lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202303141634.1e64fd76-yujie.liu@intel.com>
Date:   Tue, 14 Mar 2023 16:34:22 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Kees Cook <keescook@...omium.org>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Petr Mladek <pmladek@...e.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        tangmeng <tangmeng@...ontech.com>,
        "Guilherme G. Piccoli" <gpiccoli@...lia.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Tiezhu Yang <yangtiezhu@...ngson.cn>,
        "Luis Chamberlain" <mcgrof@...nel.org>,
        Eric Biggers <ebiggers@...gle.com>,
        <linux-hardening@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <aliyunlinux2-dev@...ux.alibaba.com>, <jane.lv@...el.com>
Subject: [linux-stable-rc:linux-4.19.y] [panic] 4d00e68cfc:
 WARNING:at_fs/sysfs/file.c:#sysfs_emit_at

Greeting,

FYI, we noticed WARNING:at_fs/sysfs/file.c:#sysfs_emit_at due to commit (built with gcc-11):

commit: 4d00e68cfcfd91d3a8c794d47617429a96d623ed ("panic: Expose "warn_count" to sysfs")
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y

in testcase: trinity
version: trinity-static-x86_64-x86_64-1c734c75-1_2020-01-06
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202303141634.1e64fd76-yujie.liu@intel.com


[   91.396522] ------------[ cut here ]------------
[   91.397797] invalid sysfs_emit_at: buf:000000004ba465f7 at:0
[   91.399038] WARNING: CPU: 0 PID: 1032 at fs/sysfs/file.c:602 sysfs_emit_at (fs/sysfs/file.c:602 (discriminator 9)) 
[   91.400702] Modules linked in: crc32c_intel aesni_intel aes_x86_64 pcspkr
[   91.402049] CPU: 0 PID: 1032 Comm: trinity-c0 Not tainted 4.19.271-00075-g4d00e68cfcfd #1
[   91.409221] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[   91.411167] RIP: 0010:sysfs_emit_at (fs/sysfs/file.c:602 (discriminator 9)) 
[ 91.412300] Code: 31 c9 31 d2 44 89 fe 48 c7 c7 c8 21 3c 84 e8 2b cb d1 ff 45 85 ff 74 14 44 89 e2 48 89 de 48 c7 c7 a0 6a d8 82 e8 31 c5 14 01 <0f> 0b 31 c9 31 d2 44 89 fe 48 c7 c7 98 21 3c 84 e8 ff ca d1 ff 45
All code
========
   0:	31 c9                	xor    %ecx,%ecx
   2:	31 d2                	xor    %edx,%edx
   4:	44 89 fe             	mov    %r15d,%esi
   7:	48 c7 c7 c8 21 3c 84 	mov    $0xffffffff843c21c8,%rdi
   e:	e8 2b cb d1 ff       	callq  0xffffffffffd1cb3e
  13:	45 85 ff             	test   %r15d,%r15d
  16:	74 14                	je     0x2c
  18:	44 89 e2             	mov    %r12d,%edx
  1b:	48 89 de             	mov    %rbx,%rsi
  1e:	48 c7 c7 a0 6a d8 82 	mov    $0xffffffff82d86aa0,%rdi
  25:	e8 31 c5 14 01       	callq  0x114c55b
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	31 c9                	xor    %ecx,%ecx
  2e:	31 d2                	xor    %edx,%edx
  30:	44 89 fe             	mov    %r15d,%esi
  33:	48 c7 c7 98 21 3c 84 	mov    $0xffffffff843c2198,%rdi
  3a:	e8 ff ca d1 ff       	callq  0xffffffffffd1cb3e
  3f:	45                   	rex.RB

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	31 c9                	xor    %ecx,%ecx
   4:	31 d2                	xor    %edx,%edx
   6:	44 89 fe             	mov    %r15d,%esi
   9:	48 c7 c7 98 21 3c 84 	mov    $0xffffffff843c2198,%rdi
  10:	e8 ff ca d1 ff       	callq  0xffffffffffd1cb14
  15:	45                   	rex.RB
[   91.415947] RSP: 0018:ffff88839cc1fa00 EFLAGS: 00010282
[   91.416980] RAX: 0000000000000000 RBX: ffff88838b769168 RCX: 0000000000000000
[   91.418321] RDX: 1ffff11071af5000 RSI: ffff88838d7a8888 RDI: ffffed1073983f36
[   91.419751] RBP: ffff88839cc1fab8 R08: 0000000000000004 R09: 0000000000000000
[   91.421196] R10: ffffffff81270059 R11: ffffffff84354eeb R12: 0000000000000000
[   91.422617] R13: 1ffff11073983f40 R14: ffffffff82ca7140 R15: 0000000000000001
[   91.424162] FS:  000000000109a880(0000) GS:ffffffff836bf000(0000) knlGS:0000000000000000
[   91.425867] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   91.427062] CR2: 00007f4f623b2000 CR3: 00000003a8cba000 CR4: 00000000000406b0
[   91.428458] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   91.429858] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   91.431301] Call Trace:
[   91.431996] ? sysfs_emit (fs/sysfs/file.c:598) 
[   91.432848] ? lock_acquire (kernel/locking/lockdep.c:3910) 
[   91.433740] ? kernfs_seq_start (fs/kernfs/file.c:113) 
[   91.434689] ? __lock_is_held (kernel/locking/lockdep.c:3728) 
[   91.435558] ? klist_remove (lib/kobject.c:793) 
[   91.436437] pm_show_wakelocks (kernel/power/wakelock.c:53) 
[   91.437326] sysfs_kf_seq_show (fs/sysfs/file.c:63) 
[   91.438281] traverse (fs/seq_file.c:116) 
[   91.439109] seq_read (fs/seq_file.c:191 (discriminator 1)) 
[   91.439949] do_loop_readv_writev (fs/read_write.c:704) 
[   91.440833] do_iter_read (fs/read_write.c:925) 
[   91.441616] vfs_readv (fs/read_write.c:988) 
[   91.442324] ? rw_copy_check_uvector (fs/read_write.c:979) 
[   91.443293] ? rcu_read_lock_sched_held (kernel/rcu/update.c:119) 
[   91.444338] do_preadv (fs/read_write.c:1071) 
[   91.445142] ? __x64_sys_readv (fs/read_write.c:1060) 
[   91.446045] ? do_syscall_64 (arch/x86/include/asm/paravirt.h:799 arch/x86/entry/common.c:280) 
[   91.446944] do_syscall_64 (arch/x86/entry/common.c:293) 
[   91.447774] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:244) 
[   91.448894] RIP: 0033:0x463519
[ 91.449627] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 59 00 00 c3 66 2e 0f 1f 84 00 00 00 00
All code
========
   0:	00 f3                	add    %dh,%bl
   2:	c3                   	retq   
   3:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
   a:	00 00 00 
   d:	0f 1f 40 00          	nopl   0x0(%rax)
  11:	48 89 f8             	mov    %rdi,%rax
  14:	48 89 f7             	mov    %rsi,%rdi
  17:	48 89 d6             	mov    %rdx,%rsi
  1a:	48 89 ca             	mov    %rcx,%rdx
  1d:	4d 89 c2             	mov    %r8,%r10
  20:	4d 89 c8             	mov    %r9,%r8
  23:	4c 8b 4c 24 08       	mov    0x8(%rsp),%r9
  28:	0f 05                	syscall 
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	0f 83 db 59 00 00    	jae    0x5a11
  36:	c3                   	retq   
  37:	66                   	data16
  38:	2e                   	cs
  39:	0f                   	.byte 0xf
  3a:	1f                   	(bad)  
  3b:	84 00                	test   %al,(%rax)
  3d:	00 00                	add    %al,(%rax)
	...

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	0f 83 db 59 00 00    	jae    0x59e7
   c:	c3                   	retq   
   d:	66                   	data16
   e:	2e                   	cs
   f:	0f                   	.byte 0xf
  10:	1f                   	(bad)  
  11:	84 00                	test   %al,(%rax)
  13:	00 00                	add    %al,(%rax)
	...
[   91.455329] RSP: 002b:00007ffffd5b9df8 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   91.456888] RAX: ffffffffffffffda RBX: 0000000000000127 RCX: 0000000000463519
[   91.458335] RDX: 0000000000000001 RSI: 0000000001231800 RDI: 0000000000000078
[   91.459796] RBP: 00007f4f623c8000 R08: 0000000000002000 R09: 00000000000000e9
[   91.461235] R10: 0000000000100000 R11: 0000000000000246 R12: 0000000000000002
[   91.462644] R13: 00007f4f623c8058 R14: 000000000109a850 R15: 00007f4f623c8000
[   91.464065] irq event stamp: 274688
[   91.464867] hardirqs last enabled at (274687): console_unlock (arch/x86/include/asm/paravirt.h:789 (discriminator 2) kernel/printk/printk.c:2498 (discriminator 2)) 
[   91.466659] hardirqs last disabled at (274688): trace_hardirqs_off_thunk (arch/x86/entry/thunk_64.S:43) 
[   91.468608] softirqs last enabled at (274684): __do_softirq (arch/x86/include/asm/preempt.h:23 kernel/softirq.c:319) 
[   91.470384] softirqs last disabled at (274677): irq_exit (kernel/softirq.c:372 kernel/softirq.c:412) 
[   91.472049] ---[ end trace b63cb36c8c6dcdaa ]---


To reproduce:

        # build kernel
	cd linux
	cp config-4.19.271-00075-g4d00e68cfcfd .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests

View attachment "config-4.19.271-00075-g4d00e68cfcfd" of type "text/plain" (120222 bytes)

View attachment "job-script" of type "text/plain" (4451 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (27532 bytes)

View attachment "trinity" of type "text/plain" (2864 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ