lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202405151506.639f3fc9-oliver.sang@intel.com>
Date: Wed, 15 May 2024 16:16:35 +0800
From: kernel test robot <oliver.sang@...el.com>
To: David Howells <dhowells@...hat.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
	Steve French <sfrench@...ba.org>, Shyam Prasad N <nspmangalore@...il.com>,
	Rohith Surabattula <rohiths.msft@...il.com>, Jeff Layton
	<jlayton@...nel.org>, <netfs@...ts.linux.dev>,
	<linux-fsdevel@...r.kernel.org>, <linux-cifs@...r.kernel.org>,
	<samba-technical@...ts.samba.org>, <oliver.sang@...el.com>
Subject: [linus:master] [cifs]  3ee1a1fc39: canonical_address#:#[##]



Hello,

kernel test robot noticed "canonical_address#:#[##]" on:

commit: 3ee1a1fc39819906f04d6c62c180e760cd3a689d ("cifs: Cut over to using netfslib")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test still failed on linus/master 4f8b6f25eb1e51febd426da764a0b0ea652ad238]
[test still failed on linux-next/master 26dd54d03cd94ecc035d9e1e9fd4fc0f3ab311cf]
[test still failed on fix commit 14b1cd25346b1d615616a9c2dfdad9b4e6581e0d]

in testcase: xfstests
version: xfstests-x86_64-0e5c12df-1_20240430
with following parameters:

	disk: 4HDD
	fs: ext4
	fs2: smbv3
	test: generic-group-03



compiler: gcc-13
test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (Skylake) with 32G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)



If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202405151506.639f3fc9-oliver.sang@intel.com


[  428.991058][  T306]
[  429.032352][  T306] generic/035       [expunged]
[  429.032372][  T306]
[  429.110038][ T1629] run fstests generic/036 at 2024-05-05 13:17:33
[  430.012974][   T10] ==================================================================
[  430.014766][   T42] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
[ 430.020950][ T10] BUG: KASAN: slab-use-after-free in netfs_write_collection_worker (kbuild/src/consumer/fs/netfs/write_collect.c:693) 
[  430.032914][   T42] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[  430.041739][   T10] Read of size 8 at addr ffff888209bef808 by task kworker/u16:0/10
[  430.050041][   T42] CPU: 3 PID: 42 Comm: kworker/u16:2 Tainted: G S                 6.9.0-rc6-00034-g3ee1a1fc3981 #1
[  430.057819][   T10]
[  430.057821][   T10] CPU: 2 PID: 10 Comm: kworker/u16:0 Tainted: G S                 6.9.0-rc6-00034-g3ee1a1fc3981 #1
[  430.068389][   T42] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017
[  430.070583][   T10] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017
[  430.081152][   T42] Workqueue: events_unbound netfs_write_collection_worker
[  430.089277][   T10] Workqueue: events_unbound netfs_write_collection_worker
[  430.097401][   T42]
[  430.104393][   T10]
[ 430.111386][ T42] RIP: 0010:aio_complete_rw (kbuild/src/consumer/fs/aio.c:1507) 
[  430.113579][   T10] Call Trace:
[  430.113581][   T10]  <TASK>
[ 430.115772][ T42] Code: 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8b ad a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 01 0f 8e 1a 04 00 00 0f b7 45 00 66 25
All code
========
   0:	00 48 89             	add    %cl,-0x77(%rax)
   3:	fa                   	cli    
   4:	48 c1 ea 03          	shr    $0x3,%rdx
   8:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   c:	0f 85 2b 04 00 00    	jne    0x43d
  12:	48 8b ad a8 00 00 00 	mov    0xa8(%rbp),%rbp
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df 
  23:	48 89 ea             	mov    %rbp,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
  2a:*	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax		<-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	74 08                	je     0x3a
  32:	3c 01                	cmp    $0x1,%al
  34:	0f 8e 1a 04 00 00    	jle    0x454
  3a:	0f b7 45 00          	movzwl 0x0(%rbp),%eax
  3e:	66                   	data16
  3f:	25                   	.byte 0x25

Code starting with the faulting instruction
===========================================
   0:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
   4:	84 c0                	test   %al,%al
   6:	74 08                	je     0x10
   8:	3c 01                	cmp    $0x1,%al
   a:	0f 8e 1a 04 00 00    	jle    0x42a
  10:	0f b7 45 00          	movzwl 0x0(%rbp),%eax
  14:	66                   	data16
  15:	25                   	.byte 0x25
[ 430.121193][ T10] dump_stack_lvl (kbuild/src/consumer/lib/dump_stack.c:117) 
[  430.124345][   T42] RSP: 0018:ffffc90000337d18 EFLAGS: 00010246
[ 430.127150][ T10] print_address_description+0x30/0x410 
[  430.146700][   T42]
[ 430.151076][ T10] ? netfs_write_collection_worker (kbuild/src/consumer/fs/netfs/write_collect.c:693) 
[  430.157019][   T42] RAX: dffffc0000000000 RBX: ffff888269500300 RCX: 0000000000000000
[ 430.163490][ T10] print_report (kbuild/src/consumer/mm/kasan/report.c:489) 
[  430.165683][   T42] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffc90000337ce0
[ 430.171723][ T10] ? kasan_addr_to_slab (kbuild/src/consumer/mm/kasan/common.c:37) 
[  430.179601][   T42] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1041350f07
[ 430.183897][ T10] ? netfs_write_collection_worker (kbuild/src/consumer/fs/netfs/write_collect.c:693) 
[  430.191773][   T42] R10: ffff888209a8783f R11: 0000000000000400 R12: ffff888269500390
[ 430.196594][ T10] kasan_report (kbuild/src/consumer/mm/kasan/report.c:603) 
[  430.204460][   T42] R13: 0000000000000200 R14: 0000000000000200 R15: ffff888269500398
[ 430.210493][ T10] ? netfs_write_collection_worker (kbuild/src/consumer/fs/netfs/write_collect.c:693) 
[  430.218354][   T42] FS:  0000000000000000(0000) GS:ffff888795180000(0000) knlGS:0000000000000000
[ 430.222641][ T10] netfs_write_collection_worker (kbuild/src/consumer/fs/netfs/write_collect.c:693) 
[  430.230506][   T42] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 430.236538][ T10] process_one_work (kbuild/src/consumer/kernel/workqueue.c:3254) 
[  430.245360][   T42] CR2: 00007efd4765f000 CR3: 000000081a85a001 CR4: 00000000003706f0
[ 430.251220][ T10] worker_thread (kbuild/src/consumer/kernel/workqueue.c:3329 (discriminator 2) kbuild/src/consumer/kernel/workqueue.c:3416 (discriminator 2)) 
[  430.257686][   T42] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 430.262498][ T10] ? __pfx_worker_thread (kbuild/src/consumer/kernel/workqueue.c:3362) 
[  430.270360][   T42] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 430.274909][ T10] kthread (kbuild/src/consumer/kernel/kthread.c:388) 
[  430.282775][   T42] Call Trace:
[ 430.287759][ T10] ? __pfx_kthread (kbuild/src/consumer/kernel/kthread.c:341) 
[  430.295623][   T42]  <TASK>
[ 430.299564][ T10] ret_from_fork (kbuild/src/consumer/arch/x86/kernel/process.c:147) 
[ 430.302716][ T42] ? die_addr (kbuild/src/consumer/arch/x86/kernel/dumpstack.c:421 kbuild/src/consumer/arch/x86/kernel/dumpstack.c:460) 
[ 430.307176][ T10] ? __pfx_kthread (kbuild/src/consumer/kernel/kthread.c:341) 


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240515/202405151506.639f3fc9-oliver.sang@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ