lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 May 2022 16:01:37 +0800 From: kernel test robot <oliver.sang@...el.com> To: Jakub Matěna <matenajakub@...il.com> Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org, linux-mm@...ck.org, patches@...ts.linux.dev, vbabka@...e.cz, mhocko@...nel.org, mgorman@...hsingularity.net, willy@...radead.org, liam.howlett@...cle.com, hughd@...gle.com, kirill@...temov.name, riel@...riel.com, rostedt@...dmis.org, peterz@...radead.org, david@...hat.com, Jakub Matěna <matenajakub@...il.com> Subject: [mm] d0a63efe2f: WARNING:at_mm/rmap.c:#reconnect_page_pte Greeting, FYI, we noticed the following commit (built with clang-15): commit: d0a63efe2faccada7d878ed990e446aab96ec964 ("[RFC PATCH v3 5/6] [PATCH 5/6] mm: enable merging of VMAs with different anon_vmas") url: https://github.com/intel-lab-lkp/linux/commits/Jakub-Mat-na/Removing-limitations-of-merging-anonymous-VMAs/20220516-205637 base: https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git for-next/execve patch link: https://lore.kernel.org/linux-mm/20220516125405.1675-6-matenajakub@gmail.com in testcase: trinity version: trinity-static-i386-x86_64-f93256fb_2019-08-28 with following parameters: runtime: 300s group: group-03 test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot <oliver.sang@...el.com> [ 89.161564][ T3735] WARNING: CPU: 0 PID: 3735 at mm/rmap.c:416 reconnect_page_pte (rmap.c:?) [ 89.162266][ T3735] Modules linked in: i2c_piix4 [ 89.162664][ T3735] CPU: 0 PID: 3735 Comm: trinity-c1 Not tainted 5.18.0-rc2-00008-gd0a63efe2fac #1 fe7dc62a49119a172a4e1ee5fa133e62ef344742 [ 89.163746][ T3735] EIP: reconnect_page_pte (rmap.c:?) [ 89.164209][ T3735] Code: ff 0f 0b b8 10 84 64 c7 e8 b7 dc 15 00 48 83 78 1c 00 75 c4 ba 83 87 f9 c6 e8 86 af fe ff 0f 0b b8 10 84 64 c7 e8 9a dc 15 00 <0f> 0b 8b 47 44 3b 42 44 0f 85 48 ff ff ff 0f 0b e9 41 ff ff ff 00 All code ======== 0: ff 0f decl (%rdi) 2: 0b b8 10 84 64 c7 or -0x389b7bf0(%rax),%edi 8: e8 b7 dc 15 00 callq 0x15dcc4 d: 48 83 78 1c 00 cmpq $0x0,0x1c(%rax) 12: 75 c4 jne 0xffffffffffffffd8 14: ba 83 87 f9 c6 mov $0xc6f98783,%edx 19: e8 86 af fe ff callq 0xfffffffffffeafa4 1e: 0f 0b ud2 20: b8 10 84 64 c7 mov $0xc7648410,%eax 25: e8 9a dc 15 00 callq 0x15dcc4 2a:* 0f 0b ud2 <-- trapping instruction 2c: 8b 47 44 mov 0x44(%rdi),%eax 2f: 3b 42 44 cmp 0x44(%rdx),%eax 32: 0f 85 48 ff ff ff jne 0xffffffffffffff80 38: 0f 0b ud2 3a: e9 41 ff ff ff jmpq 0xffffffffffffff80 ... Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: 8b 47 44 mov 0x44(%rdi),%eax 5: 3b 42 44 cmp 0x44(%rdx),%eax 8: 0f 85 48 ff ff ff jne 0xffffffffffffff56 e: 0f 0b ud2 10: e9 41 ff ff ff jmpq 0xffffffffffffff56 ... [ 89.165822][ T3735] EAX: ebe211ef EBX: ee4c1df4 ECX: 00000081 EDX: ebf0f810 [ 89.166440][ T3735] ESI: e69cd260 EDI: ecbd5c30 EBP: ee4c1d50 ESP: ee4c1d44 [ 89.167002][ T3735] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010217 [ 89.167600][ T3735] CR0: 80050033 CR2: 00000001 CR3: 2be82000 CR4: 00040690 [ 89.168176][ T3735] Call Trace: [ 89.168448][ T3735] ? reconnect_pages_range (rmap.c:?) [ 89.168898][ T3735] walk_pte_range (fbdev.c:?) [ 89.169289][ T3735] __walk_page_range (fbdev.c:?) [ 89.169681][ T3735] reconnect_pages_range (fbdev.c:?) [ 89.170096][ T3735] ? reconnect_pages_range (rmap.c:?) [ 89.170528][ T3735] __vma_adjust (fbdev.c:?) [ 89.170880][ T3735] ? lock_release (fbdev.c:?) [ 89.171243][ T3735] vma_merge (fbdev.c:?) [ 89.171593][ T3735] mprotect_fixup (fbdev.c:?) [ 89.171984][ T3735] ? lock_is_held_type (fbdev.c:?) [ 89.172421][ T3735] do_mprotect_pkey (mprotect.c:?) [ 89.172833][ T3735] __ia32_sys_mprotect (fbdev.c:?) [ 89.173251][ T3735] __do_fast_syscall_32 (common.c:?) [ 89.173681][ T3735] ? irqentry_exit (fbdev.c:?) [ 89.174079][ T3735] ? irqentry_exit_to_user_mode (fbdev.c:?) [ 89.174559][ T3735] do_fast_syscall_32 (fbdev.c:?) [ 89.174982][ T3735] do_SYSENTER_32 (fbdev.c:?) [ 89.175364][ T3735] entry_SYSENTER_32 (??:?) [ 89.175772][ T3735] EIP: 0xb7f7b509 [ 89.176080][ T3735] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 All code ======== 0: b8 01 10 06 03 mov $0x3061001,%eax 5: 74 b4 je 0xffffffffffffffbb 7: 01 10 add %edx,(%rax) 9: 07 (bad) a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi e: 10 08 adc %cl,(%rax) 10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi ... 20: 00 51 52 add %dl,0x52(%rcx) 23: 55 push %rbp 24: 89 e5 mov %esp,%ebp 26: 0f 34 sysenter 28: cd 80 int $0x80 2a:* 5d pop %rbp <-- trapping instruction 2b: 5a pop %rdx 2c: 59 pop %rcx 2d: c3 retq 2e: 90 nop 2f: 90 nop 30: 90 nop 31: 90 nop 32: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 39: 00 00 00 3c: 0f .byte 0xf 3d: 1f (bad) 3e: 44 rex.R ... Code starting with the faulting instruction =========================================== 0: 5d pop %rbp 1: 5a pop %rdx 2: 59 pop %rcx 3: c3 retq 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) f: 00 00 00 12: 0f .byte 0xf 13: 1f (bad) 14: 44 rex.R ... [ 89.177743][ T3735] EAX: ffffffda EBX: b3a00000 ECX: 00200000 EDX: 00000003 [ 89.178339][ T3735] ESI: b3a00000 EDI: 00200000 EBP: b7502000 ESP: bfea2918 [ 89.178937][ T3735] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000296 [ 89.179571][ T3735] irq event stamp: 1828581 [ 89.179940][ T3735] hardirqs last enabled at (1828589): __up_console_sem (printk.c:?) [ 89.180705][ T3735] hardirqs last disabled at (1828596): __up_console_sem (printk.c:?) [ 89.181450][ T3735] softirqs last enabled at (1822860): release_sock (fbdev.c:?) [ 89.182112][ T3735] softirqs last disabled at (1822858): release_sock (fbdev.c:?) [ 89.182805][ T3735] ---[ end trace 0000000000000000 ]--- [ 89.183277][ T3735] ------------[ cut here ]------------ To reproduce: # build kernel cd linux cp config-5.18.0-rc2-00008-gd0a63efe2fac .config make HOSTCC=clang-15 CC=clang-15 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=clang-15 CC=clang-15 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install cd <mod-install-dir> find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. -- 0-DAY CI Kernel Test Service https://01.org/lkp View attachment "config-5.18.0-rc2-00008-gd0a63efe2fac" of type "text/plain" (138174 bytes) View attachment "job-script" of type "text/plain" (4729 bytes) Download attachment "dmesg.xz" of type "application/x-xz" (40516 bytes)
Powered by blists - more mailing lists