Greeting,
FYI, we noticed WARNING:at_lib/iov_iter.c:#_copy_from_iter due to commit (built with gcc-11):
commit: a41dad905e5a388f88435a517de102e9b2c8e43d ("iov_iter: saner checks for attempt to copy to/from iterator")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
[test failed on linux-next/master ea4dabbb4ad7eb52632a2ca0b8f89f0ea7c55dcf]
in testcase: trinity
version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06
with following parameters:
runtime: 300s
group: group-04
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <[email protected]>
| Link: https://lore.kernel.org/oe-lkp/[email protected]
[ 242.221465][ T3972] ------------[ cut here ]------------
[ 242.222124][ T3972] WARNING: CPU: 0 PID: 3972 at lib/iov_iter.c:629 _copy_from_iter (lib/iov_iter.c:629 (discriminator 1))
[ 242.222964][ T3972] Modules linked in:
[ 242.223371][ T3972] CPU: 0 PID: 3972 Comm: trinity-c1 Not tainted 6.1.0-rc6-00011-ga41dad905e5a #1 8339b44c8ec3d4f18a4319a90a0bcea7aff1ead6
[ 242.224466][ T3972] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014
[ 242.225385][ T3972] RIP: 0010:_copy_from_iter (lib/iov_iter.c:629 (discriminator 1))
[ 242.225915][ T3972] Code: 5f 31 d2 31 c9 31 f6 31 ff c3 e8 d6 2d b0 fe be 79 02 00 00 48 c7 c7 80 55 96 86 e8 35 d0 e1 fe e9 5b fe ff ff e8 bb 2d b0 fe <0f> 0b 45 31 f6 eb 9a e8 af 2d b0 fe 31 ff 89 ee e8 a6 29 b0 fe 40
All code
========
0: 5f pop %rdi
1: 31 d2 xor %edx,%edx
3: 31 c9 xor %ecx,%ecx
5: 31 f6 xor %esi,%esi
7: 31 ff xor %edi,%edi
9: c3 retq
a: e8 d6 2d b0 fe callq 0xfffffffffeb02de5
f: be 79 02 00 00 mov $0x279,%esi
14: 48 c7 c7 80 55 96 86 mov $0xffffffff86965580,%rdi
1b: e8 35 d0 e1 fe callq 0xfffffffffee1d055
20: e9 5b fe ff ff jmpq 0xfffffffffffffe80
25: e8 bb 2d b0 fe callq 0xfffffffffeb02de5
2a:* 0f 0b ud2 <-- trapping instruction
2c: 45 31 f6 xor %r14d,%r14d
2f: eb 9a jmp 0xffffffffffffffcb
31: e8 af 2d b0 fe callq 0xfffffffffeb02de5
36: 31 ff xor %edi,%edi
38: 89 ee mov %ebp,%esi
3a: e8 a6 29 b0 fe callq 0xfffffffffeb029e5
3f: 40 rex
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 45 31 f6 xor %r14d,%r14d
5: eb 9a jmp 0xffffffffffffffa1
7: e8 af 2d b0 fe callq 0xfffffffffeb02dbb
c: 31 ff xor %edi,%edi
e: 89 ee mov %ebp,%esi
10: e8 a6 29 b0 fe callq 0xfffffffffeb029bb
15: 40 rex
[ 242.227582][ T3972] RSP: 0018:ffffc90006ad77f8 EFLAGS: 00010246
[ 242.228150][ T3972] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 242.228892][ T3972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 242.229631][ T3972] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 242.230364][ T3972] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90006ad7c90
[ 242.231109][ T3972] R13: ffff888167d8d8d0 R14: 0000000000000000 R15: ffff88810ae52c10
[ 242.231843][ T3972] FS: 0000000000000000(0000) GS:ffffffff87d1b000(0063) knlGS:0000000008acb840
[ 242.232662][ T3972] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 242.233259][ T3972] CR2: 0000000000000004 CR3: 00000001762d0000 CR4: 00000000000406f0
[ 242.233996][ T3972] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 242.234738][ T3972] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 242.235475][ T3972] Call Trace:
[ 242.235830][ T3972] <TASK>
[ 242.236165][ T3972] ? write_comp_data (kernel/kcov.c:236)
[ 242.236643][ T3972] ? memset (mm/kasan/shadow.c:44)
[ 242.237057][ T3972] ? __build_skb_around (include/linux/skbuff.h:5033 (discriminator 4) net/core/skbuff.c:296 (discriminator 4))
[ 242.237563][ T3972] ? _copy_mc_to_iter (lib/iov_iter.c:628)
[ 242.238062][ T3972] ? __alloc_skb (net/core/skbuff.c:479)
[ 242.238521][ T3972] ? kmalloc_reserve (net/core/skbuff.c:479)
[ 242.238998][ T3972] ? __lock_release (kernel/locking/lockdep.c:5344)
[ 242.239470][ T3972] ? tipc_node_find (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/linux/refcount.h:147 include/linux/refcount.h:152 include/linux/refcount.h:227 include/linux/refcount.h:245 include/linux/kref.h:111 net/tipc/node.c:342)
[ 242.239947][ T3972] ? write_comp_data (kernel/kcov.c:236)
[ 242.240418][ T3972] ? write_comp_data (kernel/kcov.c:236)
[ 242.240892][ T3972] ? __check_object_size (mm/usercopy.c:218)
[ 242.241399][ T3972] tipc_msg_build (include/linux/uio.h:192 net/tipc/msg.c:404)
[ 242.241871][ T3972] ? tipc_msg_assemble (net/tipc/msg.c:370)
[ 242.242361][ T3972] ? tipc_node_find_by_name+0x420/0x420
[ 242.242975][ T3972] ? tipc_node_get_mtu (net/tipc/node.c:230)
[ 242.243479][ T3972] __tipc_sendmsg (net/tipc/socket.c:1506)
[ 242.243964][ T3972] ? tipc_sendmcast (net/tipc/socket.c:1410)
[ 242.244442][ T3972] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5670)
[ 242.244904][ T3972] ? lock_sock_nested (include/net/sock.h:1820 net/core/sock.c:3451)
[ 242.245388][ T3972] ? find_held_lock (kernel/locking/lockdep.c:5158)
[ 242.245866][ T3972] ? autoremove_wake_function (kernel/sched/wait.c:478)
[ 242.246419][ T3972] ? mark_lock (arch/x86/include/asm/bitops.h:228 (discriminator 3) arch/x86/include/asm/bitops.h:240 (discriminator 3) include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 3) kernel/locking/lockdep.c:227 (discriminator 3) kernel/locking/lockdep.c:4612 (discriminator 3))
[ 242.246864][ T3972] ? mark_held_locks (kernel/locking/lockdep.c:4236)
[ 242.247337][ T3972] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4262 kernel/locking/lockdep.c:4321)
[ 242.247900][ T3972] ? write_comp_data (kernel/kcov.c:236)
[ 242.248378][ T3972] tipc_connect (net/tipc/socket.c:2625)
[ 242.248828][ T3972] ? tipc_sendmsg (net/tipc/socket.c:2572)
[ 242.249278][ T3972] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4262 kernel/locking/lockdep.c:4321)
[ 242.249844][ T3972] ? write_comp_data (kernel/kcov.c:236)
[ 242.250317][ T3972] ? security_socket_connect (security/security.c:2216 (discriminator 14))
[ 242.250843][ T3972] ? tipc_sendmsg (net/tipc/socket.c:2572)
[ 242.251297][ T3972] __sys_connect_file (net/socket.c:1976)
[ 242.251794][ T3972] __sys_connect (net/socket.c:1993)
[ 242.252258][ T3972] ? __sys_connect_file (net/socket.c:1983)
[ 242.252771][ T3972] ? find_held_lock (kernel/locking/lockdep.c:5158)
[ 242.253245][ T3972] ? __lock_release (kernel/locking/lockdep.c:5344)
[ 242.253714][ T3972] ? __task_pid_nr_ns (include/linux/rcupdate.h:99 include/linux/rcupdate.h:770 kernel/pid.c:501)
[ 242.254209][ T3972] __ia32_sys_connect (net/socket.c:2000)
[ 242.254687][ T3972] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178)
[ 242.255182][ T3972] ? __task_pid_nr_ns (include/linux/rcupdate.h:99 include/linux/rcupdate.h:770 kernel/pid.c:501)
[ 242.255676][ T3972] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4262 kernel/locking/lockdep.c:4321)
[ 242.256244][ T3972] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 242.256748][ T3972] ? __do_fast_syscall_32 (arch/x86/entry/common.c:183)
[ 242.257253][ T3972] do_fast_syscall_32 (arch/x86/entry/common.c:203)
[ 242.257734][ T3972] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:122)
[ 242.258318][ T3972] RIP: 0023:0xf7fb5549
[ 242.258730][ T3972] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
0: 03 74 c0 01 add 0x1(%rax,%rax,8),%esi
4: 10 05 03 74 b8 01 adc %al,0x1b87403(%rip) # 0x1b8740d
a: 10 06 adc %al,(%rsi)
c: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
10: 10 07 adc %al,(%rdi)
12: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
16: 10 08 adc %cl,(%rax)
18: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
1c: 00 00 add %al,(%rax)
1e: 00 00 add %al,(%rax)
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 retq
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 retq
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
f: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
To reproduce:
# build kernel
cd linux
cp config-6.1.0-rc6-00011-ga41dad905e5a .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests