| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Mar 2021 16:38:25 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Ira Weiny <ira.weiny@...el.com>
Cc: David Sterba <dsterba@...e.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Christoph Hellwig <hch@...radead.org>,
Chaitanya Kulkarni <chaitanya.kulkarni@....com>,
Christoph Hellwig <hch@....de>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
lkp@...el.com
Subject: [mm/highmem] 61b205f579:
WARNING:at_mm/highmem.c:#__kmap_local_sched_out
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 61b205f579911a11f0b576f73275eca2aed0d108 ("mm/highmem: Convert memcpy_[to|from]_page() to kmap_local_page()")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: trinity
version: trinity-static-i386-x86_64-f93256fb_2019-08-28
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+--------------------------------------------------------------------+------------+------------+
| | bb90d4bc7b | 61b205f579 |
+--------------------------------------------------------------------+------------+------------+
| boot_successes | 128 | 147 |
| boot_failures | 0 | 22 |
| WARNING:at_mm/highmem.c:#__kmap_local_sched_out | 0 | 12 |
| EIP:__kmap_local_sched_out | 0 | 12 |
| WARNING:at_mm/highmem.c:#__kmap_local_sched_in | 0 | 12 |
| EIP:__kmap_local_sched_in | 0 | 12 |
| EIP:kunmap_local_indexed | 0 | 2 |
| WARNING:possible_circular_locking_dependency_detected | 0 | 6 |
| EIP:memcpy | 0 | 3 |
| WARNING:at_kernel/rcu/rcutorture.c:#rcu_torture_writer[rcutorture] | 0 | 10 |
| EIP:rcu_torture_writer | 0 | 10 |
| calltrace:do_softirq_own_stack | 0 | 8 |
| EIP:__kmap_local_pfn_prot | 0 | 1 |
| EIP:kmap_get_pte | 0 | 1 |
+--------------------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 230.513199] WARNING: CPU: 0 PID: 1515 at mm/highmem.c:618 __kmap_local_sched_out (kbuild/src/consumer/mm/highmem.c:618 (discriminator 1))
[ 230.516893] Modules linked in:
[ 230.517416] CPU: 0 PID: 1515 Comm: cat Not tainted 5.11.0-rc7-00002-g61b205f57991 #1
[ 230.518577] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 230.519838] EIP: __kmap_local_sched_out (kbuild/src/consumer/mm/highmem.c:618 (discriminator 1))
[ 230.520561] Code: d1 8b 55 f0 29 c2 89 c8 c7 02 00 00 00 00 e8 17 e6 ed ff 83 c3 01 83 c7 04 39 9e a4 16 00 00 7f b9 83 c4 04 5b 5e 5f 5d c3 90 <0f> 0b eb e5 8d b4 26 00 00 00 00 8d 74 26 00 90 55 89 e5 57 56 53
All code
========
0: d1 8b 55 f0 29 c2 rorl -0x3dd60fab(%rbx)
6: 89 c8 mov %ecx,%eax
8: c7 02 00 00 00 00 movl $0x0,(%rdx)
e: e8 17 e6 ed ff callq 0xffffffffffede62a
13: 83 c3 01 add $0x1,%ebx
16: 83 c7 04 add $0x4,%edi
19: 39 9e a4 16 00 00 cmp %ebx,0x16a4(%rsi)
1f: 7f b9 jg 0xffffffffffffffda
21: 83 c4 04 add $0x4,%esp
24: 5b pop %rbx
25: 5e pop %rsi
26: 5f pop %rdi
27: 5d pop %rbp
28: c3 retq
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: eb e5 jmp 0x13
2e: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
35: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi
39: 90 nop
3a: 55 push %rbp
3b: 89 e5 mov %esp,%ebp
3d: 57 push %rdi
3e: 56 push %rsi
3f: 53 push %rbx
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: eb e5 jmp 0xffffffffffffffe9
4: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
b: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi
f: 90 nop
10: 55 push %rbp
11: 89 e5 mov %esp,%ebp
13: 57 push %rdi
14: 56 push %rsi
15: 53 push %rbx
[ 230.523148] EAX: 00000000 EBX: 00000000 ECX: 00000002 EDX: 00000002
[ 230.524069] ESI: c6333940 EDI: c6334fe8 EBP: c6373c94 ESP: c6373c84
[ 230.524974] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00010046
[ 230.525962] CR0: 80050033 CR2: 08075077 CR3: 06315000 CR4: 000406d0
[ 230.526883] Call Trace:
[ 230.527323] __schedule (kbuild/src/consumer/kernel/sched/core.c:4098 kbuild/src/consumer/kernel/sched/core.c:4132 kbuild/src/consumer/kernel/sched/core.c:4279 kbuild/src/consumer/kernel/sched/core.c:5078)
[ 230.527897] ? preempt_schedule_irq (kbuild/src/consumer/arch/x86/include/asm/irqflags.h:54 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:94 kbuild/src/consumer/kernel/sched/core.c:5339)
[ 230.528576] preempt_schedule_irq (kbuild/src/consumer/arch/x86/include/asm/irqflags.h:29 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:79 kbuild/src/consumer/arch/x86/include/asm/irqflags.h:169 kbuild/src/consumer/kernel/sched/core.c:5341)
[ 230.529222] irqentry_exit_cond_resched (kbuild/src/consumer/kernel/entry/common.c:387)
[ 230.529941] irqentry_exit (kbuild/src/consumer/kernel/entry/common.c:417)
[ 230.530528] common_interrupt (kbuild/src/consumer/arch/x86/kernel/irq.c:239)
[ 230.531147] asm_common_interrupt (kbuild/src/consumer/arch/x86/include/asm/idtentry.h:620)
[ 230.531814] EIP: __kmap_local_pfn_prot (kbuild/src/consumer/mm/highmem.c:529 (discriminator 3))
[ 230.532530] Code: 09 fb 89 1e 8b 81 a4 16 00 00 89 9c 81 a4 16 00 00 b8 01 00 00 00 e8 04 0d f1 ff 8b 55 f0 a1 d0 cb 70 c2 85 c0 74 28 83 c4 08 <89> d0 5b 5e 5f 5d c3 8d b6 00 00 00 00 0f 0b e9 56 ff ff ff 90 0f
All code
========
0: 09 fb or %edi,%ebx
2: 89 1e mov %ebx,(%rsi)
4: 8b 81 a4 16 00 00 mov 0x16a4(%rcx),%eax
a: 89 9c 81 a4 16 00 00 mov %ebx,0x16a4(%rcx,%rax,4)
11: b8 01 00 00 00 mov $0x1,%eax
16: e8 04 0d f1 ff callq 0xfffffffffff10d1f
1b: 8b 55 f0 mov -0x10(%rbp),%edx
1e: a1 d0 cb 70 c2 85 c0 movabs 0x2874c085c270cbd0,%eax
25: 74 28
27: 83 c4 08 add $0x8,%esp
2a:* 89 d0 mov %edx,%eax <-- trapping instruction
2c: 5b pop %rbx
2d: 5e pop %rsi
2e: 5f pop %rdi
2f: 5d pop %rbp
30: c3 retq
31: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
37: 0f 0b ud2
39: e9 56 ff ff ff jmpq 0xffffffffffffff94
3e: 90 nop
3f: 0f .byte 0xf
Code starting with the faulting instruction
===========================================
0: 89 d0 mov %edx,%eax
2: 5b pop %rbx
3: 5e pop %rsi
4: 5f pop %rdi
5: 5d pop %rbp
6: c3 retq
7: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
d: 0f 0b ud2
f: e9 56 ff ff ff jmpq 0xffffffffffffff6a
14: 90 nop
15: 0f .byte 0xf
[ 230.535108] EAX: 80000000 EBX: 0630c163 ECX: c6333940 EDX: ffffb000
[ 230.536027] ESI: c2de5fec EDI: 00000163 EBP: c6373d74 ESP: c6373d68
[ 230.536931] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00000282
[ 230.537909] ? exc_int3 (kbuild/src/consumer/arch/x86/include/asm/ptrace.h:129 kbuild/src/consumer/arch/x86/kernel/traps.c:655)
[ 230.538473] ? exc_int3 (kbuild/src/consumer/arch/x86/include/asm/ptrace.h:129 kbuild/src/consumer/arch/x86/kernel/traps.c:655)
[ 230.539038] ? __kmap_local_pfn_prot (kbuild/src/consumer/mm/highmem.c:529 (discriminator 3))
[ 230.539730] __kmap_local_page_prot (kbuild/src/consumer/mm/highmem.c:550)
[ 230.540399] _copy_to_iter (kbuild/src/consumer/include/linux/highmem.h:293 kbuild/src/consumer/lib/iov_iter.c:561 kbuild/src/consumer/lib/iov_iter.c:618)
[ 230.541000] ? slow_virt_to_phys (kbuild/src/consumer/arch/x86/mm/pat/set_memory.c:696)
[ 230.541643] seq_read_iter (kbuild/src/consumer/include/linux/uio.h:137 kbuild/src/consumer/fs/seq_file.c:278)
[ 230.542244] proc_reg_read_iter (kbuild/src/consumer/fs/proc/inode.c:310)
[ 230.542887] generic_file_splice_read (kbuild/src/consumer/include/linux/fs.h:1895 kbuild/src/consumer/fs/splice.c:311)
[ 230.543598] ? add_to_pipe (kbuild/src/consumer/fs/splice.c:301)
[ 230.544176] do_splice_to (kbuild/src/consumer/fs/splice.c:788)
[ 230.544742] splice_direct_to_actor (kbuild/src/consumer/fs/splice.c:867)
[ 230.545436] ? pipe_to_sendpage (kbuild/src/consumer/fs/splice.c:930)
[ 230.546069] do_splice_direct (kbuild/src/consumer/fs/splice.c:977)
[ 230.546689] do_sendfile (kbuild/src/consumer/fs/read_write.c:1257)
[ 230.547265] __ia32_sys_sendfile64 (kbuild/src/consumer/fs/read_write.c:1318 kbuild/src/consumer/fs/read_write.c:1304 kbuild/src/consumer/fs/read_write.c:1304)
[ 230.547930] do_int80_syscall_32 (kbuild/src/consumer/arch/x86/entry/common.c:77 kbuild/src/consumer/arch/x86/entry/common.c:94)
[ 230.548579] entry_INT80_32 (kbuild/src/consumer/arch/x86/entry/entry_32.S:1064)
[ 230.549188] EIP: 0xb7eca5ed
[ 230.549668] Code: 8b 7c 24 0c 50 e8 06 00 00 00 89 da 5b 5b 5f c3 8b 04 24 05 77 ec 04 00 8b 00 85 c0 74 06 50 8b 44 24 08 c3 8b 44 24 04 cd 80 <c3> 55 50 8b 6c 24 0c 8b 45 00 8b 6d 04 50 8b 44 24 04 e8 b9 ff ff
All code
========
0: 8b 7c 24 0c mov 0xc(%rsp),%edi
4: 50 push %rax
5: e8 06 00 00 00 callq 0x10
a: 89 da mov %ebx,%edx
c: 5b pop %rbx
d: 5b pop %rbx
e: 5f pop %rdi
f: c3 retq
10: 8b 04 24 mov (%rsp),%eax
13: 05 77 ec 04 00 add $0x4ec77,%eax
18: 8b 00 mov (%rax),%eax
1a: 85 c0 test %eax,%eax
1c: 74 06 je 0x24
1e: 50 push %rax
1f: 8b 44 24 08 mov 0x8(%rsp),%eax
23: c3 retq
24: 8b 44 24 04 mov 0x4(%rsp),%eax
28: cd 80 int $0x80
2a:* c3 retq <-- trapping instruction
2b: 55 push %rbp
2c: 50 push %rax
2d: 8b 6c 24 0c mov 0xc(%rsp),%ebp
31: 8b 45 00 mov 0x0(%rbp),%eax
34: 8b 6d 04 mov 0x4(%rbp),%ebp
37: 50 push %rax
38: 8b 44 24 04 mov 0x4(%rsp),%eax
3c: e8 .byte 0xe8
3d: b9 .byte 0xb9
3e: ff (bad)
To reproduce:
# build kernel
cd linux
cp config-5.11.0-rc7-00002-g61b205f57991 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.11.0-rc7-00002-g61b205f57991" of type "text/plain" (150916 bytes)
View attachment "job-script" of type "text/plain" (4122 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (18460 bytes)
View attachment "trinity" of type "text/plain" (436 bytes)
Powered by blists - more mailing lists