| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Jan 2022 14:17:28 +0800
From: kernel test robot <oliver.sang@...el.com>
To: ycaibb <ycaibb@...il.com>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, edumazet@...gle.com, davem@...emloft.net,
yoshfuji@...ux-ipv6.org, dsahern@...nel.org, kuba@...nel.org,
ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
kafai@...com, songliubraving@...com, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org,
netdev@...r.kernel.org, bpf@...r.kernel.org, ycaibb@...il.com
Subject: [ipv4] 604258c8f5:
BUG:sleeping_function_called_from_invalid_context_at_lib/iov_iter.c
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 604258c8f5a9792828f54e55769ca1673c4a34ee ("[PATCH] ipv4: fix lock leaks")
url: https://github.com/0day-ci/linux/commits/ycaibb/ipv4-fix-lock-leaks/20220121-111241
base: https://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git 8aaaf2f3af2ae212428f4db1af34214225f5cec3
patch link: https://lore.kernel.org/netdev/20220121031108.4813-1-ycaibb@gmail.com
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu Icelake-Server -smp 4 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------------------------------+------------+------------+
| | 8aaaf2f3af | 604258c8f5 |
+---------------------------------------------------------------------+------------+------------+
| BUG:sleeping_function_called_from_invalid_context_at_lib/iov_iter.c | 0 | 9 |
| WARNING:at_lib/iov_iter.c:#copyout | 0 | 9 |
| EIP:copyout | 0 | 9 |
| WARNING:at_lib/usercopy.c:#_copy_from_user | 0 | 9 |
| EIP:_copy_from_user | 0 | 9 |
| WARNING:at_lib/usercopy.c:#_copy_to_user | 0 | 9 |
| EIP:_copy_to_user | 0 | 9 |
| WARNING:at_fs/read_write.c:#vfs_read | 0 | 9 |
| EIP:vfs_read | 0 | 9 |
| WARNING:at_arch/x86/include/asm/uaccess.h:#strncpy_from_user | 0 | 9 |
| EIP:strncpy_from_user | 0 | 9 |
| Kernel_panic-not_syncing:Aiee,killing_interrupt_handler | 0 | 9 |
+---------------------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 13.500024][ C1] BUG: sleeping function called from invalid context at lib/iov_iter.c:666
[ 13.500030][ C1] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 335, name: dropbearkey
[ 13.500032][ C1] preempt_count: 7ffffffe, expected: 0
[ 13.500035][ C1] CPU: 1 PID: 335 Comm: dropbearkey Not tainted 5.16.0-rc8-02291-g604258c8f5a9 #1
[ 13.500038][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 13.500040][ C1] Call Trace:
[ 13.500045][ C1] dump_stack_lvl (lib/dump_stack.c:107)
[ 13.500053][ C1] dump_stack (lib/dump_stack.c:114)
[ 13.500056][ C1] __might_resched.cold (kernel/sched/core.c:9539 kernel/sched/core.c:9492)
[ 13.500063][ C1] __might_sleep (kernel/sched/core.c:9468 (discriminator 14))
[ 13.500070][ C1] __might_fault (mm/memory.c:5255)
[ 13.500076][ C1] _copy_to_iter (lib/iov_iter.c:667)
[ 13.500081][ C1] ? __check_heap_object (mm/slub.c:4508)
[ 13.500087][ C1] ? __check_object_size (mm/usercopy.c:240 mm/usercopy.c:286 mm/usercopy.c:256)
[ 13.500092][ C1] seq_read_iter (include/linux/uio.h:155 fs/seq_file.c:281)
[ 13.500099][ C1] seq_read (fs/seq_file.c:163)
[ 13.500104][ C1] ? seq_read_iter (fs/seq_file.c:152)
[ 13.500108][ C1] proc_reg_read (fs/proc/inode.c:311 fs/proc/inode.c:323)
[ 13.500114][ C1] ? proc_reg_unlocked_ioctl (fs/proc/inode.c:316)
[ 13.500117][ C1] vfs_read (fs/read_write.c:479)
[ 13.500123][ C1] ? kern_select (fs/select.c:720)
[ 13.500128][ C1] ksys_read (fs/read_write.c:620)
[ 13.500132][ C1] __ia32_sys_read (fs/read_write.c:627)
[ 13.500135][ C1] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132)
[ 13.500144][ C1] entry_INT80_32 (arch/x86/entry/entry_32.S:981)
[ 13.500148][ C1] EIP: 0xb7f3e07f
[ 13.500152][ C1] Code: 24 04 53 56 57 55 8b 01 85 c0 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5d> 5f 5e 5b c3 5d 5f 5e 5b e9 30 09 00 00 65 8b 15 04 00 00 00 8b
All code
========
0: 24 04 and $0x4,%al
2: 53 push %rbx
3: 56 push %rsi
4: 57 push %rdi
5: 55 push %rbp
6: 8b 01 mov (%rcx),%eax
8: 85 c0 test %eax,%eax
a: 75 23 jne 0x2f
c: 8b 44 24 18 mov 0x18(%rsp),%eax
10: 8b 5c 24 1c mov 0x1c(%rsp),%ebx
14: 8b 4c 24 20 mov 0x20(%rsp),%ecx
18: 8b 54 24 24 mov 0x24(%rsp),%edx
1c: 8b 74 24 28 mov 0x28(%rsp),%esi
20: 8b 7c 24 2c mov 0x2c(%rsp),%edi
24: 8b 6c 24 30 mov 0x30(%rsp),%ebp
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5f pop %rdi
2c: 5e pop %rsi
2d: 5b pop %rbx
2e: c3 retq
2f: 5d pop %rbp
30: 5f pop %rdi
31: 5e pop %rsi
32: 5b pop %rbx
33: e9 30 09 00 00 jmpq 0x968
38: 65 8b 15 04 00 00 00 mov %gs:0x4(%rip),%edx # 0x43
3f: 8b .byte 0x8b
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5f pop %rdi
2: 5e pop %rsi
3: 5b pop %rbx
4: c3 retq
5: 5d pop %rbp
6: 5f pop %rdi
7: 5e pop %rsi
8: 5b pop %rbx
9: e9 30 09 00 00 jmpq 0x93e
e: 65 8b 15 04 00 00 00 mov %gs:0x4(%rip),%edx # 0x19
15: 8b .byte 0x8b
[ 13.500155][ C1] EAX: ffffffda EBX: 00000001 ECX: bfde6b0c EDX: 00001000
[ 13.500158][ C1] ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: bfde69bc
[ 13.500160][ C1] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[ 13.500197][ C1] ------------[ cut here ]------------
[ 13.500198][ C1] WARNING: CPU: 1 PID: 335 at lib/iov_iter.c:155 copyout (lib/iov_iter.c:155)
[ 13.500206][ C1] Modules linked in:
[ 13.500209][ C1] CPU: 1 PID: 335 Comm: dropbearkey Tainted: G W 5.16.0-rc8-02291-g604258c8f5a9 #1
[ 13.500212][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 13.500213][ C1] EIP: copyout (lib/iov_iter.c:155)
[ 13.500216][ C1] Code: 8b 89 a8 0f 00 00 85 c9 74 20 89 c1 01 d9 72 11 81 f9 00 00 00 c0 77 09 89 c1 89 d8 e8 41 d2 05 00 5b 5d c3 8d b6 00 00 00 00 <0f> 0b eb dc eb 32 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 8d b4
All code
========
0: 8b 89 a8 0f 00 00 mov 0xfa8(%rcx),%ecx
6: 85 c9 test %ecx,%ecx
8: 74 20 je 0x2a
a: 89 c1 mov %eax,%ecx
c: 01 d9 add %ebx,%ecx
e: 72 11 jb 0x21
10: 81 f9 00 00 00 c0 cmp $0xc0000000,%ecx
16: 77 09 ja 0x21
18: 89 c1 mov %eax,%ecx
1a: 89 d8 mov %ebx,%eax
1c: e8 41 d2 05 00 callq 0x5d262
21: 5b pop %rbx
22: 5d pop %rbp
23: c3 retq
24: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
2a:* 0f 0b ud2 <-- trapping instruction
2c: eb dc jmp 0xa
2e: eb 32 jmp 0x62
30: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
37: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
3e: 8d .byte 0x8d
3f: b4 .byte 0xb4
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: eb dc jmp 0xffffffffffffffe0
4: eb 32 jmp 0x38
6: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
d: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
14: 8d .byte 0x8d
15: b4 .byte 0xb4
[ 13.500219][ C1] EAX: 00000384 EBX: bfde6b0c ECX: 00000000 EDX: f544b000
[ 13.500221][ C1] ESI: 00000000 EDI: 00000384 EBP: f5623dfc ESP: f5623df8
[ 13.500223][ C1] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010246
[ 13.500230][ C1] CR0: 80050033 CR2: 0805fff1 CR3: 3561a000 CR4: 00350ef0
[ 13.500233][ C1] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 13.500235][ C1] DR6: fffe0ff0 DR7: 00000400
[ 13.500237][ C1] Call Trace:
[ 13.500239][ C1] _copy_to_iter (lib/iov_iter.c:667 (discriminator 8))
[ 13.500242][ C1] ? __check_heap_object (mm/slub.c:4508)
[ 13.500246][ C1] ? __check_object_size (mm/usercopy.c:240 mm/usercopy.c:286 mm/usercopy.c:256)
[ 13.500249][ C1] seq_read_iter (include/linux/uio.h:155 fs/seq_file.c:281)
[ 13.500253][ C1] seq_read (fs/seq_file.c:163)
[ 13.500257][ C1] ? seq_read_iter (fs/seq_file.c:152)
[ 13.500261][ C1] proc_reg_read (fs/proc/inode.c:311 fs/proc/inode.c:323)
[ 13.500264][ C1] ? proc_reg_unlocked_ioctl (fs/proc/inode.c:316)
[ 13.500268][ C1] vfs_read (fs/read_write.c:479)
[ 13.500272][ C1] ? kern_select (fs/select.c:720)
[ 13.500275][ C1] ksys_read (fs/read_write.c:620)
[ 13.500279][ C1] __ia32_sys_read (fs/read_write.c:627)
[ 13.500283][ C1] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132)
[ 13.500287][ C1] entry_INT80_32 (arch/x86/entry/entry_32.S:981)
[ 13.500290][ C1] EIP: 0xb7f3e07f
[ 13.500292][ C1] Code: 24 04 53 56 57 55 8b 01 85 c0 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5d> 5f 5e 5b c3 5d 5f 5e 5b e9 30 09 00 00 65 8b 15 04 00 00 00 8b
All code
========
0: 24 04 and $0x4,%al
2: 53 push %rbx
3: 56 push %rsi
4: 57 push %rdi
5: 55 push %rbp
6: 8b 01 mov (%rcx),%eax
8: 85 c0 test %eax,%eax
a: 75 23 jne 0x2f
c: 8b 44 24 18 mov 0x18(%rsp),%eax
10: 8b 5c 24 1c mov 0x1c(%rsp),%ebx
14: 8b 4c 24 20 mov 0x20(%rsp),%ecx
18: 8b 54 24 24 mov 0x24(%rsp),%edx
1c: 8b 74 24 28 mov 0x28(%rsp),%esi
20: 8b 7c 24 2c mov 0x2c(%rsp),%edi
24: 8b 6c 24 30 mov 0x30(%rsp),%ebp
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5f pop %rdi
2c: 5e pop %rsi
2d: 5b pop %rbx
2e: c3 retq
2f: 5d pop %rbp
30: 5f pop %rdi
31: 5e pop %rsi
32: 5b pop %rbx
33: e9 30 09 00 00 jmpq 0x968
38: 65 8b 15 04 00 00 00 mov %gs:0x4(%rip),%edx # 0x43
3f: 8b .byte 0x8b
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5f pop %rdi
2: 5e pop %rsi
3: 5b pop %rbx
4: c3 retq
5: 5d pop %rbp
6: 5f pop %rdi
7: 5e pop %rsi
8: 5b pop %rbx
9: e9 30 09 00 00 jmpq 0x93e
e: 65 8b 15 04 00 00 00 mov %gs:0x4(%rip),%edx # 0x19
15: 8b .byte 0x8b
[ 13.500295][ C1] EAX: ffffffda EBX: 00000001 ECX: bfde6b0c EDX: 00001000
[ 13.500297][ C1] ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: bfde69bc
[ 13.500299][ C1] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[ 13.500303][ C1] ---[ end trace b04bb3a5693a52f3 ]---
[ 13.500330][ C1] ------------[ cut here ]------------
To reproduce:
# build kernel
cd linux
cp config-5.16.0-rc8-02291-g604258c8f5a9 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.16.0-rc8-02291-g604258c8f5a9" of type "text/plain" (141020 bytes)
View attachment "job-script" of type "text/plain" (4622 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (13532 bytes)
Powered by blists - more mailing lists