lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Jan 2022 14:17:28 +0800 From: kernel test robot <oliver.sang@...el.com> To: ycaibb <ycaibb@...il.com> Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org, edumazet@...gle.com, davem@...emloft.net, yoshfuji@...ux-ipv6.org, dsahern@...nel.org, kuba@...nel.org, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org, kafai@...com, songliubraving@...com, yhs@...com, john.fastabend@...il.com, kpsingh@...nel.org, netdev@...r.kernel.org, bpf@...r.kernel.org, ycaibb@...il.com Subject: [ipv4] 604258c8f5: BUG:sleeping_function_called_from_invalid_context_at_lib/iov_iter.c Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 604258c8f5a9792828f54e55769ca1673c4a34ee ("[PATCH] ipv4: fix lock leaks") url: https://github.com/0day-ci/linux/commits/ycaibb/ipv4-fix-lock-leaks/20220121-111241 base: https://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git 8aaaf2f3af2ae212428f4db1af34214225f5cec3 patch link: https://lore.kernel.org/netdev/20220121031108.4813-1-ycaibb@gmail.com in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu Icelake-Server -smp 4 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +---------------------------------------------------------------------+------------+------------+ | | 8aaaf2f3af | 604258c8f5 | +---------------------------------------------------------------------+------------+------------+ | BUG:sleeping_function_called_from_invalid_context_at_lib/iov_iter.c | 0 | 9 | | WARNING:at_lib/iov_iter.c:#copyout | 0 | 9 | | EIP:copyout | 0 | 9 | | WARNING:at_lib/usercopy.c:#_copy_from_user | 0 | 9 | | EIP:_copy_from_user | 0 | 9 | | WARNING:at_lib/usercopy.c:#_copy_to_user | 0 | 9 | | EIP:_copy_to_user | 0 | 9 | | WARNING:at_fs/read_write.c:#vfs_read | 0 | 9 | | EIP:vfs_read | 0 | 9 | | WARNING:at_arch/x86/include/asm/uaccess.h:#strncpy_from_user | 0 | 9 | | EIP:strncpy_from_user | 0 | 9 | | Kernel_panic-not_syncing:Aiee,killing_interrupt_handler | 0 | 9 | +---------------------------------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot <oliver.sang@...el.com> [ 13.500024][ C1] BUG: sleeping function called from invalid context at lib/iov_iter.c:666 [ 13.500030][ C1] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 335, name: dropbearkey [ 13.500032][ C1] preempt_count: 7ffffffe, expected: 0 [ 13.500035][ C1] CPU: 1 PID: 335 Comm: dropbearkey Not tainted 5.16.0-rc8-02291-g604258c8f5a9 #1 [ 13.500038][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 13.500040][ C1] Call Trace: [ 13.500045][ C1] dump_stack_lvl (lib/dump_stack.c:107) [ 13.500053][ C1] dump_stack (lib/dump_stack.c:114) [ 13.500056][ C1] __might_resched.cold (kernel/sched/core.c:9539 kernel/sched/core.c:9492) [ 13.500063][ C1] __might_sleep (kernel/sched/core.c:9468 (discriminator 14)) [ 13.500070][ C1] __might_fault (mm/memory.c:5255) [ 13.500076][ C1] _copy_to_iter (lib/iov_iter.c:667) [ 13.500081][ C1] ? __check_heap_object (mm/slub.c:4508) [ 13.500087][ C1] ? __check_object_size (mm/usercopy.c:240 mm/usercopy.c:286 mm/usercopy.c:256) [ 13.500092][ C1] seq_read_iter (include/linux/uio.h:155 fs/seq_file.c:281) [ 13.500099][ C1] seq_read (fs/seq_file.c:163) [ 13.500104][ C1] ? seq_read_iter (fs/seq_file.c:152) [ 13.500108][ C1] proc_reg_read (fs/proc/inode.c:311 fs/proc/inode.c:323) [ 13.500114][ C1] ? proc_reg_unlocked_ioctl (fs/proc/inode.c:316) [ 13.500117][ C1] vfs_read (fs/read_write.c:479) [ 13.500123][ C1] ? kern_select (fs/select.c:720) [ 13.500128][ C1] ksys_read (fs/read_write.c:620) [ 13.500132][ C1] __ia32_sys_read (fs/read_write.c:627) [ 13.500135][ C1] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132) [ 13.500144][ C1] entry_INT80_32 (arch/x86/entry/entry_32.S:981) [ 13.500148][ C1] EIP: 0xb7f3e07f [ 13.500152][ C1] Code: 24 04 53 56 57 55 8b 01 85 c0 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5d> 5f 5e 5b c3 5d 5f 5e 5b e9 30 09 00 00 65 8b 15 04 00 00 00 8b All code ======== 0: 24 04 and $0x4,%al 2: 53 push %rbx 3: 56 push %rsi 4: 57 push %rdi 5: 55 push %rbp 6: 8b 01 mov (%rcx),%eax 8: 85 c0 test %eax,%eax a: 75 23 jne 0x2f c: 8b 44 24 18 mov 0x18(%rsp),%eax 10: 8b 5c 24 1c mov 0x1c(%rsp),%ebx 14: 8b 4c 24 20 mov 0x20(%rsp),%ecx 18: 8b 54 24 24 mov 0x24(%rsp),%edx 1c: 8b 74 24 28 mov 0x28(%rsp),%esi 20: 8b 7c 24 2c mov 0x2c(%rsp),%edi 24: 8b 6c 24 30 mov 0x30(%rsp),%ebp 28: cd 80 int $0x80 2a:* 5d pop %rbp <-- trapping instruction 2b: 5f pop %rdi 2c: 5e pop %rsi 2d: 5b pop %rbx 2e: c3 retq 2f: 5d pop %rbp 30: 5f pop %rdi 31: 5e pop %rsi 32: 5b pop %rbx 33: e9 30 09 00 00 jmpq 0x968 38: 65 8b 15 04 00 00 00 mov %gs:0x4(%rip),%edx # 0x43 3f: 8b .byte 0x8b Code starting with the faulting instruction =========================================== 0: 5d pop %rbp 1: 5f pop %rdi 2: 5e pop %rsi 3: 5b pop %rbx 4: c3 retq 5: 5d pop %rbp 6: 5f pop %rdi 7: 5e pop %rsi 8: 5b pop %rbx 9: e9 30 09 00 00 jmpq 0x93e e: 65 8b 15 04 00 00 00 mov %gs:0x4(%rip),%edx # 0x19 15: 8b .byte 0x8b [ 13.500155][ C1] EAX: ffffffda EBX: 00000001 ECX: bfde6b0c EDX: 00001000 [ 13.500158][ C1] ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: bfde69bc [ 13.500160][ C1] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246 [ 13.500197][ C1] ------------[ cut here ]------------ [ 13.500198][ C1] WARNING: CPU: 1 PID: 335 at lib/iov_iter.c:155 copyout (lib/iov_iter.c:155) [ 13.500206][ C1] Modules linked in: [ 13.500209][ C1] CPU: 1 PID: 335 Comm: dropbearkey Tainted: G W 5.16.0-rc8-02291-g604258c8f5a9 #1 [ 13.500212][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 13.500213][ C1] EIP: copyout (lib/iov_iter.c:155) [ 13.500216][ C1] Code: 8b 89 a8 0f 00 00 85 c9 74 20 89 c1 01 d9 72 11 81 f9 00 00 00 c0 77 09 89 c1 89 d8 e8 41 d2 05 00 5b 5d c3 8d b6 00 00 00 00 <0f> 0b eb dc eb 32 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 8d b4 All code ======== 0: 8b 89 a8 0f 00 00 mov 0xfa8(%rcx),%ecx 6: 85 c9 test %ecx,%ecx 8: 74 20 je 0x2a a: 89 c1 mov %eax,%ecx c: 01 d9 add %ebx,%ecx e: 72 11 jb 0x21 10: 81 f9 00 00 00 c0 cmp $0xc0000000,%ecx 16: 77 09 ja 0x21 18: 89 c1 mov %eax,%ecx 1a: 89 d8 mov %ebx,%eax 1c: e8 41 d2 05 00 callq 0x5d262 21: 5b pop %rbx 22: 5d pop %rbp 23: c3 retq 24: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi 2a:* 0f 0b ud2 <-- trapping instruction 2c: eb dc jmp 0xa 2e: eb 32 jmp 0x62 30: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi 37: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi 3e: 8d .byte 0x8d 3f: b4 .byte 0xb4 Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: eb dc jmp 0xffffffffffffffe0 4: eb 32 jmp 0x38 6: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi d: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi 14: 8d .byte 0x8d 15: b4 .byte 0xb4 [ 13.500219][ C1] EAX: 00000384 EBX: bfde6b0c ECX: 00000000 EDX: f544b000 [ 13.500221][ C1] ESI: 00000000 EDI: 00000384 EBP: f5623dfc ESP: f5623df8 [ 13.500223][ C1] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010246 [ 13.500230][ C1] CR0: 80050033 CR2: 0805fff1 CR3: 3561a000 CR4: 00350ef0 [ 13.500233][ C1] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 13.500235][ C1] DR6: fffe0ff0 DR7: 00000400 [ 13.500237][ C1] Call Trace: [ 13.500239][ C1] _copy_to_iter (lib/iov_iter.c:667 (discriminator 8)) [ 13.500242][ C1] ? __check_heap_object (mm/slub.c:4508) [ 13.500246][ C1] ? __check_object_size (mm/usercopy.c:240 mm/usercopy.c:286 mm/usercopy.c:256) [ 13.500249][ C1] seq_read_iter (include/linux/uio.h:155 fs/seq_file.c:281) [ 13.500253][ C1] seq_read (fs/seq_file.c:163) [ 13.500257][ C1] ? seq_read_iter (fs/seq_file.c:152) [ 13.500261][ C1] proc_reg_read (fs/proc/inode.c:311 fs/proc/inode.c:323) [ 13.500264][ C1] ? proc_reg_unlocked_ioctl (fs/proc/inode.c:316) [ 13.500268][ C1] vfs_read (fs/read_write.c:479) [ 13.500272][ C1] ? kern_select (fs/select.c:720) [ 13.500275][ C1] ksys_read (fs/read_write.c:620) [ 13.500279][ C1] __ia32_sys_read (fs/read_write.c:627) [ 13.500283][ C1] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132) [ 13.500287][ C1] entry_INT80_32 (arch/x86/entry/entry_32.S:981) [ 13.500290][ C1] EIP: 0xb7f3e07f [ 13.500292][ C1] Code: 24 04 53 56 57 55 8b 01 85 c0 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5d> 5f 5e 5b c3 5d 5f 5e 5b e9 30 09 00 00 65 8b 15 04 00 00 00 8b All code ======== 0: 24 04 and $0x4,%al 2: 53 push %rbx 3: 56 push %rsi 4: 57 push %rdi 5: 55 push %rbp 6: 8b 01 mov (%rcx),%eax 8: 85 c0 test %eax,%eax a: 75 23 jne 0x2f c: 8b 44 24 18 mov 0x18(%rsp),%eax 10: 8b 5c 24 1c mov 0x1c(%rsp),%ebx 14: 8b 4c 24 20 mov 0x20(%rsp),%ecx 18: 8b 54 24 24 mov 0x24(%rsp),%edx 1c: 8b 74 24 28 mov 0x28(%rsp),%esi 20: 8b 7c 24 2c mov 0x2c(%rsp),%edi 24: 8b 6c 24 30 mov 0x30(%rsp),%ebp 28: cd 80 int $0x80 2a:* 5d pop %rbp <-- trapping instruction 2b: 5f pop %rdi 2c: 5e pop %rsi 2d: 5b pop %rbx 2e: c3 retq 2f: 5d pop %rbp 30: 5f pop %rdi 31: 5e pop %rsi 32: 5b pop %rbx 33: e9 30 09 00 00 jmpq 0x968 38: 65 8b 15 04 00 00 00 mov %gs:0x4(%rip),%edx # 0x43 3f: 8b .byte 0x8b Code starting with the faulting instruction =========================================== 0: 5d pop %rbp 1: 5f pop %rdi 2: 5e pop %rsi 3: 5b pop %rbx 4: c3 retq 5: 5d pop %rbp 6: 5f pop %rdi 7: 5e pop %rsi 8: 5b pop %rbx 9: e9 30 09 00 00 jmpq 0x93e e: 65 8b 15 04 00 00 00 mov %gs:0x4(%rip),%edx # 0x19 15: 8b .byte 0x8b [ 13.500295][ C1] EAX: ffffffda EBX: 00000001 ECX: bfde6b0c EDX: 00001000 [ 13.500297][ C1] ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: bfde69bc [ 13.500299][ C1] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246 [ 13.500303][ C1] ---[ end trace b04bb3a5693a52f3 ]--- [ 13.500330][ C1] ------------[ cut here ]------------ To reproduce: # build kernel cd linux cp config-5.16.0-rc8-02291-g604258c8f5a9 .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install cd <mod-install-dir> find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang View attachment "config-5.16.0-rc8-02291-g604258c8f5a9" of type "text/plain" (141020 bytes) View attachment "job-script" of type "text/plain" (4622 bytes) Download attachment "dmesg.xz" of type "application/x-xz" (13532 bytes)
Powered by blists - more mailing lists