| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Apr 2022 15:59:54 +0800
From: kernel test robot <oliver.sang@...el.com>
To: David Hildenbrand <david@...hat.com>
Cc: Johannes Weiner <hannes@...xchg.org>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Borislav Petkov <bp@...en8.de>,
Catalin Marinas <catalin.marinas@....com>,
Christoph Hellwig <hch@....de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Don Dutile <ddutile@...hat.com>,
Gerald Schaefer <gerald.schaefer@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Hugh Dickins <hughd@...gle.com>,
Ingo Molnar <mingo@...hat.com>, Jan Kara <jack@...e.cz>,
Jann Horn <jannh@...gle.com>, Jason Gunthorpe <jgg@...dia.com>,
John Hubbard <jhubbard@...dia.com>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Liang Zhang <zhangliang5@...wei.com>,
Matthew Wilcox <willy@...radead.org>,
Michael Ellerman <mpe@...erman.id.au>,
Michal Hocko <mhocko@...nel.org>,
Mike Kravetz <mike.kravetz@...cle.com>,
Mike Rapoport <rppt@...ux.ibm.com>,
Nadav Amit <namit@...are.com>,
Oded Gabbay <oded.gabbay@...il.com>,
Oleg Nesterov <oleg@...hat.com>,
Paul Mackerras <paulus@...ba.org>,
Pedro Demarchi Gomes <pedrodemargomes@...il.com>,
Peter Xu <peterx@...hat.com>, Rik van Riel <riel@...riel.com>,
Roman Gushchin <guro@...com>,
Shakeel Butt <shakeelb@...gle.com>,
Thomas Gleixner <tglx@...utronix.de>,
Vasily Gorbik <gor@...ux.ibm.com>,
Vlastimil Babka <vbabka@...e.cz>,
Will Deacon <will@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
lkp@...el.com
Subject: [x86/pgtable] d1ec551f87: BUG:Bad_page_map_in_process
Greeting,
FYI, we noticed the following commit (built with clang-15):
commit: d1ec551f874e1663bfe76b994c0010a4566cf936 ("x86/pgtable: support __HAVE_ARCH_PTE_SWP_EXCLUSIVE")
https://github.com/hnaz/linux-mm master
in testcase: trinity
version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06
with following parameters:
runtime: 300s
group: group-01
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 40.201103][ T5099] BUG: Bad page map in process trinity-c7 pte:1713003a pmd:7ff71067
[ 40.201999][ T5099] addr:096e7000 vm_flags:00100073 anon_vma:bff0aa00 mapping:00000000 index:96e7
[ 40.202718][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 40.203229][ T5099] CPU: 0 PID: 5099 Comm: trinity-c7 Not tainted 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
[ 40.203952][ T5099] Call Trace:
[ 40.204195][ T5099] ? dump_stack_lvl (??:?)
[ 40.204581][ T5099] ? dump_stack (??:?)
[ 40.204970][ T5099] ? print_bad_pte (memory.c:?)
[ 40.205384][ T5099] ? unmap_page_range (??:?)
[ 40.205843][ T5099] ? unmap_single_vma (memory.c:?)
[ 40.206271][ T5099] ? unmap_vmas (??:?)
[ 40.206647][ T5099] ? exit_mmap (??:?)
[ 40.207032][ T5099] ? __mmput (fork.c:?)
[ 40.207405][ T5099] ? mmput (??:?)
[ 40.207751][ T5099] ? exit_mm (exit.c:?)
[ 40.208121][ T5099] ? do_exit (??:?)
[ 40.208497][ T5099] ? do_group_exit (??:?)
[ 40.208905][ T5099] ? trace_hardirqs_on (??:?)
[ 40.209345][ T5099] ? get_signal (??:?)
[ 40.209750][ T5099] ? arch_do_signal_or_restart (??:?)
[ 40.210287][ T5099] ? exit_to_user_mode_loop (common.c:?)
[ 40.210778][ T5099] ? exit_to_user_mode_prepare (common.c:?)
[ 40.211302][ T5099] ? syscall_exit_to_user_mode (??:?)
[ 40.211808][ T5099] ? ret_from_fork (??:?)
[ 40.212268][ T5099] Disabling lock debugging due to kernel taint
[ 40.231123][ T5097] BUG: Bad page map in process trinity-c5 pte:171e0a3e pmd:0a8d3067
[ 40.231770][ T5099] BUG: Bad page map in process trinity-c7 pte:1713023a pmd:7ff71067
[ 40.231883][ T5097] addr:36ed5000 vm_flags:000000fb anon_vma:00000000 mapping:485d0d80 index:1
[ 40.232611][ T5099] addr:096e8000 vm_flags:00100073 anon_vma:bff0ab18 mapping:00000000 index:96e8
[ 40.233429][ T5097] file:dev/zero fault:shmem_fault mmap:shmem_mmap readpage:0x0
[ 40.234271][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 40.234971][ T5097] CPU: 1 PID: 5097 Comm: trinity-c5 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
[ 40.236510][ T5097] Call Trace:
[ 40.236805][ T5097] dump_stack_lvl (??:?)
[ 40.237195][ T5097] dump_stack (??:?)
[ 40.237547][ T5097] print_bad_pte (memory.c:?)
[ 40.237947][ T5097] unmap_page_range (??:?)
[ 40.238399][ T5097] unmap_single_vma (memory.c:?)
[ 40.238819][ T5097] unmap_vmas (??:?)
[ 40.239196][ T5097] exit_mmap (??:?)
[ 40.239579][ T5097] __mmput (fork.c:?)
[ 40.239920][ T5097] mmput (??:?)
[ 40.240270][ T5097] exit_mm (exit.c:?)
[ 40.240632][ T5097] do_exit (??:?)
[ 40.241007][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.241492][ T5097] do_group_exit (??:?)
[ 40.241894][ T5097] __ia32_sys_exit_group (??:?)
[ 40.242385][ T5097] __do_fast_syscall_32 (common.c:?)
[ 40.242850][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.243361][ T5097] ? lock_release (??:?)
[ 40.243774][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.244264][ T5097] ? irqentry_exit (??:?)
[ 40.244683][ T5097] ? irqentry_exit (??:?)
[ 40.245100][ T5097] ? irqentry_exit_to_user_mode (??:?)
[ 40.245586][ T5097] ? __do_fast_syscall_32 (common.c:?)
[ 40.246054][ T5097] ? irqentry_exit (??:?)
[ 40.246467][ T5097] ? exc_page_fault (??:?)
[ 40.246914][ T5097] do_fast_syscall_32 (??:?)
[ 40.247358][ T5097] do_SYSENTER_32 (??:?)
[ 40.247766][ T5097] entry_SYSENTER_32 (??:?)
[ 40.248212][ T5097] EIP: 0x37f4c509
[ 40.248542][ T5097] Code: Unable to access opcode bytes at RIP 0x37f4c4df.
Code starting with the faulting instruction
===========================================
[ 40.249171][ T5097] EAX: ffffffda EBX: 00000001 ECX: 00000000 EDX: 00000007
[ 40.249805][ T5097] ESI: 371e5000 EDI: 371e5030 EBP: ffffffff ESP: 3fa05f5c
[ 40.250472][ T5097] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 007b EFLAGS: 00000216
[ 40.254660][ T5099] CPU: 0 PID: 5099 Comm: trinity-c7 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
[ 40.259088][ T5099] Call Trace:
[ 40.259386][ T5099] ? dump_stack_lvl (??:?)
[ 40.259790][ T5099] ? dump_stack (??:?)
[ 40.260147][ T5099] ? print_bad_pte (memory.c:?)
[ 40.260564][ T5099] ? unmap_page_range (??:?)
[ 40.260778][ T5097] BUG: Bad page map in process trinity-c5 pte:171e0e3e pmd:0a8d3067
[ 40.260997][ T5099] ? unmap_single_vma (memory.c:?)
[ 40.261728][ T5097] addr:36ed7000 vm_flags:000000fb anon_vma:00000000 mapping:485d0d80 index:3
[ 40.262182][ T5099] ? unmap_vmas (??:?)
[ 40.262958][ T5097] file:dev/zero fault:shmem_fault mmap:shmem_mmap readpage:0x0
[ 40.263374][ T5099] ? exit_mmap (??:?)
[ 40.264462][ T5099] ? __mmput (fork.c:?)
[ 40.264827][ T5099] ? mmput (??:?)
[ 40.265179][ T5099] ? exit_mm (exit.c:?)
[ 40.265563][ T5099] ? do_exit (??:?)
[ 40.265962][ T5099] ? do_group_exit (??:?)
[ 40.266399][ T5099] ? trace_hardirqs_on (??:?)
[ 40.266845][ T5099] ? get_signal (??:?)
[ 40.267254][ T5099] ? arch_do_signal_or_restart (??:?)
[ 40.267752][ T5099] ? exit_to_user_mode_loop (common.c:?)
[ 40.268228][ T5099] ? exit_to_user_mode_prepare (common.c:?)
[ 40.268719][ T5099] ? syscall_exit_to_user_mode (??:?)
[ 40.269211][ T5099] ? ret_from_fork (??:?)
[ 40.269608][ T5097] CPU: 1 PID: 5097 Comm: trinity-c5 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
[ 40.272368][ T5097] Call Trace:
[ 40.273126][ T5097] dump_stack_lvl (??:?)
[ 40.274237][ T5097] dump_stack (??:?)
[ 40.275198][ T5097] print_bad_pte (memory.c:?)
[ 40.276320][ T5097] unmap_page_range (??:?)
[ 40.277590][ T5097] unmap_single_vma (memory.c:?)
[ 40.278811][ T5097] unmap_vmas (??:?)
[ 40.279932][ T5097] exit_mmap (??:?)
[ 40.281041][ T5097] __mmput (fork.c:?)
[ 40.282054][ T5097] mmput (??:?)
[ 40.283036][ T5097] exit_mm (exit.c:?)
[ 40.284073][ T5097] do_exit (??:?)
[ 40.285071][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.286479][ T5097] do_group_exit (??:?)
[ 40.287604][ T5097] __ia32_sys_exit_group (??:?)
[ 40.288968][ T5097] __do_fast_syscall_32 (common.c:?)
[ 40.290162][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.291440][ T5097] ? lock_release (??:?)
[ 40.292436][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.292946][ T5097] ? irqentry_exit (??:?)
[ 40.293399][ T5097] ? irqentry_exit (??:?)
[ 40.293843][ T5097] ? irqentry_exit_to_user_mode (??:?)
[ 40.294391][ T5097] ? __do_fast_syscall_32 (common.c:?)
[ 40.294884][ T5097] ? irqentry_exit (??:?)
[ 40.295320][ T5097] ? exc_page_fault (??:?)
[ 40.295758][ T5097] do_fast_syscall_32 (??:?)
[ 40.296193][ T5097] do_SYSENTER_32 (??:?)
[ 40.296600][ T5097] entry_SYSENTER_32 (??:?)
[ 40.297028][ T5097] EIP: 0x37f4c509
[ 40.297373][ T5097] Code: Unable to access opcode bytes at RIP 0x37f4c4df.
To reproduce:
# build kernel
cd linux
cp config-5.18.0-rc2-mm1-00053-gd1ec551f874e .config
make HOSTCC=clang-15 CC=clang-15 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=clang-15 CC=clang-15 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.18.0-rc2-mm1-00053-gd1ec551f874e" of type "text/plain" (118913 bytes)
View attachment "job-script" of type "text/plain" (4568 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (21692 bytes)
Powered by blists - more mailing lists