| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202509041007.5c891a1-lkp@intel.com>
Date: Thu, 4 Sep 2025 10:59:45 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Thomas Weißschuh <thomas.weissschuh@...utronix.de>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
Anna-Maria Behnsen <anna-maria@...utronix.de>, Frederic Weisbecker
<frederic@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Andy Lutomirski
<luto@...nel.org>, Vincenzo Frascino <vincenzo.frascino@....com>, Nam Cao
<namcao@...utronix.de>, Thomas Weißschuh
<thomas.weissschuh@...utronix.de>, <oliver.sang@...el.com>
Subject: Re: [PATCH v2 3/3] vdso/datastore: Map zero page for unavailable data
Hello,
kernel test robot noticed "WARNING:at_include/linux/rmap.h:#__folio_rmap_sanity_checks" on:
commit: a2efb5881ffebbc0d9dda8a9751e1d7867d97407 ("[PATCH v2 3/3] vdso/datastore: Map zero page for unavailable data")
url: https://github.com/intel-lab-lkp/linux/commits/Thomas-Wei-schuh/vdso-datastore-Explicitly-prevent-remote-access-to-timens-vvar-page/20250901-204507
patch link: https://lore.kernel.org/all/20250901-vdso-mlockall-v2-3-68f5a6f03345@linutronix.de/
patch subject: [PATCH v2 3/3] vdso/datastore: Map zero page for unavailable data
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: trivial
config: x86_64-randconfig-004-20250902
compiler: gcc-11
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+--------------------------------------------------------------------------------------+------------+------------+
| | c6b2010c61 | a2efb5881f |
+--------------------------------------------------------------------------------------+------------+------------+
| boot_successes | 10 | 0 |
| WARNING:at_include/linux/rmap.h:#__folio_rmap_sanity_checks | 0 | 10 |
| RIP:__folio_rmap_sanity_checks | 0 | 10 |
| WARNING:at_mm/memory.c:#vm_normal_page | 0 | 10 |
| RIP:vm_normal_page | 0 | 10 |
+--------------------------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202509041007.5c891a1-lkp@intel.com
[ 356.804073][ T816] ------------[ cut here ]------------
[ 356.804496][ T816] WARNING: CPU: 0 PID: 816 at include/linux/rmap.h:414 __folio_rmap_sanity_checks+0xa9/0x2ef
[ 356.805346][ T816] Modules linked in: rcutorture torture mousedev tiny_power_button button drm fuse drm_panel_orientation_quirks firmware_class
[ 356.806436][ T816] CPU: 0 UID: 0 PID: 816 Comm: watchdog Not tainted 6.17.0-rc1-00003-ga2efb5881ffe #1 PREEMPT(lazy)
[ 356.807235][ T816] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 356.808073][ T816] RIP: __folio_rmap_sanity_checks+0xa9/0x2ef
[ 356.808648][ T816] Code: 75 43 4c 89 e7 48 c7 c6 6c 3e 99 aa e8 26 12 fe ff b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 60 14 2b ab e8 20 78 f6 ff 90 <0f> 0b 90 b9 01 00 00 00 31 d2 be 01 00 00 00 48 c7 c7 30 14 2b ab
All code
========
0: 75 43 jne 0x45
2: 4c 89 e7 mov %r12,%rdi
5: 48 c7 c6 6c 3e 99 aa mov $0xffffffffaa993e6c,%rsi
c: e8 26 12 fe ff call 0xfffffffffffe1237
11: b9 01 00 00 00 mov $0x1,%ecx
16: 31 d2 xor %edx,%edx
18: be 01 00 00 00 mov $0x1,%esi
1d: 48 c7 c7 60 14 2b ab mov $0xffffffffab2b1460,%rdi
24: e8 20 78 f6 ff call 0xfffffffffff67849
29: 90 nop
2a:* 0f 0b ud2 <-- trapping instruction
2c: 90 nop
2d: b9 01 00 00 00 mov $0x1,%ecx
32: 31 d2 xor %edx,%edx
34: be 01 00 00 00 mov $0x1,%esi
39: 48 c7 c7 30 14 2b ab mov $0xffffffffab2b1430,%rdi
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 90 nop
3: b9 01 00 00 00 mov $0x1,%ecx
8: 31 d2 xor %edx,%edx
a: be 01 00 00 00 mov $0x1,%esi
f: 48 c7 c7 30 14 2b ab mov $0xffffffffab2b1430,%rdi
[ 356.810186][ T816] RSP: 0000:ffff888134027ac0 EFLAGS: 00010202
[ 356.810645][ T816] RAX: 0000000000000047 RBX: 0000000000000001 RCX: 0000000000000001
[ 356.811230][ T816] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffffab2b1460
[ 356.811812][ T816] RBP: ffff888134027af0 R08: 0000000000000000 R09: 0000000098376116
[ 356.812426][ T816] R10: ffffffffab039418 R11: 6e776f5f65676170 R12: ffffea0008d4e800
[ 356.812956][ T816] R13: ffffea0008d4e800 R14: 00000000002353a0 R15: 0000000000000001
[ 356.813474][ T816] FS: 0000000000000000(0000) GS:0000000000000000(0063) knlGS:00000000f7f5d180
[ 356.814114][ T816] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 356.814536][ T816] CR2: 00000000f69bf000 CR3: 000000013380e000 CR4: 00000000000406b0
[ 356.815051][ T816] Call Trace:
[ 356.815271][ T816] <TASK>
[ 356.815472][ T816] folio_add_file_rmap_ptes (mm/rmap.c:1256 mm/rmap.c:1620 mm/rmap.c:1642)
[ 356.815828][ T816] set_pte_range (mm/memory.c:5313)
[ 356.816166][ T816] finish_fault (mm/memory.c:5438)
[ 356.816458][ T816] ? mmap_read_trylock (include/linux/mmap_lock.h:42 include/linux/mmap_lock.h:473)
[ 356.816779][ T816] do_read_fault (mm/memory.c:5578)
[ 356.817083][ T816] do_pte_missing (mm/memory.c:5707 mm/memory.c:4234)
[ 356.817405][ T816] handle_pte_fault (mm/memory.c:6052)
[ 356.817800][ T816] __handle_mm_fault (mm/memory.c:6196)
[ 356.818061][ T816] handle_mm_fault (mm/memory.c:6375)
[ 356.818306][ T816] faultin_page (mm/gup.c:1146)
[ 356.818539][ T816] __get_user_pages (mm/gup.c:1448)
[ 356.818788][ T816] ? __rcu_read_unlock (kernel/rcu/tree_plugin.h:445 (discriminator 3))
[ 356.819052][ T816] populate_vma_page_range (mm/gup.c:1880 (discriminator 4))
[ 356.819336][ T816] __mm_populate (mm/gup.c:1984)
[ 356.819571][ T816] __do_sys_mlockall (mm/mlock.c:771)
[ 356.819824][ T816] __ia32_sys_mlockall (mm/mlock.c:745)
[ 356.820108][ T816] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-004-20250902/./arch/x86/include/generated/asm/syscalls_32.h:153)
[ 356.820361][ T816] do_int80_emulation (arch/x86/entry/syscall_32.c:83 arch/x86/entry/syscall_32.c:172)
[ 356.820799][ T816] asm_int80_emulation (arch/x86/include/asm/idtentry.h:626)
[ 356.821214][ T816] RIP: 0023:0xf7f64579
[ 356.833927][ T816] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 0f 1f 40 00 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24: 0f 1f 40 00 nopl 0x0(%rax)
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 2e 8d b4 26 00 00 00 cs lea 0x0(%rsi,%riz,1),%esi
39: 00
3a: 8d .byte 0x8d
3b: b4 26 mov $0x26,%ah
3d: 00 00 add %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 2e 8d b4 26 00 00 00 cs lea 0x0(%rsi,%riz,1),%esi
f: 00
10: 8d .byte 0x8d
11: b4 26 mov $0x26,%ah
13: 00 00 add %al,(%rax)
...
[ 356.835490][ T816] RSP: 002b:00000000ff91bdbc EFLAGS: 00000296 ORIG_RAX: 0000000000000098
[ 356.836193][ T816] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[ 356.836811][ T816] RDX: 000000005664ddf8 RSI: 0000000000000330 RDI: 000000005664eac4
[ 356.837429][ T816] RBP: 00000000ff91c098 R08: 0000000000000000 R09: 0000000000000000
[ 356.842378][ T816] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 356.843073][ T816] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 356.843785][ T816] </TASK>
[ 356.844134][ T816] irq event stamp: 4067
[ 356.844505][ T816] hardirqs last enabled at (4075): __up_console_sem (arch/x86/include/asm/irqflags.h:26 (discriminator 3) arch/x86/include/asm/irqflags.h:109 (discriminator 3) arch/x86/include/asm/irqflags.h:151 (discriminator 3) kernel/printk/printk.c:344 (discriminator 3))
[ 356.845309][ T816] hardirqs last disabled at (4082): __up_console_sem (kernel/printk/printk.c:342 (discriminator 3))
[ 356.846150][ T816] softirqs last enabled at (4064): handle_softirqs (kernel/softirq.c:426 kernel/softirq.c:607)
[ 356.846879][ T816] softirqs last disabled at (4053): __do_softirq (kernel/softirq.c:614)
[ 356.847568][ T816] ---[ end trace 0000000000000000 ]---
[ OK ] Started watchdog daemon.
[ OK ] Reached target Graphical Interface.
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250904/202509041007.5c891a1-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists