Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp97924pxj; Wed, 26 May 2021 17:19:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzU2WFoCV28kbTFkIS2InzUt/DrXTec7gZmr5BH7SzUlBw5+fSOQ+iacJ5H6HUJo/Ltu00K X-Received: by 2002:a50:9317:: with SMTP id m23mr917216eda.229.1622074794888; Wed, 26 May 2021 17:19:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622074794; cv=none; d=google.com; s=arc-20160816; b=hooVbvVMjqBj6yuElZZI6DkYcyTGYrQMKUsd768r3RQjz+oy/C3X9smTaHfgxU/Kk5 TqfW+brnHRWPWKDoRVBJUJ7rUs3tWV49LkWjpX6pYVWG7bwoQPqTZeTPQAjoJdhBTZXy 0+xaYN867JoliHQCcsmP+op/9NZeddMzkdhKBj9GBqHKaD1JU2dhyAHwwN5dV7W5uTDp +gX0+gGueU2/UR/U8WD/EYiR9fl66eqbnQtD46NUdR/9AFUANowGfVf4Nc0xhEMvBmJg JtURMoI5dEkIeLjTg9EtZdVkkK3+6q+rf78oxWGBW40DDKrZWjOC7xF0u69pH/9+jJAC 492g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:ironport-sdr:ironport-sdr; bh=jAWFt2g7srVka7rHvrfnCVuUADSia8hcziunAXmWY2s=; b=gCOkfwDG/uVHFfDF+0J5OiHWl5JbuIQOt7oi8QrT7o58uDi6lfkJ1hitWVHOqA2NSh ZGNs9Sx+Zl1I0BBjyWESdjijV01bdYhI8tch97L7dUQy/scjMshBQZaDMozhRj7VB+KM 4XhRrNhHKOWdwWeCpB5iS1aKYHXM4UZf/pT23akcSaYQOWZY11Y4GXnaPUd0jEuDgE7o pIVU4Iv8XzhylU4p3+zpZTQrd34pYS82hsWkiOYnG0T9YzO33eFqXOp5USeRcyV4ZjH5 FQHSM5T1Z8jWWS8sZ1eFO3Dar7MlKjEOTMv3EoAoc2mPEBGBLb5rmD+P1vYQUwNP8Sjz IYcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a13si545208ejg.296.2021.05.26.17.19.30; Wed, 26 May 2021 17:19:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233717AbhEZVXO (ORCPT + 99 others); Wed, 26 May 2021 17:23:14 -0400 Received: from mga11.intel.com ([192.55.52.93]:1036 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233241AbhEZVXN (ORCPT ); Wed, 26 May 2021 17:23:13 -0400 IronPort-SDR: 4NyT6fev5sLSb6AHR1MWoQHdtaVufHjlo0evuXi8g4gp1wW3vr4dC8IKEW1fRgM3TVGw91EbOY FdyZxT2leYUA== X-IronPort-AV: E=McAfee;i="6200,9189,9996"; a="199535576" X-IronPort-AV: E=Sophos;i="5.82,331,1613462400"; d="scan'208";a="199535576" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 May 2021 14:21:41 -0700 IronPort-SDR: RAKV3ZDh178zk956PhHXsakMiYonUgFsJv3xtTwG7pm9LVv+PO3Yegs+JaWRHnq4WbS5cxTGgH OnzNfOauM+ew== X-IronPort-AV: E=Sophos;i="5.82,331,1613462400"; d="scan'208";a="443237449" Received: from yyu32-mobl1.amr.corp.intel.com (HELO [10.212.27.201]) ([10.212.27.201]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 May 2021 14:21:39 -0700 Subject: Re: [syzbot] WARNING in ex_handler_fprestore To: Dmitry Vyukov , Andy Lutomirski Cc: syzbot , Borislav Petkov , Borislav Petkov , Dave Hansen , fenghua.yu@intel.com, "H. Peter Anvin" , LKML , Ingo Molnar , Peter Zijlstra , syzkaller-bugs , Thomas Gleixner , tony.luck@intel.com, the arch/x86 maintainers References: <0000000000004c453905c30f8334@google.com> From: "Yu, Yu-cheng" Message-ID: <27d52fe4-3159-2f19-33cd-01ef4b3e530b@intel.com> Date: Wed, 26 May 2021 14:21:39 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/26/2021 12:00 AM, Dmitry Vyukov wrote: > On Wed, May 26, 2021 at 2:33 AM Andy Lutomirski wrote: >> >> On 5/24/21 1:51 AM, syzbot wrote: >>> Hello, >>> >>> syzbot found the following issue on: >>> >>> HEAD commit: 45af60e7 Merge tag 'for-5.13-rc2-tag' of git://git.kernel... >>> git tree: upstream >>> console output: https://syzkaller.appspot.com/x/log.txt?x=1591e9f7d00000 >>> kernel config: https://syzkaller.appspot.com/x/.config?x=18fade5827eb74f7 >>> dashboard link: https://syzkaller.appspot.com/bug?extid=2067e764dbcd10721e2e >>> compiler: Debian clang version 11.0.1-2 >>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11be6bd1d00000 >> >> Hi syz people and x86 people- >> >> I entirely believe that this bug is real and that syzbot bisected it >> correctly, but I'm puzzled by the reproducer. It says: >> >> ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) >> >> I would really, really expect this to result from PTRACE_SETREGSET or >> PTRACE_SETFPREGS, but this is PTRACE_SETREGS. >> >> Am I missing something really obvious here? > > Hi Andy, > > Sometimes syzkaller uses data format from one syscall variant, but > actually invokes another. > But here it does _not_ seem to be the case: 0xd is actually > PTRACE_SETREGS. And the other ptrace calls in the reproducer are > PTRACE_SEIZE and PTRACE_SINGLESTEP. > So I would assume somehow it happened with PTRACE_SETREGS. > Is there any indication from hardware as to what's wrong with fpregs? > PTRACE_SETREGS can change segment registers. The PTRACE_SETREGS is using some uninitialized memory area. One possibility would be that XRSTORS has a memory operand outside of segment limits.