| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202408271452.c842a71d-lkp@intel.com>
Date: Tue, 27 Aug 2024 14:55:45 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, Linux Memory Management List
<linux-mm@...ck.org>, Andrew Morton <akpm@...ux-foundation.org>, "Bert
Karwatzki" <spasswolf@....de>, Jiri Olsa <olsajiri@...il.com>, Kees Cook
<kees@...nel.org>, "Liam R. Howlett" <Liam.Howlett@...cle.com>, "Lorenzo
Stoakes" <lstoakes@...il.com>, Matthew Wilcox <willy@...radead.org>, "Paul E.
McKenney" <paulmck@...nel.org>, Paul Moore <paul@...l-moore.com>, "Sidhartha
Kumar" <sidhartha.kumar@...cle.com>, Suren Baghdasaryan <surenb@...gle.com>,
Vlastimil Babka <vbabka@...e.cz>, <linux-kernel@...r.kernel.org>,
<oliver.sang@...el.com>
Subject: [linux-next:master] [mm] a0f2295a60:
WARNING:at_mm/vma.c:#vma_merge_new_range
Hello,
kernel test robot noticed "WARNING:at_mm/vma.c:#vma_merge_new_range" on:
commit: a0f2295a607c0e8a64893593432562444a58a70b ("mm: avoid using vma_merge() for new VMAs")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:
runtime: 600s
compiler: gcc-12
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------+------------+------------+
| | dfe2897d43 | a0f2295a60 |
+------------------------------------------+------------+------------+
| WARNING:at_mm/rmap.c:#unlink_anon_vmas | 6 | 6 |
| EIP:unlink_anon_vmas | 6 | 6 |
| WARNING:at_mm/vma.c:#vma_merge_new_range | 0 | 6 |
| EIP:vma_merge_new_range | 0 | 6 |
+------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202408271452.c842a71d-lkp@intel.com
[ 28.048325][ T765] ------------[ cut here ]------------
[ 28.048597][ T765] WARNING: CPU: 0 PID: 765 at mm/vma.c:524 vma_merge_new_range (mm/vma.c:524 (discriminator 1))
[ 28.048976][ T765] Modules linked in: mousedev input_leds evbug led_class aesni_intel rapl psmouse pcspkr evdev i2c_piix4 qemu_fw_cfg i2c_smbus i2c_core button
[ 28.049662][ T765] CPU: 0 UID: 65534 PID: 765 Comm: trinity-c4 Tainted: G W 6.11.0-rc4-00372-ga0f2295a607c #2
[ 28.050163][ T765] Tainted: [W]=WARN
[ 28.050339][ T765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 28.050789][ T765] EIP: vma_merge_new_range (mm/vma.c:524 (discriminator 1))
[ 28.051028][ T765] Code: 8b 53 14 85 d2 0f 84 51 ff ff ff 8d b4 26 00 00 00 00 0f 0b 8b 4b 04 8b 45 f0 3b 41 04 0f 83 48 ff ff ff 8d b4 26 00 00 00 00 <0f> 0b e9 3a ff ff ff 8d b4 26 00 00 00 00 66 90 84 c0 0f 85 b6 00
All code
========
0: 8b 53 14 mov 0x14(%rbx),%edx
3: 85 d2 test %edx,%edx
5: 0f 84 51 ff ff ff je 0xffffffffffffff5c
b: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
12: 0f 0b ud2
14: 8b 4b 04 mov 0x4(%rbx),%ecx
17: 8b 45 f0 mov -0x10(%rbp),%eax
1a: 3b 41 04 cmp 0x4(%rcx),%eax
1d: 0f 83 48 ff ff ff jae 0xffffffffffffff6b
23: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
2a:* 0f 0b ud2 <-- trapping instruction
2c: e9 3a ff ff ff jmp 0xffffffffffffff6b
31: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
38: 66 90 xchg %ax,%ax
3a: 84 c0 test %al,%al
3c: 0f .byte 0xf
3d: 85 .byte 0x85
3e: b6 00 mov $0x0,%dh
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: e9 3a ff ff ff jmp 0xffffffffffffff41
7: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
e: 66 90 xchg %ax,%ax
10: 84 c0 test %al,%al
12: 0f .byte 0xf
13: 85 .byte 0x85
14: b6 00 mov $0x0,%dh
[ 28.052072][ T765] EAX: 00400000 EBX: ed937b48 ECX: ed937b20 EDX: 00000000
[ 28.052420][ T765] ESI: 00000000 EDI: ecb925a0 EBP: ed937b00 ESP: ed937ad8
[ 28.052728][ T765] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010287
[ 28.053082][ T765] CR0: 80050033 CR2: b76e3580 CR3: 2db75bc0 CR4: 000406b0
[ 28.058945][ T765] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 28.059252][ T765] DR6: fffe0ff0 DR7: 00000400
[ 28.059459][ T765] Call Trace:
[ 28.059606][ T765] ? show_regs (arch/x86/kernel/dumpstack.c:479 arch/x86/kernel/dumpstack.c:465)
[ 28.059796][ T765] ? vma_merge_new_range (mm/vma.c:524 (discriminator 1))
[ 28.060030][ T765] ? __warn (kernel/panic.c:735)
[ 28.060210][ T765] ? vma_merge_new_range (mm/vma.c:524 (discriminator 1))
[ 28.060446][ T765] ? report_bug (lib/bug.c:201 lib/bug.c:219)
[ 28.060651][ T765] ? exc_overflow (arch/x86/kernel/traps.c:252)
[ 28.060899][ T765] ? handle_bug (arch/x86/kernel/traps.c:218)
[ 28.063802][ T765] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
[ 28.064013][ T765] ? handle_exception (arch/x86/entry/entry_32.S:1054)
[ 28.064231][ T765] ? exc_overflow (arch/x86/kernel/traps.c:252)
[ 28.064432][ T765] ? vma_merge_new_range (mm/vma.c:524 (discriminator 1))
[ 28.064666][ T765] ? exc_overflow (arch/x86/kernel/traps.c:252)
[ 28.064870][ T765] ? vma_merge_new_range (mm/vma.c:524 (discriminator 1))
[ 28.065124][ T765] copy_vma (mm/vma.c:1563)
[ 28.065326][ T765] move_vma+0x121/0x4d8
[ 28.065557][ T765] ? mm_get_unmapped_area (mm/mmap.c:930)
[ 28.065792][ T765] mremap_to+0x138/0x1b0
[ 28.066054][ T765] __do_sys_mremap (mm/mremap.c:1176)
[ 28.066270][ T765] ? __lock_release+0x55/0x150
[ 28.066509][ T765] __ia32_sys_mremap (mm/mremap.c:980)
[ 28.066720][ T765] ia32_sys_call (arch/x86/entry/syscall_32.c:44)
[ 28.066923][ T765] __do_fast_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:386)
[ 28.067146][ T765] ? __lock_acquire (kernel/locking/lockdep.c:5142)
[ 28.067365][ T765] ? find_held_lock (kernel/locking/lockdep.c:5249)
[ 28.067575][ T765] ? __lock_release+0x55/0x150
[ 28.067812][ T765] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391)
[ 28.068041][ T765] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 28.068282][ T765] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4420)
[ 28.068511][ T765] ? syscall_exit_to_user_mode (kernel/entry/common.c:221)
[ 28.068763][ T765] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391)
[ 28.069004][ T765] ? do_pte_missing (mm/memory.c:5056 mm/memory.c:5195 mm/memory.c:3955)
[ 28.069236][ T765] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 28.069477][ T765] ? handle_pte_fault (mm/memory.c:5530)
[ 28.069701][ T765] ? mt_find (include/linux/rcupdate.h:336 include/linux/rcupdate.h:869 lib/maple_tree.c:6960)
[ 28.069889][ T765] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 28.077572][ T765] ? __perf_sw_event (kernel/events/internal.h:227 kernel/events/core.c:9996 kernel/events/core.c:10021)
[ 28.078055][ T765] ? __up_read (kernel/locking/rwsem.c:1354)
[ 28.078245][ T765] ? __up_read (kernel/locking/rwsem.c:1354)
[ 28.078435][ T765] ? debug_smp_processor_id (lib/smp_processor_id.c:61)
[ 28.078670][ T765] ? __up_read (kernel/locking/rwsem.c:1354)
[ 28.078859][ T765] ? __up_read (kernel/locking/rwsem.c:1354)
[ 28.079050][ T765] ? trace_preempt_on (kernel/trace/trace_preemptirq.c:105)
[ 28.079265][ T765] ? __up_read (kernel/locking/rwsem.c:1354)
[ 28.079456][ T765] ? preempt_count_sub (kernel/sched/core.c:5672 kernel/sched/core.c:5668 kernel/sched/core.c:5690)
[ 28.079677][ T765] ? irqentry_exit (kernel/entry/common.c:367)
[ 28.079881][ T765] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 28.080126][ T765] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4420)
[ 28.080356][ T765] ? irqentry_exit_to_user_mode (kernel/entry/common.c:234)
[ 28.080612][ T765] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 28.080827][ T765] do_SYSENTER_32 (arch/x86/entry/common.c:450)
[ 28.081065][ T765] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:836)
[ 28.081284][ T765] EIP: 0xb7f41579
[ 28.081446][ T765] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d 76 00 lea 0x0(%rsi),%esi
35: 58 pop %rax
36: b8 77 00 00 00 mov $0x77,%eax
3b: cd 80 int $0x80
3d: 90 nop
3e: 8d .byte 0x8d
3f: 76 .byte 0x76
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d 76 00 lea 0x0(%rsi),%esi
b: 58 pop %rax
c: b8 77 00 00 00 mov $0x77,%eax
11: cd 80 int $0x80
13: 90 nop
14: 8d .byte 0x8d
15: 76 .byte 0x76
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240827/202408271452.c842a71d-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists