Hello,
kernel test robot noticed "kernel_BUG_at_arch/x86/kernel/alternative.c" on:
commit: f8c0cdd341a8c29884b35532fd9638a2b320b286 ("x86/ibt: Implement IBT+")
https://git.kernel.org/cgit/linux/kernel/git/peterz/queue.git x86/ibt
in testcase: boot
config: x86_64-kexec
compiler: clang-19
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | 2596165180 | f8c0cdd341 |
+---------------------------------------------+------------+------------+
| boot_successes | 18 | 0 |
| boot_failures | 0 | 18 |
| kernel_BUG_at_arch/x86/kernel/alternative.c | 0 | 18 |
| Oops:invalid_opcode:#[##]PREEMPT_SMP_PTI | 0 | 18 |
| RIP:apply_direct_call_offset | 0 | 18 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202411051556.6b0c4fb4-lkp@xxxxxxxxx
[ 12.715992][ T0] ------------[ cut here ]------------
[ 12.716998][ T0] kernel BUG at arch/x86/kernel/alternative.c:302!
[ 12.718103][ T0] Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI
[ 12.718706][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00010-gf8c0cdd341a8 #1
[ 12.718706][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 12.718706][ T0] RIP: 0010:apply_direct_call_offset (arch/x86/kernel/alternative.c:302)
[ 12.718706][ T0] Code: 04 eb db 83 f8 0f 75 0f 80 7c 24 19 8f 7f 1d 43 83 44 2e 02 04 eb c7 3d eb 00 00 00 74 a3 eb 0c 0f 0b eb ba f3 0f 1e fa eb b4 <0f> 0b 0f b6 54 24 52 48 c7 c7 e4 81 89 82 4c 89 e6 4c 89 e1 e8 02
All code
========
0: 04 eb add $0xeb,%al
2: db 83 f8 0f 75 0f fildl 0xf750ff8(%rbx)
8: 80 7c 24 19 8f cmpb $0x8f,0x19(%rsp)
d: 7f 1d jg 0x2c
f: 43 83 44 2e 02 04 addl $0x4,0x2(%r14,%r13,1)
15: eb c7 jmp 0xffffffffffffffde
17: 3d eb 00 00 00 cmp $0xeb,%eax
1c: 74 a3 je 0xffffffffffffffc1
1e: eb 0c jmp 0x2c
20: 0f 0b ud2
22: eb ba jmp 0xffffffffffffffde
24: f3 0f 1e fa endbr64
28: eb b4 jmp 0xffffffffffffffde
2a:* 0f 0b ud2 <-- trapping instruction
2c: 0f b6 54 24 52 movzbl 0x52(%rsp),%edx
31: 48 c7 c7 e4 81 89 82 mov $0xffffffff828981e4,%rdi
38: 4c 89 e6 mov %r12,%rsi
3b: 4c 89 e1 mov %r12,%rcx
3e: e8 .byte 0xe8
3f: 02 .byte 0x2
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 0f b6 54 24 52 movzbl 0x52(%rsp),%edx
7: 48 c7 c7 e4 81 89 82 mov $0xffffffff828981e4,%rdi
e: 4c 89 e6 mov %r12,%rsi
11: 4c 89 e1 mov %r12,%rcx
14: e8 .byte 0xe8
15: 02 .byte 0x2
[ 12.718706][ T0] RSP: 0000:ffffffff82a03e58 EFLAGS: 00010297
[ 12.718706][ T0] RAX: 0000000000000082 RBX: ffffffff83803b9c RCX: 0000000000000000
[ 12.718706][ T0] RDX: 0000000000000001 RSI: ffffffff81b4faeb RDI: 00000000000000eb
[ 12.718706][ T0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff82a03e58
[ 12.718706][ T0] R10: 000000000000000f R11: 0000000000000040 R12: ffffffff81b4fa30
[ 12.718706][ T0] R13: fffffffffe353c90 R14: ffffffff837fbda0 R15: ffffffff82a03e58
[ 12.718706][ T0] FS: 0000000000000000(0000) GS:ffff88842fc00000(0000) knlGS:0000000000000000
[ 12.718706][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 12.718706][ T0] CR2: ffff88843ffff000 CR3: 0000000002a32000 CR4: 00000000000406f0
[ 12.718706][ T0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 12.718706][ T0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 12.718706][ T0] Call Trace:
[ 12.718706][ T0] <TASK>
[ 12.718706][ T0] ? __die_body (arch/x86/kernel/dumpstack.c:421)
[ 12.718706][ T0] ? die (arch/x86/kernel/dumpstack.c:? arch/x86/kernel/dumpstack.c:447)
[ 12.718706][ T0] ? do_trap (arch/x86/kernel/traps.c:196)
[ 12.718706][ T0] ? apply_direct_call_offset (arch/x86/kernel/alternative.c:302)
[ 12.718706][ T0] ? do_error_trap (arch/x86/kernel/traps.c:242)
[ 12.718706][ T0] ? apply_direct_call_offset (arch/x86/kernel/alternative.c:302)
[ 12.718706][ T0] ? handle_invalid_op (arch/x86/kernel/traps.c:279)
[ 12.718706][ T0] ? apply_direct_call_offset (arch/x86/kernel/alternative.c:302)
[ 12.718706][ T0] ? exc_invalid_op (arch/x86/kernel/traps.c:361)
[ 12.718706][ T0] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 12.718706][ T0] ? rtl8169_netpoll (drivers/net/ethernet/realtek/r8169_main.c:4877)
[ 12.718706][ T0] ? rtl8169_interrupt (drivers/net/ethernet/realtek/r8169_main.c:4682)
[ 12.718706][ T0] ? apply_direct_call_offset (arch/x86/kernel/alternative.c:302)
[ 12.718706][ T0] ? apply_direct_call_offset (arch/x86/kernel/alternative.c:885)
[ 12.718706][ T0] ? rtl8169_netpoll (drivers/net/ethernet/realtek/r8169_main.c:4877)
[ 12.718706][ T0] ? rtl8169_netpoll (drivers/net/ethernet/realtek/r8169_main.c:4877)
[ 12.718706][ T0] ? rtl8169_netpoll (drivers/net/ethernet/realtek/r8169_main.c:4877)
[ 12.718706][ T0] alternative_instructions (arch/x86/kernel/alternative.c:1822)
[ 12.718706][ T0] arch_cpu_finalize_init (arch/x86/include/asm/page_64.h:87 arch/x86/kernel/cpu/common.c:2393)
[ 12.718706][ T0] start_kernel (init/main.c:1073)
[ 12.718706][ T0] x86_64_start_reservations (??:?)
[ 12.718706][ T0] x86_64_start_kernel (arch/x86/kernel/head64.c:437)
[ 12.718706][ T0] common_startup_64 (arch/x86/kernel/head_64.S:414)
[ 12.718706][ T0] </TASK>
[ 12.718706][ T0] Modules linked in:
[ 12.718711][ T0] ---[ end trace 0000000000000000 ]---
[ 12.719637][ T0] RIP: 0010:apply_direct_call_offset (arch/x86/kernel/alternative.c:302)
[ 12.720663][ T0] Code: 04 eb db 83 f8 0f 75 0f 80 7c 24 19 8f 7f 1d 43 83 44 2e 02 04 eb c7 3d eb 00 00 00 74 a3 eb 0c 0f 0b eb ba f3 0f 1e fa eb b4 <0f> 0b 0f b6 54 24 52 48 c7 c7 e4 81 89 82 4c 89 e6 4c 89 e1 e8 02
All code
========
0: 04 eb add $0xeb,%al
2: db 83 f8 0f 75 0f fildl 0xf750ff8(%rbx)
8: 80 7c 24 19 8f cmpb $0x8f,0x19(%rsp)
d: 7f 1d jg 0x2c
f: 43 83 44 2e 02 04 addl $0x4,0x2(%r14,%r13,1)
15: eb c7 jmp 0xffffffffffffffde
17: 3d eb 00 00 00 cmp $0xeb,%eax
1c: 74 a3 je 0xffffffffffffffc1
1e: eb 0c jmp 0x2c
20: 0f 0b ud2
22: eb ba jmp 0xffffffffffffffde
24: f3 0f 1e fa endbr64
28: eb b4 jmp 0xffffffffffffffde
2a:* 0f 0b ud2 <-- trapping instruction
2c: 0f b6 54 24 52 movzbl 0x52(%rsp),%edx
31: 48 c7 c7 e4 81 89 82 mov $0xffffffff828981e4,%rdi
38: 4c 89 e6 mov %r12,%rsi
3b: 4c 89 e1 mov %r12,%rcx
3e: e8 .byte 0xe8
3f: 02 .byte 0x2
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 0f b6 54 24 52 movzbl 0x52(%rsp),%edx
7: 48 c7 c7 e4 81 89 82 mov $0xffffffff828981e4,%rdi
e: 4c 89 e6 mov %r12,%rsi
11: 4c 89 e1 mov %r12,%rcx
14: e8 .byte 0xe8
15: 02 .byte 0x2
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241105/202411051556.6b0c4fb4-lkp@xxxxxxxxx
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
