lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202311292134.366c9c0b-oliver.sang@intel.com>
Date:   Thu, 30 Nov 2023 09:39:53 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     David Howells <dhowells@...hat.com>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        Steve French <sfrench@...ba.org>,
        Shyam Prasad N <nspmangalore@...il.com>,
        "Rohith Surabattula" <rohiths.msft@...il.com>,
        Jeff Layton <jlayton@...nel.org>, <linux-cifs@...r.kernel.org>,
        <samba-technical@...ts.samba.org>, <dhowells@...hat.com>,
        <linux-kernel@...r.kernel.org>, <oliver.sang@...el.com>
Subject: Re: [PATCH] cifs: Set the file size after doing copychunk_range



Hello,

kernel test robot noticed "kernel_BUG_at_include/linux/highmem.h" on:

commit: 7ea84f5cb7518fa39de48aadafa14f129e9463c5 ("[PATCH] cifs: Set the file size after doing copychunk_range")
url: https://github.com/intel-lab-lkp/linux/commits/David-Howells/cifs-Set-the-file-size-after-doing-copychunk_range/20231125-055345
base: git://git.samba.org/sfrench/cifs-2.6.git for-next
patch link: https://lore.kernel.org/all/1297339.1700862676@warthog.procyon.org.uk/
patch subject: [PATCH] cifs: Set the file size after doing copychunk_range

in testcase: xfstests
version: xfstests-x86_64-11914614-1_20231122
with following parameters:

	disk: 4HDD
	fs: ext4
	fs2: smbv2
	test: generic-group-11



compiler: gcc-12
test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (Skylake) with 32G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)



If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202311292134.366c9c0b-oliver.sang@intel.com


[  207.421597][ T2704] ------------[ cut here ]------------
[  207.427162][ T2704] kernel BUG at include/linux/highmem.h:275!
[  207.433050][ T2704] invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[  207.439375][ T2704] CPU: 3 PID: 2704 Comm: fsx Tainted: G S                 6.7.0-rc2-00006-g7ea84f5cb751 #1
[  207.449260][ T2704] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017
[ 207.457394][ T2704] RIP: 0010:zero_user_segments (include/linux/mm.h:2069 include/linux/highmem.h:284) 
[ 207.464138][ T2704] Code: 41 5e 41 5f c3 48 89 df 89 ea 31 f6 4c 29 f7 44 29 e2 48 c1 ff 06 48 c1 e7 0c 4c 01 ef 4c 01 e7 e8 4f 7e 08 02 e9 5a ff ff ff <0f> 0b 48 89 df e8 60 13 1a 00 eb 91 4c 89 ef e8 36 13 1a 00 eb ae
All code
========
   0:	41 5e                	pop    %r14
   2:	41 5f                	pop    %r15
   4:	c3                   	retq   
   5:	48 89 df             	mov    %rbx,%rdi
   8:	89 ea                	mov    %ebp,%edx
   a:	31 f6                	xor    %esi,%esi
   c:	4c 29 f7             	sub    %r14,%rdi
   f:	44 29 e2             	sub    %r12d,%edx
  12:	48 c1 ff 06          	sar    $0x6,%rdi
  16:	48 c1 e7 0c          	shl    $0xc,%rdi
  1a:	4c 01 ef             	add    %r13,%rdi
  1d:	4c 01 e7             	add    %r12,%rdi
  20:	e8 4f 7e 08 02       	callq  0x2087e74
  25:	e9 5a ff ff ff       	jmpq   0xffffffffffffff84
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	48 89 df             	mov    %rbx,%rdi
  2f:	e8 60 13 1a 00       	callq  0x1a1394
  34:	eb 91                	jmp    0xffffffffffffffc7
  36:	4c 89 ef             	mov    %r13,%rdi
  39:	e8 36 13 1a 00       	callq  0x1a1374
  3e:	eb ae                	jmp    0xffffffffffffffee

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	48 89 df             	mov    %rbx,%rdi
   5:	e8 60 13 1a 00       	callq  0x1a136a
   a:	eb 91                	jmp    0xffffffffffffff9d
   c:	4c 89 ef             	mov    %r13,%rdi
   f:	e8 36 13 1a 00       	callq  0x1a134a
  14:	eb ae                	jmp    0xffffffffffffffc4
[  207.483716][ T2704] RSP: 0018:ffffc90008f6f9d0 EFLAGS: 00010297
[  207.489673][ T2704] RAX: 0000000000001000 RBX: ffffea0004b3fac0 RCX: ffffffff817f36f2
[  207.497547][ T2704] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffea0004b3fac0
[  207.505421][ T2704] RBP: 00000000fffe35b2 R08: 0000000000000000 R09: fffff94000967f58
[  207.513295][ T2704] R10: ffffea0004b3fac7 R11: 0000000000000230 R12: 00000000000007f6
[  207.521168][ T2704] R13: ffff888000000000 R14: ffffea0000000000 R15: 00000000fffe35b2
[  207.529042][ T2704] FS:  00007f21a955d740(0000) GS:ffff88879c380000(0000) knlGS:0000000000000000
[  207.537887][ T2704] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  207.544376][ T2704] CR2: 00007f21a94bf000 CR3: 000000012e1f2002 CR4: 00000000003706f0
[  207.552250][ T2704] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  207.560125][ T2704] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  207.568001][ T2704] Call Trace:
[  207.571162][ T2704]  <TASK>
[ 207.573971][ T2704] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) 
[ 207.577572][ T2704] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153) 
[ 207.581695][ T2704] ? zero_user_segments (include/linux/mm.h:2069 include/linux/highmem.h:284) 
[ 207.587832][ T2704] ? do_error_trap (arch/x86/include/asm/traps.h:59 arch/x86/kernel/traps.c:174) 
[ 207.592317][ T2704] ? zero_user_segments (include/linux/mm.h:2069 include/linux/highmem.h:284) 
[ 207.598445][ T2704] ? handle_invalid_op (arch/x86/kernel/traps.c:212) 
[ 207.603265][ T2704] ? zero_user_segments (include/linux/mm.h:2069 include/linux/highmem.h:284) 
[ 207.609394][ T2704] ? exc_invalid_op (arch/x86/kernel/traps.c:265) 
[ 207.613953][ T2704] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) 
[ 207.618875][ T2704] ? zero_user_segments (include/linux/instrumented.h:68 include/asm-generic/bitops/instrumented-non-atomic.h:141 include/linux/mm.h:1063 include/linux/mm.h:1300 include/linux/highmem.h:275) 
[ 207.624919][ T2704] ? zero_user_segments (include/linux/mm.h:2069 include/linux/highmem.h:284) 
[ 207.631050][ T2704] ? folio_wait_writeback (arch/x86/include/asm/bitops.h:206 arch/x86/include/asm/bitops.h:238 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/page-flags.h:513 mm/page-writeback.c:3063) 
[ 207.636219][ T2704] truncate_inode_partial_folio (include/linux/page-flags.h:1113 include/linux/page-flags.h:1118 mm/truncate.c:238) 
[ 207.642001][ T2704] truncate_inode_pages_range (mm/truncate.c:379) 
[ 207.647609][ T2704] ? truncate_inode_partial_folio (mm/truncate.c:331) 
[ 207.653570][ T2704] ? _raw_spin_lock (arch/x86/include/asm/atomic.h:115 include/linux/atomic/atomic-arch-fallback.h:2164 include/linux/atomic/atomic-instrumented.h:1296 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154) 
[ 207.658139][ T2704] ? filemap_check_errors (arch/x86/include/asm/bitops.h:206 (discriminator 6) arch/x86/include/asm/bitops.h:238 (discriminator 6) include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 6) mm/filemap.c:350 (discriminator 6)) 
[ 207.663229][ T2704] cifs_file_copychunk_range (fs/smb/client/cifsfs.c:1312) cifs
[ 207.669432][ T2704] cifs_copy_file_range (fs/smb/client/cifsfs.c:1365) cifs
[ 207.675110][ T2704] vfs_copy_file_range (fs/read_write.c:1509) 
[ 207.680199][ T2704] ? generic_file_rw_checks (fs/read_write.c:1478) 
[ 207.685630][ T2704] ? kernel_write (fs/read_write.c:565) 
[ 207.690186][ T2704] ? preempt_notifier_dec (kernel/sched/core.c:10106) 
[ 207.695268][ T2704] ? smb3_llseek (fs/smb/client/smb2ops.c:3770) cifs
[ 207.700419][ T2704] __do_sys_copy_file_range (fs/read_write.c:1595) 
[ 207.705863][ T2704] ? vfs_copy_file_range (fs/read_write.c:1561) 
[ 207.711206][ T2704] ? ksys_write (fs/read_write.c:637) 
[ 207.715499][ T2704] ? __ia32_sys_read (fs/read_write.c:627) 
[ 207.720145][ T2704] ? fpregs_restore_userregs (arch/x86/include/asm/bitops.h:75 include/asm-generic/bitops/instrumented-atomic.h:42 include/linux/thread_info.h:94 arch/x86/kernel/fpu/context.h:79) 
[ 207.725576][ T2704] do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82) 
[ 207.729885][ T2704] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) 
[  207.735664][ T2704] RIP: 0033:0x7f21a9654f29
[ 207.739958][ T2704] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 37 8f 0d 00 f7 d8 64 89 01 48
All code
========
   0:	00 c3                	add    %al,%bl
   2:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
   9:	00 00 00 
   c:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  11:	48 89 f8             	mov    %rdi,%rax
  14:	48 89 f7             	mov    %rsi,%rdi
  17:	48 89 d6             	mov    %rdx,%rsi
  1a:	48 89 ca             	mov    %rcx,%rdx
  1d:	4d 89 c2             	mov    %r8,%r10
  20:	4d 89 c8             	mov    %r9,%r8
  23:	4c 8b 4c 24 08       	mov    0x8(%rsp),%r9
  28:	0f 05                	syscall 
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	retq   
  33:	48 8b 0d 37 8f 0d 00 	mov    0xd8f37(%rip),%rcx        # 0xd8f71
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	73 01                	jae    0x9
   8:	c3                   	retq   
   9:	48 8b 0d 37 8f 0d 00 	mov    0xd8f37(%rip),%rcx        # 0xd8f47
  10:	f7 d8                	neg    %eax
  12:	64 89 01             	mov    %eax,%fs:(%rcx)
  15:	48                   	rex.W


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20231129/202311292134.366c9c0b-oliver.sang@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ