lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+G9fYue-dV7t-NrOhWwGshvyboXjb2B6HpCDVDe3bgG7fbnsg@mail.gmail.com>
Date:   Thu, 9 Nov 2023 18:34:24 +0530
From:   Naresh Kamboju <naresh.kamboju@...aro.org>
To:     linux-fsdevel@...r.kernel.org,
        open list <linux-kernel@...r.kernel.org>,
        lkft-triage@...ts.linaro.org,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>, regressions@...ts.linux.dev
Cc:     Miklos Szeredi <mszeredi@...hat.com>,
        Krister Johansen <kjlx@...pleofstupid.com>,
        Dan Carpenter <dan.carpenter@...aro.org>
Subject: selftests: memfd: run_fuse_test.sh - fuse_evict_inode -
 fs/fuse/inode.c:162 - panic

Following kernel panic noticed while running selftests: memfd: run_fuse_test.sh
on arm64 Juno-r2 and x86 devices running Linux next-20231109.

Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>

log:
---
# timeout set to 45
# selftests: memfd: run_fuse_test.sh
# opening: ./mnt/memfd
# fuse: DONE
[ 1931.860330] Unable to handle kernel paging request at virtual
address 005a5a5a5a5a5a5a
[ 1931.868645] Mem abort info:
[ 1931.871505]   ESR = 0x0000000096000021
[ 1931.875311]   EC = 0x25: DABT (current EL), IL = 32 bits
[ 1931.880805]   SET = 0, FnV = 0
[ 1931.883924]   EA = 0, S1PTW = 0
[ 1931.887563]   FSC = 0x21: alignment fault
[ 1931.891618] Data abort info:
[ 1931.894542]   ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000
[ 1931.900219]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 1931.905305]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 1931.910692] [005a5a5a5a5a5a5a] address between user and kernel address ranges
[ 1931.918091] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP
[ 1931.924375] Modules linked in: gpio_sim onboard_usb_hub tda998x
hdlcd crct10dif_ce cec drm_dma_helper dm_mod [last unloaded:
gpio_mockup]
[ 1931.936789] CPU: 1 PID: 20739 Comm: fusermount Not tainted
6.6.0-next-20231109 #1
[ 1931.944295] Hardware name: ARM Juno development board (r2) (DT)
[ 1931.950224] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 1931.957205] pc : fuse_evict_inode
(arch/arm64/include/asm/atomic_ll_sc.h:96 (discriminator 3)
arch/arm64/include/asm/atomic.h:51 (discriminator 3)
include/linux/atomic/atomic-arch-fallback.h:944 (discriminator 3)
include/linux/atomic/atomic-instrumented.h:401 (discriminator 3)
include/linux/refcount.h:272 (discriminator 3)
include/linux/refcount.h:315 (discriminator 3)
include/linux/refcount.h:333 (discriminator 3) fs/fuse/inode.c:137
(discriminator 3) fs/fuse/inode.c:166 (discriminator 3))
[ 1931.961586] lr : fuse_evict_inode (fs/fuse/inode.c:162)
[ 1931.965868] sp : ffff80008792ba90
[ 1931.969189] x29: ffff80008792ba90 x28: ffff000800b58040 x27: 0000000000000000
[ 1931.976358] x26: 0000000000000000 x25: ffff800080508f98 x24: ffff80008316a008
[ 1931.983519] x23: ffff80008316a008 x22: ffff80008424a020 x21: ffff00082a514c00
[ 1931.990679] x20: 5a5a5a5a5a5a5a5a x19: ffff000838828780 x18: 0000000000000000
[ 1931.997840] x17: ffff80008050e610 x16: ffff80008050e5bc x15: ffff80008050e3e8
[ 1932.005003] x14: ffff80008050df10 x13: ffff800080769c60 x12: ffff8000851f6388
[ 1932.012165] x11: 0000000000000645 x10: 0000000000000645 x9 : ffff800081c0e0b4
[ 1932.019332] x8 : ffff80008792b988 x7 : 0000000000000000 x6 : ffff800084a75fe8
[ 1932.026495] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008424a968
[ 1932.033659] x2 : 0000000000000002 x1 : ffff000800b58040 x0 : 0000000000000001
[ 1932.040820] Call trace:
[ 1932.043272] fuse_evict_inode
(arch/arm64/include/asm/atomic_ll_sc.h:96 (discriminator 3)
arch/arm64/include/asm/atomic.h:51 (discriminator 3)
include/linux/atomic/atomic-arch-fallback.h:944 (discriminator 3)
include/linux/atomic/atomic-instrumented.h:401 (discriminator 3)
include/linux/refcount.h:272 (discriminator 3)
include/linux/refcount.h:315 (discriminator 3)
include/linux/refcount.h:333 (discriminator 3) fs/fuse/inode.c:137
(discriminator 3) fs/fuse/inode.c:166 (discriminator 3))
[ 1932.047296] evict (fs/inode.c:669)
[ 1932.050279] iput_final (fs/inode.c:1776)
[ 1932.053694] iput.part.0 (fs/inode.c:1803)
[ 1932.057280] iput (fs/inode.c:1803)
[ 1932.060085] dentry_unlink_inode (fs/dcache.c:402)
[ 1932.064281] __dentry_kill (arch/arm64/include/asm/current.h:19
arch/arm64/include/asm/preempt.h:47 fs/dcache.c:610)
[ 1932.067956] shrink_dentry_list (include/linux/list.h:373
(discriminator 2) fs/dcache.c:1179 (discriminator 2))
[ 1932.072067] shrink_dcache_parent (fs/dcache.c:1652)
[ 1932.076433] shrink_dcache_for_umount (fs/dcache.c:1682 fs/dcache.c:1698)
[ 1932.081062] generic_shutdown_super (fs/super.c:647)
[ 1932.085518] kill_anon_super (fs/super.c:1254)
[ 1932.089277] fuse_kill_sb_anon (fs/fuse/fuse_i.h:895 fs/fuse/inode.c:1912)
[ 1932.093298] deactivate_locked_super (fs/super.c:489)
[ 1932.097753] deactivate_super (fs/super.c:522)
[ 1932.101599] cleanup_mnt (fs/namespace.c:139 fs/namespace.c:1257)
[ 1932.105097] __cleanup_mnt (fs/namespace.c:1264)
[ 1932.108680] task_work_run (kernel/task_work.c:182)
[ 1932.112266] do_notify_resume (include/linux/resume_user_mode.h:49
arch/arm64/kernel/signal.c:1305)
[ 1932.116283] el0_svc (arch/arm64/kernel/entry-common.c:137
arch/arm64/kernel/entry-common.c:144
arch/arm64/kernel/entry-common.c:679)
[ 1932.119345] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:697)
[ 1932.123710] el0t_64_sync (arch/arm64/kernel/entry.S:595)
[ 1932.127383] Code: f9026a7f 17ffffd9 52800020 f9800291 (885f7e81)
All code
========
   0: f9026a7f str xzr, [x19, #1232]
   4: 17ffffd9 b 0xffffffffffffff68
   8: 52800020 mov w0, #0x1                    // #1
   c: f9800291 prfm pstl1strm, [x20]
  10:* 885f7e81 ldxr w1, [x20] <-- trapping instruction

Code starting with the faulting instruction
===========================================
   0: 885f7e81 ldxr w1, [x20]
[ 1932.133486] ---[ end trace 0000000000000000 ]---
[ 1932.138111] Kernel panic - not syncing: Oops: Fatal exception
[ 1932.143867] SMP: stopping secondary CPUs
[ 1932.148008] Kernel Offset: disabled
[ 1932.151498] CPU features: 0x1,0000020c,3c020000,0100421b
[ 1932.156820] Memory Limit: none
[ 1932.159880] ---[ end Kernel panic - not syncing: Oops: Fatal exception ]---


Links:
- https://lkft.validation.linaro.org/scheduler/job/7006578#L6164
- https://lkft.validation.linaro.org/scheduler/job/7006482#L9235

metadata:
git_ref: master
git_repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next
git_sha: b622d91ca201bf97582e9b09ebbaab005ecee86f
git_describe: next-20231109
kernel_version: 6.6.0
kernel-config:
https://storage.tuxsuite.com/public/linaro/lkft/builds/2Xv92VPrzXNNmQil9l8bJV2RQHs/config
artifact-location:
https://storage.tuxsuite.com/public/linaro/lkft/builds/2Xv92VPrzXNNmQil9l8bJV2RQHs/
toolchain: gcc-13


--
Linaro LKFT
https://lkft.linaro.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ