auditd_test_task() is a hot path of system call auditing. This patch
introduces a new bit field "is_auditd" in pid struct which can be used
for faster check of registered audit daemon.
Benchmark
=========
Run the following command:
dd if=/dev/zero of=/dev/null bs=1 count=5M
With rule:
-a never,exit -F arch=b64 -S uname
Result:
Base line : 2.572 sec
/w this patch: 2.412 sec (6.6% faster)
Signed-off-by: Eiichi Tsukata <[email protected]>
---
include/linux/pid.h | 4 ++++
kernel/audit.c | 22 ++--------------------
kernel/audit.h | 3 ++-
kernel/pid.c | 3 +++
4 files changed, 11 insertions(+), 21 deletions(-)
diff --git a/include/linux/pid.h b/include/linux/pid.h
index 343abf22092e..5fe38e254c9a 100644
--- a/include/linux/pid.h
+++ b/include/linux/pid.h
@@ -68,6 +68,10 @@ struct pid
wait_queue_head_t wait_pidfd;
struct rcu_head rcu;
struct upid numbers[1];
+#ifdef CONFIG_AUDIT
+ /* registered audit daemon tgid */
+ unsigned is_auditd:1;
+#endif
};
extern struct pid init_struct_pid;
diff --git a/kernel/audit.c b/kernel/audit.c
index 9bc0b0301198..964d1a20c32d 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -208,26 +208,6 @@ struct audit_reply {
struct sk_buff *skb;
};
-/**
- * auditd_test_task - Check to see if a given task is an audit daemon
- * @task: the task to check
- *
- * Description:
- * Return 1 if the task is a registered audit daemon, 0 otherwise.
- */
-int auditd_test_task(struct task_struct *task)
-{
- int rc;
- struct auditd_connection *ac;
-
- rcu_read_lock();
- ac = rcu_dereference(auditd_conn);
- rc = (ac && ac->pid == task_tgid(task) ? 1 : 0);
- rcu_read_unlock();
-
- return rc;
-}
-
/**
* audit_ctl_lock - Take the audit control lock
*/
@@ -478,6 +458,7 @@ static void auditd_conn_free(struct rcu_head *rcu)
struct auditd_connection *ac;
ac = container_of(rcu, struct auditd_connection, rcu);
+ ac->pid->is_auditd = 0;
put_pid(ac->pid);
put_net(ac->net);
kfree(ac);
@@ -505,6 +486,7 @@ static int auditd_set(struct pid *pid, u32 portid, struct net *net)
if (!ac_new)
return -ENOMEM;
ac_new->pid = get_pid(pid);
+ ac_new->pid->is_auditd = 1;
ac_new->portid = portid;
ac_new->net = get_net(net);
diff --git a/kernel/audit.h b/kernel/audit.h
index c57b008b9914..aecf334a699f 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -214,7 +214,8 @@ extern bool audit_ever_enabled;
extern void audit_log_session_info(struct audit_buffer *ab);
-extern int auditd_test_task(struct task_struct *task);
+/* Check to see if a given task is an audit daemon */
+#define auditd_test_task(tsk) task_tgid(tsk)->is_auditd
#define AUDIT_INODE_BUCKETS 32
extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS];
diff --git a/kernel/pid.c b/kernel/pid.c
index 3fbc5e46b721..c0efaeee99a0 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -183,6 +183,9 @@ struct pid *alloc_pid(struct pid_namespace *ns, pid_t *set_tid,
tmp = ns;
pid->level = ns->level;
+#ifdef CONFIG_AUDIT
+ pid->is_auditd = 0;
+#endif
for (i = ns->level; i >= 0; i--) {
int tid = 0;
--
2.39.2
On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata
<[email protected]> wrote:
>
> auditd_test_task() is a hot path of system call auditing. This patch
> introduces a new bit field "is_auditd" in pid struct which can be used
> for faster check of registered audit daemon.
>
> Benchmark
> =========
>
> Run the following command:
>
> dd if=/dev/zero of=/dev/null bs=1 count=5M
>
> With rule:
>
> -a never,exit -F arch=b64 -S uname
>
> Result:
>
> Base line : 2.572 sec
> /w this patch: 2.412 sec (6.6% faster)
>
> Signed-off-by: Eiichi Tsukata <[email protected]>
> ---
> include/linux/pid.h | 4 ++++
> kernel/audit.c | 22 ++--------------------
> kernel/audit.h | 3 ++-
> kernel/pid.c | 3 +++
> 4 files changed, 11 insertions(+), 21 deletions(-)
>
> diff --git a/include/linux/pid.h b/include/linux/pid.h
> index 343abf22092e..5fe38e254c9a 100644
> --- a/include/linux/pid.h
> +++ b/include/linux/pid.h
> @@ -68,6 +68,10 @@ struct pid
> wait_queue_head_t wait_pidfd;
> struct rcu_head rcu;
> struct upid numbers[1];
> +#ifdef CONFIG_AUDIT
> + /* registered audit daemon tgid */
> + unsigned is_auditd:1;
> +#endif
> };
Thank you for the patch, but I don't think we want to add an audit
specific field to the pid struct at this time.
--
paul-moore.com
> On Apr 14, 2023, at 23:44, Paul Moore <[email protected]> wrote:
>
> On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata
> <[email protected]> wrote:
>>
>> auditd_test_task() is a hot path of system call auditing. This patch
>> introduces a new bit field "is_auditd" in pid struct which can be used
>> for faster check of registered audit daemon.
>>
>> Benchmark
>> =========
>>
>> Run the following command:
>>
>> dd if=/dev/zero of=/dev/null bs=1 count=5M
>>
>> With rule:
>>
>> -a never,exit -F arch=b64 -S uname
>>
>> Result:
>>
>> Base line : 2.572 sec
>> /w this patch: 2.412 sec (6.6% faster)
>>
>> Signed-off-by: Eiichi Tsukata <[email protected]>
>> ---
>> include/linux/pid.h | 4 ++++
>> kernel/audit.c | 22 ++--------------------
>> kernel/audit.h | 3 ++-
>> kernel/pid.c | 3 +++
>> 4 files changed, 11 insertions(+), 21 deletions(-)
>>
>> diff --git a/include/linux/pid.h b/include/linux/pid.h
>> index 343abf22092e..5fe38e254c9a 100644
>> --- a/include/linux/pid.h
>> +++ b/include/linux/pid.h
>> @@ -68,6 +68,10 @@ struct pid
>> wait_queue_head_t wait_pidfd;
>> struct rcu_head rcu;
>> struct upid numbers[1];
>> +#ifdef CONFIG_AUDIT
>> + /* registered audit daemon tgid */
>> + unsigned is_auditd:1;
>> +#endif
>> };
>
> Thank you for the patch, but I don't think we want to add an audit
> specific field to the pid struct at this time.
>
Hi Paul
I agree “is_auditd” is too specific.
How about having global “auditd_pid” struct pid pointer and let auditd_test_task() use it?
I mean:
#define auditd_test_task(tsk) (READ_ONCE(auditd_pid) == task_tgid(tsk))
By the way, it’s a bit different topic, I may have found a race in usage of auditd_pid_vnr().
In AUDIT_SET handling, the variable auditd_pid is referenced outside of the spinlock so it can be changed while it’s referenced.
So there is a TOCTOU race like this:
CPU0 CPU1
===== =====
auditd = auditd_pid_vnr()
auditd = auditd_pid_vnr()
if (auditd_pid) {…}
if (auditd_pid) {…}
auditd_set()
auditd_set()
If auditd_pid_vnr() returns 0, this case can lead to replacement of a healthy auditd, which seems to be prohibited judging from the code comment "/* replacing a healthy auditd is not allowed */“.
Please correct me if I’m wrong.
Thanks
Eiichi
On Mon, Apr 17, 2023 at 7:42 AM Eiichi Tsukata
<[email protected]> wrote:
> > On Apr 14, 2023, at 23:44, Paul Moore <[email protected]> wrote:
> > On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata
> > <[email protected]> wrote:
> >>
> >> auditd_test_task() is a hot path of system call auditing. This patch
> >> introduces a new bit field "is_auditd" in pid struct which can be used
> >> for faster check of registered audit daemon.
> >>
> >> Benchmark
> >> =========
> >>
> >> Run the following command:
> >>
> >> dd if=/dev/zero of=/dev/null bs=1 count=5M
> >>
> >> With rule:
> >>
> >> -a never,exit -F arch=b64 -S uname
> >>
> >> Result:
> >>
> >> Base line : 2.572 sec
> >> /w this patch: 2.412 sec (6.6% faster)
> >>
> >> Signed-off-by: Eiichi Tsukata <[email protected]>
> >> ---
> >> include/linux/pid.h | 4 ++++
> >> kernel/audit.c | 22 ++--------------------
> >> kernel/audit.h | 3 ++-
> >> kernel/pid.c | 3 +++
> >> 4 files changed, 11 insertions(+), 21 deletions(-)
> >>
> >> diff --git a/include/linux/pid.h b/include/linux/pid.h
> >> index 343abf22092e..5fe38e254c9a 100644
> >> --- a/include/linux/pid.h
> >> +++ b/include/linux/pid.h
> >> @@ -68,6 +68,10 @@ struct pid
> >> wait_queue_head_t wait_pidfd;
> >> struct rcu_head rcu;
> >> struct upid numbers[1];
> >> +#ifdef CONFIG_AUDIT
> >> + /* registered audit daemon tgid */
> >> + unsigned is_auditd:1;
> >> +#endif
> >> };
> >
> > Thank you for the patch, but I don't think we want to add an audit
> > specific field to the pid struct at this time.
> >
>
> Hi Paul
>
> I agree “is_auditd” is too specific.
>
> How about having global “auditd_pid” struct pid pointer and let auditd_test_task() use it?
> I mean:
> #define auditd_test_task(tsk) (READ_ONCE(auditd_pid) == task_tgid(tsk))
At this point in time I prefer to keep the auditd pid in the
auditd_connection struct.
> By the way, it’s a bit different topic, I may have found a race in usage of auditd_pid_vnr().
> In AUDIT_SET handling, the variable auditd_pid is referenced outside of the spinlock so it can be changed while it’s referenced.
> So there is a TOCTOU race like this:
>
> CPU0 CPU1
> ===== =====
> auditd = auditd_pid_vnr()
> auditd = auditd_pid_vnr()
> if (auditd_pid) {…}
> if (auditd_pid) {…}
> auditd_set()
> auditd_set()
>
>
>
> If auditd_pid_vnr() returns 0, this case can lead to replacement of a healthy auditd, which seems to be prohibited judging from the code comment "/* replacing a healthy auditd is not allowed */“.
>
> Please correct me if I’m wrong.
Simultaneous AUDIT_SET operations are prevented by the
audit_cmd_mutex/audit_ctl_lock(), see audit_receive().
--
paul-moore.com
> On Apr 18, 2023, at 5:27, Paul Moore <[email protected]> wrote:
>
> On Mon, Apr 17, 2023 at 7:42 AM Eiichi Tsukata
> <[email protected]> wrote:
>>> On Apr 14, 2023, at 23:44, Paul Moore <[email protected]> wrote:
>>> On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata
>>> <[email protected]> wrote:
>>>>
>>>> auditd_test_task() is a hot path of system call auditing. This patch
>>>> introduces a new bit field "is_auditd" in pid struct which can be used
>>>> for faster check of registered audit daemon.
>>>>
>>>> Benchmark
>>>> =========
>>>>
>>>> Run the following command:
>>>>
>>>> dd if=/dev/zero of=/dev/null bs=1 count=5M
>>>>
>>>> With rule:
>>>>
>>>> -a never,exit -F arch=b64 -S uname
>>>>
>>>> Result:
>>>>
>>>> Base line : 2.572 sec
>>>> /w this patch: 2.412 sec (6.6% faster)
>>>>
>>>> Signed-off-by: Eiichi Tsukata <[email protected]>
>>>> ---
>>>> include/linux/pid.h | 4 ++++
>>>> kernel/audit.c | 22 ++--------------------
>>>> kernel/audit.h | 3 ++-
>>>> kernel/pid.c | 3 +++
>>>> 4 files changed, 11 insertions(+), 21 deletions(-)
>>>>
>>>> diff --git a/include/linux/pid.h b/include/linux/pid.h
>>>> index 343abf22092e..5fe38e254c9a 100644
>>>> --- a/include/linux/pid.h
>>>> +++ b/include/linux/pid.h
>>>> @@ -68,6 +68,10 @@ struct pid
>>>> wait_queue_head_t wait_pidfd;
>>>> struct rcu_head rcu;
>>>> struct upid numbers[1];
>>>> +#ifdef CONFIG_AUDIT
>>>> + /* registered audit daemon tgid */
>>>> + unsigned is_auditd:1;
>>>> +#endif
>>>> };
>>>
>>> Thank you for the patch, but I don't think we want to add an audit
>>> specific field to the pid struct at this time.
>>>
>>
>> Hi Paul
>>
>> I agree “is_auditd” is too specific.
>>
>> How about having global “auditd_pid” struct pid pointer and let auditd_test_task() use it?
>> I mean:
>> #define auditd_test_task(tsk) (READ_ONCE(auditd_pid) == task_tgid(tsk))
>
> At this point in time I prefer to keep the auditd pid in the
> auditd_connection struct.
OK, but let me try out it as it should look pretty simple.
Will post v2 later.
>
>> By the way, it’s a bit different topic, I may have found a race in usage of auditd_pid_vnr().
>> In AUDIT_SET handling, the variable auditd_pid is referenced outside of the spinlock so it can be changed while it’s referenced.
>> So there is a TOCTOU race like this:
>>
>> CPU0 CPU1
>> ===== =====
>> auditd = auditd_pid_vnr()
>> auditd = auditd_pid_vnr()
>> if (auditd_pid) {…}
>> if (auditd_pid) {…}
>> auditd_set()
>> auditd_set()
>>
>>
>>
>> If auditd_pid_vnr() returns 0, this case can lead to replacement of a healthy auditd, which seems to be prohibited judging from the code comment "/* replacing a healthy auditd is not allowed */“.
>>
>> Please correct me if I’m wrong.
>
> Simultaneous AUDIT_SET operations are prevented by the
> audit_cmd_mutex/audit_ctl_lock(), see audit_receive().
>
Thanks, I missed that. Understood.
Eiichi
Hello,
kernel test robot noticed "UBSAN:array-index-out-of-bounds_in_kernel/pid.c" on:
commit: 2b7e57ee8639d525e91bde056303b9adf9f2e067 ("[PATCH] audit: use pid.is_auditd to make auditd_test_task() faster")
url: https://github.com/intel-lab-lkp/linux/commits/Eiichi-Tsukata/audit-use-pid-is_auditd-to-make-auditd_test_task-faster/20230414-111606
base: https://git.kernel.org/cgit/linux/kernel/git/pcmoore/audit.git next
patch link: https://lore.kernel.org/all/[email protected]/
patch subject: [PATCH] audit: use pid.is_auditd to make auditd_test_task() faster
in testcase: kernel-selftests
version: kernel-selftests-x86_64-60acb023-1_20230329
with following parameters:
group: pidfd
test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel.
test-url: https://www.kernel.org/doc/Documentation/kselftest.txt
compiler: gcc-11
test machine: 4 threads Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz (Skylake) with 16G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <[email protected]>
| Link: https://lore.kernel.org/oe-lkp/[email protected]
[ 137.659628][ T1795] UBSAN: array-index-out-of-bounds in kernel/pid.c:247:15
[ 137.668563][ T1795] index 1 is out of range for type 'upid [1]'
[ 137.674587][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 137.683674][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 137.693314][ T1795] Call Trace:
[ 137.696482][ T1795] <TASK>
[ 137.699308][ T1795] dump_stack_lvl (lib/dump_stack.c:107)
[ 137.703716][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 137.709339][ T1795] ? alloc_workqueue (kernel/workqueue.c:4490)
[ 137.714170][ T1795] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5691)
[ 137.718661][ T1795] alloc_pid (kernel/pid.c:247)
[ 137.722817][ T1795] ? copy_namespaces (arch/x86/include/asm/atomic.h:95 include/linux/atomic/atomic-instrumented.h:191 include/linux/nsproxy.h:112 kernel/nsproxy.c:162)
[ 137.727661][ T1795] copy_process (kernel/fork.c:2287)
[ 137.732257][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 137.737110][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 137.741425][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 137.746194][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 137.750620][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 137.755204][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 137.761714][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 137.767516][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 137.771843][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 137.777652][ T1795] RIP: 0033:0x7f5ef131b203
[ 137.781965][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 137.801576][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 137.809918][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 137.817807][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 137.825701][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 137.833622][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 137.841514][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 137.849424][ T1795] </TASK>
[ 137.852358][ T1795] ================================================================================
[ 137.861627][ T1795] ================================================================================
[ 137.870883][ T1795] UBSAN: array-index-out-of-bounds in kernel/pid.c:248:15
[ 137.879799][ T1795] index 1 is out of range for type 'upid [1]'
[ 137.885817][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 137.894839][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 137.904480][ T1795] Call Trace:
[ 137.907664][ T1795] <TASK>
[ 137.910489][ T1795] dump_stack_lvl (lib/dump_stack.c:107)
[ 137.914889][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 137.920511][ T1795] ? alloc_workqueue (kernel/workqueue.c:4490)
[ 137.925351][ T1795] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5691)
[ 137.929832][ T1795] alloc_pid (kernel/pid.c:248)
[ 137.933970][ T1795] ? copy_namespaces (arch/x86/include/asm/atomic.h:95 include/linux/atomic/atomic-instrumented.h:191 include/linux/nsproxy.h:112 kernel/nsproxy.c:162)
[ 137.938806][ T1795] copy_process (kernel/fork.c:2287)
[ 137.943400][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 137.948257][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 137.952622][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 137.957389][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 137.961788][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 137.966375][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 137.972865][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 137.978667][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 137.982993][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 137.988791][ T1795] RIP: 0033:0x7f5ef131b203
[ 137.993098][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.012706][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.021030][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.028923][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.036817][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.044702][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.052633][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.060571][ T1795] </TASK>
[ 138.063545][ T1795] ================================================================================
[ 138.072792][ T1795] ================================================================================
[ 138.082064][ T1795] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 138.091532][ T1795] index 1 is out of range for type 'upid [1]'
[ 138.097526][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.106572][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.116218][ T1795] Call Trace:
[ 138.119390][ T1795] <TASK>
[ 138.122213][ T1795] dump_stack_lvl (lib/dump_stack.c:108)
[ 138.126620][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.132253][ T1795] copy_process (include/linux/pid.h:159 kernel/fork.c:2430)
[ 138.136852][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 138.141715][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 138.146036][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 138.150813][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 138.155218][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 138.159820][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 138.166321][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 138.172121][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 138.176452][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 138.182250][ T1795] RIP: 0033:0x7f5ef131b203
[ 138.186598][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.206212][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.214567][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.222459][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.230347][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.238238][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.246129][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.254039][ T1795] </TASK>
[ 138.256954][ T1795] ================================================================================
[ 138.266154][ T1795] ================================================================================
[ 138.275354][ T1795] UBSAN: array-index-out-of-bounds in include/linux/pid.h:171:21
[ 138.284818][ T1795] index 1 is out of range for type 'upid [1]'
[ 138.290789][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.299816][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.309456][ T1795] Call Trace:
[ 138.312630][ T1795] <TASK>
[ 138.315459][ T1795] dump_stack_lvl (lib/dump_stack.c:108)
[ 138.319856][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.325483][ T1795] copy_process (include/linux/pid.h:171 kernel/fork.c:2459)
[ 138.330080][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 138.334937][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 138.339255][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 138.344034][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 138.348439][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 138.353039][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 138.359541][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 138.365358][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 138.369688][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 138.375481][ T1795] RIP: 0033:0x7f5ef131b203
[ 138.379791][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.399395][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.407729][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.415646][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.423560][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.431470][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.439357][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.447274][ T1795] </TASK>
[ 138.450183][ T1795] ================================================================================
[ 138.459384][ T1795] ================================================================================
[ 138.468632][ T1795] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 138.478102][ T1795] index 1 is out of range for type 'upid [1]'
[ 138.484072][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.493105][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.502740][ T1795] Call Trace:
[ 138.505920][ T1795] <TASK>
[ 138.508748][ T1795] dump_stack_lvl (lib/dump_stack.c:108)
[ 138.513155][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.518787][ T1795] copy_process (include/linux/pid.h:159 kernel/fork.c:2460)
[ 138.523386][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 138.528249][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 138.532615][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 138.537396][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 138.541797][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 138.546398][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 138.552907][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 138.558708][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 138.563039][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 138.568841][ T1795] RIP: 0033:0x7f5ef131b203
[ 138.573153][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.592766][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.601104][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.609006][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.616897][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.624799][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.632696][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.640652][ T1795] </TASK>
[ 138.643595][ T1795] ================================================================================
[ 138.652865][ T1795] ================================================================================
[ 138.652904][ T1846] ================================================================================
[ 138.662138][ T1795] UBSAN: array-index-out-of-bounds in kernel/pid.c:112:19
[ 138.671282][ T1846] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 138.671287][ T1846] index 1 is out of range for type 'upid [1]'
[ 138.680120][ T1795] index 1 is out of range for type 'upid [1]'
[ 138.680123][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.680126][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.720369][ T1795] Call Trace:
[ 138.723537][ T1795] <TASK>
[ 138.726375][ T1795] dump_stack_lvl (lib/dump_stack.c:107)
[ 138.730773][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.736393][ T1795] ? alloc_workqueue (kernel/workqueue.c:4490)
[ 138.741233][ T1795] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5691)
[ 138.745718][ T1795] put_pid (include/linux/rcupdate.h:332 include/linux/rcupdate.h:806 kernel/pid.c:446)
[ 138.750291][ T1795] kernel_clone (kernel/fork.c:2644)
[ 138.754693][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 138.759469][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 138.763866][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 138.768453][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 138.774949][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 138.780743][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 138.785069][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 138.790868][ T1795] RIP: 0033:0x7f5ef131b203
[ 138.795179][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.814778][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.823112][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.830999][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.838889][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.846783][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.854673][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.862634][ T1795] </TASK>
[ 138.865561][ T1846] CPU: 1 PID: 1846 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.865587][ T1795] ================================================================================
[ 138.874538][ T1846] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.874557][ T1846] Call Trace:
[ 138.874560][ T1846] <TASK>
[ 138.874563][ T1846] dump_stack_lvl (lib/dump_stack.c:107)
[ 138.903834][ T1846] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.909459][ T1846] __task_pid_nr_ns (include/linux/pid.h:159 kernel/pid.c:512 kernel/pid.c:502)
[ 138.914215][ T1846] schedule_tail (kernel/sched/core.c:5243)
[ 138.918529][ T1846] ret_from_fork (arch/x86/entry/entry_64.S:295)
[ 138.922794][ T1846] </TASK>
[ 138.925863][ T1846] ================================================================================
[ 138.935843][ T1846] ================================================================================
[ 138.945156][ T1846] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 138.954728][ T1846] index 1 is out of range for type 'upid [1]'
[ 138.960755][ T1846] CPU: 2 PID: 1846 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.969791][ T1846] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.979424][ T1846] Call Trace:
[ 138.982611][ T1846] <TASK>
[ 138.985440][ T1846] dump_stack_lvl (lib/dump_stack.c:107)
[ 138.989831][ T1846] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.995452][ T1846] ? kasan_set_track (mm/kasan/common.c:52)
[ 139.000112][ T1846] task_active_pid_ns (include/linux/pid.h:159 kernel/pid.c:512)
[ 139.004857][ T1846] proc_init_fs_context (fs/proc/root.c:252)
[ 139.009868][ T1846] alloc_fs_context (fs/fs_context.c:291)
[ 139.014626][ T1846] do_new_mount (fs/namespace.c:3028)
[ 139.019026][ T1846] ? do_add_mount (fs/namespace.c:3003)
[ 139.023612][ T1846] ? security_capable (security/security.c:837 (discriminator 13))
[ 139.028368][ T1846] path_mount (fs/namespace.c:3372)
[ 139.032681][ T1846] ? finish_automount (fs/namespace.c:3299)
[ 139.037624][ T1846] __x64_sys_mount (fs/namespace.c:3386 fs/namespace.c:3594 fs/namespace.c:3571 fs/namespace.c:3571)
[ 139.042285][ T1846] ? path_mount (fs/namespace.c:3571)
[ 139.046871][ T1846] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 139.051186][ T1846] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 139.056977][ T1846] RIP: 0033:0x7f5ef1350bca
[ 139.061281][ T1846] Code: 48 8b 0d 39 82 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 06 82 0c 00 f7 d8 64 89 01 48
All code
========
0: 48 8b 0d 39 82 0c 00 mov 0xc8239(%rip),%rcx # 0xc8240
7: f7 d8 neg %eax
9: 64 89 01 mov %eax,%fs:(%rcx)
c: 48 83 c8 ff or $0xffffffffffffffff,%rax
10: c3 retq
11: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
18: 00 00 00
1b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
20: 49 89 ca mov %rcx,%r10
23: b8 a5 00 00 00 mov $0xa5,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 retq
33: 48 8b 0d 06 82 0c 00 mov 0xc8206(%rip),%rcx # 0xc8240
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 retq
9: 48 8b 0d 06 82 0c 00 mov 0xc8206(%rip),%rcx # 0xc8216
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 139.080873][ T1846] RSP: 002b:00007ffe17f1b348 EFLAGS: 00000207 ORIG_RAX: 00000000000000a5
[ 139.089197][ T1846] RAX: ffffffffffffffda RBX: 00007ffe17f1b5c8 RCX: 00007f5ef1350bca
[ 139.097088][ T1846] RDX: 0000557f404d3474 RSI: 0000557f404d346e RDI: 0000557f404d3474
[ 139.104981][ T1846] RBP: 00007ffe17f1b490 R08: 0000000000000000 R09: 00007f5ef1244740
[ 139.112870][ T1846] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000000000
[ 139.120756][ T1846] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 139.128675][ T1846] </TASK>
[ 139.131614][ T1846] ================================================================================
[ 139.142885][ T1846] ================================================================================
[ 139.152124][ T1846] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 139.161641][ T1846] index 1 is out of range for type 'upid [1]'
[ 139.167688][ T1846] CPU: 2 PID: 1846 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 139.176727][ T1846] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 139.186357][ T1846] Call Trace:
[ 139.189524][ T1846] <TASK>
[ 139.192348][ T1846] dump_stack_lvl (lib/dump_stack.c:107)
[ 139.196745][ T1846] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 139.202368][ T1846] ? get_task_pid (include/linux/rcupdate.h:332 include/linux/rcupdate.h:806 kernel/pid.c:446)
[ 139.206848][ T1846] pid_vnr (include/linux/pid.h:159 kernel/pid.c:512 kernel/pid.c:491)
[ 139.210807][ T1846] kernel_clone (kernel/fork.c:2697)
[ 139.215207][ T1846] ? create_io_thread (kernel/fork.c:2644)
[ 139.219973][ T1846] __do_sys_clone (kernel/fork.c:2814)
[ 139.224373][ T1846] ? __do_sys_vfork (kernel/fork.c:2814)
[ 139.228960][ T1846] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 139.235455][ T1846] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 139.241245][ T1846] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 139.245623][ T1846] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 139.251427][ T1846] RIP: 0033:0x7f5ef131b203
[ 139.255733][ T1846] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 139.275314][ T1846] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 139.283653][ T1846] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 139.291558][ T1846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 139.299448][ T1846] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f5ef1244740
[ 139.307335][ T1846] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 139.315224][ T1846] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 139.323135][ T1846] </TASK>
[ 139.326087][ T1846] ================================================================================
[ 139.335382][ T1846] ================================================================================
[ 139.344662][ T1846] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 139.354318][ T1846] index 1 is out of range for type 'upid [1]'
[ 139.360350][ T1846] CPU: 2 PID: 1846 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 139.369388][ T1846] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 139.379013][ T1846] Call Trace:
[ 139.382191][ T1846] <TASK>
[ 139.385014][ T1846] dump_stack_lvl (lib/dump_stack.c:107)
[ 139.389411][ T1846] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 139.395033][ T1846] find_get_pid (include/linux/pid.h:159 kernel/pid.c:512 kernel/pid.c:320 kernel/pid.c:468)
[ 139.399430][ T1846] kernel_wait4 (kernel/exit.c:1766)
[ 139.403828][ T1846] ? __wake_up_parent (kernel/exit.c:1742)
[ 139.408627][ T1846] __do_sys_wait4 (kernel/exit.c:1803)
[ 139.413109][ T1846] ? kernel_wait4 (kernel/exit.c:1801)
[ 139.417725][ T1846] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 139.424220][ T1846] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 139.428608][ T1846] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 139.434418][ T1846] RIP: 0033:0x7f5ef131aa83
[ 139.438727][ T1846] Code: ff ff ff ff e9 0e 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 80 3d 61 6b 10 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48
All code
========
0: ff (bad)
1: ff (bad)
2: ff (bad)
3: ff (bad)
4: e9 0e 00 00 00 jmpq 0x17
9: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
10: 00 00 00
13: 0f 1f 40 00 nopl 0x0(%rax)
17: 80 3d 61 6b 10 00 00 cmpb $0x0,0x106b61(%rip) # 0x106b7f
1e: 49 89 ca mov %rcx,%r10
21: 74 14 je 0x37
23: b8 3d 00 00 00 mov $0x3d,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 5d ja 0x8f
32: c3 retq
33: 0f 1f 40 00 nopl 0x0(%rax)
37: 48 83 ec 28 sub $0x28,%rsp
3b: 89 54 24 14 mov %edx,0x14(%rsp)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 5d ja 0x65
8: c3 retq
9: 0f 1f 40 00 nopl 0x0(%rax)
d: 48 83 ec 28 sub $0x28,%rsp
11: 89 54 24 14 mov %edx,0x14(%rsp)
15: 48 rex.W
[ 139.458318][ T1846] RSP: 002b:00007ffe17f1b318 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
[ 139.466659][ T1846] RAX: ffffffffffffffda RBX: 00007ffe17f1b5c8 RCX: 00007f5ef131aa83
[ 139.474569][ T1846] RDX: 0000000000000000 RSI: 00007ffe17f1b338 RDI: 0000000000000002
[ 139.482458][ T1846] RBP: 00007ffe17f1b340 R08: 0000000000000000 R09: 00007f5ef1244740
[ 139.490352][ T1846] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 139.498244][ T1846] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 139.506155][ T1846] </TASK>
[ 139.509131][ T1846] ================================================================================
[ 139.884334][ T291] # TAP version 13
[ 139.884357][ T291]
[ 139.890614][ T291] # 1..8
[ 139.890632][ T291]
[ 139.896187][ T291] # # Parent: pid: 1795
[ 139.896205][ T291]
[ 139.903747][ T291] # # Parent: Waiting for Child (1796) to complete.
[ 139.903766][ T291]
[ 139.913180][ T291] # # Time waited for child: 3
[ 139.913197][ T291]
[ 139.922068][ T291] # ok 1 pidfd_poll check for premature notification on child thread exec test: Passed
[ 139.922085][ T291]
[ 139.934390][ T291] # # Parent: pid: 1795
[ 139.934406][ T291]
[ 139.941907][ T291] # # Parent: Waiting for Child (1807) to complete.
[ 139.941924][ T291]
[ 139.951508][ T291] # # Parent: Child process waited for.
[ 139.951572][ T291]
[ 139.959959][ T291] # # Time waited for child: 3
[ 139.959976][ T291]
[ 139.968849][ T291] # ok 2 pidfd_poll check for premature notification on child thread exec test: Passed
[ 139.968866][ T291]
[ 139.981153][ T291] # # Parent: pid: 1795
[ 139.981169][ T291]
[ 139.988656][ T291] # # Parent: Waiting for Child (1821) to complete.
[ 139.988673][ T291]
[ 139.998085][ T291] # # Time since child exit: 3
[ 139.998101][ T291]
[ 140.007120][ T291] # ok 3 pidfd_poll check for premature notification on non-emptygroup leader exit test: Passed
[ 140.007138][ T291]
[ 140.020226][ T291] # # Parent: pid: 1795
[ 140.020243][ T291]
[ 140.027673][ T291] # # Parent: Waiting for Child (1833) to complete.
[ 140.027704][ T291]
[ 140.037347][ T291] # # Parent: Child process waited for.
[ 140.037363][ T291]
[ 140.045731][ T291] # # Time since child exit: 3
[ 140.045748][ T291]
[ 140.054800][ T291] # ok 4 pidfd_poll check for premature notification on non-emptygroup leader exit test: Passed
[ 140.054818][ T291]
[ 140.070044][ T291] # ok 5 pidfd_send_signal check for support test: pidfd_send_signal() syscall is supported. Tests can be executed
[ 140.070061][ T291]
[ 140.085654][ T291] # ok 6 pidfd_send_signal send SIGUSR1 test: Sent signal
[ 140.085673][ T291]
[ 140.095623][ T291] # # waitpid WEXITSTATUS=0
[ 140.095640][ T291]
[ 140.104242][ T291] # ok 7 pidfd_send_signal signal exited process test: Failed to send signal as expected
[ 140.104259][ T291]
[ 140.116908][ T291] # # waitpid WEXITSTATUS=0
[ 140.116925][ T291]
[ 140.124132][ T291] # # waitpid WEXITSTATUS=0
[ 140.124148][ T291]
[ 140.131332][ T291] # # waitpid WEXITSTATUS=0
[ 140.131348][ T291]
[ 140.138567][ T291] # # waitpid WEXITSTATUS=0
[ 140.138584][ T291]
[ 140.145863][ T291] # # waitpid WEXITSTATUS=0
[ 140.145880][ T291]
[ 140.153115][ T291] # # waitpid WEXITSTATUS=0
[ 140.153131][ T291]
[ 140.160338][ T291] # # waitpid WEXITSTATUS=0
[ 140.160354][ T291]
[ 140.167622][ T291] # # waitpid WEXITSTATUS=0
[ 140.167640][ T291]
[ 140.174903][ T291] # # waitpid WEXITSTATUS=0
[ 140.174920][ T291]
[ 140.182129][ T291] # # waitpid WEXITSTATUS=0
[ 140.182145][ T291]
[ 140.189318][ T291] # # waitpid WEXITSTATUS=0
[ 140.189335][ T291]
[ 140.196532][ T291] # # waitpid WEXITSTATUS=0
[ 140.196566][ T291]
[ 140.203843][ T291] # # waitpid WEXITSTATUS=0
[ 140.203860][ T291]
[ 140.211111][ T291] # # waitpid WEXITSTATUS=0
[ 140.211127][ T291]
[ 140.218301][ T291] # # waitpid WEXITSTATUS=0
[ 140.218317][ T291]
[ 140.225571][ T291] # # waitpid WEXITSTATUS=0
[ 140.225588][ T291]
[ 140.232871][ T291] # # waitpid WEXITSTATUS=0
[ 140.232888][ T291]
[ 140.240123][ T291] # # waitpid WEXITSTATUS=0
[ 140.240139][ T291]
[ 140.247331][ T291] # # waitpid WEXITSTATUS=0
[ 140.247347][ T291]
[ 140.254619][ T291] # # waitpid WEXITSTATUS=0
[ 140.254636][ T291]
[ 140.261901][ T291] # # waitpid WEXITSTATUS=0
[ 140.261917][ T291]
[ 140.269145][ T291] # # waitpid WEXITSTATUS=0
[ 140.269162][ T291]
[ 140.276343][ T291] # # waitpid WEXITSTATUS=0
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests