[linux-next:fs-next] [fs] 0eccf222d7: Oops:general_protection_fault, probably_for_non-canonical_address#:#[##]PREEMPT_SMP_KASAN_PTI

kernel test robot oliver.sang at intel.com
Wed Oct 30 06:45:30 UTC 2024



Hello,

for this commit but in linux-next/fs-next branch, we notice crash issue in
vm/booting tests

kernel test robot noticed "Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]PREEMPT_SMP_KASAN_PTI" on:

commit: 0eccf222d798166ce42a4ed0da91a0cb14945c7a ("fs: port files to file_ref")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git fs-next

in testcase: boot

config: x86_64-rhel-8.3-kselftests
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+----------------------------------------------------------------------------------------------+------------+------------+
|                                                                                              | 08ef26ea9a | 0eccf222d7 |
+----------------------------------------------------------------------------------------------+------------+------------+
| boot_successes                                                                               | 18         | 0          |
| boot_failures                                                                                | 0          | 18         |
| Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]PREEMPT_SMP_KASAN_PTI | 0          | 18         |
| KASAN:null-ptr-deref_in_range[#-#]                                                           | 0          | 18         |
| RIP:hook_file_free_security                                                                  | 0          | 18         |
| Kernel_panic-not_syncing:Fatal_exception                                                     | 0          | 18         |
+----------------------------------------------------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang at intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202410301313.50e4d05c-oliver.sang@intel.com


[    3.605271][    T1] pci_bus 0000:00: resource 8 [mem 0x440000000-0x4bfffffff window]
[    3.608369][    T1] pci 0000:00:01.0: PIIX3: Enabling Passive Release
[    3.609815][    T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[    3.611533][    T1] PCI: CLS 0 bytes, default 64
[    3.615146][   T30] Trying to unpack rootfs image as initramfs...
[    3.622946][    T9] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
[    3.623645][    T9] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[    3.623645][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.12.0-rc2-00003-g0eccf222d798 #1
[    3.623645][    T9] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[    3.623645][    T9] Workqueue: events delayed_fput
[ 3.623645][ T9] RIP: 0010:hook_file_free_security (kbuild/src/consumer/security/landlock/fs.c:1662) 
[ 3.623645][ T9] Code: b6 14 11 38 d0 7c 04 84 d2 75 2f 48 63 05 21 1f ae 02 48 01 c3 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 1f 48 8b 7b 08 5b e9 25 d1 ff ff 48 c7 c7 e4 0c a1
All code
========
   0:	b6 14                	mov    $0x14,%dh
   2:	11 38                	adc    %edi,(%rax)
   4:	d0 7c 04 84          	sarb   -0x7c(%rsp,%rax,1)
   8:	d2 75 2f             	shlb   %cl,0x2f(%rbp)
   b:	48 63 05 21 1f ae 02 	movslq 0x2ae1f21(%rip),%rax        # 0x2ae1f33
  12:	48 01 c3             	add    %rax,%rbx
  15:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1c:	fc ff df 
  1f:	48 8d 7b 08          	lea    0x8(%rbx),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
  2a:*	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)		<-- trapping instruction
  2e:	75 1f                	jne    0x4f
  30:	48 8b 7b 08          	mov    0x8(%rbx),%rdi
  34:	5b                   	pop    %rbx
  35:	e9 25 d1 ff ff       	jmpq   0xffffffffffffd15f
  3a:	48                   	rex.W
  3b:	c7                   	.byte 0xc7
  3c:	c7                   	(bad)  
  3d:	e4 0c                	in     $0xc,%al
  3f:	a1                   	.byte 0xa1

Code starting with the faulting instruction
===========================================
   0:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   4:	75 1f                	jne    0x25
   6:	48 8b 7b 08          	mov    0x8(%rbx),%rdi
   a:	5b                   	pop    %rbx
   b:	e9 25 d1 ff ff       	jmpq   0xffffffffffffd135
  10:	48                   	rex.W
  11:	c7                   	.byte 0xc7
  12:	c7                   	(bad)  
  13:	e4 0c                	in     $0xc,%al
  15:	a1                   	.byte 0xa1
[    3.623645][    T9] RSP: 0000:ffffc9000009fc38 EFLAGS: 00010202
[    3.623645][    T9] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff414219c
[    3.623645][    T9] RDX: 0000000000000001 RSI: ffffffffa11601e0 RDI: 0000000000000008
[    3.623645][    T9] RBP: ffff888100438bf8 R08: ffffffff9d900c82 R09: fffffbfff4398cdc
[    3.623645][    T9] R10: ffffffffa1cc66e7 R11: ffffffffa30a4960 R12: 0000000000000000
[    3.623645][    T9] R13: ffff88810627a240 R14: ffff88810627a228 R15: ffff88810627a1c0
[    3.623645][    T9] FS:  0000000000000000(0000) GS:ffff8883aee00000(0000) knlGS:0000000000000000
[    3.623645][    T9] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    3.623645][    T9] CR2: ffff88843ffff000 CR3: 000000021e27e000 CR4: 00000000000406f0
[    3.623645][    T9] Call Trace:
[    3.623645][    T9]  <TASK>
[ 3.623645][ T9] ? die_addr (kbuild/src/consumer/arch/x86/kernel/dumpstack.c:421 kbuild/src/consumer/arch/x86/kernel/dumpstack.c:460) 
[ 3.623645][ T9] ? exc_general_protection (kbuild/src/consumer/arch/x86/kernel/traps.c:751 kbuild/src/consumer/arch/x86/kernel/traps.c:693) 
[ 3.623645][ T9] ? asm_exc_general_protection (kbuild/src/consumer/arch/x86/include/asm/idtentry.h:617) 
[ 3.623645][ T9] ? mntput_no_expire (kbuild/src/consumer/include/linux/rcupdate.h:347 kbuild/src/consumer/include/linux/rcupdate.h:880 kbuild/src/consumer/fs/namespace.c:1411) 


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241030/202410301313.50e4d05c-oliver.sang@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki



More information about the dri-devel mailing list