| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202510201610.40b1a654-lkp@intel.com>
Date: Mon, 20 Oct 2025 16:36:31 +0800
From: kernel test robot <oliver.sang@...el.com>
To: NeilBrown <neilb@...mail.net>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
<linux-fsdevel@...r.kernel.org>, <linux-xfs@...r.kernel.org>,
<linux-kernel@...r.kernel.org>, Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>, Amir Goldstein <amir73il@...il.com>,
Jeff Layton <jlayton@...nel.org>, Jan Kara <jack@...e.cz>,
<oliver.sang@...el.com>
Subject: Re: [PATCH v2 06/14] VFS: introduce start_creating_noperm() and
start_removing_noperm()
Hello,
kernel test robot noticed "kernel_BUG_at_fs/open.c" on:
commit: dc62b71efff8093d50a9e1f7321cabcb76ff8447 ("[PATCH v2 06/14] VFS: introduce start_creating_noperm() and start_removing_noperm()")
url: https://github.com/intel-lab-lkp/linux/commits/NeilBrown/debugfs-rename-end_creating-to-debugfs_end_creating/20251015-095112
base: https://git.kernel.org/cgit/linux/kernel/git/driver-core/driver-core.git 3a8660878839faadb4f1a6dd72c3179c1df56787
patch link: https://lore.kernel.org/all/20251015014756.2073439-7-neilb@ownmail.net/
patch subject: [PATCH v2 06/14] VFS: introduce start_creating_noperm() and start_removing_noperm()
in testcase: trinity
version:
with following parameters:
runtime: 300s
group: group-03
nr_groups: 5
config: x86_64-randconfig-074-20251018
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------+------------+------------+
| | 04e655aedc | dc62b71eff |
+------------------------------------------+------------+------------+
| boot_successes | 9 | 0 |
| boot_failures | 0 | 9 |
| kernel_BUG_at_fs/open.c | 0 | 9 |
| Oops:invalid_opcode:#[##] | 0 | 9 |
| RIP:dentry_open | 0 | 9 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 9 |
+------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202510201610.40b1a654-lkp@intel.com
[ 58.472072][ T3648] ------------[ cut here ]------------
[ 58.472990][ T3648] kernel BUG at fs/open.c:1116!
[ 58.479432][ T3648] Oops: invalid opcode: 0000 [#1]
[ 58.480255][ T3648] CPU: 0 UID: 192664024 PID: 3648 Comm: trinity-c2 Tainted: G T 6.18.0-rc1-00006-gdc62b71efff8 #1 PREEMPT
[ 58.482041][ T3648] Tainted: [T]=RANDSTRUCT
[ 58.482680][ T3648] RIP: 0010:dentry_open (fs/open.c:1116)
[ 58.483443][ T3648] Code: df 48 89 c3 48 89 c6 e8 90 fe ff ff 85 c0 74 0f 89 c5 48 89 df e8 82 92 00 00 48 63 c5 eb 03 48 89 d8 5b 5d c3 cc cc cc cc cc <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 66
All code
========
0: df 48 89 fisttps -0x77(%rax)
3: c3 ret
4: 48 89 c6 mov %rax,%rsi
7: e8 90 fe ff ff call 0xfffffffffffffe9c
c: 85 c0 test %eax,%eax
e: 74 0f je 0x1f
10: 89 c5 mov %eax,%ebp
12: 48 89 df mov %rbx,%rdi
15: e8 82 92 00 00 call 0x929c
1a: 48 63 c5 movslq %ebp,%rax
1d: eb 03 jmp 0x22
1f: 48 89 d8 mov %rbx,%rax
22: 5b pop %rbx
23: 5d pop %rbp
24: c3 ret
25: cc int3
26: cc int3
27: cc int3
28: cc int3
29: cc int3
2a:* 0f 0b ud2 <-- trapping instruction
2c: 66 66 66 66 66 66 2e data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
33: 0f 1f 84 00 00 00 00
3a: 00
3b: 66 data16
3c: 66 data16
3d: 66 data16
3e: 66 data16
3f: 66 data16
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 66 66 66 66 66 66 2e data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
9: 0f 1f 84 00 00 00 00
10: 00
11: 66 data16
12: 66 data16
13: 66 data16
14: 66 data16
15: 66 data16
[ 58.486214][ T3648] RSP: 0018:ffff88813b80fe20 EFLAGS: 00010246
[ 58.487088][ T3648] RAX: 0000000000000001 RBX: ffff888142398000 RCX: ffff888142354000
[ 58.488074][ T3648] RDX: ffff88813acdc000 RSI: 00000000fffffff9 RDI: ffff88813b80fe58
[ 58.489177][ T3648] RBP: 0000000000000213 R08: 0000000000000000 R09: 0000000000000000
[ 58.490214][ T3648] R10: ffff888141f59a90 R11: ffffffff81960fc9 R12: 0000000000000000
[ 58.491333][ T3648] R13: 00000000fffffff9 R14: ffff888102692798 R15: ffff888142354000
[ 58.492445][ T3648] FS: 00000000357bf880(0000) GS:0000000000000000(0000) knlGS:0000000000000000
[ 58.493720][ T3648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 58.494658][ T3648] CR2: 00007ffffffff000 CR3: 0000000142163000 CR4: 00000000000406b0
[ 58.495806][ T3648] Call Trace:
[ 58.496319][ T3648] <TASK>
[ 58.496723][ T3648] do_mq_open (ipc/mqueue.c:923)
[ 58.497381][ T3648] __x64_sys_mq_open (ipc/mqueue.c:949 ipc/mqueue.c:942 ipc/mqueue.c:942)
[ 58.498090][ T3648] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 58.498979][ T3648] do_syscall_64 (arch/x86/entry/syscall_64.c:?)
[ 58.499657][ T3648] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 58.500484][ T3648] RIP: 0033:0x463519
[ 58.501061][ T3648] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 59 00 00 c3 66 2e 0f 1f 84 00 00 00 00
All code
========
0: 00 f3 add %dh,%bl
2: c3 ret
3: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
a: 00 00 00
d: 0f 1f 40 00 nopl 0x0(%rax)
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 0f 83 db 59 00 00 jae 0x5a11
36: c3 ret
37: 66 data16
38: 2e cs
39: 0f .byte 0xf
3a: 1f (bad)
3b: 84 00 test %al,(%rax)
3d: 00 00 add %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 0f 83 db 59 00 00 jae 0x59e7
c: c3 ret
d: 66 data16
e: 2e cs
f: 0f .byte 0xf
10: 1f (bad)
11: 84 00 test %al,(%rax)
13: 00 00 add %al,(%rax)
...
[ 58.503916][ T3648] RSP: 002b:00007ffc376f2be8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0
[ 58.505150][ T3648] RAX: ffffffffffffffda RBX: 00000000000000f0 RCX: 0000000000463519
[ 58.506312][ T3648] RDX: 0000000000000030 RSI: fffffffffffffff9 RDI: 00007f9ad403e000
[ 58.507487][ T3648] RBP: 00007f9ad4949000 R08: 0000000030010000 R09: 0000000001000000
[ 58.508586][ T3648] R10: 00007f9ad403e008 R11: 0000000000000246 R12: 0000000000000002
[ 58.509732][ T3648] R13: 00007f9ad4949058 R14: 00000000357bf850 R15: 00007f9ad4949000
[ 58.510897][ T3648] </TASK>
[ 58.511374][ T3648] Modules linked in:
[ 58.512025][ T3648] ---[ end trace 0000000000000000 ]---
[ 58.524399][ T3648] RIP: 0010:dentry_open (fs/open.c:1116)
[ 58.527033][ T3648] Code: df 48 89 c3 48 89 c6 e8 90 fe ff ff 85 c0 74 0f 89 c5 48 89 df e8 82 92 00 00 48 63 c5 eb 03 48 89 d8 5b 5d c3 cc cc cc cc cc <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 66
All code
========
0: df 48 89 fisttps -0x77(%rax)
3: c3 ret
4: 48 89 c6 mov %rax,%rsi
7: e8 90 fe ff ff call 0xfffffffffffffe9c
c: 85 c0 test %eax,%eax
e: 74 0f je 0x1f
10: 89 c5 mov %eax,%ebp
12: 48 89 df mov %rbx,%rdi
15: e8 82 92 00 00 call 0x929c
1a: 48 63 c5 movslq %ebp,%rax
1d: eb 03 jmp 0x22
1f: 48 89 d8 mov %rbx,%rax
22: 5b pop %rbx
23: 5d pop %rbp
24: c3 ret
25: cc int3
26: cc int3
27: cc int3
28: cc int3
29: cc int3
2a:* 0f 0b ud2 <-- trapping instruction
2c: 66 66 66 66 66 66 2e data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
33: 0f 1f 84 00 00 00 00
3a: 00
3b: 66 data16
3c: 66 data16
3d: 66 data16
3e: 66 data16
3f: 66 data16
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 66 66 66 66 66 66 2e data16 data16 data16 data16 data16 cs nopw 0x0(%rax,%rax,1)
9: 0f 1f 84 00 00 00 00
10: 00
11: 66 data16
12: 66 data16
13: 66 data16
14: 66 data16
15: 66 data16
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20251020/202510201610.40b1a654-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists