From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3316FC61DA4 for ; Thu, 9 Feb 2023 09:58:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 568546B0071; Thu, 9 Feb 2023 04:58:27 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 515426B0072; Thu, 9 Feb 2023 04:58:27 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3DFFC6B0074; Thu, 9 Feb 2023 04:58:27 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 2ECD76B0071 for ; Thu, 9 Feb 2023 04:58:27 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id D0A35AAAE3 for ; Thu, 9 Feb 2023 09:58:26 +0000 (UTC) X-FDA: 80447303412.08.9706B08 Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by imf16.hostedemail.com (Postfix) with ESMTP id E7BED180012 for ; Thu, 9 Feb 2023 09:58:23 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=IYJnSdEl; spf=pass (imf16.hostedemail.com: domain of edumazet@google.com designates 209.85.128.51 as permitted sender) smtp.mailfrom=edumazet@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1675936704; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1JLivp4ypXMDs8jTE5UbLS0uuJmQRxMGUE/7Djq2AI4=; b=mKKwWGW9Zz50d15up3fG3Ttwmm8oLFEtE+T+IZhkaI1cP3R5T2hL6FIUl4UBz4Jlws374Z 8qOWwTnhUd46zRFXo5WkpL0xAeuAT1PHi2D9oZwbY4EHLNiqxOyXkoXr2oS+/sF2jervsv Cs1DwnF7iyQgpiwYCNkTyBMUae1PTKc= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=IYJnSdEl; spf=pass (imf16.hostedemail.com: domain of edumazet@google.com designates 209.85.128.51 as permitted sender) smtp.mailfrom=edumazet@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675936704; a=rsa-sha256; cv=none; b=4t7TVPS6GrzzHC6Ufm0R6FRaT5RXrckfU4sSZTiyfhqofFCy68JFN7dQntXDFHyiNxgEZ/ lUGcEzTY/uE7olwwmYbBeg5SJpVzuZB3QTYMP6F6BTjMUTtKrDGYI9KFHEwk15LZBrSZ3J IQxHelY8s1be7/CjwZg4mOFrSzj7o9k= Received: by mail-wm1-f51.google.com with SMTP id j29-20020a05600c1c1d00b003dc52fed235so1087388wms.1 for ; Thu, 09 Feb 2023 01:58:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1JLivp4ypXMDs8jTE5UbLS0uuJmQRxMGUE/7Djq2AI4=; b=IYJnSdEl2jlrIoyIEeyVAVmqHC9vGspSHe+C7oIaajCW8kjQrPjGEtbNRd24nK66I3 xhjpLClkaCS4x/tGcnd4JZwFQqWNQvrmUQTcusPzKQxKosg4uBlbcCqenHkeRWSoCnyF 01UNH/iqA58NqBLQ50kSvUvRIJ7Jv9XNuLd2tWdtXXHm0lXDLRTUSU9rTwEu9hnqsRxB zZqHhNFc6376TkdFSODZsuzFbNuO6U0QDj3MJvTORvcK+wiyTwbQWMe/IvPvj0EOFpwo +M1h2vuzeRI1+zOfOTe0717R/z4wdrr0mHoiEYoDCkPgNIa/T1ERvmqqSj2HQoJ83QJd Hi6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=1JLivp4ypXMDs8jTE5UbLS0uuJmQRxMGUE/7Djq2AI4=; b=iuerG8p5CXWnZJpy4+jFIP4g5LAk8zgiuxeyPuQuzW81Qd3fMQcVQacmtw25TZfDME PE98s1jLpm+LP2yhVmsPE1QqSE30J1kCnwN5y0lIdI7dcEjyF9188MfynsK2kCTzgXzb E2aOjBJeYEoSHzc/zPplK/lxWm8gC5aMmf0oLaDhtuIGD1kChi2OackG76gjvh+Y/rWG V8FtccuGqH6Tf7qUDITHqaKd+hVWm+qyKqoHZn06ygZF9/CPaAGfGwtL4qN+CVb+6WIZ wD+y/UzSHfgjhOSahbq9LJ9Y/xOxsDY1wZEnxY4tNYQ9J7Vb0WeySTk4/zMC1lIL5WHo g0ZQ== X-Gm-Message-State: AO0yUKXXuXzK7Kgof10xhFJrq4LzCmE8utpNqccoosQgNFWAaGVlZYSg M0EO+5AkIDvP0EFPQ6sR+OBWHMjg20LS+pFevz47nw== X-Google-Smtp-Source: AK7set/3Tbq2Y49XMuFoMGaomx4H2xnhAPKdOKGCg/gSB4pXQFbOTNHRLMO7JBZutEXTesWAUQN4/AUAhBmfp/wi2MM= X-Received: by 2002:a7b:cb8b:0:b0:3df:dc12:9684 with SMTP id m11-20020a7bcb8b000000b003dfdc129684mr403282wmi.22.1675936702329; Thu, 09 Feb 2023 01:58:22 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Eric Dumazet Date: Thu, 9 Feb 2023 10:58:10 +0100 Message-ID: Subject: Re: next: arm64: boot: kernel BUG at mm/usercopy.c:102 - pc : usercopy_abort To: Naresh Kamboju Cc: open list , Linux-Next Mailing List , linux-mm , Netdev , lkft-triage@lists.linaro.org, Thomas Gleixner , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Vlastimil Babka , Dave Chinner , Christoph Hellwig , Christian Brauner , Jakub Kicinski , Andrew Morton , Arnd Bergmann , Anders Roxell Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: E7BED180012 X-Stat-Signature: o38bf1tag1i6b515sj1kxmewf55dq1wa X-HE-Tag: 1675936703-497866 X-HE-Meta: U2FsdGVkX1/omeRCTM8uXdej09uREaMxeT3EocHlkAx56A4Y+HoAL15wZuvBxVt3YNpj/PRt2anjC+fUcB0BxcU2jPNQe66alm0pHC4S03lJW5diYHvtYuKBP6cWwQCYuAvwWBRjdWel2469DJgGakQWpIUS7Ac/YY2QqI/1LLRi78jF9LoFTARFy/Z6vDUY9hwzE7JCt9QUriCOqy2DNOHjCrhq9a1i7pcdtD3t9MX5YiMnms17YqFSs/3S+ZrTZSQX9UKDyTK57PyQDAc1mSZUvZ9mq2h1dTBsjVscdVawxVthoNt9SNN+GW45cLwK38egL9nj/W815pn3tFSEsYHbyNEv6UEJo6Qqwa5Q02Is8fEpRytRZCOhs/hwbLw7KjDkN9gGt0lX7qEfXlaOhRXhjvUUY+kXV8dVNIm508cpLNWSR7HIG253CC3qJvQf2GOfzMdTBFjHKhSgMHppJC9kFyTw5oeBXbisdwUg0LP5vYZZ2gYdUhOQE/nR70W5f4YJdr6mGiV2sG+KzBErlHb2Y9B8wectY7edQIGHzUJKKuRnxBxIKI8z6FgM0GfZwly0TPrxNb6zLRvXOkRLN/yYRHXd72pwk4eKclrwci1uqWXiJk+lU4R3agtl5sxrPPbvkNGNFY2zDpp1PWnZhBvn9AUsKLa5PR6XG1D6Q2kiaAHZtXReZdUFrSmLLcGSYg80yKNHYD5Bm2wiK5Szlggv+wshTXk08LUWrTSddvkMQVPDe1nE/IAo+X9b9WWqhMVD5J8hA37EydcxhaVHr+TWlWl7sjpRPq0KUnSuCmwMDwouj+FDSHqtoSKkpteQsdVRqjjDNlU4RCe/d+A6WwauuMAP/KGJI0CWVZ4JUe6Oa9bTlj7BqTC3UwbNSJ5e6MtH1eC+eKg77YegaV2MPkbrOUsiaJ5TtmYxfhoG3jZvXu0o6z0Qy1ww7/jxRcrur52R9EbZASyJMm9eQMj Ko378II8 lr2n00ttH6QF9ogRZ1eMCcUSr75ggyK/8pBlQluwkUGAMuBSDqJiYSM+3Lv5k1k6W74FCWP6A9K3EXuWKpmIH+FlkbWVclUcNhSW8ZSGN3dNbg8O8DXTKZjmQ3hru09RhBX2/lyL7FxjjlRy8xvYd6Vpqxkl+FVaCh1GuPFj/OQTP6VNYzzIh+Jxw8YztI5uCpVtgbotdGfkUfDfE0BovpC45FjAKC2Zt0EKhyy/ofUy+K6PADJoQ/s+HSp+OoHrsvpVrArUVFHEZA+/G+23+Sif7zepqqXCrMEN7C0+02gQVBgIWa0B2sLwtY5L9jTNWRegRZRhSAd64+rN7KColK0Tly1YoCW5c+Cnx2XifaAdKNF61NPl1zB1pzYWVoiJnIE+Dce9cgJuXRouot91CyoyEwjrlAR+gG9M+zxZzwo9G9S+90jfEx9eHuO3FQixJ+uBQ3O0Pf1AJKHdn47TxkgVp3+7cEitCdKegR+uT67InlLTmFjzGEOYEKoCrQpTOqfyFS3fduHLWsG9KKNrBrw1hNbEIeFiOPsCNyD2gyWB/HP+vWB1kWQH3pRicN+YKsJPM0aWJl6yx7Js7ZMo2L5whXw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Feb 9, 2023 at 9:57 AM Naresh Kamboju wrote: > > Following kernel crash noticed while booting arm64 devices and qemu-arm64 with > kselftest merge configs enabled. > > Reported-by: Linux Kernel Functional Testing > > crash log: > ---------- > usercopy: Kernel memory exposure attempt detected from SLUB object > 'skbuff_small_head' (offset 130, size 12)! > .. > [ 24.673364] ------------[ cut here ]------------ > [ 24.673812] kernel BUG at mm/usercopy.c:102! > [ 24.674631] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP > [ 24.675389] Modules linked in: > [ 24.676231] CPU: 3 PID: 1 Comm: systemd Not tainted > 6.2.0-rc7-next-20230209 #1 > [ 24.676779] Hardware name: linux,dummy-virt (DT) > [ 24.677256] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) > [ 24.677695] pc : usercopy_abort (mm/usercopy.c:102 (discriminator 24)) > [ 24.678470] lr : usercopy_abort (mm/usercopy.c:102 (discriminator 24)) > [ 24.678717] sp : ffff80000803bab0 > [ 24.678949] x29: ffff80000803bac0 x28: ffff0000c0838040 x27: ffff80000803bc70 > [ 24.679618] x26: 0000000000000000 x25: ffff0000c0fe4040 x24: ffff0000c4752000 > [ 24.680050] x23: 0000000000000000 x22: 0000000000000020 x21: 0000000000000000 > [ 24.680484] x20: ffffc94cf339ac70 x19: ffffc94cf31861b8 x18: 0000000000000000 > [ 24.680929] x17: 63656a626f204255 x16: 4c53206f74206465 x15: 7463657465642074 > [ 24.681372] x14: 706d657474612065 x13: 2129323320657a69 x12: 0000000000000001 > [ 24.681810] x11: ffffc94cf372ba24 x10: 65685f6c6c616d73 x9 : ffffc94cf1184028 > [ 24.682299] x8 : ffff80000803b7b8 x7 : ffffc94cf4207170 x6 : 0000000000000001 > [ 24.682742] x5 : 0000000000000001 x4 : ffffc94cf4165000 x3 : 0000000000000000 > [ 24.683216] x2 : 0000000000000000 x1 : ffff0000c0838040 x0 : 000000000000006a > [ 24.683788] Call trace: > [ 24.684019] usercopy_abort (mm/usercopy.c:102 (discriminator 24)) > [ 24.684346] __check_heap_object (mm/slub.c:4739) > [ 24.684621] __check_object_size (mm/usercopy.c:196 > mm/usercopy.c:251 mm/usercopy.c:213) > [ 24.684883] netlink_sendmsg (include/linux/uio.h:177 > include/linux/uio.h:184 include/linux/skbuff.h:3977 > net/netlink/af_netlink.c:1927) > [ 24.685161] __sys_sendto (net/socket.c:722 net/socket.c:745 > net/socket.c:2142) > [ 24.685397] __arm64_sys_sendto (net/socket.c:2150) > [ 24.685644] invoke_syscall (arch/arm64/include/asm/current.h:19 > arch/arm64/kernel/syscall.c:57) > [ 24.685891] el0_svc_common.constprop.0 > (arch/arm64/include/asm/daifflags.h:28 > arch/arm64/kernel/syscall.c:150) > [ 24.686164] do_el0_svc (arch/arm64/kernel/syscall.c:194) > [ 24.686401] el0_svc (arch/arm64/include/asm/daifflags.h:28 > arch/arm64/kernel/entry-common.c:133 > arch/arm64/kernel/entry-common.c:142 > arch/arm64/kernel/entry-common.c:638) > [ 24.686602] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:656) > [ 24.686862] el0t_64_sync (arch/arm64/kernel/entry.S:591) > [ 24.687307] Code: aa1303e3 9000ea60 91300000 97f49682 (d4210000) > All code > ======== > 0:* e3 03 jrcxz 0x5 <-- trapping instruction > 2: 13 aa 60 ea 00 90 adc -0x6fff15a0(%rdx),%ebp > 8: 00 00 add %al,(%rax) > a: 30 91 82 96 f4 97 xor %dl,-0x680b697e(%rcx) > 10: 00 00 add %al,(%rax) > 12: 21 d4 and %edx,%esp > > Code starting with the faulting instruction > =========================================== > 0: 00 00 add %al,(%rax) > 2: 21 d4 and %edx,%esp > [ 24.688236] ---[ end trace 0000000000000000 ]--- > [ 24.688722] note: systemd[1] exited with irqs disabled > [ 24.689588] note: systemd[1] exited with preempt_count 1 > [ 24.690331] Kernel panic - not syncing: Attempted to kill init! > exitcode=0x0000000b > [ 24.690875] SMP: stopping secondary CPUs > [ 24.691749] Kernel Offset: 0x494ce9000000 from 0xffff800008000000 > [ 24.692103] PHYS_OFFSET: 0x40000000 > [ 24.692349] CPU features: 0x000000,0068c25f,3326773f > [ 24.692924] Memory Limit: none > [ 24.693422] ---[ end Kernel panic - not syncing: Attempted to kill > init! exitcode=0x0000000b ]--- > > > detailed boot logs: > https://lkft.validation.linaro.org/scheduler/job/6145112#L778 > https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20230209/testrun/14667540/suite/log-parser-test/tests/ > https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20230209/testrun/14667540/suite/log-parser-test/test/check-kernel-bug/log > > > metadata: > git_ref: master > git_repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next > git_sha: 20f513df926fac0594a3b65f79d856bd64251861 > git_describe: next-20230209 > kernel_version: 6.2.0-rc7 > kernel-config: > https://storage.tuxsuite.com/public/linaro/lkft/builds/2LUB6A6xC34mySgwQ3vPa6kHKJS/config > artifact-location: > https://storage.tuxsuite.com/public/linaro/lkft/builds/2LUB6A6xC34mySgwQ3vPa6kHKJS/ > toolchain: gcc-11 > build_name: gcc-11-lkftconfig-kselftest > > > -- > Linaro LKFT > https://lkft.linaro.org This should be fixed when this patch is accepted/merged. https://patchwork.kernel.org/project/netdevbpf/patch/20230208142508.3278406-1-edumazet@google.com/ Thanks.