[jlayton:openfast2] [fs] 49d6daad7b: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN

kernel test robot <oliver.sang@xxxxxxxxx> · Wed, 7 Aug 2024 14:55:06 +0800

Hello,

kernel test robot noticed "Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN" on:

commit: 49d6daad7bed7e0c3f9a35580ffcc555f60ef54d ("fs: try an opportunistic lookup for O_CREAT opens too")
https://git.kernel.org/cgit/linux/kernel/git/jlayton/linux.git openfast2

in testcase: trinity
version: trinity-x86_64-bba80411-1_20240603
with following parameters:

	runtime: 300s
	group: group-01
	nr_groups: 5

compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)

+----------------------------------------------------------------------------------+------------+------------+
|                                                                                  | a8bf2854fe | 49d6daad7b |
+----------------------------------------------------------------------------------+------------+------------+
| Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN | 0          | 6          |
| KASAN:null-ptr-deref_in_range[#-#]                                               | 0          | 6          |
| RIP:mnt_want_write                                                               | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception                                         | 0          | 6          |
+----------------------------------------------------------------------------------+------------+------------+

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202408071453.34eaa8d4-lkp@xxxxxxxxx

[  271.435943][  T250]
[  271.446722][  T250] [main] Marking 64-bit syscall kexec_file_load (320) as to be enabled.
[  271.446851][  T250]
[  271.458101][  T250] [main] Marking syscall kexec_load (64bit:246 32bit:283) as to be enabled.
[  271.458152][  T250]
[  271.614963][ T4341] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN
[  271.617056][ T4341] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[  271.618650][ T4341] CPU: 0 UID: 65534 PID: 4341 Comm: trinity-c4 Tainted: G                T  6.11.0-rc1-00045-g49d6daad7bed #1
[  271.620705][ T4341] Tainted: [T]=RANDSTRUCT
[  271.621573][ T4341] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 271.623342][ T4341] RIP: 0010:mnt_want_write (kbuild/src/consumer/fs/namespace.c:515) 
[ 271.624475][ T4341] Code: 00 00 00 00 00 55 41 57 41 56 41 54 53 49 89 fe 49 bf 00 00 00 00 00 fc ff df e8 66 32 c2 ff 49 8d 5e 08 49 89 dc 49 c1 ec 03 <43> 80 3c 3c 00 74 08 48 89 df e8 9c 6d f3 ff 49 8b 7e 08 e8 53 00
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	00 55 41             	add    %dl,0x41(%rbp)
   7:	57                   	push   %rdi
   8:	41 56                	push   %r14
   a:	41 54                	push   %r12
   c:	53                   	push   %rbx
   d:	49 89 fe             	mov    %rdi,%r14
  10:	49 bf 00 00 00 00 00 	movabs $0xdffffc0000000000,%r15
  17:	fc ff df 
  1a:	e8 66 32 c2 ff       	call   0xffffffffffc23285
  1f:	49 8d 5e 08          	lea    0x8(%r14),%rbx
  23:	49 89 dc             	mov    %rbx,%r12
  26:	49 c1 ec 03          	shr    $0x3,%r12
  2a:*	43 80 3c 3c 00       	cmpb   $0x0,(%r12,%r15,1)		<-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 9c 6d f3 ff       	call   0xfffffffffff36dd5
  39:	49 8b 7e 08          	mov    0x8(%r14),%rdi
  3d:	e8                   	.byte 0xe8
  3e:	53                   	push   %rbx
	...

Code starting with the faulting instruction
===========================================
   0:	43 80 3c 3c 00       	cmpb   $0x0,(%r12,%r15,1)
   5:	74 08                	je     0xf
   7:	48 89 df             	mov    %rbx,%rdi
   a:	e8 9c 6d f3 ff       	call   0xfffffffffff36dab
   f:	49 8b 7e 08          	mov    0x8(%r14),%rdi
  13:	e8                   	.byte 0xe8
  14:	53                   	push   %rbx
	...
[  271.627744][ T4341] RSP: 0018:ffff88818b55f9c8 EFLAGS: 00010202
[  271.628844][ T4341] RAX: ffffffff81af73da RBX: 0000000000000008 RCX: ffff888188f3aac0
[  271.630255][ T4341] RDX: 0000000000000000 RSI: 0000000000000241 RDI: 0000000000000000
[  271.631685][ T4341] RBP: 0000000000000040 R08: ffffffff873f1b2f R09: 1ffffffff0e7e365
[  271.633084][ T4341] R10: dffffc0000000000 R11: fffffbfff0e7e366 R12: 0000000000000001
[  271.634486][ T4341] R13: ffff88818b55fc88 R14: 0000000000000000 R15: dffffc0000000000
[  271.635879][ T4341] FS:  00007f7d61daf740(0000) GS:ffff8883aec00000(0000) knlGS:0000000000000000
[  271.641827][ T4341] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  271.642991][ T4341] CR2: 0000000000000018 CR3: 000000011e761000 CR4: 00000000000406f0
[  271.644372][ T4341] DR0: 00007f7d5feaf000 DR1: 00007f7d5feb4000 DR2: 0000000000000000
[  271.645710][ T4341] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 000000000037060a
[  271.647057][ T4341] Call Trace:
[  271.647782][ T4341]  <TASK>
[ 271.648446][ T4341] ? __die_body (kbuild/src/consumer/arch/x86/kernel/dumpstack.c:421) 
[ 271.649315][ T4341] ? die_addr (kbuild/src/consumer/arch/x86/kernel/dumpstack.c:460) 
[ 271.650111][ T4341] ? exc_general_protection (kbuild/src/consumer/arch/x86/kernel/traps.c:702) 
[ 271.651155][ T4341] ? make_vfsuid (kbuild/src/consumer/fs/mnt_idmapping.c:?) 

The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240807/202408071453.34eaa8d4-lkp@xxxxxxxxx

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki