lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202408271452.c842a71d-lkp@intel.com>
Date: Tue, 27 Aug 2024 14:55:45 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, Linux Memory Management List
	<linux-mm@...ck.org>, Andrew Morton <akpm@...ux-foundation.org>, "Bert
 Karwatzki" <spasswolf@....de>, Jiri Olsa <olsajiri@...il.com>, Kees Cook
	<kees@...nel.org>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, "Lorenzo
 Stoakes" <lstoakes@...il.com>, Matthew Wilcox <willy@...radead.org>, "Paul E.
 McKenney" <paulmck@...nel.org>, Paul Moore <paul@...l-moore.com>, "Sidhartha
 Kumar" <sidhartha.kumar@...cle.com>, Suren Baghdasaryan <surenb@...gle.com>,
	Vlastimil Babka <vbabka@...e.cz>, <linux-kernel@...r.kernel.org>,
	<oliver.sang@...el.com>
Subject: [linux-next:master] [mm]  a0f2295a60:
 WARNING:at_mm/vma.c:#vma_merge_new_range



Hello,

kernel test robot noticed "WARNING:at_mm/vma.c:#vma_merge_new_range" on:

commit: a0f2295a607c0e8a64893593432562444a58a70b ("mm: avoid using vma_merge() for new VMAs")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:

	runtime: 600s



compiler: gcc-12
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+------------------------------------------+------------+------------+
|                                          | dfe2897d43 | a0f2295a60 |
+------------------------------------------+------------+------------+
| WARNING:at_mm/rmap.c:#unlink_anon_vmas   | 6          | 6          |
| EIP:unlink_anon_vmas                     | 6          | 6          |
| WARNING:at_mm/vma.c:#vma_merge_new_range | 0          | 6          |
| EIP:vma_merge_new_range                  | 0          | 6          |
+------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202408271452.c842a71d-lkp@intel.com


[   28.048325][  T765] ------------[ cut here ]------------
[ 28.048597][ T765] WARNING: CPU: 0 PID: 765 at mm/vma.c:524 vma_merge_new_range (mm/vma.c:524 (discriminator 1)) 
[   28.048976][  T765] Modules linked in: mousedev input_leds evbug led_class aesni_intel rapl psmouse pcspkr evdev i2c_piix4 qemu_fw_cfg i2c_smbus i2c_core button
[   28.049662][  T765] CPU: 0 UID: 65534 PID: 765 Comm: trinity-c4 Tainted: G        W          6.11.0-rc4-00372-ga0f2295a607c #2
[   28.050163][  T765] Tainted: [W]=WARN
[   28.050339][  T765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 28.050789][ T765] EIP: vma_merge_new_range (mm/vma.c:524 (discriminator 1)) 
[ 28.051028][ T765] Code: 8b 53 14 85 d2 0f 84 51 ff ff ff 8d b4 26 00 00 00 00 0f 0b 8b 4b 04 8b 45 f0 3b 41 04 0f 83 48 ff ff ff 8d b4 26 00 00 00 00 <0f> 0b e9 3a ff ff ff 8d b4 26 00 00 00 00 66 90 84 c0 0f 85 b6 00
All code
========
   0:	8b 53 14             	mov    0x14(%rbx),%edx
   3:	85 d2                	test   %edx,%edx
   5:	0f 84 51 ff ff ff    	je     0xffffffffffffff5c
   b:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  12:	0f 0b                	ud2
  14:	8b 4b 04             	mov    0x4(%rbx),%ecx
  17:	8b 45 f0             	mov    -0x10(%rbp),%eax
  1a:	3b 41 04             	cmp    0x4(%rcx),%eax
  1d:	0f 83 48 ff ff ff    	jae    0xffffffffffffff6b
  23:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  2a:*	0f 0b                	ud2		<-- trapping instruction
  2c:	e9 3a ff ff ff       	jmp    0xffffffffffffff6b
  31:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  38:	66 90                	xchg   %ax,%ax
  3a:	84 c0                	test   %al,%al
  3c:	0f                   	.byte 0xf
  3d:	85                   	.byte 0x85
  3e:	b6 00                	mov    $0x0,%dh

Code starting with the faulting instruction
===========================================
   0:	0f 0b                	ud2
   2:	e9 3a ff ff ff       	jmp    0xffffffffffffff41
   7:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
   e:	66 90                	xchg   %ax,%ax
  10:	84 c0                	test   %al,%al
  12:	0f                   	.byte 0xf
  13:	85                   	.byte 0x85
  14:	b6 00                	mov    $0x0,%dh
[   28.052072][  T765] EAX: 00400000 EBX: ed937b48 ECX: ed937b20 EDX: 00000000
[   28.052420][  T765] ESI: 00000000 EDI: ecb925a0 EBP: ed937b00 ESP: ed937ad8
[   28.052728][  T765] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010287
[   28.053082][  T765] CR0: 80050033 CR2: b76e3580 CR3: 2db75bc0 CR4: 000406b0
[   28.058945][  T765] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   28.059252][  T765] DR6: fffe0ff0 DR7: 00000400
[   28.059459][  T765] Call Trace:
[ 28.059606][ T765] ? show_regs (arch/x86/kernel/dumpstack.c:479 arch/x86/kernel/dumpstack.c:465) 
[ 28.059796][ T765] ? vma_merge_new_range (mm/vma.c:524 (discriminator 1)) 
[ 28.060030][ T765] ? __warn (kernel/panic.c:735) 
[ 28.060210][ T765] ? vma_merge_new_range (mm/vma.c:524 (discriminator 1)) 
[ 28.060446][ T765] ? report_bug (lib/bug.c:201 lib/bug.c:219) 
[ 28.060651][ T765] ? exc_overflow (arch/x86/kernel/traps.c:252) 
[ 28.060899][ T765] ? handle_bug (arch/x86/kernel/traps.c:218) 
[ 28.063802][ T765] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) 
[ 28.064013][ T765] ? handle_exception (arch/x86/entry/entry_32.S:1054) 
[ 28.064231][ T765] ? exc_overflow (arch/x86/kernel/traps.c:252) 
[ 28.064432][ T765] ? vma_merge_new_range (mm/vma.c:524 (discriminator 1)) 
[ 28.064666][ T765] ? exc_overflow (arch/x86/kernel/traps.c:252) 
[ 28.064870][ T765] ? vma_merge_new_range (mm/vma.c:524 (discriminator 1)) 
[ 28.065124][ T765] copy_vma (mm/vma.c:1563) 
[ 28.065326][ T765] move_vma+0x121/0x4d8 
[ 28.065557][ T765] ? mm_get_unmapped_area (mm/mmap.c:930) 
[ 28.065792][ T765] mremap_to+0x138/0x1b0 
[ 28.066054][ T765] __do_sys_mremap (mm/mremap.c:1176) 
[ 28.066270][ T765] ? __lock_release+0x55/0x150 
[ 28.066509][ T765] __ia32_sys_mremap (mm/mremap.c:980) 
[ 28.066720][ T765] ia32_sys_call (arch/x86/entry/syscall_32.c:44) 
[ 28.066923][ T765] __do_fast_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:386) 
[ 28.067146][ T765] ? __lock_acquire (kernel/locking/lockdep.c:5142) 
[ 28.067365][ T765] ? find_held_lock (kernel/locking/lockdep.c:5249) 
[ 28.067575][ T765] ? __lock_release+0x55/0x150 
[ 28.067812][ T765] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391) 
[ 28.068041][ T765] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 28.068282][ T765] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4420) 
[ 28.068511][ T765] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 28.068763][ T765] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391) 
[ 28.069004][ T765] ? do_pte_missing (mm/memory.c:5056 mm/memory.c:5195 mm/memory.c:3955) 
[ 28.069236][ T765] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 28.069477][ T765] ? handle_pte_fault (mm/memory.c:5530) 
[ 28.069701][ T765] ? mt_find (include/linux/rcupdate.h:336 include/linux/rcupdate.h:869 lib/maple_tree.c:6960) 
[ 28.069889][ T765] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 28.077572][ T765] ? __perf_sw_event (kernel/events/internal.h:227 kernel/events/core.c:9996 kernel/events/core.c:10021) 
[ 28.078055][ T765] ? __up_read (kernel/locking/rwsem.c:1354) 
[ 28.078245][ T765] ? __up_read (kernel/locking/rwsem.c:1354) 
[ 28.078435][ T765] ? debug_smp_processor_id (lib/smp_processor_id.c:61) 
[ 28.078670][ T765] ? __up_read (kernel/locking/rwsem.c:1354) 
[ 28.078859][ T765] ? __up_read (kernel/locking/rwsem.c:1354) 
[ 28.079050][ T765] ? trace_preempt_on (kernel/trace/trace_preemptirq.c:105) 
[ 28.079265][ T765] ? __up_read (kernel/locking/rwsem.c:1354) 
[ 28.079456][ T765] ? preempt_count_sub (kernel/sched/core.c:5672 kernel/sched/core.c:5668 kernel/sched/core.c:5690) 
[ 28.079677][ T765] ? irqentry_exit (kernel/entry/common.c:367) 
[ 28.079881][ T765] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 28.080126][ T765] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4420) 
[ 28.080356][ T765] ? irqentry_exit_to_user_mode (kernel/entry/common.c:234) 
[ 28.080612][ T765] do_fast_syscall_32 (arch/x86/entry/common.c:411) 
[ 28.080827][ T765] do_SYSENTER_32 (arch/x86/entry/common.c:450) 
[ 28.081065][ T765] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:836) 
[   28.081284][  T765] EIP: 0xb7f41579
[ 28.081446][ T765] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
All code
========
   0:	b8 01 10 06 03       	mov    $0x3061001,%eax
   5:	74 b4                	je     0xffffffffffffffbb
   7:	01 10                	add    %edx,(%rax)
   9:	07                   	(bad)
   a:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
   e:	10 08                	adc    %cl,(%rax)
  10:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
	...
  20:	00 51 52             	add    %dl,0x52(%rcx)
  23:	55                   	push   %rbp
  24:*	89 e5                	mov    %esp,%ebp		<-- trapping instruction
  26:	0f 34                	sysenter
  28:	cd 80                	int    $0x80
  2a:	5d                   	pop    %rbp
  2b:	5a                   	pop    %rdx
  2c:	59                   	pop    %rcx
  2d:	c3                   	ret
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	8d 76 00             	lea    0x0(%rsi),%esi
  35:	58                   	pop    %rax
  36:	b8 77 00 00 00       	mov    $0x77,%eax
  3b:	cd 80                	int    $0x80
  3d:	90                   	nop
  3e:	8d                   	.byte 0x8d
  3f:	76                   	.byte 0x76

Code starting with the faulting instruction
===========================================
   0:	5d                   	pop    %rbp
   1:	5a                   	pop    %rdx
   2:	59                   	pop    %rcx
   3:	c3                   	ret
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	8d 76 00             	lea    0x0(%rsi),%esi
   b:	58                   	pop    %rax
   c:	b8 77 00 00 00       	mov    $0x77,%eax
  11:	cd 80                	int    $0x80
  13:	90                   	nop
  14:	8d                   	.byte 0x8d
  15:	76                   	.byte 0x76


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240827/202408271452.c842a71d-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ