lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202211131641.f1fe0711-yujie.liu@intel.com>
Date:   Sun, 13 Nov 2022 17:51:45 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Pasha Tatashin <pasha.tatashin@...een.com>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Arnd Bergmann <arnd@...db.de>,
        Bagas Sanjaya <bagasdotme@...il.com>,
        Colin Cross <ccross@...gle.com>,
        David Hildenbrand <david@...hat.com>,
        Hugh Dickins <hughd@...gle.com>,
        Johannes Weiner <hannes@...xchg.org>,
        Jonathan Corbet <corbet@....net>,
        "Kirill A . Shutemov" <kirill@...temov.name>,
        Liam Howlett <liam.howlett@...cle.com>,
        "Matthew Wilcox" <willy@...radead.org>,
        Mike Rapoport <rppt@...nel.org>,
        "Paul Gortmaker" <paul.gortmaker@...driver.com>,
        Peter Xu <peterx@...hat.com>,
        "Sean Christopherson" <seanjc@...gle.com>,
        Vincent Whitchurch <vincent.whitchurch@...s.com>,
        Vlastimil Babka <vbabka@...e.cz>, xu xin <cgel.zte@...il.com>,
        Yang Shi <shy828301@...il.com>, Yu Zhao <yuzhao@...gle.com>,
        Linux Memory Management List <linux-mm@...ck.org>,
        <linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>
Subject: [linux-next:master] [mm] 2220e3a895:
 WARNING:at_include/linux/mmap_lock.h:#anon_vma_name

Greeting,

FYI, we noticed WARNING:at_include/linux/mmap_lock.h:#anon_vma_name due to commit (built with gcc-11):

commit: 2220e3a8953e86b87adfc753fc57c2a5e0b0a032 ("mm: anonymous shared memory naming")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

[test failed on linux-next/master f8f60f322f0640c8edda2942ca5f84b7a27c417a]

in testcase: trinity
version: trinity-static-x86_64-x86_64-1c734c75-1_2020-01-06
with following parameters:

	runtime: 300s
	group: group-04

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


[  128.700641][ T4161] ------------[ cut here ]------------
[ 128.701055][ T4161] WARNING: CPU: 0 PID: 4161 at include/linux/mmap_lock.h:155 anon_vma_name (??:?) 
[  128.701608][ T4161] Modules linked in:
[  128.701839][ T4161] CPU: 0 PID: 4161 Comm: trinity-c4 Tainted: G                T  6.1.0-rc4-00216-g2220e3a8953e #1 11f9472e0edad800f55c5824aae0f9f692ada352
[  128.702701][ T4161] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 128.703294][ T4161] RIP: 0010:anon_vma_name (??:?) 
[ 128.703602][ T4161] Code: c1 ea 03 80 3c 02 00 75 54 48 8b 83 88 00 00 00 5b 5d 41 5c c3 48 8d bd 70 06 00 00 be ff ff ff ff e8 27 35 12 02 85 c0 75 8a <0f> 0b eb 86 48 89 ef e8 57 49 f7 ff 0f 0b 48 c7 c7 2c 05 27 86 e8
All code
========
   0:	c1 ea 03             	shr    $0x3,%edx
   3:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   7:	75 54                	jne    0x5d
   9:	48 8b 83 88 00 00 00 	mov    0x88(%rbx),%rax
  10:	5b                   	pop    %rbx
  11:	5d                   	pop    %rbp
  12:	41 5c                	pop    %r12
  14:	c3                   	retq   
  15:	48 8d bd 70 06 00 00 	lea    0x670(%rbp),%rdi
  1c:	be ff ff ff ff       	mov    $0xffffffff,%esi
  21:	e8 27 35 12 02       	callq  0x212354d
  26:	85 c0                	test   %eax,%eax
  28:	75 8a                	jne    0xffffffffffffffb4
  2a:*	0f 0b                	ud2    		<-- trapping instruction
  2c:	eb 86                	jmp    0xffffffffffffffb4
  2e:	48 89 ef             	mov    %rbp,%rdi
  31:	e8 57 49 f7 ff       	callq  0xfffffffffff7498d
  36:	0f 0b                	ud2    
  38:	48 c7 c7 2c 05 27 86 	mov    $0xffffffff8627052c,%rdi
  3f:	e8                   	.byte 0xe8

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2    
   2:	eb 86                	jmp    0xffffffffffffff8a
   4:	48 89 ef             	mov    %rbp,%rdi
   7:	e8 57 49 f7 ff       	callq  0xfffffffffff74963
   c:	0f 0b                	ud2    
   e:	48 c7 c7 2c 05 27 86 	mov    $0xffffffff8627052c,%rdi
  15:	e8                   	.byte 0xe8
[  128.704711][ T4161] RSP: 0018:ffff8881330efa38 EFLAGS: 00010246
[  128.705067][ T4161] RAX: 0000000000000000 RBX: ffffffff84c82000 RCX: 0000000000000001
[  128.705525][ T4161] RDX: 0000000000000000 RSI: 0000000000000670 RDI: ffff88816cb7c9d0
[  128.705981][ T4161] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  128.706480][ T4161] R10: ffffffffff600000 R11: 0000000000000000 R12: ffffffff84c82040
[  128.706938][ T4161] R13: ffffffff84c82080 R14: ffffffff84c82010 R15: ffffffff84c82000
[  128.707392][ T4161] FS:  000000000109a880(0000) GS:ffff88839d400000(0000) knlGS:0000000000000000
[  128.707905][ T4161] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  128.708284][ T4161] CR2: 00007f52e686184c CR3: 000000017e9bc000 CR4: 00000000000406b0
[  128.708741][ T4161] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  128.709196][ T4161] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  128.709652][ T4161] Call Trace:
[  128.709846][ T4161]  <TASK>
[ 128.710031][ T4161] show_map_vma (task_mmu.c:?) 
[ 128.710323][ T4161] show_map (task_mmu.c:?) 
[ 128.710725][ T4161] seq_read_iter (??:?) 
[ 128.711291][ T4161] ? lock_acquire (??:?) 
[ 128.711820][ T4161] seq_read (??:?) 
[ 128.712351][ T4161] ? seq_read_iter (??:?) 
[ 128.712941][ T4161] ? __might_fault (??:?) 
[ 128.713464][ T4161] do_loop_readv_writev+0xca/0x300 
[ 128.714126][ T4161] ? fsnotify_perm+0x134/0x4c0 
[ 128.714773][ T4161] do_iter_read (read_write.c:?) 
[ 128.715375][ T4161] vfs_readv (read_write.c:?) 
[ 128.715873][ T4161] ? vfs_iter_read (read_write.c:?) 
[ 128.716396][ T4161] ? find_held_lock (lockdep.c:?) 
[ 128.716981][ T4161] ? __ct_user_exit (??:?) 
[ 128.717558][ T4161] ? __lock_release (lockdep.c:?) 
[ 128.718136][ T4161] ? lock_downgrade (lockdep.c:?) 
[ 128.718745][ T4161] __x64_sys_preadv (??:?) 
[ 128.719033][ T4161] ? __x64_sys_preadv2 (??:?) 
[ 128.719338][ T4161] do_syscall_64 (??:?) 
[ 128.719599][ T4161] entry_SYSCALL_64_after_hwframe (??:?) 
[  128.719940][ T4161] RIP: 0033:0x463519
[ 128.720168][ T4161] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 59 00 00 c3 66 2e 0f 1f 84 00 00 00 00
All code
========
   0:	00 f3                	add    %dh,%bl
   2:	c3                   	retq   
   3:	66 2e 0f 1f 84 00 00 	nopw   %cs:0x0(%rax,%rax,1)
   a:	00 00 00 
   d:	0f 1f 40 00          	nopl   0x0(%rax)
  11:	48 89 f8             	mov    %rdi,%rax
  14:	48 89 f7             	mov    %rsi,%rdi
  17:	48 89 d6             	mov    %rdx,%rsi
  1a:	48 89 ca             	mov    %rcx,%rdx
  1d:	4d 89 c2             	mov    %r8,%r10
  20:	4d 89 c8             	mov    %r9,%r8
  23:	4c 8b 4c 24 08       	mov    0x8(%rsp),%r9
  28:	0f 05                	syscall 
  2a:*	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax		<-- trapping instruction
  30:	0f 83 db 59 00 00    	jae    0x5a11
  36:	c3                   	retq   
  37:	66                   	data16
  38:	2e                   	cs
  39:	0f                   	.byte 0xf
  3a:	1f                   	(bad)  
  3b:	84 00                	test   %al,(%rax)
  3d:	00 00                	add    %al,(%rax)
	...

Code starting with the faulting instruction
===========================================
   0:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax
   6:	0f 83 db 59 00 00    	jae    0x59e7
   c:	c3                   	retq   
   d:	66                   	data16
   e:	2e                   	cs
   f:	0f                   	.byte 0xf
  10:	1f                   	(bad)  
  11:	84 00                	test   %al,(%rax)
  13:	00 00                	add    %al,(%rax)
	...
[  128.721265][ T4161] RSP: 002b:00007ffc45dc65f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  128.721745][ T4161] RAX: ffffffffffffffda RBX: 0000000000000127 RCX: 0000000000463519
[  128.722214][ T4161] RDX: 00000000000000ca RSI: 0000000001327030 RDI: 000000000000003e
[  128.722671][ T4161] RBP: 00007f52e5593000 R08: 0000001027180f8c R09: 0000000000000045
[  128.723126][ T4161] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000002
[  128.723580][ T4161] R13: 00007f52e5593058 R14: 000000000109a850 R15: 00007f52e5593000
[  128.724048][ T4161]  </TASK>
[  128.724228][ T4161] irq event stamp: 39467
[ 128.724474][ T4161] hardirqs last enabled at (39475): __up_console_sem (printk.c:?) 
[ 128.725014][ T4161] hardirqs last disabled at (39482): __up_console_sem (printk.c:?) 
[ 128.725553][ T4161] softirqs last enabled at (39294): __do_softirq (??:?) 
[ 128.726090][ T4161] softirqs last disabled at (39281): __irq_exit_rcu (softirq.c:?) 
[  128.727013][ T4161] ---[ end trace 0000000000000000 ]---
[  128.727667][ T4161] ==================================================================


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202211131641.f1fe0711-yujie.liu@intel.com


To reproduce:

        # build kernel
	cd linux
	cp config-6.1.0-rc4-00216-g2220e3a8953e .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.


-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config-6.1.0-rc4-00216-g2220e3a8953e" of type "text/plain" (123740 bytes)

View attachment "job-script" of type "text/plain" (4486 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (47684 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ