lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202310301608.f6551e69-oliver.sang@intel.com>
Date:   Mon, 30 Oct 2023 16:42:15 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Al Viro <viro@...iv.linux.org.uk>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        <linux-fsdevel@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <oliver.sang@...el.com>
Subject: [viro-vfs:work.csum-x86] [x86]  dc7d50c79a:
 BUG:unable_to_handle_page_fault_for_address



Hello,

kernel test robot noticed "BUG:unable_to_handle_page_fault_for_address" on:

commit: dc7d50c79a0bb5d28cd63b024c2e840199f96287 ("x86: lift the extern for csum_partial() into checksum.h")
https://git.kernel.org/cgit/linux/kernel/git/viro/vfs.git work.csum-x86

in testcase: boot

compiler: gcc-11
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+-------------------------------------------------------------------------+------------+------------+
|                                                                         | bc6c76fc10 | dc7d50c79a |
+-------------------------------------------------------------------------+------------+------------+
| BUG:unable_to_handle_page_fault_for_address                             | 0          | 9          |
| Oops:#[##]                                                              | 0          | 9          |
| EIP:csum_partial                                                        | 0          | 9          |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt                   | 0          | 9          |
+-------------------------------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202310301608.f6551e69-oliver.sang@intel.com


[  293.263231][    C1] BUG: unable to handle page fault for address: ee3fe000
[  293.264348][    C1] #PF: supervisor read access in kernel mode
[  293.264930][    C1] #PF: error_code(0x0000) - not-present page
[  293.265511][    C1] *pde = 05df2067 *pte = 00000000
[  293.266034][    C1] Oops: 0000 [#1] SMP
[  293.266491][    C1] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G                 N 6.6.0-rc5-00018-gdc7d50c79a0b #1
[  293.267493][    C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 293.268498][ C1] EIP: csum_partial (arch/x86/lib/checksum_32.S:200) 
[ 293.269040][ C1] Code: d0 00 e9 92 00 00 00 66 03 06 83 d0 00 e9 87 00 00 00 03 46 80 13 46 84 13 46 88 13 46 8c 13 46 90 13 46 94 13 46 98 13 46 9c <13> 46 a0 13 46 a4 13 46 a8 13 46 ac 13 46 b0 13 46 b4 13 46 b8 13
All code
========
   0:	d0 00                	rolb   (%rax)
   2:	e9 92 00 00 00       	jmp    0x99
   7:	66 03 06             	add    (%rsi),%ax
   a:	83 d0 00             	adc    $0x0,%eax
   d:	e9 87 00 00 00       	jmp    0x99
  12:	03 46 80             	add    -0x80(%rsi),%eax
  15:	13 46 84             	adc    -0x7c(%rsi),%eax
  18:	13 46 88             	adc    -0x78(%rsi),%eax
  1b:	13 46 8c             	adc    -0x74(%rsi),%eax
  1e:	13 46 90             	adc    -0x70(%rsi),%eax
  21:	13 46 94             	adc    -0x6c(%rsi),%eax
  24:	13 46 98             	adc    -0x68(%rsi),%eax
  27:	13 46 9c             	adc    -0x64(%rsi),%eax
  2a:*	13 46 a0             	adc    -0x60(%rsi),%eax		<-- trapping instruction
  2d:	13 46 a4             	adc    -0x5c(%rsi),%eax
  30:	13 46 a8             	adc    -0x58(%rsi),%eax
  33:	13 46 ac             	adc    -0x54(%rsi),%eax
  36:	13 46 b0             	adc    -0x50(%rsi),%eax
  39:	13 46 b4             	adc    -0x4c(%rsi),%eax
  3c:	13 46 b8             	adc    -0x48(%rsi),%eax
  3f:	13                   	.byte 0x13

Code starting with the faulting instruction
===========================================
   0:	13 46 a0             	adc    -0x60(%rsi),%eax
   3:	13 46 a4             	adc    -0x5c(%rsi),%eax
   6:	13 46 a8             	adc    -0x58(%rsi),%eax
   9:	13 46 ac             	adc    -0x54(%rsi),%eax
   c:	13 46 b0             	adc    -0x50(%rsi),%eax
   f:	13 46 b4             	adc    -0x4c(%rsi),%eax
  12:	13 46 b8             	adc    -0x48(%rsi),%eax
  15:	13                   	.byte 0x13
[  293.270832][    C1] EAX: 719f338b EBX: c30cc3da ECX: 0135749f EDX: c2c051b5
[  293.272687][    C1] ESI: ee3fe060 EDI: c639de3c EBP: c639ddf0 ESP: c639dde4
[  293.273417][    C1] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010a17
[  293.274185][    C1] CR0: 80050033 CR2: ee3fe000 CR3: 0540b000 CR4: 000406d0
[  293.274876][    C1] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[  293.275549][    C1] DR6: fffe0ff0 DR7: 00000400
[  293.276033][    C1] Call Trace:
[  293.276402][    C1]  <SOFTIRQ>
[ 293.276744][ C1] ? show_regs (arch/x86/kernel/dumpstack.c:478) 
[ 293.277226][ C1] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) 
[ 293.277670][ C1] ? page_fault_oops (arch/x86/mm/fault.c:707) 
[ 293.278135][ C1] ? kernelmode_fixup_or_oops+0x7c/0xcc 
[ 293.278755][ C1] ? __bad_area_nosemaphore+0x114/0x1ec 
[ 293.279378][ C1] ? bad_area_nosemaphore (arch/x86/mm/fault.c:867) 
[ 293.279904][ C1] ? do_kern_addr_fault (arch/x86/mm/fault.c:1227) 
[ 293.280390][ C1] ? exc_page_fault (arch/x86/mm/fault.c:1503 arch/x86/mm/fault.c:1561) 
[ 293.280899][ C1] ? csum_partial (arch/x86/lib/checksum_32.S:211) 
[ 293.281373][ C1] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1518) 
[ 293.281978][ C1] ? handle_exception (arch/x86/entry/entry_32.S:1056) 
[ 293.282534][ C1] ? csum_partial (arch/x86/lib/checksum_32.S:211) 
[ 293.282997][ C1] ? __skb_checksum (net/core/skbuff.c:3283) 
[ 293.283528][ C1] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1518) 
[ 293.284136][ C1] ? csum_partial (arch/x86/lib/checksum_32.S:200) 
[ 293.284593][ C1] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1518) 
[ 293.285170][ C1] ? csum_partial (arch/x86/lib/checksum_32.S:200) 
[ 293.285821][ C1] ? csum_partial_ext (include/net/checksum.h:187) 
[ 293.286518][ C1] __skb_checksum (net/core/skbuff.c:3283) 
[ 293.287229][ C1] ? __lock_acquire (kernel/locking/lockdep.c:5136) 
[ 293.288065][ C1] skb_checksum (net/core/skbuff.c:3362) 
[ 293.288738][ C1] ? csum_block_add_ext (include/net/checksum.h:185) 
[ 293.289326][ C1] ? reqsk_fastopen_remove (net/core/skbuff.c:168) 
[ 293.289857][ C1] __skb_gro_checksum_complete (net/core/gro.c:751) 
[ 293.290503][ C1] udp4_gro_receive (net/ipv4/udp_offload.c:635) 
[ 293.291078][ C1] inet_gro_receive (net/ipv4/af_inet.c:1571 (discriminator 2)) 
[ 293.291607][ C1] dev_gro_receive (net/core/gro.c:490) 
[ 293.292107][ C1] napi_gro_receive (net/core/gro.c:609) 
[ 293.292803][ C1] e1000_clean_rx_irq (drivers/net/ethernet/intel/e1000/e1000_main.c:4464) 
[ 293.293668][ C1] e1000_clean (drivers/net/ethernet/intel/e1000/e1000_main.c:3805) 
[ 293.294320][ C1] __napi_poll+0x20/0x1ec 
[ 293.295127][ C1] net_rx_action (net/core/dev.c:6596 net/core/dev.c:6727) 
[ 293.295860][ C1] __do_softirq (include/linux/jump_label.h:207 include/linux/jump_label.h:207 include/trace/events/irq.h:142 kernel/softirq.c:554) 
[ 293.296541][ C1] ? __dev_queue_xmit (include/linux/rcupdate.h:308 include/linux/rcupdate.h:817 net/core/dev.c:4367) 
[ 293.297376][ C1] ? __lock_text_end (kernel/softirq.c:511) 
[ 293.298120][ C1] do_softirq_own_stack (arch/x86/kernel/irq_32.c:57 arch/x86/kernel/irq_32.c:147) 
[  293.298950][    C1]  </SOFTIRQ>
[ 293.299512][ C1] do_softirq (kernel/softirq.c:456) 
[ 293.300247][ C1] __local_bh_enable_ip (kernel/softirq.c:381) 
[ 293.301016][ C1] __dev_queue_xmit (net/core/dev.c:4368) 
[ 293.301784][ C1] ? __alloc_skb (net/core/skbuff.c:651) 
[ 293.302546][ C1] ? eth_header (net/ethernet/eth.c:85) 
[ 293.303308][ C1] ? eth_header_cache_update (net/ethernet/eth.c:82) 
[ 293.304226][ C1] ? eth_header_cache_update (net/ethernet/eth.c:82) 
[ 293.305042][ C1] ic_bootp_send_if (net/ipv4/ipconfig.c:894) 
[ 293.305941][ C1] ic_dynamic (net/ipv4/ipconfig.c:1264) 
[ 293.306633][ C1] ip_auto_config (net/ipv4/ipconfig.c:1535) 
[ 293.307440][ C1] ? __lock_release (kernel/locking/lockdep.c:5429) 
[ 293.308260][ C1] ? add_device_randomness (drivers/char/random.c:926) 
[ 293.309104][ C1] ? add_device_randomness (drivers/char/random.c:926) 
[ 293.309918][ C1] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:63) 
[ 293.310745][ C1] ? add_device_randomness (drivers/char/random.c:926) 
[ 293.311576][ C1] ? root_nfs_parse_addr (net/ipv4/ipconfig.c:1477) 
[ 293.312380][ C1] do_one_initcall (init/main.c:1232) 
[ 293.313158][ C1] ? rdinit_setup (init/main.c:1280) 
[ 293.313908][ C1] ? rdinit_setup (init/main.c:1280) 
[ 293.314628][ C1] do_initcalls (init/main.c:1293 init/main.c:1310) 
[ 293.315344][ C1] ? rest_init (init/main.c:1429) 
[ 293.316127][ C1] kernel_init_freeable (init/main.c:1549) 
[ 293.316899][ C1] kernel_init (init/main.c:1439) 
[ 293.317571][ C1] ret_from_fork (arch/x86/kernel/process.c:153) 
[ 293.318275][ C1] ? rest_init (init/main.c:1429) 
[ 293.318975][ C1] ret_from_fork_asm (arch/x86/entry/entry_32.S:741) 
[ 293.319729][ C1] entry_INT80_32 (arch/x86/entry/entry_32.S:947) 
[  293.320957][    C1] Modules linked in:
[  293.321646][    C1] CR2: 00000000ee3fe000
[  293.322326][    C1] ---[ end trace 0000000000000000 ]---
[ 293.323304][ C1] EIP: csum_partial (arch/x86/lib/checksum_32.S:200) 
[ 293.324048][ C1] Code: d0 00 e9 92 00 00 00 66 03 06 83 d0 00 e9 87 00 00 00 03 46 80 13 46 84 13 46 88 13 46 8c 13 46 90 13 46 94 13 46 98 13 46 9c <13> 46 a0 13 46 a4 13 46 a8 13 46 ac 13 46 b0 13 46 b4 13 46 b8 13
All code
========
   0:	d0 00                	rolb   (%rax)
   2:	e9 92 00 00 00       	jmp    0x99
   7:	66 03 06             	add    (%rsi),%ax
   a:	83 d0 00             	adc    $0x0,%eax
   d:	e9 87 00 00 00       	jmp    0x99
  12:	03 46 80             	add    -0x80(%rsi),%eax
  15:	13 46 84             	adc    -0x7c(%rsi),%eax
  18:	13 46 88             	adc    -0x78(%rsi),%eax
  1b:	13 46 8c             	adc    -0x74(%rsi),%eax
  1e:	13 46 90             	adc    -0x70(%rsi),%eax
  21:	13 46 94             	adc    -0x6c(%rsi),%eax
  24:	13 46 98             	adc    -0x68(%rsi),%eax
  27:	13 46 9c             	adc    -0x64(%rsi),%eax
  2a:*	13 46 a0             	adc    -0x60(%rsi),%eax		<-- trapping instruction
  2d:	13 46 a4             	adc    -0x5c(%rsi),%eax
  30:	13 46 a8             	adc    -0x58(%rsi),%eax
  33:	13 46 ac             	adc    -0x54(%rsi),%eax
  36:	13 46 b0             	adc    -0x50(%rsi),%eax
  39:	13 46 b4             	adc    -0x4c(%rsi),%eax
  3c:	13 46 b8             	adc    -0x48(%rsi),%eax
  3f:	13                   	.byte 0x13

Code starting with the faulting instruction
===========================================
   0:	13 46 a0             	adc    -0x60(%rsi),%eax
   3:	13 46 a4             	adc    -0x5c(%rsi),%eax
   6:	13 46 a8             	adc    -0x58(%rsi),%eax
   9:	13 46 ac             	adc    -0x54(%rsi),%eax
   c:	13 46 b0             	adc    -0x50(%rsi),%eax
   f:	13 46 b4             	adc    -0x4c(%rsi),%eax
  12:	13 46 b8             	adc    -0x48(%rsi),%eax
  15:	13                   	.byte 0x13


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20231030/202310301608.f6551e69-oliver.sang@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ