Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755608AbdC3Goa (ORCPT <rfc822;w@1wt.eu>);
        Thu, 30 Mar 2017 02:44:30 -0400
Received: from mail-he1eur01on0122.outbound.protection.outlook.com ([104.47.0.122]:18777
        "EHLO EUR01-HE1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1754885AbdC3Go2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 30 Mar 2017 02:44:28 -0400
Authentication-Results: codemonkey.org.uk; dkim=none (message not signed)
 header.d=none;codemonkey.org.uk; dmarc=none action=none
 header.from=nokia.com;
To: <linux-mm@kvack.org>, <linux-kernel@vger.kernel.org>
CC: Kees Cook <keescook@chromium.org>, Laura Abbott <labbott@redhat.com>,
        Ingo Molnar <mingo@kernel.org>, Josh Poimboeuf <jpoimboe@redhat.com>,
        Mark Rutland <mark.rutland@arm.com>,
        Eric Biggers <ebiggers@google.com>, <davej@codemonkey.org.uk>
From: Tommi Rantala <tommi.t.rantala@nokia.com>
Subject: sudo x86info -a => kernel BUG at mm/usercopy.c:78!
Message-ID: <d928849c-e7c3-6b81-e551-a39fa976f341@nokia.com>
Date: Thu, 30 Mar 2017 09:44:20 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [131.228.2.26]
X-ClientProxiedBy: DB6PR0202CA0029.eurprd02.prod.outlook.com (10.171.70.15) To
 DB6PR0701MB2360.eurprd07.prod.outlook.com (10.168.75.14)
X-MS-Office365-Filtering-Correlation-Id: 3c6e75ca-b9c8-4f85-4656-08d47738347d
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(201703131423075)(201703031133081);SRVR:DB6PR0701MB2360;
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2360;3:qXUQbzZaLcUzsgcBToldiKHyASmCFnWbru/izILjEq6ohD42B6mSSFtWg8EBfUJ/l/eG0GI6YR/tcbgv4R+Ktsq/Zmhk0lRIgSR2Jnox2EzQ34Dp9LOIhDWdecObuHpPl48JvELTjIetW5r8s2pH7q9nmfPSj8w0Ifpc5bIk8JVgiHUw8MXbKKYar23F5iz8NVLypOe4sQ3nDrUatkVYM6YRw8FoCgKBMGJFdraU8aQ5Ip2NSUn8U4QXyVIEpfHpfe37nLU03xvgaHMfhRThXrGJcO7Cksf/NPwzJnHlqf73kqFnx7mHXWZyYH/hBLRbe33Hr0MVrsxJJUKD9cUg/pliG2V3uSTmk53ufvlcJKw=;25:VdVQmAy/J+ysABuDZNgmgF2UYt4V16kwsmVsSF0KH/jjBUh0nE7Ry/e3dYvg9tmSntxMvx2KYU6kEivB0v7IRyMP3hYYuZbESnGQ96qO94Bnxi6loqjJvoRl/6SxeGhj/c3DUlW/YOQ6T8wk3aRBQkgdOLNlfUXWF1qagJkK25qSCIR0ZF5NzDEdzLUm8UAhODZw/Wjx29o9XPc/ZIb8cyXpVU5kHX2vdkwPQ+iSPaPRf8f5sWsKbOcC+cHTANaTPsBAn4uEsOQKlppND4pyfWq0IUeguaaHIYodBshHd7/xfFvM7tNQ1L6U0ZLCEA9osm4Sp+Xyn9A0EMXrBG3i7N3jnC8D03gkLmvX2Pmi6nlo1BkUZp2sOfVnjuz8OV8D25HMgM3RkAWhD/psdVu1CnlBmOM3m0vKGqOFiuFwFuc3c85yClQnO1vW3VlmDQPx8sn0+Gn4I0nVKpJfXsAQWA==
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2360;31:AKmwhk6zqrf2JfOIUbFhfDwAYsMvf0lo0W4TilFEU6kl69x26xE48Tn2YaZWRv4qSlPJ5mso/IdbAKA2Q5N7ewQRFT4+dGA4xZTQn+1ox+AMTVbc+BeqfK3pImX1zn0ypOW77HHtHqrhEHnOW9xM7V2CivR/mmMpxmiIRohCTbwXCvBDyV6LqaldRmjmvT6zJRmvPXiwPws3fmlTPWHwAE+XbwizxWaKdDnwba7N3SX58nSMXBVQNclC5BxDyiOaAOq/2/uanzUmgVnldV4Ctw==;20:C9Ogkf5oX2Hy8b1Qeo8IqIsrLv9G8QmocfzuRJnjcZWYF+UgKAdAXCw4Nos9LgoBQnltJjJFnHQMjrenR/viQ90pNY3K6PFLugfX8tD5s8J0LAW7xnTaC+Tw3+AP+xU2+kfgFQSyBgyDrk+zPHEGuRBJ5AyWuVzfLPRkjyGu03IP7Aj2VB+wUHmDwzr/8pX3mYkx0Jb4vgGKLKXRg9MuZ4+XW9Ebhhm8YLiZ8BpuadF7SpmdfNXLnCcqLcdAlYNfL3Ab6SiPQPpeSnksSLVonSt4iOhZahOVE1SeYe0Rtm9kg5CDM6j1nkbgORqUERP/XxwKb0WV6GfPZ+YCzMiDTOv68T73pmKMh9kEd+MXdVjtuOTS6e4Vhs27RE4fGmIEP17zDnAHUQ8Kdf4A/sYsAlg2yBxsrUcVBfx3Y+/hiSsLHsxWBr41r0n+OicX1CIZtc2Nua6eVIyYxUoTtfyt6Ka+Pwb6OntJjnvcVrFRiRfexPuvZkB768YBzlWZiJO5fXVn5+8q1a25yttUDiGR0CzIv7cDBCH4Jg6Ys1oOrvP6aufZv9nvK11xWKatP3GvEGgInOpXGwEEhwTOwt0H5Jdg4URjRBSPLecTqKMmjJU=
X-Microsoft-Antispam-PRVS: <DB6PR0701MB2360CB3403A891F9DDD6D82AB4340@DB6PR0701MB2360.eurprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123555025)(20161123560025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(6072148);SRVR:DB6PR0701MB2360;BCL:0;PCL:0;RULEID:;SRVR:DB6PR0701MB2360;
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2360;4:4RfgVIQhKSCpu0NIANXywEtSiD1D8XbYKJHI23+hwyt4MbDlP+W6eLRrnJb1nCVadyd5IeLBItCslj3yr850ejyyXxfZPBz54wsJYBTnhfTJtskJjFv8gJyeQ2Eoe4uwUnqXNKkmGSo+r2XxkFDoADiGCEozwjqfbs39j4rGC5LPG7EH4Ke8c4nu8ojCGpcKIFBd0ADCPSqC2NJ7z5w5ZSdPZw34WJkKWCzH86mIV/GDcz7I/ojsupzqrCgrUfvRCoHaU3MRaw8EN9qkcm9IeYp1YwE8jOXnY1PunCZte5hZCEBNqLxwuxl2R+tOLRToBeMQGURl4AS/TD+v3XvU5TqqJdG2siYJ8jz4Lm5MPQGM1mBj4JbXmAXtAmCuB0tZbPTLSCoyHYI3of+AHZUMy+e2YiHtEm5d59f/ST1rGnf2G/Q6amXcbnp8rq9lZ4eaxNIId9+eSkijkmBel+CzWIjqxJLzEs0iomtAniFV3JRlRzjU7lkZp5bVYnbEQ6hRnt8+A5bCjUM4lmWEKB9gdYkNdopGaBEt3C7VzOG/p+ezWaHz44Ehx/JBFEHnucSLKmmc3+SeS9aJrHMyseKOIcKbgrtsQvJavEZDgtlkvDYEaSWOtUX18hi9cXdAe0jnQxt/1VMa0TVybBPDvgQVihO4fc8aI6c4a/1o16UghS54kt7G+l/vunVtI5fCYcsCVc6kqDXqlX0r9igAdHcpt2GyUEYb43r35GQ6pfIzB7Y=
X-Forefront-PRVS: 02622CEF0A
X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(39400400002)(39860400002)(39850400002)(39840400002)(39410400002)(39450400003)(36756003)(33646002)(305945005)(3846002)(7736002)(6116002)(6666003)(77096006)(230700001)(189998001)(4001350100001)(66066001)(65956001)(50466002)(23676002)(5660300001)(4326008)(31696002)(47776003)(575784001)(86362001)(31686004)(42186005)(54906002)(50986999)(2906002)(6306002)(6486002)(8676002)(25786009)(81166006)(38730400002)(53936002)(226693001)(54356999)(2101003);DIR:OUT;SFP:1102;SCL:1;SRVR:DB6PR0701MB2360;H:[10.144.182.168];FPR:;SPF:None;MLV:sfv;LANG:en;
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjZQUjA3MDFNQjIzNjA7MjM6SGVtM2t1dXJMTjI2RWVRSm1YNHZyNlBR?=
 =?utf-8?B?YTNtdndmaEVvWlFaUG1RQTVGV3J0R2gyNjUxUFlpQXg5UEVpVVUxdXpwc0Zq?=
 =?utf-8?B?VUFHYncyNmpzSWxqeEtBMEQwMlB2d05EaDJrWFM1enlKOWxtM05ZZVEzY3hV?=
 =?utf-8?B?Q2hrSGlEQ3oyYkYxK0lleUtEQy9xQmEzS0wvb01BOGI1cFhKQ1V1R1FvNGFD?=
 =?utf-8?B?dXZ2UGkyemV4WXFTWDViakcydmxUMEo5M2VDaUhhWE1Gb2xpVE1vLzJIRmxZ?=
 =?utf-8?B?VCsyWlN6ZW92aFNDcHNpZjRWaFJReU1hazZUdVE3dzZZdHNPb0Q3bG5DSmhI?=
 =?utf-8?B?aGoyOG9PdGN6VUxnSldMQjdWVkdRbE9Tcjk2ZklLcXI5NU0yRjUrVmlJSm1p?=
 =?utf-8?B?eDJXOUczUFlkVnBLL3Z2WDc1cjhSaktwNDVkME9Pd25sNStpZjdzZFg5ZEp1?=
 =?utf-8?B?UmpHdTVyNUxKRTM2djZESnUwRGQwdklURmxRUkJvdGMrOERqSkFBL3BTNjV0?=
 =?utf-8?B?VzdITENiRlk3dk1iKzJkQlJXaXFmbkpIUjdOcjZiVGZVOS82dXA3bjNvSXg4?=
 =?utf-8?B?Uk1SWWNmVWdLL3p3cVVuK0RNT3BWVjcxM0VqVjdQTW15elBnazFGOUxjQmFZ?=
 =?utf-8?B?M3A0N3pmMUJtM3NmSFhpTE1DMEZJSndrUG9OQmc0V1ZwTmp0U2p2WUJRYjUy?=
 =?utf-8?B?dTJhZ1VHeDNuTHJnZmxYQVpnNkpXWG1WZXNLZys3ZSs1SGV3NkJmbkZLWk1O?=
 =?utf-8?B?UjQ2TUZvSGx3a1JsTGRtcUZtdjIyTHIyTjNoMzZVeEVUWVE1eTRYaEthTWdu?=
 =?utf-8?B?eDdKYkVUa2xqeDJQckIxcTBYNTVKbW8vRk5jVkZKNFZQOUVxdXpwUlVJWTRO?=
 =?utf-8?B?cm8wOFN3NVk0QnRzeWdRQXlSMmZ0Tlo4d3RSSko2NjZVWjFXWWRHNnQwMk5n?=
 =?utf-8?B?RWRFdWlQY21BN2MxZDdZdWdqRHdMTEJWWkhOcUFOdGFwVGxXSngyR3JrNFEz?=
 =?utf-8?B?RWxOWklFdytyNE40THROQjB0ZVpPNVNYSTA5TmppaHkxZGVTUDQwNmRNMW1h?=
 =?utf-8?B?dmxOVUR4T1YxTWtoZmxSNXFvV3BlRW9sVWtZL1EzM2lkWW5HQ1VHN3Jka0pI?=
 =?utf-8?B?TmRvTHdNNzlQb2J2b3VLSkFKMFRWdWlvanZpT0VocUFDeUdIS2M0TVdMY3dh?=
 =?utf-8?B?ejRYOEU0OGh6dlY5dWYwYWZiSS8rV05iQXhwZmQyTjVmSHRJWC9IbENxY28x?=
 =?utf-8?B?YjRSUDh2SjNHSmhqMHdlNkl1Yktma3BsR0xmWWQ1QmpDN0w0anBCNmZoMDQr?=
 =?utf-8?B?OVpvY21kTFVrN01JNTZaU3RxbzM0cjB1SUdMbHFaM0VwUkw5L2FmdzU4VnNz?=
 =?utf-8?B?UzlrcGxadjBhbUJqTzFCS3BQYTVXSjFnaU5SUTNlcHV2Ym1ZUVRYUXVqdnlJ?=
 =?utf-8?B?NjBZN3RvS0ZjU3ZJZUFYanRpZE0xbkFhd2VTOUpncFBTdWUyRDRzeDVjSHU5?=
 =?utf-8?B?ZDdqQ1kyQkxDck40dXhTWThFSDFaMU9tNzJIa21tdk41c3RlU3pFbzltUG9M?=
 =?utf-8?Q?gIV?=
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2360;6:f2TDfx5n+I1VyHTGb1RlsHaSdyOgYTKrrVvRF0IhOBVvXqzfFuvejz5gVdcIvIPJ/Q5meMhZzHOtYkkoLm8xEY/uUhQLXBxV/GQyA2GAbZ1NEu2snVanFOqaZu4wuBp+U2R32x9CX8ncxZMPwwXHMVrbMPKGBhWB1rZRsFgi7o9TqxPr7T0BWAKG1BVU6za3se2sCYsrPRb5d9blCrRGzHzhTSfOvKMUi+Pb3BpghGKVx/D08N0w37cgsfdQseYiqwZXs+VhNMpt5Binf7fh0I8JwCQPvGmWW9AybA8jPN2NRnVRZQIUU3wT73KGdCrLoqZKk67hZK7Lpto0HbgVJBV8Bu1Y+caYMQybLUaXsi8Hxvy7loWqwt391+07otLGo9GMBGXsSukkGGSyEt5PBNZTsoTFu5ItPfre3E34eIg=;5:EGVo9sdwExEpct7wfQDd5sRHwLJhisMnEZztAe4TlCN+nTj4QWrkrFoX1aDWDiYHekGfvPSNWLhKAPF9xudO/UE4vRXJGFv1AWOPIVMz7b9S3Gb0KUPdFq2WtYBOzhzVU+3fyOWmJ9hK05QHskuKHg==;24:FXTzMsofVImvFGn7bc9vo8WvM4K8v3J7l0vbaN6FZTY2pcSGPO3XZBQgzEB0P5ea7qhM43BnBdh4biGQdPBrvOIGad2zci0+EsZZCh48cy4=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1;DB6PR0701MB2360;7:3shaEQfKlqQCqKqjusr80o3xYVCe02atqiUJjQQZNMUqW2X0IGFelbhGOYpVdv4lCrJ9DgeAg0a9ZgpCrxwUikxjdpxmoRRTJJuJN4GjWoWSMLz0Wkis/5eg/Q3WTH/CFkd862q25GVn08NQUmzKzbOgBtcgftMIaoVbUVrFloy4t+eXbkBHgnq4uzezWAfn2TNQj8Nwk5VxGOG+fsSBSt/zpHsEI/M0UkqHPEu8i6Bp8R5CQNF/19iNXWKrJAlVw34DjuJWnUogJHOY9jU7UWSCwFGWUNS7J1WOAKQgEd1jeBitmdgdynM5WGxvbsqIodYE+AujYhjZRI2ysVOsGw==
X-OriginatorOrg: nokia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2017 06:44:24.2686 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0701MB2360
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 4093
Lines: 90

Hi,

Running:

   $ sudo x86info -a

On this HP ZBook 15 G3 laptop kills the x86info process with segfault 
and produces the following kernel BUG.

   $ git describe
   v4.11-rc4-40-gfe82203

It is also reproducible with the fedora kernel: 4.9.14-200.fc25.x86_64

Full dmesg output here: https://pastebin.com/raw/Kur2mpZq

[   51.418954] usercopy: kernel memory exposure attempt detected from 
ffff880000090000 (dma-kmalloc-256) (4096 bytes)
[   51.418959] ------------[ cut here ]------------
[   51.418968] kernel BUG at /home/tomranta/git/linux/mm/usercopy.c:78!
[   51.418970] invalid opcode: 0000 [#1] SMP
[   51.418972] Modules linked in: fuse ccm ipt_REJECT nf_reject_ipv4 
xt_tcpudp tun af_packet xt_conntrack nf_conntrack libcrc32c ebtable_nat 
ebtable_broute bridge ip6table_mangle ip6table_raw iptable_mangle 
iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables 
iptable_filter ip_tables x_tables nls_iso8859_1 nls_cp437 vfat fat 
dm_mirror dm_region_hash dm_log arc4 hp_wmi sparse_keymap coretemp 
kvm_intel snd_hda_codec_hdmi kvm irqbypass pcbc aesni_intel aes_x86_64 
crypto_simd cryptd glue_helper intel_cstate intel_uncore intel_rapl_perf 
iwlmvm mac80211 snd_usb_audio mousedev snd_usbmidi_lib snd_rawmidi 
input_leds snd_hda_codec_conexant snd_hda_codec_generic efivars iwlwifi 
uvcvideo videobuf2_vmalloc videobuf2_memops snd_hda_intel videobuf2_v4l2 
cfg80211 videobuf2_core snd_hda_codec snd_seq snd_hwdep
[   51.419010]  snd_seq_device snd_hda_core snd_pcm thermal hp_accel 
lis3lv02d input_polldev ac acpi_pad battery led_class evdev hp_wireless 
nfsd lockd grace sunrpc tg3 libphy crc32_pclmul crc32c_intel e1000e 
sd_mod 8021q garp stp llc mrp unix autofs4
[   51.419025] CPU: 7 PID: 2406 Comm: x86info Not tainted 
4.11.0-rc4-tommi+ #14
[   51.419027] Hardware name: HP HP ZBook 15 G3/80D5, BIOS N81 Ver. 
01.12 11/01/2016
[   51.419030] task: ffff88026ce84100 task.stack: ffffc90003b94000
[   51.419035] RIP: 0010:__check_object_size+0xfd/0x195
[   51.419037] RSP: 0018:ffffc90003b97de0 EFLAGS: 00010282
[   51.419039] RAX: 0000000000000066 RBX: ffff880000090000 RCX: 
0000000000000000
[   51.419042] RDX: ffff8802bddd33e8 RSI: ffff8802bddcc9e8 RDI: 
ffff8802bddcc9e8
[   51.419044] RBP: ffffc90003b97e00 R08: 000000000006648a R09: 
000000000000048b
[   51.419046] R10: 0000000000000100 R11: ffffffff81e9a86d R12: 
0000000000001000
[   51.419049] R13: 0000000000000001 R14: ffff880000091000 R15: 
ffff880000090000
[   51.419051] FS:  00007f8323436b40(0000) GS:ffff8802bddc0000(0000) 
knlGS:0000000000000000
[   51.419054] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.419056] CR2: 00007ffcbec21000 CR3: 000000026c8e8000 CR4: 
00000000003406a0
[   51.419058] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[   51.419061] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400
[   51.419063] Call Trace:
[   51.419066]  read_mem+0x70/0x120
[   51.419069]  __vfs_read+0x28/0x130
[   51.419072]  ? security_file_permission+0x9b/0xb0
[   51.419075]  ? rw_verify_area+0x4e/0xb0
[   51.419077]  vfs_read+0x96/0x130
[   51.419079]  SyS_read+0x46/0xb0
[   51.419082]  ? SyS_lseek+0x87/0xb0
[   51.419085]  entry_SYSCALL_64_fastpath+0x1a/0xa9
[   51.419087] RIP: 0033:0x7f8322d56bd0
[   51.419089] RSP: 002b:00007ffcbec11c68 EFLAGS: 00000246 ORIG_RAX: 
0000000000000000
[   51.419091] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 
00007f8322d56bd0
[   51.419094] RDX: 0000000000010000 RSI: 00007ffcbec11ca0 RDI: 
0000000000000003
[   51.419096] RBP: 0000000000000008 R08: 0000000000000005 R09: 
0000000000000050
[   51.419098] R10: 0000000000000000 R11: 0000000000000246 R12: 
0000000002231c00
[   51.419100] R13: 00007ffcbec11c9e R14: 00007ffcbec51cf8 R15: 
0000000000000000
[   51.419103] Code: a8 81 48 c7 c2 29 69 a4 81 48 c7 c6 82 89 a5 81 48 
0f 45 d0 48 c7 c0 1a 1e a6 81 48 c7 c7 d0 ed a5 81 48 0f 45 f0 e8 7f 74 
f8 ff <0f> 0b 48 89 df e8 29 98 e8 ff 84 c0 0f 84 3a ff ff ff b8 00 00
[   51.419123] RIP: __check_object_size+0xfd/0x195 RSP: ffffc90003b97de0
[   51.421565] ---[ end trace 441f7992ca25e39d ]---