| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200410002518.GG8179@shao2-debian>
Date: Fri, 10 Apr 2020 08:25:18 +0800
From: kernel test robot <lkp@...el.com>
To: Peter Xu <peterx@...hat.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Linux Memory Management List <linux-mm@...ck.org>,
linux-kernel@...r.kernel.org, LKP <lkp@...ts.01.org>
Subject: f45ec5ff16 ("userfaultfd: wp: support swap and page migration"): [
140.777858] BUG: Bad rss-counter state mm:b278fc66 type:MM_ANONPAGES val:1
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit f45ec5ff16a75f96dac8c89862d75f1d8739efd4
Author: Peter Xu <peterx@...hat.com>
AuthorDate: Mon Apr 6 20:06:01 2020 -0700
Commit: Linus Torvalds <torvalds@...ux-foundation.org>
CommitDate: Tue Apr 7 10:43:39 2020 -0700
userfaultfd: wp: support swap and page migration
For either swap and page migration, we all use the bit 2 of the entry to
identify whether this entry is uffd write-protected. It plays a similar
role as the existing soft dirty bit in swap entries but only for keeping
the uffd-wp tracking for a specific PTE/PMD.
Something special here is that when we want to recover the uffd-wp bit
from a swap/migration entry to the PTE bit we'll also need to take care of
the _PAGE_RW bit and make sure it's cleared, otherwise even with the
_PAGE_UFFD_WP bit we can't trap it at all.
In change_pte_range() we do nothing for uffd if the PTE is a swap entry.
That can lead to data mismatch if the page that we are going to write
protect is swapped out when sending the UFFDIO_WRITEPROTECT. This patch
also applies/removes the uffd-wp bit even for the swap entries.
Signed-off-by: Peter Xu <peterx@...hat.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Cc: Andrea Arcangeli <aarcange@...hat.com>
Cc: Bobby Powers <bobbypowers@...il.com>
Cc: Brian Geffon <bgeffon@...gle.com>
Cc: David Hildenbrand <david@...hat.com>
Cc: Denis Plotnikov <dplotnikov@...tuozzo.com>
Cc: "Dr . David Alan Gilbert" <dgilbert@...hat.com>
Cc: Hugh Dickins <hughd@...gle.com>
Cc: Jerome Glisse <jglisse@...hat.com>
Cc: Johannes Weiner <hannes@...xchg.org>
Cc: "Kirill A . Shutemov" <kirill@...temov.name>
Cc: Martin Cracauer <cracauer@...s.org>
Cc: Marty McFadden <mcfadden8@...l.gov>
Cc: Maya Gokhale <gokhale2@...l.gov>
Cc: Mel Gorman <mgorman@...e.de>
Cc: Mike Kravetz <mike.kravetz@...cle.com>
Cc: Mike Rapoport <rppt@...ux.vnet.ibm.com>
Cc: Pavel Emelyanov <xemul@...nvz.org>
Cc: Rik van Riel <riel@...hat.com>
Cc: Shaohua Li <shli@...com>
Link: http://lkml.kernel.org/r/20200220163112.11409-11-peterx@redhat.com
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
2e3d5dc508 userfaultfd: wp: add pmd_swp_*uffd_wp() helpers
f45ec5ff16 userfaultfd: wp: support swap and page migration
5d30bcacd9 Merge tag '9p-for-5.7-2' of git://github.com/martinetd/linux
+-------------------------------------------------------------------------------------------------+------------+------------+------------+
| | 2e3d5dc508 | f45ec5ff16 | 5d30bcacd9 |
+-------------------------------------------------------------------------------------------------+------------+------------+------------+
| boot_successes | 651 | 193 | 197 |
| boot_failures | 25 | 36 | 32 |
| BUG_pde_opener(Not_tainted):Freepointer_corrupt | 1 | | |
| INFO:Slab#objects=#used=#fp=#flags= | 1 | | |
| INFO:Object#@...set=#fp= | 1 | | |
| BUG:soft_lockup-CPU##stuck_for#s![swapper:#] | 1 | 2 | |
| EIP:new_slab | 2 | 1 | |
| Kernel_panic-not_syncing:softlockup:hung_tasks | 2 | 2 | 1 |
| BUG:workqueue_lockup-pool | 11 | 8 | 10 |
| INFO:rcu_preempt_self-detected_stall_on_CPU | 4 | 1 | |
| EIP:kernel_init_free_pages | 1 | | |
| INFO:rcu_preempt_detected_stalls_on_CPUs/tasks | 1 | | |
| EIP:iov_iter_copy_from_user_atomic | 1 | 1 | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c3:#] | 1 | | |
| BUG:sleeping_function_called_from_invalid_context_at_include/linux/percpu-rwsem.h | 1 | | |
| EIP:inode_init_once | 2 | | |
| BUG:kernel_hang_in_early-boot_stage | 1 | | |
| BUG:kernel_hang_in_boot_stage | 3 | | |
| Kernel_panic-not_syncing:stack-protector:Kernel_stack_is_corrupted_in:__schedule | 1 | | |
| WARNING:bad_unlock_balance_detected | 1 | | |
| is_trying_to_release_lock(&port->lock)at | 1 | | |
| Kernel_panic-not_syncing:stack-protector:Kernel_stack_is_corrupted_in:native_flush_tlb_one_user | 1 | | |
| EIP:clear_user | 1 | | |
| BUG:Bad_page_map_in_process | 0 | 11 | 10 |
| BUG:Bad_rss-counter_state_mm:#type:MM_ANONPAGES_val | 0 | 21 | 16 |
| BUG:Bad_rss-counter_state_mm:#type:MM_SWAPENTS_val | 0 | 10 | 10 |
| BUG:Bad_rss-counter_state_mm:#type:MM_SHMEMPAGES_val | 0 | 20 | 12 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 1 | 5 |
| Oops:#[##] | 0 | 1 | 5 |
| EIP:do_swap_page | 0 | 1 | 5 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 1 | 5 |
| EIP:__slab_alloc | 0 | 1 | |
| Mem-Info | 0 | 0 | 1 |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c1:#] | 0 | 0 | 1 |
| EIP:copy_user_highpage | 0 | 0 | 1 |
+-------------------------------------------------------------------------------------------------+------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>
[child3:925] eventfd (323) returned ENOSYS, marking as inactive.
[ 132.014801] can: request_module (can-proto-2) failed.
[ 132.063717] can: request_module (can-proto-2) failed.
[ 137.186037] trinity-c2 (943) used greatest stack depth: 5804 bytes left
[ 140.771486] MCE: Killing trinity-c2:956 due to hardware memory corruption fault at 8bd2060
[ 140.777858] BUG: Bad rss-counter state mm:b278fc66 type:MM_ANONPAGES val:1
[ 140.778736] BUG: Bad rss-counter state mm:b278fc66 type:MM_SHMEMPAGES val:2
[ 141.589424] MCE: Killing trinity-c3:940 due to hardware memory corruption fault at 8a8c860
[ 141.590730] swap_info_get: Bad swap file entry 700b8216
[ 141.591400] BUG: Bad page map in process trinity-c3 pte:17042c3c pmd:b1809067
[ 141.592304] addr:08bcf000 vm_flags:00100073 anon_vma:f1f29528 mapping:00000000 index:8bcf
[ 141.593399] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 141.594065] CPU: 0 PID: 940 Comm: trinity-c3 Not tainted 5.6.0-11490-gf45ec5ff16a75 #1
[ 141.595055] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 141.596093] Call Trace:
[ 141.596443] dump_stack+0x16/0x18
[ 141.596868] print_bad_pte+0x13f/0x159
[ 141.597367] unmap_page_range+0x2a7/0x3e7
[ 141.597893] unmap_single_vma+0x53/0x5d
[ 141.598383] unmap_vmas+0x2c/0x3b
[ 141.598811] exit_mmap+0x81/0xfc
[ 141.599238] __mmput+0x25/0x8d
[ 141.599633] mmput+0x28/0x2b
[ 141.600007] do_exit+0x2f0/0x84a
[ 141.600449] ? ___might_sleep+0x3f/0x11f
[ 141.600949] do_group_exit+0x86/0x86
[ 141.601421] __ia32_sys_exit_group+0x15/0x15
[ 141.601965] do_fast_syscall_32+0x86/0xbf
[ 141.602481] entry_SYSENTER_32+0xaf/0x101
[ 141.602992] EIP: 0x37f399c9
[ 141.603356] Code: 00 00 00 89 d3 eb 02 31 c0 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 1c 24 c3 8b 34 24 c3 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 141.605693] EAX: ffffffda EBX: 00000000 ECX: 00000000 EDX: 00000000
[ 141.606476] ESI: 00000133 EDI: 375c9000 EBP: 375c9030 ESP: 3ffdb5fc
[ 141.607245] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000216
[ 141.608098] Disabling lock debugging due to kernel taint
[ 141.609128] swap_info_get: Bad swap file entry 700b82bf
[ 141.610319] BUG: Bad page map in process trinity-c3 pte:17057e3c pmd:b1809067
[ 141.611876] addr:08bd0000 vm_flags:00100073 anon_vma:f1f29528 mapping:00000000 index:8bd0
[ 141.613716] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 141.614823] CPU: 0 PID: 940 Comm: trinity-c3 Tainted: G B 5.6.0-11490-gf45ec5ff16a75 #1
[ 141.616853] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 141.618583] Call Trace:
[ 141.619121] dump_stack+0x16/0x18
[ 141.619860] print_bad_pte+0x13f/0x159
[ 141.620708] unmap_page_range+0x2a7/0x3e7
[ 141.621645] unmap_single_vma+0x53/0x5d
[ 141.622526] unmap_vmas+0x2c/0x3b
[ 141.623271] exit_mmap+0x81/0xfc
[ 141.624026] __mmput+0x25/0x8d
[ 141.624779] mmput+0x28/0x2b
[ 141.625472] do_exit+0x2f0/0x84a
[ 141.626247] ? ___might_sleep+0x3f/0x11f
[ 141.627189] do_group_exit+0x86/0x86
[ 141.628008] __ia32_sys_exit_group+0x15/0x15
[ 141.629042] do_fast_syscall_32+0x86/0xbf
[ 141.629989] entry_SYSENTER_32+0xaf/0x101
[ 141.630877] EIP: 0x37f399c9
[ 141.631521] Code: 8c 13 68 21 00 00 0f 95 c1 0f b6 c9 01 ca eb e1 01 f0 83 ec 0c c6 84 13 68 21 00 00 00 50 67 e8 e1 fd ff ff 8b 75 b4 40 8b 7d <e4> 65 33 3d 14 00 00 00 89 06 8d 83 68 21 00 00 74 05 e8 23 33 fd
[ 141.635758] EAX: ffffffda EBX: 00000000 ECX: 00000000 EDX: 00000000
[ 141.637124] ESI: 00000133 EDI: 375c9000 EBP: 375c9030 ESP: 3ffdb5fc
[ 141.638510] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000216
[ 141.640039] get_swap_device: Bad swap file entry 700b81c7
[ 141.641347] BUG: kernel NULL pointer dereference, address: 00000000
[ 141.642639] #PF: supervisor read access in kernel mode
[ 141.643765] #PF: error_code(0x0000) - not-present page
[ 141.644922] *pde = b1849067 *pte = 1703aa3e
[ 141.645862] Oops: 0000 [#1] PREEMPT
[ 141.646638] CPU: 0 PID: 931 Comm: trinity-c3 Tainted: G B 5.6.0-11490-gf45ec5ff16a75 #1
[ 141.648687] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 141.650523] EIP: do_swap_page+0x9a/0x3ee
[ 141.651402] Code: f0 00 00 00 00 e9 69 03 00 00 8b 4b 10 8b 55 ec 8b 45 e8 e8 73 1c 01 00 89 c7 85 c0 0f 85 dd 00 00 00 8b 45 e8 e8 a0 3e 01 00 <8b> 00 0f ba e0 0c 0f 83 a5 00 00 00 8b 45 e8 e8 28 3f 01 00 48 0f
[ 141.655403] EAX: 00000000 EBX: f328def4 ECX: 00000000 EDX: 00000001
[ 141.656763] ESI: 00000254 EDI: 00000000 EBP: f328dee4 ESP: f328dec4
[ 141.658042] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00010246
[ 141.659008] CR0: 80050033 CR2: 00000000 CR3: b1f78000 CR4: 000006d0
[ 141.660163] Call Trace:
[ 141.660589] handle_mm_fault+0x72e/0x7a9
[ 141.661088] do_user_addr_fault+0x1ef/0x2fb
[ 141.661614] do_page_fault+0xe7/0xef
[ 141.662069] ? kvm_async_pf_task_wake+0x16d/0x16d
[ 141.662663] do_async_page_fault+0x2d/0x67
[ 141.663179] common_exception_read_cr2+0x12f/0x134
[ 141.665266] EIP: 0x806840e
[ 141.665731] Code: 00 00 00 89 c3 31 c0 81 ec 24 01 00 00 89 54 24 08 8d 54 24 0c 89 d7 f3 ab 8d 4b ff b8 01 00 00 00 d3 e0 c1 e9 05 09 44 8c 0c <85> 04 8d 60 93 a8 08 0f 94 c0 83 ec 04 0f b6 c0 c1 e0 1c 89 84 24
[ 141.668623] EAX: 00002000 EBX: 0000000e ECX: 00000000 EDX: 3fb4246c
[ 141.669466] ESI: 000000ff EDI: 3fb424ec EBP: fffffffb ESP: 3fb42460
[ 141.670244] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00010206
[ 141.671086] Modules linked in:
[ 141.671478] CR2: 0000000000000000
[ 141.672000] swap_info_get: Bad swap file entry 700b81d1
[ 141.672708] BUG: Bad page map in process trinity-c3 pte:1703a23c pmd:b1809067
[ 141.673620] addr:08bd1000 vm_flags:00100073 anon_vma:f1f29528 mapping:00000000 index:8bd1
[ 141.674632] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 141.675286] CPU: 0 PID: 940 Comm: trinity-c3 Tainted: G B D 5.6.0-11490-gf45ec5ff16a75 #1
[ 141.676492] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 141.677595] Call Trace:
[ 141.677925] dump_stack+0x16/0x18
[ 141.678357] print_bad_pte+0x13f/0x159
[ 141.678836] unmap_page_range+0x2a7/0x3e7
[ 141.679351] unmap_single_vma+0x53/0x5d
[ 141.679839] unmap_vmas+0x2c/0x3b
[ 141.680263] exit_mmap+0x81/0xfc
[ 141.680699] __mmput+0x25/0x8d
[ 141.681091] mmput+0x28/0x2b
[ 141.681476] do_exit+0x2f0/0x84a
[ 141.681890] ? ___might_sleep+0x3f/0x11f
[ 141.682390] do_group_exit+0x86/0x86
[ 141.682848] __ia32_sys_exit_group+0x15/0x15
[ 141.683408] do_fast_syscall_32+0x86/0xbf
[ 141.683922] entry_SYSENTER_32+0xaf/0x101
[ 141.684475] EIP: 0x37f399c9
[ 141.684832] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 141.687105] EAX: ffffffda EBX: 00000000 ECX: 00000000 EDX: 00000000
[ 141.687883] ESI: 00000133 EDI: 375c9000 EBP: 375c9030 ESP: 3ffdb5fc
[ 141.688692] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000216
[ 141.689599] ---[ end trace 4f92dcfde7686b01 ]---
[ 141.690178] EIP: do_swap_page+0x9a/0x3ee
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 5c7efc30142653ff7af43d7343b466309c78bfce 7111951b8d4973bda27ff663f2cf18b663d15b48 --
git bisect good 322665027513e6f98e25091645ca5f4ba19afb44 # 08:41 G 28 0 2 2 Merge 'internal-eywa/eywa' into devel-hourly-2020040904
git bisect bad 4adc48efc7243b24e3ec5329f4877200d5b26774 # 09:05 B 4 2 0 0 Merge 'internal-linux-review/Revanth-Rajashekar/block-sed-opal-Implement-RevertSP-IOCTL/20200404-080151' into devel-hourly-2020040904
git bisect bad 622719e6b8ff2655aaf000febd3614449bf6add5 # 09:25 B 9 1 0 0 Merge 'internal-cldemote/pasid.test' into devel-hourly-2020040904
git bisect good d6cc03a2f5ee665441d517e04bc744a38278fad7 # 09:58 G 36 0 0 0 Merge 'internal-linux-review/Fenghua-Yu/crypto-qat-Fix-alignment-issue-with-resp_handler/20200408-012430' into devel-hourly-2020040904
git bisect good f40f31cadc0ea5dcdd224c8b324add26469c2379 # 10:34 G 33 0 5 5 Merge tag 'f2fs-for-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
git bisect bad 713a09de9ca9ac6277cb43d79967e7852238f998 # 13:02 B 2 1 1 1 checkpatch: add command-line option for TAB size
git bisect bad ed7f9fec8c8f8227ebd1fb69feda60ce4a7df61f # 13:25 B 1 1 0 0 powernv/memtrace: always online added memory blocks
git bisect good 1df319e0b4dee11436fe2ab1a0d536d3fad7cfef # 13:54 G 33 0 1 1 userfaultfd: wp: add helper for writeprotect check
git bisect bad 14819305e09fe4fda546f0dfa12134c8e5366616 # 14:20 B 5 1 0 0 userfaultfd: wp: declare _UFFDIO_WRITEPROTECT conditionally
git bisect good 2e3d5dc508cf001c4fb2d15515ebe6f30df88f76 # 15:20 G 57 0 0 0 userfaultfd: wp: add pmd_swp_*uffd_wp() helpers
git bisect bad 63b2d4174c4ad1f40b48d7138e71bcb564c1fe03 # 15:53 B 2 1 1 1 userfaultfd: wp: add the writeprotect API to userfaultfd ioctl
git bisect bad e1e267c7928fe387e5e1cffeafb0de2d0473663a # 16:25 B 16 1 3 3 khugepaged: skip collapse if uffd-wp detected
git bisect bad f45ec5ff16a75f96dac8c89862d75f1d8739efd4 # 17:05 B 4 1 0 0 userfaultfd: wp: support swap and page migration
# first bad commit: [f45ec5ff16a75f96dac8c89862d75f1d8739efd4] userfaultfd: wp: support swap and page migration
git bisect good 2e3d5dc508cf001c4fb2d15515ebe6f30df88f76 # 18:55 G 666 0 24 26 userfaultfd: wp: add pmd_swp_*uffd_wp() helpers
# extra tests with debug options
git bisect bad f45ec5ff16a75f96dac8c89862d75f1d8739efd4 # 19:30 B 2 1 0 0 userfaultfd: wp: support swap and page migration
# extra tests on head commit of linus/master
git bisect bad 5d30bcacd91af6874481129797af364a53cd9b46 # 22:45 B 18 1 1 1 Merge tag '9p-for-5.7-2' of git://github.com/martinetd/linux
# bad: [5d30bcacd91af6874481129797af364a53cd9b46] Merge tag '9p-for-5.7-2' of git://github.com/martinetd/linux
# extra tests on revert first bad commit
git bisect good c28205da059708e32e23e4affd20645295078c54 # 01:24 G 224 0 7 7 Revert "userfaultfd: wp: support swap and page migration"
# good: [c28205da059708e32e23e4affd20645295078c54] Revert "userfaultfd: wp: support swap and page migration"
# extra tests on linus/master
# duplicated: [5d30bcacd91af6874481129797af364a53cd9b46] Merge tag '9p-for-5.7-2' of git://github.com/martinetd/linux
# extra tests on linux-next/master
# 119: [873e37a44b1ee8ad4628ca257dc51c0c7c654326] Add linux-next specific files for 20200409
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/lkp@lists.01.org
Download attachment "dmesg-openwrt-vm-openwrt-39:20200409172853:i386-randconfig-c002-20200408:5.6.0-11490-gf45ec5ff16a75:1.gz" of type "application/gzip" (18127 bytes)
Download attachment "dmesg-openwrt-vm-openwrt-21:20200409184259:i386-randconfig-c002-20200408:5.6.0-11489-g2e3d5dc508cf0:1.gz" of type "application/gzip" (25603 bytes)
View attachment "reproduce-openwrt-vm-openwrt-39:20200409172853:i386-randconfig-c002-20200408:5.6.0-11490-gf45ec5ff16a75:1" of type "text/plain" (936 bytes)
Download attachment "5c7efc30142653ff7af43d7343b466309c78bfce:gcc-7:i386-randconfig-c002-20200408:BUG:Bad_rss-counter_state_mm:_type:MM_ANONPAGES_val.xz" of type "application/x-xz" (14124 bytes)
View attachment "config-5.6.0-11490-gf45ec5ff16a75" of type "text/plain" (119440 bytes)
Powered by blists - more mailing lists