lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202406151528.626affe4-oliver.sang@intel.com>
Date: Sat, 15 Jun 2024 16:00:35 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Ingo Molnar <mingo@...nel.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
	<x86@...nel.org>, Oleg Nesterov <oleg@...hat.com>, Andy Lutomirski
	<luto@...nel.org>, Borislav Petkov <bp@...en8.de>, Fenghua Yu
	<fenghua.yu@...el.com>, "H. Peter Anvin" <hpa@...or.com>, Linus Torvalds
	<torvalds@...ux-foundation.org>, Dave Hansen <dave.hansen@...ux.intel.com>,
	Thomas Gleixner <tglx@...utronix.de>, Uros Bizjak <ubizjak@...il.com>,
	<oliver.sang@...el.com>
Subject: [tip:WIP.x86/fpu] [x86/fpu]  81106b7e0b: kernel_BUG_at_mm/usercopy.c



Hello,

kernel test robot noticed "kernel_BUG_at_mm/usercopy.c" on:

commit: 81106b7e0b136e96a4116efdd5fe3df2b6a478b9 ("x86/fpu: Make task_struct::thread constant size")
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git WIP.x86/fpu

in testcase: boot

compiler: gcc-13
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+------------------------------------------+------------+------------+
|                                          | c822542ba0 | 81106b7e0b |
+------------------------------------------+------------+------------+
| boot_successes                           | 6          | 0          |
| boot_failures                            | 0          | 6          |
| kernel_BUG_at_mm/usercopy.c              | 0          | 6          |
| Oops:invalid_opcode:#[##]PREEMPT         | 0          | 6          |
| EIP:usercopy_abort                       | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 6          |
+------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202406151528.626affe4-oliver.sang@intel.com


[   22.451041][  T128] ------------[ cut here ]------------
[   22.451886][  T128] kernel BUG at mm/usercopy.c:102!
[   22.452684][  T128] Oops: invalid opcode: 0000 [#1] PREEMPT
[   22.453567][  T128] CPU: 0 PID: 128 Comm: nfs-utils_env.s Not tainted 6.10.0-rc3-00003-g81106b7e0b13 #1
[   22.454983][  T128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 22.456474][ T128] EIP: usercopy_abort (mm/usercopy.c:102) 
[ 22.457246][ T128] Code: c9 89 44 24 0c 0f 45 cb 8b 5d 0c 89 74 24 10 89 4c 24 04 c7 04 24 50 bc 5e c9 89 5c 24 20 8b 5d 08 89 5c 24 1c e8 87 03 df ff <0f> 0b b8 94 16 bd c9 e8 fb b8 7c 00 ba b2 dd 53 c9 89 55 f0 89 d6
All code
========
   0:	c9                   	leave
   1:	89 44 24 0c          	mov    %eax,0xc(%rsp)
   5:	0f 45 cb             	cmovne %ebx,%ecx
   8:	8b 5d 0c             	mov    0xc(%rbp),%ebx
   b:	89 74 24 10          	mov    %esi,0x10(%rsp)
   f:	89 4c 24 04          	mov    %ecx,0x4(%rsp)
  13:	c7 04 24 50 bc 5e c9 	movl   $0xc95ebc50,(%rsp)
  1a:	89 5c 24 20          	mov    %ebx,0x20(%rsp)
  1e:	8b 5d 08             	mov    0x8(%rbp),%ebx
  21:	89 5c 24 1c          	mov    %ebx,0x1c(%rsp)
  25:	e8 87 03 df ff       	call   0xffffffffffdf03b1
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	b8 94 16 bd c9       	mov    $0xc9bd1694,%eax
  31:	e8 fb b8 7c 00       	call   0x7cb931
  36:	ba b2 dd 53 c9       	mov    $0xc953ddb2,%edx
  3b:	89 55 f0             	mov    %edx,-0x10(%rbp)
  3e:	89 d6                	mov    %edx,%esi

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	b8 94 16 bd c9       	mov    $0xc9bd1694,%eax
   7:	e8 fb b8 7c 00       	call   0x7cb907
   c:	ba b2 dd 53 c9       	mov    $0xc953ddb2,%edx
  11:	89 55 f0             	mov    %edx,-0x10(%rbp)
  14:	89 d6                	mov    %edx,%esi
[   22.459949][  T128] EAX: 00000068 EBX: 00001640 ECX: 00000000 EDX: 00000000
[   22.460949][  T128] ESI: c94cf3fb EDI: c94dc8a4 EBP: ec1f3c6c ESP: ec1f3c38
[   22.461961][  T128] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010246
[   22.463133][  T128] CR0: 80050033 CR2: 0062807c CR3: 2c016aa0 CR4: 000406f0
[   22.464147][  T128] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   22.465130][  T128] DR6: fffe0ff0 DR7: 00000400
[   22.465875][  T128] Call Trace:
[ 22.466464][ T128] ? show_regs (arch/x86/kernel/dumpstack.c:479) 
[ 22.467142][ T128] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) 
[ 22.467764][ T128] ? do_trap (arch/x86/kernel/traps.c:114 arch/x86/kernel/traps.c:155) 
[ 22.468412][ T128] ? do_error_trap (arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:176) 
[ 22.469115][ T128] ? usercopy_abort (mm/usercopy.c:102) 
[ 22.469833][ T128] ? exc_overflow (arch/x86/kernel/traps.c:252) 
[ 22.470522][ T128] ? exc_invalid_op (arch/x86/kernel/traps.c:267) 
[ 22.471267][ T128] ? usercopy_abort (mm/usercopy.c:102) 
[ 22.484908][ T128] ? handle_exception (arch/x86/entry/entry_32.S:1047) 
[ 22.485714][ T128] ? cpu_latency_qos_update_request (kernel/power/qos.c:311) 
[ 22.486588][ T128] ? exc_overflow (arch/x86/kernel/traps.c:252) 
[ 22.487277][ T128] ? usercopy_abort (mm/usercopy.c:102) 
[ 22.487991][ T128] ? exc_overflow (arch/x86/kernel/traps.c:252) 
[ 22.488682][ T128] ? usercopy_abort (mm/usercopy.c:102) 
[ 22.489399][ T128] __check_heap_object (mm/slub.c:5509) 
[ 22.490145][ T128] check_heap_object (mm/usercopy.c:196) 
[ 22.490904][ T128] __check_object_size (mm/usercopy.c:113 mm/usercopy.c:127 mm/usercopy.c:254 mm/usercopy.c:213) 
[ 22.491681][ T128] copy_from_buffer (include/linux/uaccess.h:183 arch/x86/kernel/fpu/xstate.c:1202) 
[ 22.492401][ T128] copy_uabi_to_xstate (arch/x86/kernel/fpu/xstate.c:1282 (discriminator 1)) 
[ 22.493151][ T128] copy_sigframe_from_user_to_xstate (arch/x86/kernel/fpu/xstate.c:1333) 
[ 22.494036][ T128] __fpu_restore_sig (arch/x86/kernel/fpu/signal.c:396 (discriminator 1)) 
[ 22.494785][ T128] fpu__restore_sig (arch/x86/kernel/fpu/signal.c:497 (discriminator 1)) 
[ 22.495501][ T128] ia32_restore_sigcontext (arch/x86/kernel/signal_32.c:123) 
[ 22.496318][ T128] __do_sys_sigreturn (arch/x86/kernel/signal_32.c:139 (discriminator 1)) 
[ 22.497061][ T128] ia32_sys_call (arch/x86/entry/syscall_32.c:42) 
[ 22.497784][ T128] do_int80_syscall_32 (arch/x86/entry/common.c:165 (discriminator 1) arch/x86/entry/common.c:339 (discriminator 1)) 
[ 22.498530][ T128] ? __do_sys_vfork (kernel/fork.c:2903) 
[ 22.499251][ T128] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4599) 
[ 22.500172][ T128] ? switch_fpu_return (arch/x86/include/asm/trace/fpu.h:57 (discriminator 2) arch/x86/kernel/fpu/context.h:50 (discriminator 2) arch/x86/kernel/fpu/context.h:76 (discriminator 2) arch/x86/kernel/fpu/core.c:788 (discriminator 2)) 
[ 22.500903][ T128] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 22.501733][ T128] ? do_int80_syscall_32 (arch/x86/entry/common.c:343) 
[ 22.502481][ T128] ? irqentry_exit (kernel/entry/common.c:367) 
[ 22.503186][ T128] ? do_fast_syscall_32 (arch/x86/entry/common.c:411 (discriminator 1)) 
[ 22.503932][ T128] entry_INT80_32 (arch/x86/entry/entry_32.S:944) 
[   22.504637][  T128] EIP: 0xb7fa4579
[ 22.505239][ T128] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
All code
========
   0:	b8 01 10 06 03       	mov    $0x3061001,%eax
   5:	74 b4                	je     0xffffffffffffffbb
   7:	01 10                	add    %edx,(%rax)
   9:	07                   	(bad)
   a:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
   e:	10 08                	adc    %cl,(%rax)
  10:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
	...
  20:	00 51 52             	add    %dl,0x52(%rcx)
  23:	55                   	push   %rbp
  24:	89 e5                	mov    %esp,%ebp
  26:	0f 34                	sysenter
  28:	cd 80                	int    $0x80
  2a:*	5d                   	pop    %rbp		<-- trapping instruction
  2b:	5a                   	pop    %rdx
  2c:	59                   	pop    %rcx
  2d:	c3                   	ret
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	8d 76 00             	lea    0x0(%rsi),%esi
  35:	58                   	pop    %rax
  36:	b8 77 00 00 00       	mov    $0x77,%eax
  3b:	cd 80                	int    $0x80
  3d:	90                   	nop
  3e:	8d                   	.byte 0x8d
  3f:	76                   	.byte 0x76

Code starting with the faulting instruction
===========================================
   0:	5d                   	pop    %rbp
   1:	5a                   	pop    %rdx
   2:	59                   	pop    %rcx
   3:	c3                   	ret
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	8d 76 00             	lea    0x0(%rsi),%esi
   b:	58                   	pop    %rax
   c:	b8 77 00 00 00       	mov    $0x77,%eax
  11:	cd 80                	int    $0x80
  13:	90                   	nop
  14:	8d                   	.byte 0x8d
  15:	76                   	.byte 0x76


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240615/202406151528.626affe4-oliver.sang@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ