1e 4c 8b 56 08 4c 8b 4e 10 4c 8b 46 18 48 8d 76 20 <4c> 89 1f 4c 89 57 08 4c 89 4f 10 4c 89 47 18 48 8d 7f 20 73 d4 48
All code
========
0: 00 48 81 add %cl,-0x7f(%rax)
3: fa cli
4: a8 02 test $0x2,%al
6: 00 00 add %al,(%rax)
8: 72 05 jb 0xf
a: 40 38 fe cmp %dil,%sil
d: 74 48 je 0x57
f: 48 83 ea 20 sub $0x20,%rdx
13: 48 83 ea 20 sub $0x20,%rdx
17: 4c 8b 1e mov (%rsi),%r11
1a: 4c 8b 56 08 mov 0x8(%rsi),%r10
1e: 4c 8b 4e 10 mov 0x10(%rsi),%r9
22: 4c 8b 46 18 mov 0x18(%rsi),%r8
26: 48 8d 76 20 lea 0x20(%rsi),%rsi
2a:* 4c 89 1f mov %r11,(%rdi) <-- trapping instruction
2d: 4c 89 57 08 mov %r10,0x8(%rdi)
31: 4c 89 4f 10 mov %r9,0x10(%rdi)
35: 4c 89 47 18 mov %r8,0x18(%rdi)
39: 48 8d 7f 20 lea 0x20(%rdi),%rdi
3d: 73 d4 jae 0x13
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 4c 89 1f mov %r11,(%rdi)
3: 4c 89 57 08 mov %r10,0x8(%rdi)
7: 4c 89 4f 10 mov %r9,0x10(%rdi)
b: 4c 89 47 18 mov %r8,0x18(%rdi)
f: 48 8d 7f 20 lea 0x20(%rdi),%rdi
13: 73 d4 jae 0xffffffffffffffe9
15: 48 rex.W
[ 59.721773][ T861] RSP: 0018:ffff888172517e40 EFLAGS: 00210286
[ 59.722266][ T861] RAX: ffff88816b5e3600 RBX: 0000000000000001 RCX: 0000000000000001
[ 59.723109][ T861] RDX: fffffffffefe35be RSI: ffff88816c600024 RDI: ffff88816c600000
[ 59.723913][ T861] RBP: ffff88816b5e3600 R08: 0000000000000000 R09: 0000000000000000
[ 59.724604][ T861] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1102e4a2fc9
[ 59.725236][ T861] R13: ffff88811d3078e8 R14: fffffffffffffffe R15: ffff88811d307900
[ 59.725868][ T861] FS: 0000000000000000(0000) GS:ffff8883aec00000(0000) knlGS:0000000000000000
[ 59.726595][ T861] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 59.727123][ T861] CR2: ffff88816c600000 CR3: 00000001bb902000 CR4: 00000000000406e0
[ 59.727755][ T861] DR0: ffffffff88998660 DR1: ffffffff88998661 DR2: ffffffff88998663
[ 59.728383][ T861] DR3: ffffffff88998665 DR6: 00000000fffe0ff0 DR7: 0000000000000600
[ 59.729012][ T861] Call Trace:
[ 59.729282][ T861] <TASK>
[ 59.729524][ T861] kmalloc_memmove_negative_size (kasan_test.c:?) kasan_test
[ 59.730378][ T861] ? __pfx_kmalloc_memmove_negative_size (kasan_test.c:?) kasan_test
[ 59.731298][ T861] ? rcu_read_lock_sched_held (??:?)
[ 59.731760][ T861] ? trace_irq_enable+0x144/0x1d0
[ 59.732269][ T861] ? __pfx_kunit_generic_run_threadfn_adapter (try-catch.c:?)
[ 59.732836][ T861] kunit_try_run_case (test.c:?)
[ 59.733257][ T861] ? __pfx_kunit_try_run_case (test.c:?)
[ 59.733718][ T861] ? __pfx_kunit_generic_run_threadfn_adapter (try-catch.c:?)
[ 59.734280][ T861] kunit_generic_run_threadfn_adapter (try-catch.c:?)
[ 59.734829][ T861] kthread (kthread.c:?)
[ 59.735170][ T861] ? __pfx_kthread (kthread.c:?)
[ 59.735555][ T861] ret_from_fork (??:?)
[ 59.735927][ T861] </TASK>
[ 59.736182][ T861] Modules linked in: kasan_test fat_test test_sort test_list_sort time_test sysctl_test lib_test resource_kunit dev_addr_lists_test memcpy_kunit list_test test_linear_ranges linear_ranges test_hash ext4_inode_test cmdline_kunit test_bits bitfield_kunit drm drm_panel_orientation_quirks
[ 59.738340][ T861] CR2: ffff88816c600000
[ 59.738698][ T861] ---[ end trace 0000000000000000 ]---
[ 59.739151][ T861] RIP: 0010:memmove (??:?)
[ 59.739538][ T861] Code: 00 48 81 fa a8 02 00 00 72 05 40 38 fe 74 48 48 83 ea 20 48 83 ea 20 4c 8b 1e 4c 8b 56 08 4c 8b 4e 10 4c 8b 46 18 48 8d 76 20 <4c> 89 1f 4c 89 57 08 4c 89 4f 10 4c 89 47 18 48 8d 7f 20 73 d4 48
All code
========
0: 00 48 81 add %cl,-0x7f(%rax)
3: fa cli
4: a8 02 test $0x2,%al
6: 00 00 add %al,(%rax)
8: 72 05 jb 0xf
a: 40 38 fe cmp %dil,%sil
d: 74 48 je 0x57
f: 48 83 ea 20 sub $0x20,%rdx
13: 48 83 ea 20 sub $0x20,%rdx
17: 4c 8b 1e mov (%rsi),%r11
1a: 4c 8b 56 08 mov 0x8(%rsi),%r10
1e: 4c 8b 4e 10 mov 0x10(%rsi),%r9
22: 4c 8b 46 18 mov 0x18(%rsi),%r8
26: 48 8d 76 20 lea 0x20(%rsi),%rsi
2a:* 4c 89 1f mov %r11,(%rdi) <-- trapping instruction
2d: 4c 89 57 08 mov %r10,0x8(%rdi)
31: 4c 89 4f 10 mov %r9,0x10(%rdi)
35: 4c 89 47 18 mov %r8,0x18(%rdi)
39: 48 8d 7f 20 lea 0x20(%rdi),%rdi
3d: 73 d4 jae 0x13
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 4c 89 1f mov %r11,(%rdi)
3: 4c 89 57 08 mov %r10,0x8(%rdi)
7: 4c 89 4f 10 mov %r9,0x10(%rdi)
b: 4c 89 47 18 mov %r8,0x18(%rdi)
f: 48 8d 7f 20 lea 0x20(%rdi),%rdi
13: 73 d4 jae 0xffffffffffffffe9
15: 48 rex.W
To reproduce:
# build kernel
cd linux
cp config-6.2.0-rc1-00083-g69d4c0d32186 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
View attachment "config-6.2.0-rc1-00083-g69d4c0d32186" of type "text/plain" (155686 bytes)
View attachment "job-script" of type "text/plain" (5677 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (61348 bytes)
View attachment "kunit" of type "text/plain" (305029 bytes)
Powered by blists - more mailing lists