lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5C87D848.7030802@huawei.com>
Date:   Wed, 13 Mar 2019 00:03:20 +0800
From:   zhong jiang <zhongjiang@...wei.com>
To:     Minchan Kim <minchan@...nel.org>, Michal Hocko <mhocko@...nel.org>,
        Vlastimil Babka <vbabka@...e.cz>,
        Naoya Horiguchi <n-horiguchi@...jp.nec.com>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>
CC:     Linux Memory Management List <linux-mm@...ck.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: [Qestion] Hit a WARN_ON_ONCE in try_to_unmap_one when runing syzkaller

Hi,

I  hit the following issue when running syzkaller in arm64.  It is hardly to reproduce the issue by the attached log.

[  206.633857] Injecting memory failure for pfn 0x38c7e0 at process virtual address 0x201e0000
[  206.766875] WARNING: CPU: 1 PID: 738 at mm/rmap.c:1571 try_to_unmap_one+0x1004/0x17d8
[  206.768476] Kernel panic - not syncing: panic_on_warn set ...
[  206.768476] 
[  206.769981] CPU: 1 PID: 738 Comm: syz-executor.0 Not tainted 4.19.27 #9
[  206.771510] Hardware name: linux,dummy-virt (DT)
[  206.772673] Call trace:
[  206.773230]  dump_backtrace+0x0/0x3c0
[  206.774021]  show_stack+0x28/0x38
[  206.774761]  dump_stack+0x120/0x188
[  206.775483]  panic+0x21c/0x48c
[  206.776152]  __warn+0x280/0x2cc
[  206.776838]  report_bug+0x1c8/0x2c8
[  206.777612]  bug_handler+0x8c/0x178
[  206.778394]  call_break_hook+0x238/0x338
[  206.779410]  brk_handler+0x3c/0xe8
[  206.780186]  do_debug_exception+0x12c/0x378
[  206.781059]  el1_dbg+0x18/0x84
[  206.781732]  try_to_unmap_one+0x1004/0x17d8
[  206.782624]  rmap_walk_anon+0x2b4/0x7a8
[  206.783454]  rmap_walk+0xfc/0x180
[  206.784165]  try_to_unmap+0x290/0x360
[  206.784946]  hwpoison_user_mappings.isra.5+0x5ec/0x1478
[  206.786045]  memory_failure+0x8c0/0xf00
[  206.786872]  __arm64_sys_madvise+0xc90/0x1278
[  206.787786]  el0_svc_handler+0x13c/0x308
[  206.788626]  el0_svc+0x8/0xc
[  206.791030] SMP: stopping secondary CPUs
[  206.792168] Dumping ftrace buffer:
[  206.796278]    (ftrace buffer empty)
[  206.797065] Kernel Offset: disabled
[  206.797811] CPU features: 0x0,a1806000
[  206.798625] Memory Limit: none
[  206.800300] Rebooting in 86400 seconds..

Minchan has changed the conditon check from  BUG_ON  to WARN_ON_ONCE in try_to_unmap_one.
However,  It is still an abnormal condition when PageSwapBacked is not equal to PageSwapCache.

But Is there any case it will meet the conditon in the mainline.

It is assumed that PageSwapBacked(page) is true in the anonymous page,   This is to say,  PageSwapcache
is false. however,  That is impossible because we will update the pte for hwpoison entry.

Because page is locked ,  Its page flags should not be changed except for PageSwapBacked. 

Thanks,
zhong jiang


View attachment "reproduce.txt" of type "text/plain" (94845 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ