| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202505211627.1f9b653f-lkp@intel.com>
Date: Wed, 21 May 2025 16:42:46 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Ard Biesheuvel <ardb@...nel.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
<oliver.sang@...el.com>
Subject: [ardb:x86-startup-confine-v4] [x86/cpu] 287f9245fe:
BUG:unable_to_handle_page_fault_for_address
Hello,
kernel test robot noticed "BUG:unable_to_handle_page_fault_for_address" on:
commit: 287f9245fe1003a1cdb1462ad7a7da1f33622d91 ("x86/cpu: Move CPU capability override arrays from BSS to __ro_after_init")
https://git.kernel.org/cgit/linux/kernel/git/ardb/linux.git x86-startup-confine-v4
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: tasks-rude
config: x86_64-randconfig-001-20250518
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | d38f99f00e | 287f9245fe |
+---------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 0 | 6 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 6 |
| Oops | 0 | 6 |
| RIP:clear_feature | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202505211627.1f9b653f-lkp@intel.com
[ 86.680641][ T0] BUG: unable to handle page fault for address: ffffffff8393e998
[ 86.682137][ T0] #PF: supervisor write access in kernel mode
[ 86.683176][ T0] #PF: error_code(0x0003) - permissions violation
[ 86.684292][ T0] PGD 3af1067 P4D 3af1067 PUD 3af2063 PMD 15eb4b163 PTE 800000000393e021
[ 86.685847][ T0] Oops: Oops: 0003 [#1] SMP KASAN PTI
[ 86.686846][ T0] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc6-00373-g287f9245fe10 #1 PREEMPTLAZY
[ 86.688595][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 86.690483][ T0] RIP: 0010:clear_feature (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/include/asm/bitops.h:60 kbuild/obj/consumer/x86_64-randconfig-001-20250518/include/asm-generic/bitops/instrumented-atomic.h:29 kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/cpuid-deps.c:104 kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/cpuid-deps.c:95)
[ 86.691951][ T0] Code: 48 c1 fb 06 48 c1 e3 03 48 85 ff 75 28 48 c7 c7 60 17 b0 84 e8 3a 00 00 00 48 8d bb 98 e9 93 83 be 08 00 00 00 e8 1f 7e 5d 00 <f0> 4c 0f ab 25 d7 9d 6a 02 eb 19 48 8d 6f 30 be 08 00 00 00 48 8d
All code
========
0: 48 c1 fb 06 sar $0x6,%rbx
4: 48 c1 e3 03 shl $0x3,%rbx
8: 48 85 ff test %rdi,%rdi
b: 75 28 jne 0x35
d: 48 c7 c7 60 17 b0 84 mov $0xffffffff84b01760,%rdi
14: e8 3a 00 00 00 call 0x53
19: 48 8d bb 98 e9 93 83 lea -0x7c6c1668(%rbx),%rdi
20: be 08 00 00 00 mov $0x8,%esi
25: e8 1f 7e 5d 00 call 0x5d7e49
2a:* f0 4c 0f ab 25 d7 9d lock bts %r12,0x26a9dd7(%rip) # 0x26a9e0a <-- trapping instruction
31: 6a 02
33: eb 19 jmp 0x4e
35: 48 8d 6f 30 lea 0x30(%rdi),%rbp
39: be 08 00 00 00 mov $0x8,%esi
3e: 48 rex.W
3f: 8d .byte 0x8d
Code starting with the faulting instruction
===========================================
0: f0 4c 0f ab 25 d7 9d lock bts %r12,0x26a9dd7(%rip) # 0x26a9de0
7: 6a 02
9: eb 19 jmp 0x24
b: 48 8d 6f 30 lea 0x30(%rdi),%rbp
f: be 08 00 00 00 mov $0x8,%esi
14: 48 rex.W
15: 8d .byte 0x8d
[ 86.693646][ T0] RSP: 0000:ffffc9000013fc40 EFLAGS: 00010046
[ 86.694204][ T0] RAX: fffffbfff0727d01 RBX: 0000000000000000 RCX: fffffbfff0727d34
[ 86.694858][ T0] RDX: fffffbfff0727d34 RSI: 0000000000000008 RDI: ffffffff8393e998
[ 86.695516][ T0] RBP: 1ffff92000027f8e R08: fffffbfff0727d34 R09: 0000000000000001
[ 86.696174][ T0] R10: ffffffff81294bb8 R11: fffffbfff0727d33 R12: 000000000000001b
[ 86.696611][ T0] R13: ffff8883af027188 R14: ffff8883af027120 R15: dffffc0000000000
[ 86.697022][ T0] FS: 0000000000000000(0000) GS:ffff888429d78000(0000) knlGS:0000000000000000
[ 86.697483][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.697825][ T0] CR2: ffffffff8393e998 CR3: 0000000003aee000 CR4: 00000000000406b0
[ 86.698235][ T0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 86.698645][ T0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 86.699053][ T0] Call Trace:
[ 86.699231][ T0] <TASK>
[ 86.699390][ T0] do_clear_cpu_cap (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/cpuid-deps.c:128 (discriminator 1))
[ 86.699646][ T0] ? clear_feature (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/cpuid-deps.c:114)
[ 86.699891][ T0] ? topology_get_logical_id (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/include/asm/bitops.h:227 (discriminator 8) kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/include/asm/bitops.h:239 (discriminator 8) kbuild/obj/consumer/x86_64-randconfig-001-20250518/include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 8) kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/topology.c:333 (discriminator 8))
[ 86.700177][ T0] ? topo_set_ids (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/topology_common.c:188)
[ 86.700467][ T0] early_init_intel (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/include/asm/bitops.h:206 kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/include/asm/bitops.h:238 kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/intel.c:336)
[ 86.700731][ T0] init_intel (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/intel.c:542)
[ 86.700959][ T0] ? early_init_intel (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/intel.c:537)
[ 86.701227][ T0] ? get_cpu_cap (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/common.c:1052)
[ 86.701473][ T0] identify_cpu (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/common.c:1959)
[ 86.701715][ T0] ? get_cpu_address_sizes (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/common.c:1905)
[ 86.702011][ T0] ? __set_pages_p (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/mm/pat/set_memory.c:851)
[ 86.702267][ T0] identify_secondary_cpu (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/common.c:2091)
[ 86.702551][ T0] start_secondary (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/smpboot.c:199 kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/smpboot.c:283)
[ 86.702803][ T0] common_startup_64 (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/head_64.S:419)
[ 86.703068][ T0] </TASK>
[ 86.703233][ T0] Modules linked in: rcutorture torture polyval_clmulni polyval_generic processor ghash_clmulni_intel sha1_ssse3 ipmi_devintf ipmi_msghandler drm drm_panel_orientation_quirks dm_mod dax qemu_fw_cfg autofs4
[ 86.704298][ T0] CR2: ffffffff8393e998
[ 86.704523][ T0] ---[ end trace 0000000000000000 ]---
[ 86.704807][ T0] RIP: 0010:clear_feature (kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/include/asm/bitops.h:60 kbuild/obj/consumer/x86_64-randconfig-001-20250518/include/asm-generic/bitops/instrumented-atomic.h:29 kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/cpuid-deps.c:104 kbuild/obj/consumer/x86_64-randconfig-001-20250518/arch/x86/kernel/cpu/cpuid-deps.c:95)
[ 86.705083][ T0] Code: 48 c1 fb 06 48 c1 e3 03 48 85 ff 75 28 48 c7 c7 60 17 b0 84 e8 3a 00 00 00 48 8d bb 98 e9 93 83 be 08 00 00 00 e8 1f 7e 5d 00 <f0> 4c 0f ab 25 d7 9d 6a 02 eb 19 48 8d 6f 30 be 08 00 00 00 48 8d
All code
========
0: 48 c1 fb 06 sar $0x6,%rbx
4: 48 c1 e3 03 shl $0x3,%rbx
8: 48 85 ff test %rdi,%rdi
b: 75 28 jne 0x35
d: 48 c7 c7 60 17 b0 84 mov $0xffffffff84b01760,%rdi
14: e8 3a 00 00 00 call 0x53
19: 48 8d bb 98 e9 93 83 lea -0x7c6c1668(%rbx),%rdi
20: be 08 00 00 00 mov $0x8,%esi
25: e8 1f 7e 5d 00 call 0x5d7e49
2a:* f0 4c 0f ab 25 d7 9d lock bts %r12,0x26a9dd7(%rip) # 0x26a9e0a <-- trapping instruction
31: 6a 02
33: eb 19 jmp 0x4e
35: 48 8d 6f 30 lea 0x30(%rdi),%rbp
39: be 08 00 00 00 mov $0x8,%esi
3e: 48 rex.W
3f: 8d .byte 0x8d
Code starting with the faulting instruction
===========================================
0: f0 4c 0f ab 25 d7 9d lock bts %r12,0x26a9dd7(%rip) # 0x26a9de0
7: 6a 02
9: eb 19 jmp 0x24
b: 48 8d 6f 30 lea 0x30(%rdi),%rbp
f: be 08 00 00 00 mov $0x8,%esi
14: 48 rex.W
15: 8d .byte 0x8d
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250521/202505211627.1f9b653f-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists