From: kernel test robot <oliver.sang@intel.com>
To: Stas Sergeev <stsp2@yandex.ru>
Cc: oe-lkp@lists.linux.dev, lkp@intel.com,
"Stefan Metzmacher" <metze@samba.org>,
"Eric Biederman" <ebiederm@xmission.com>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
"Andy Lutomirski" <luto@kernel.org>,
"Christian Brauner" <brauner@kernel.org>,
"Jan Kara" <jack@suse.cz>, "Jeff Layton" <jlayton@kernel.org>,
"Chuck Lever" <chuck.lever@oracle.com>,
"Alexander Aring" <alex.aring@gmail.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Christian Göttsche" <cgzones@googlemail.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
"Stas Sergeev" <stsp2@yandex.ru>,
"David Laight" <David.Laight@aculab.com>,
linux-api@vger.kernel.org, oliver.sang@intel.com
Subject: Re: [PATCH 2/2] openat2: add OA2_INHERIT_CRED flag
Date: Thu, 25 Apr 2024 21:50:03 +0800 [thread overview]
Message-ID: <202404252107.3c18eed2-lkp@intel.com> (raw)
In-Reply-To: <20240424105248.189032-3-stsp2@yandex.ru>
Hello,
kernel test robot noticed "BUG:KASAN:wild-memory-access_in_terminate_walk" on:
commit: 97bb54b42b1d6150e9ae11a7bf7833ed9f8c471d ("[PATCH 2/2] openat2: add OA2_INHERIT_CRED flag")
url: https://github.com/intel-lab-lkp/linux/commits/Stas-Sergeev/fs-reorganize-path_openat/20240424-185527
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 9d1ddab261f3e2af7c384dc02238784ce0cf9f98
patch link: https://lore.kernel.org/all/20240424105248.189032-3-stsp2@yandex.ru/
patch subject: [PATCH 2/2] openat2: add OA2_INHERIT_CRED flag
in testcase: boot
compiler: clang-17
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------------------------------------------------+------------+------------+
| | 831d3c6cc6 | 97bb54b42b |
+---------------------------------------------------------------------------------------+------------+------------+
| BUG:KASAN:wild-memory-access_in_terminate_walk | 0 | 12 |
| canonical_address#:#[##] | 0 | 12 |
| RIP:terminate_walk | 0 | 12 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 12 |
+---------------------------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202404252107.3c18eed2-lkp@intel.com
[ 2.555857][ T16] BUG: KASAN: wild-memory-access in terminate_walk (include/linux/instrumented.h:? include/linux/atomic/atomic-instrumented.h:400 include/linux/refcount.h:264 include/linux/refcount.h:307 include/linux/refcount.h:325 fs/namei.c:702)
[ 2.556181][ T16] Write of size 4 at addr aaaaaaaaaaaaaaaa by task kdevtmpfs/16
[ 2.556181][ T16]
[ 2.556181][ T16] CPU: 0 PID: 16 Comm: kdevtmpfs Tainted: G T 6.9.0-rc5-00038-g97bb54b42b1d #1 c90cc2d91176f38ca16e85ead0a72934082854cd
[ 2.556181][ T16] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 2.556181][ T16] Call Trace:
[ 2.556181][ T16] <TASK>
[ 2.556181][ T16] dump_stack_lvl (lib/dump_stack.c:116)
[ 2.556181][ T16] print_report (mm/kasan/report.c:?)
[ 2.556181][ T16] ? kasan_report (mm/kasan/report.c:214 mm/kasan/report.c:590)
[ 2.556181][ T16] ? terminate_walk (include/linux/instrumented.h:? include/linux/atomic/atomic-instrumented.h:400 include/linux/refcount.h:264 include/linux/refcount.h:307 include/linux/refcount.h:325 fs/namei.c:702)
[ 2.556181][ T16] kasan_report (mm/kasan/report.c:603)
[ 2.556181][ T16] ? terminate_walk (include/linux/instrumented.h:? include/linux/atomic/atomic-instrumented.h:400 include/linux/refcount.h:264 include/linux/refcount.h:307 include/linux/refcount.h:325 fs/namei.c:702)
[ 2.556181][ T16] kasan_check_range (mm/kasan/generic.c:?)
[ 2.556181][ T16] terminate_walk (include/linux/instrumented.h:? include/linux/atomic/atomic-instrumented.h:400 include/linux/refcount.h:264 include/linux/refcount.h:307 include/linux/refcount.h:325 fs/namei.c:702)
[ 2.556181][ T16] path_lookupat (fs/namei.c:2515)
[ 2.556181][ T16] filename_lookup (fs/namei.c:2526)
[ 2.556181][ T16] kern_path (fs/namei.c:2634)
[ 2.556181][ T16] init_mount (fs/init.c:22)
[ 2.556181][ T16] devtmpfs_setup (drivers/base/devtmpfs.c:419)
[ 2.556181][ T16] devtmpfsd (drivers/base/devtmpfs.c:436)
[ 2.556181][ T16] kthread (kernel/kthread.c:390)
[ 2.556181][ T16] ? vclkdev_alloc (drivers/base/devtmpfs.c:435)
[ 2.556181][ T16] ? kthread_unuse_mm (kernel/kthread.c:341)
[ 2.556181][ T16] ret_from_fork (arch/x86/kernel/process.c:153)
[ 2.556181][ T16] ? kthread_unuse_mm (kernel/kthread.c:341)
[ 2.556181][ T16] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
[ 2.556181][ T16] </TASK>
[ 2.556181][ T16] ==================================================================
[ 2.556184][ T16] Disabling lock debugging due to kernel taint
[ 2.556901][ T16] general protection fault, probably for non-canonical address 0xaaaaaaaaaaaaaaaa: 0000 [#1] KASAN PTI
[ 2.558131][ T16] CPU: 0 PID: 16 Comm: kdevtmpfs Tainted: G B T 6.9.0-rc5-00038-g97bb54b42b1d #1 c90cc2d91176f38ca16e85ead0a72934082854cd
[ 2.559653][ T16] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 2.560181][ T16] RIP: 0010:terminate_walk (arch/x86/include/asm/atomic.h:103 include/linux/atomic/atomic-arch-fallback.h:949 include/linux/atomic/atomic-instrumented.h:401 include/linux/refcount.h:264 include/linux/refcount.h:307 include/linux/refcount.h:325 fs/namei.c:702)
[ 2.560181][ T16] Code: 03 43 80 3c 2e 00 74 08 4c 89 ff e8 01 61 f4 ff 49 8b 1f 48 85 db 74 41 48 89 df be 04 00 00 00 e8 dc 61 f4 ff b8 ff ff ff ff <0f> c1 03 83 f8 01 75 25 43 80 3c 2e 00 74 08 4c 89 ff e8 d0 60 f4
All code
========
0: 03 43 80 add -0x80(%rbx),%eax
3: 3c 2e cmp $0x2e,%al
5: 00 74 08 4c add %dh,0x4c(%rax,%rcx,1)
9: 89 ff mov %edi,%edi
b: e8 01 61 f4 ff call 0xfffffffffff46111
10: 49 8b 1f mov (%r15),%rbx
13: 48 85 db test %rbx,%rbx
16: 74 41 je 0x59
18: 48 89 df mov %rbx,%rdi
1b: be 04 00 00 00 mov $0x4,%esi
20: e8 dc 61 f4 ff call 0xfffffffffff46201
25: b8 ff ff ff ff mov $0xffffffff,%eax
2a:* 0f c1 03 xadd %eax,(%rbx) <-- trapping instruction
2d: 83 f8 01 cmp $0x1,%eax
30: 75 25 jne 0x57
32: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1)
37: 74 08 je 0x41
39: 4c 89 ff mov %r15,%rdi
3c: e8 .byte 0xe8
3d: d0 60 f4 shlb -0xc(%rax)
Code starting with the faulting instruction
===========================================
0: 0f c1 03 xadd %eax,(%rbx)
3: 83 f8 01 cmp $0x1,%eax
6: 75 25 jne 0x2d
8: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1)
d: 74 08 je 0x17
f: 4c 89 ff mov %r15,%rdi
12: e8 .byte 0xe8
13: d0 60 f4 shlb -0xc(%rax)
[ 2.560181][ T16] RSP: 0000:ffffc9000010fc40 EFLAGS: 00010246
[ 2.560181][ T16] RAX: 00000000ffffffff RBX: aaaaaaaaaaaaaaaa RCX: ffffffff811e4a0f
[ 2.560181][ T16] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffffff8792adc0
[ 2.560181][ T16] RBP: 0000000000000011 R08: ffffffff8792adc7 R09: 1ffffffff0f255b8
[ 2.560181][ T16] R10: dffffc0000000000 R11: fffffbfff0f255b9 R12: 1ffff92000021fc4
[ 2.560181][ T16] R13: dffffc0000000000 R14: 1ffff92000021fc1 R15: ffffc9000010fe08
[ 2.560181][ T16] FS: 0000000000000000(0000) GS:ffffffff878dc000(0000) knlGS:0000000000000000
[ 2.560181][ T16] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.560181][ T16] CR2: ffff88843ffff000 CR3: 000000000789c000 CR4: 00000000000406f0
[ 2.560181][ T16] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2.560181][ T16] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2.560181][ T16] Call Trace:
[ 2.560181][ T16] <TASK>
[ 2.560181][ T16] ? __die_body (arch/x86/kernel/dumpstack.c:421)
[ 2.560181][ T16] ? die_addr (arch/x86/kernel/dumpstack.c:?)
[ 2.560181][ T16] ? exc_general_protection (arch/x86/kernel/traps.c:?)
[ 2.560181][ T16] ? end_report (arch/x86/include/asm/current.h:49 mm/kasan/report.c:240)
[ 2.560181][ T16] ? asm_exc_general_protection (arch/x86/include/asm/idtentry.h:617)
[ 2.560181][ T16] ? add_taint (arch/x86/include/asm/bitops.h:60 include/asm-generic/bitops/instrumented-atomic.h:29 kernel/panic.c:555)
[ 2.560181][ T16] ? terminate_walk (arch/x86/include/asm/atomic.h:103 include/linux/atomic/atomic-arch-fallback.h:949 include/linux/atomic/atomic-instrumented.h:401 include/linux/refcount.h:264 include/linux/refcount.h:307 include/linux/refcount.h:325 fs/namei.c:702)
[ 2.560181][ T16] path_lookupat (fs/namei.c:2515)
[ 2.560181][ T16] filename_lookup (fs/namei.c:2526)
[ 2.560181][ T16] kern_path (fs/namei.c:2634)
[ 2.560181][ T16] init_mount (fs/init.c:22)
[ 2.560181][ T16] devtmpfs_setup (drivers/base/devtmpfs.c:419)
[ 2.560181][ T16] devtmpfsd (drivers/base/devtmpfs.c:436)
[ 2.560181][ T16] kthread (kernel/kthread.c:390)
[ 2.560181][ T16] ? vclkdev_alloc (drivers/base/devtmpfs.c:435)
[ 2.560181][ T16] ? kthread_unuse_mm (kernel/kthread.c:341)
[ 2.560181][ T16] ret_from_fork (arch/x86/kernel/process.c:153)
[ 2.560181][ T16] ? kthread_unuse_mm (kernel/kthread.c:341)
[ 2.560181][ T16] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
[ 2.560181][ T16] </TASK>
[ 2.560181][ T16] Modules linked in:
[ 2.560183][ T16] ---[ end trace 0000000000000000 ]---
[ 2.560820][ T16] RIP: 0010:terminate_walk (arch/x86/include/asm/atomic.h:103 include/linux/atomic/atomic-arch-fallback.h:949 include/linux/atomic/atomic-instrumented.h:401 include/linux/refcount.h:264 include/linux/refcount.h:307 include/linux/refcount.h:325 fs/namei.c:702)
[ 2.561462][ T16] Code: 03 43 80 3c 2e 00 74 08 4c 89 ff e8 01 61 f4 ff 49 8b 1f 48 85 db 74 41 48 89 df be 04 00 00 00 e8 dc 61 f4 ff b8 ff ff ff ff <0f> c1 03 83 f8 01 75 25 43 80 3c 2e 00 74 08 4c 89 ff e8 d0 60 f4
All code
========
0: 03 43 80 add -0x80(%rbx),%eax
3: 3c 2e cmp $0x2e,%al
5: 00 74 08 4c add %dh,0x4c(%rax,%rcx,1)
9: 89 ff mov %edi,%edi
b: e8 01 61 f4 ff call 0xfffffffffff46111
10: 49 8b 1f mov (%r15),%rbx
13: 48 85 db test %rbx,%rbx
16: 74 41 je 0x59
18: 48 89 df mov %rbx,%rdi
1b: be 04 00 00 00 mov $0x4,%esi
20: e8 dc 61 f4 ff call 0xfffffffffff46201
25: b8 ff ff ff ff mov $0xffffffff,%eax
2a:* 0f c1 03 xadd %eax,(%rbx) <-- trapping instruction
2d: 83 f8 01 cmp $0x1,%eax
30: 75 25 jne 0x57
32: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1)
37: 74 08 je 0x41
39: 4c 89 ff mov %r15,%rdi
3c: e8 .byte 0xe8
3d: d0 60 f4 shlb -0xc(%rax)
Code starting with the faulting instruction
===========================================
0: 0f c1 03 xadd %eax,(%rbx)
3: 83 f8 01 cmp $0x1,%eax
6: 75 25 jne 0x2d
8: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1)
d: 74 08 je 0x17
f: 4c 89 ff mov %r15,%rdi
12: e8 .byte 0xe8
13: d0 60 f4 shlb -0xc(%rax)
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240425/202404252107.3c18eed2-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2024-04-25 13:50 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-24 10:52 [PATCH v4 0/2] implement OA2_INHERIT_CRED flag for openat2() Stas Sergeev
2024-04-24 10:52 ` [PATCH 1/2] fs: reorganize path_openat() Stas Sergeev
2024-04-25 8:13 ` kernel test robot
2024-04-24 10:52 ` [PATCH 2/2] openat2: add OA2_INHERIT_CRED flag Stas Sergeev
2024-04-25 2:31 ` Al Viro
2024-04-25 7:24 ` stsp
2024-04-25 9:23 ` stsp
2024-04-25 13:50 ` kernel test robot [this message]
2024-04-25 14:02 ` Christian Brauner
2024-04-26 13:36 ` stsp
2024-04-24 16:09 ` [PATCH v4 0/2] implement OA2_INHERIT_CRED flag for openat2() Christian Brauner
2024-04-24 17:50 ` stsp
2024-04-25 9:54 ` Christian Brauner
2024-04-25 10:12 ` stsp
2024-04-25 12:08 ` Christian Brauner
2024-04-25 12:39 ` stsp
-- strict thread matches above, loose matches on Subject: below --
2024-04-23 22:46 [PATCH v3 " Stas Sergeev
2024-04-23 22:46 ` [PATCH 2/2] openat2: add OA2_INHERIT_CRED flag Stas Sergeev
2024-04-23 11:01 [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2() Stas Sergeev
2024-04-23 11:01 ` [PATCH 2/2] openat2: add OA2_INHERIT_CRED flag Stas Sergeev
2024-04-23 10:48 [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2() Stas Sergeev
2024-04-23 10:48 ` [PATCH 2/2] openat2: add OA2_INHERIT_CRED flag Stas Sergeev
2024-04-23 10:40 [PATCH v2 0/2] implement OA2_INHERIT_CRED flag for openat2() Stas Sergeev
2024-04-23 10:40 ` [PATCH 2/2] openat2: add OA2_INHERIT_CRED flag Stas Sergeev
2024-04-22 8:45 [PATCH 1/2] fs: reorganize path_openat() Stas Sergeev
2024-04-22 8:45 ` [PATCH 2/2] openat2: add OA2_INHERIT_CRED flag Stas Sergeev
2024-04-22 19:53 ` Stefan Metzmacher
2024-04-22 20:18 ` stsp
2024-04-23 22:59 ` stsp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202404252107.3c18eed2-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=David.Laight@aculab.com \
--cc=alex.aring@gmail.com \
--cc=brauner@kernel.org \
--cc=cgzones@googlemail.com \
--cc=chuck.lever@oracle.com \
--cc=ebiederm@xmission.com \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=luto@kernel.org \
--cc=metze@samba.org \
--cc=oe-lkp@lists.linux.dev \
--cc=pbonzini@redhat.com \
--cc=stsp2@yandex.ru \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.