[tip:WIP.x86/fpu] [x86/fpu] 4f4a9b3993: kernel_BUG_at_mm/usercopy.c

From: kernel test robot
Date: Tue Jun 11 2024 - 01:45:21 EST

Next message: Jiri Slaby: "Re: [PATCH 6.9 000/368] 6.9.4-rc2 review"
Previous message: Zhang, Rui: "Re: [PATCH 2/6] perf/x86/rapl: Rename rapl_pmu variables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

kernel test robot noticed "kernel_BUG_at_mm/usercopy.c" on:

commit: 4f4a9b399357c82910d99125892ee204e6332080 ("x86/fpu: Make task_struct::thread constant size")
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git WIP.x86/fpu

in testcase: boot

compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)

+--------------------------------------------+------------+------------+
| | 36c95eb4b2 | 4f4a9b3993 |
+--------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 0 | 5 |
| kernel_BUG_at_mm/usercopy.c | 0 | 5 |
| Oops:invalid_opcode:#[##]PREEMPT_KASAN_PTI | 0 | 5 |
| RIP:usercopy_abort | 0 | 5 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 5 |
+--------------------------------------------+------------+------------+

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202406111349.cf61e641-lkp@xxxxxxxxx

[ 25.894524][ T111] ------------[ cut here ]------------
[ 25.895008][ T111] kernel BUG at mm/usercopy.c:102!
[ 25.895471][ T111] Oops: invalid opcode: 0000 [#1] PREEMPT KASAN PTI
[ 25.896030][ T111] CPU: 0 PID: 111 Comm: nfs-utils_env.s Not tainted 6.10.0-rc2-00003-g4f4a9b399357 #1
[ 25.896825][ T111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 25.897672][ T111] RIP: 0010:usercopy_abort (mm/usercopy.c:102)
[ 25.898146][ T111] Code: 89 cb 49 c7 c6 60 b5 f1 83 4c 0f 44 f6 48 c7 c7 00 b4 f1 83 4c 89 de 4c 89 c9 4d 89 d1 50 53 41 56 e8 da a6 eb 01 48 83 c4 18 <0f> 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
All code
========
0: 89 cb mov %ecx,%ebx
2: 49 c7 c6 60 b5 f1 83 mov $0xffffffff83f1b560,%r14
9: 4c 0f 44 f6 cmove %rsi,%r14
d: 48 c7 c7 00 b4 f1 83 mov $0xffffffff83f1b400,%rdi
14: 4c 89 de mov %r11,%rsi
17: 4c 89 c9 mov %r9,%rcx
1a: 4d 89 d1 mov %r10,%r9
1d: 50 push %rax
1e: 53 push %rbx
1f: 41 56 push %r14
21: e8 da a6 eb 01 call 0x1eba700
26: 48 83 c4 18 add $0x18,%rsp
2a:* 0f 0b ud2 <-- trapping instruction
2c: 0f 1f 40 00 nopl 0x0(%rax)
30: 90 nop
31: 90 nop
32: 90 nop
33: 90 nop
34: 90 nop
35: 90 nop
36: 90 nop
37: 90 nop
38: 90 nop
39: 90 nop
3a: 90 nop
3b: 90 nop
3c: 90 nop
3d: 90 nop
3e: 90 nop
3f: 90 nop

Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 0f 1f 40 00 nopl 0x0(%rax)
6: 90 nop
7: 90 nop
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
[ 25.899665][ T111] RSP: 0000:ffffc90000e2fc08 EFLAGS: 00010282
[ 25.900185][ T111] RAX: 0000000000000068 RBX: 0000000000002480 RCX: ffffffff820b5d43
[ 25.900862][ T111] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000e2fa98
[ 25.901546][ T111] RBP: 0000000000000000 R08: ffffc90000e2fa9f R09: 1ffff920001c5f53
[ 25.902224][ T111] R10: dffffc0000000000 R11: fffff520001c5f54 R12: ffffea0005bee830
[ 25.902908][ T111] R13: ffffea0000000000 R14: ffffffff83f1b560 R15: ffffea0005bee800
[ 25.903585][ T111] FS: 0000000000000000(0003) GS:ffffffff84ada000(0063) knlGS:00000000f7f9b040
[ 25.904337][ T111] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 25.904885][ T111] CR2: 00000000567a10e0 CR3: 000000016fbdc000 CR4: 00000000000406b0
[ 25.905570][ T111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 25.906246][ T111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 25.906932][ T111] Call Trace:
[ 25.907254][ T111] <TASK>
[ 25.907553][ T111] ? __die_body (arch/x86/kernel/dumpstack.c:421)
[ 25.907953][ T111] ? die (arch/x86/kernel/dumpstack.c:? arch/x86/kernel/dumpstack.c:447)
[ 25.908311][ T111] ? do_trap (arch/x86/kernel/traps.c:129)
[ 25.908691][ T111] ? do_error_trap (arch/x86/include/asm/traps.h:? arch/x86/kernel/traps.c:174)
[ 25.909111][ T111] ? usercopy_abort (mm/usercopy.c:102)
[ 25.909531][ T111] ? do_error_trap (arch/x86/kernel/traps.c:175)
[ 25.909947][ T111] ? usercopy_abort (mm/usercopy.c:102)
[ 25.910364][ T111] ? handle_invalid_op (arch/x86/kernel/traps.c:212)
[ 25.910801][ T111] ? usercopy_abort (mm/usercopy.c:102)
[ 25.911221][ T111] ? exc_invalid_op (arch/x86/kernel/traps.c:267)
[ 25.914101][ T111] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 25.914547][ T111] ? llist_add_batch (lib/llist.c:33)
[ 25.914975][ T111] ? usercopy_abort (mm/usercopy.c:102)
[ 25.915392][ T111] __check_heap_object (mm/slub.c:5508)
[ 25.915826][ T111] __check_object_size (mm/usercopy.c:?)
[ 25.916278][ T111] copy_uabi_to_xstate (include/linux/uaccess.h:183)
[ 25.916728][ T111] ? fpu__restore_sig (include/linux/bottom_half.h:20 arch/x86/include/asm/fpu/api.h:72 arch/x86/kernel/fpu/signal.c:376 arch/x86/kernel/fpu/signal.c:493)
[ 25.917173][ T111] fpu__restore_sig (arch/x86/kernel/fpu/signal.c:396)
[ 25.917603][ T111] ? __might_fault (mm/memory.c:6233)
[ 25.918023][ T111] ia32_restore_sigcontext (arch/x86/kernel/signal_32.c:123)
[ 25.918496][ T111] __ia32_compat_sys_sigreturn (arch/x86/kernel/signal_32.c:?)
[ 25.918986][ T111] do_int80_emulation (arch/x86/entry/common.c:?)
[ 25.919423][ T111] ? exc_page_fault (arch/x86/mm/fault.c:1543)
[ 25.919847][ T111] asm_int80_emulation (arch/x86/include/asm/idtentry.h:626)
[ 25.920286][ T111] RIP: 0023:0xf7fa1092
[ 25.920664][ T111] Code: 00 00 00 e9 90 ff ff ff ff a3 24 00 00 00 68 30 00 00 00 e9 80 ff ff ff ff a3 f8 ff ff ff 66 90 00 00 00 00 00 00 00 00 cd 80 <c3> 8d b4 26 00 00 00 00 8d b6 00 00 00 00 8b 1c 24 c3 8d b4 26 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 e9 add %ch,%cl
4: 90 nop
5: ff (bad)
6: ff (bad)
7: ff (bad)
8: ff a3 24 00 00 00 jmp *0x24(%rbx)
e: 68 30 00 00 00 push $0x30
13: e9 80 ff ff ff jmp 0xffffffffffffff98
18: ff a3 f8 ff ff ff jmp *-0x8(%rbx)
1e: 66 90 xchg %ax,%ax
...
28: cd 80 int $0x80
2a:* c3 ret <-- trapping instruction
2b: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
32: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
38: 8b 1c 24 mov (%rsp),%ebx
3b: c3 ret
3c: 8d .byte 0x8d
3d: b4 26 mov $0x26,%ah
...

Code starting with the faulting instruction
===========================================
0: c3 ret
1: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
8: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
e: 8b 1c 24 mov (%rsp),%ebx
11: c3 ret
12: 8d .byte 0x8d
13: b4 26 mov $0x26,%ah

The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240611/202406111349.cf61e641-lkp@xxxxxxxxx

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Next message: Jiri Slaby: "Re: [PATCH 6.9 000/368] 6.9.4-rc2 review"
Previous message: Zhang, Rui: "Re: [PATCH 2/6] perf/x86/rapl: Rename rapl_pmu variables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]