Greeting,
FYI, we noticed the following commit (built with clang-15):
commit: d1ec551f874e1663bfe76b994c0010a4566cf936 ("x86/pgtable: support __HAVE_ARCH_PTE_SWP_EXCLUSIVE")
https://github.com/hnaz/linux-mm master
in testcase: trinity
version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06
with following parameters:
runtime: 300s
group: group-01
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <[email protected]>
[ 40.201103][ T5099] BUG: Bad page map in process trinity-c7 pte:1713003a pmd:7ff71067
[ 40.201999][ T5099] addr:096e7000 vm_flags:00100073 anon_vma:bff0aa00 mapping:00000000 index:96e7
[ 40.202718][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 40.203229][ T5099] CPU: 0 PID: 5099 Comm: trinity-c7 Not tainted 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
[ 40.203952][ T5099] Call Trace:
[ 40.204195][ T5099] ? dump_stack_lvl (??:?)
[ 40.204581][ T5099] ? dump_stack (??:?)
[ 40.204970][ T5099] ? print_bad_pte (memory.c:?)
[ 40.205384][ T5099] ? unmap_page_range (??:?)
[ 40.205843][ T5099] ? unmap_single_vma (memory.c:?)
[ 40.206271][ T5099] ? unmap_vmas (??:?)
[ 40.206647][ T5099] ? exit_mmap (??:?)
[ 40.207032][ T5099] ? __mmput (fork.c:?)
[ 40.207405][ T5099] ? mmput (??:?)
[ 40.207751][ T5099] ? exit_mm (exit.c:?)
[ 40.208121][ T5099] ? do_exit (??:?)
[ 40.208497][ T5099] ? do_group_exit (??:?)
[ 40.208905][ T5099] ? trace_hardirqs_on (??:?)
[ 40.209345][ T5099] ? get_signal (??:?)
[ 40.209750][ T5099] ? arch_do_signal_or_restart (??:?)
[ 40.210287][ T5099] ? exit_to_user_mode_loop (common.c:?)
[ 40.210778][ T5099] ? exit_to_user_mode_prepare (common.c:?)
[ 40.211302][ T5099] ? syscall_exit_to_user_mode (??:?)
[ 40.211808][ T5099] ? ret_from_fork (??:?)
[ 40.212268][ T5099] Disabling lock debugging due to kernel taint
[ 40.231123][ T5097] BUG: Bad page map in process trinity-c5 pte:171e0a3e pmd:0a8d3067
[ 40.231770][ T5099] BUG: Bad page map in process trinity-c7 pte:1713023a pmd:7ff71067
[ 40.231883][ T5097] addr:36ed5000 vm_flags:000000fb anon_vma:00000000 mapping:485d0d80 index:1
[ 40.232611][ T5099] addr:096e8000 vm_flags:00100073 anon_vma:bff0ab18 mapping:00000000 index:96e8
[ 40.233429][ T5097] file:dev/zero fault:shmem_fault mmap:shmem_mmap readpage:0x0
[ 40.234271][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 40.234971][ T5097] CPU: 1 PID: 5097 Comm: trinity-c5 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
[ 40.236510][ T5097] Call Trace:
[ 40.236805][ T5097] dump_stack_lvl (??:?)
[ 40.237195][ T5097] dump_stack (??:?)
[ 40.237547][ T5097] print_bad_pte (memory.c:?)
[ 40.237947][ T5097] unmap_page_range (??:?)
[ 40.238399][ T5097] unmap_single_vma (memory.c:?)
[ 40.238819][ T5097] unmap_vmas (??:?)
[ 40.239196][ T5097] exit_mmap (??:?)
[ 40.239579][ T5097] __mmput (fork.c:?)
[ 40.239920][ T5097] mmput (??:?)
[ 40.240270][ T5097] exit_mm (exit.c:?)
[ 40.240632][ T5097] do_exit (??:?)
[ 40.241007][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.241492][ T5097] do_group_exit (??:?)
[ 40.241894][ T5097] __ia32_sys_exit_group (??:?)
[ 40.242385][ T5097] __do_fast_syscall_32 (common.c:?)
[ 40.242850][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.243361][ T5097] ? lock_release (??:?)
[ 40.243774][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.244264][ T5097] ? irqentry_exit (??:?)
[ 40.244683][ T5097] ? irqentry_exit (??:?)
[ 40.245100][ T5097] ? irqentry_exit_to_user_mode (??:?)
[ 40.245586][ T5097] ? __do_fast_syscall_32 (common.c:?)
[ 40.246054][ T5097] ? irqentry_exit (??:?)
[ 40.246467][ T5097] ? exc_page_fault (??:?)
[ 40.246914][ T5097] do_fast_syscall_32 (??:?)
[ 40.247358][ T5097] do_SYSENTER_32 (??:?)
[ 40.247766][ T5097] entry_SYSENTER_32 (??:?)
[ 40.248212][ T5097] EIP: 0x37f4c509
[ 40.248542][ T5097] Code: Unable to access opcode bytes at RIP 0x37f4c4df.
Code starting with the faulting instruction
===========================================
[ 40.249171][ T5097] EAX: ffffffda EBX: 00000001 ECX: 00000000 EDX: 00000007
[ 40.249805][ T5097] ESI: 371e5000 EDI: 371e5030 EBP: ffffffff ESP: 3fa05f5c
[ 40.250472][ T5097] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 007b EFLAGS: 00000216
[ 40.254660][ T5099] CPU: 0 PID: 5099 Comm: trinity-c7 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
[ 40.259088][ T5099] Call Trace:
[ 40.259386][ T5099] ? dump_stack_lvl (??:?)
[ 40.259790][ T5099] ? dump_stack (??:?)
[ 40.260147][ T5099] ? print_bad_pte (memory.c:?)
[ 40.260564][ T5099] ? unmap_page_range (??:?)
[ 40.260778][ T5097] BUG: Bad page map in process trinity-c5 pte:171e0e3e pmd:0a8d3067
[ 40.260997][ T5099] ? unmap_single_vma (memory.c:?)
[ 40.261728][ T5097] addr:36ed7000 vm_flags:000000fb anon_vma:00000000 mapping:485d0d80 index:3
[ 40.262182][ T5099] ? unmap_vmas (??:?)
[ 40.262958][ T5097] file:dev/zero fault:shmem_fault mmap:shmem_mmap readpage:0x0
[ 40.263374][ T5099] ? exit_mmap (??:?)
[ 40.264462][ T5099] ? __mmput (fork.c:?)
[ 40.264827][ T5099] ? mmput (??:?)
[ 40.265179][ T5099] ? exit_mm (exit.c:?)
[ 40.265563][ T5099] ? do_exit (??:?)
[ 40.265962][ T5099] ? do_group_exit (??:?)
[ 40.266399][ T5099] ? trace_hardirqs_on (??:?)
[ 40.266845][ T5099] ? get_signal (??:?)
[ 40.267254][ T5099] ? arch_do_signal_or_restart (??:?)
[ 40.267752][ T5099] ? exit_to_user_mode_loop (common.c:?)
[ 40.268228][ T5099] ? exit_to_user_mode_prepare (common.c:?)
[ 40.268719][ T5099] ? syscall_exit_to_user_mode (??:?)
[ 40.269211][ T5099] ? ret_from_fork (??:?)
[ 40.269608][ T5097] CPU: 1 PID: 5097 Comm: trinity-c5 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
[ 40.272368][ T5097] Call Trace:
[ 40.273126][ T5097] dump_stack_lvl (??:?)
[ 40.274237][ T5097] dump_stack (??:?)
[ 40.275198][ T5097] print_bad_pte (memory.c:?)
[ 40.276320][ T5097] unmap_page_range (??:?)
[ 40.277590][ T5097] unmap_single_vma (memory.c:?)
[ 40.278811][ T5097] unmap_vmas (??:?)
[ 40.279932][ T5097] exit_mmap (??:?)
[ 40.281041][ T5097] __mmput (fork.c:?)
[ 40.282054][ T5097] mmput (??:?)
[ 40.283036][ T5097] exit_mm (exit.c:?)
[ 40.284073][ T5097] do_exit (??:?)
[ 40.285071][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.286479][ T5097] do_group_exit (??:?)
[ 40.287604][ T5097] __ia32_sys_exit_group (??:?)
[ 40.288968][ T5097] __do_fast_syscall_32 (common.c:?)
[ 40.290162][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.291440][ T5097] ? lock_release (??:?)
[ 40.292436][ T5097] ? rcu_read_lock_sched_held (??:?)
[ 40.292946][ T5097] ? irqentry_exit (??:?)
[ 40.293399][ T5097] ? irqentry_exit (??:?)
[ 40.293843][ T5097] ? irqentry_exit_to_user_mode (??:?)
[ 40.294391][ T5097] ? __do_fast_syscall_32 (common.c:?)
[ 40.294884][ T5097] ? irqentry_exit (??:?)
[ 40.295320][ T5097] ? exc_page_fault (??:?)
[ 40.295758][ T5097] do_fast_syscall_32 (??:?)
[ 40.296193][ T5097] do_SYSENTER_32 (??:?)
[ 40.296600][ T5097] entry_SYSENTER_32 (??:?)
[ 40.297028][ T5097] EIP: 0x37f4c509
[ 40.297373][ T5097] Code: Unable to access opcode bytes at RIP 0x37f4c4df.
To reproduce:
# build kernel
cd linux
cp config-5.18.0-rc2-mm1-00053-gd1ec551f874e .config
make HOSTCC=clang-15 CC=clang-15 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=clang-15 CC=clang-15 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
On 19.04.22 09:59, kernel test robot wrote:
>
>
> Greeting,
>
> FYI, we noticed the following commit (built with clang-15):
>
> commit: d1ec551f874e1663bfe76b994c0010a4566cf936 ("x86/pgtable: support __HAVE_ARCH_PTE_SWP_EXCLUSIVE")
> https://github.com/hnaz/linux-mm master
>
> in testcase: trinity
> version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06
> with following parameters:
>
> runtime: 300s
> group: group-01
>
> test-description: Trinity is a linux system call fuzz tester.
> test-url: http://codemonkey.org.uk/projects/trinity/
>
>
> on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
>
> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
>
>
>
> If you fix the issue, kindly add following tag
> Reported-by: kernel test robot <[email protected]>
>
>
> [ 40.201103][ T5099] BUG: Bad page map in process trinity-c7 pte:1713003a pmd:7ff71067
> [ 40.201999][ T5099] addr:096e7000 vm_flags:00100073 anon_vma:bff0aa00 mapping:00000000 index:96e7
> [ 40.202718][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0
> [ 40.203229][ T5099] CPU: 0 PID: 5099 Comm: trinity-c7 Not tainted 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
> [ 40.203952][ T5099] Call Trace:
> [ 40.204195][ T5099] ? dump_stack_lvl (??:?)
> [ 40.204581][ T5099] ? dump_stack (??:?)
> [ 40.204970][ T5099] ? print_bad_pte (memory.c:?)
> [ 40.205384][ T5099] ? unmap_page_range (??:?)
> [ 40.205843][ T5099] ? unmap_single_vma (memory.c:?)
> [ 40.206271][ T5099] ? unmap_vmas (??:?)
> [ 40.206647][ T5099] ? exit_mmap (??:?)
> [ 40.207032][ T5099] ? __mmput (fork.c:?)
> [ 40.207405][ T5099] ? mmput (??:?)
> [ 40.207751][ T5099] ? exit_mm (exit.c:?)
> [ 40.208121][ T5099] ? do_exit (??:?)
> [ 40.208497][ T5099] ? do_group_exit (??:?)
> [ 40.208905][ T5099] ? trace_hardirqs_on (??:?)
> [ 40.209345][ T5099] ? get_signal (??:?)
> [ 40.209750][ T5099] ? arch_do_signal_or_restart (??:?)
> [ 40.210287][ T5099] ? exit_to_user_mode_loop (common.c:?)
> [ 40.210778][ T5099] ? exit_to_user_mode_prepare (common.c:?)
> [ 40.211302][ T5099] ? syscall_exit_to_user_mode (??:?)
> [ 40.211808][ T5099] ? ret_from_fork (??:?)
> [ 40.212268][ T5099] Disabling lock debugging due to kernel taint
> [ 40.231123][ T5097] BUG: Bad page map in process trinity-c5 pte:171e0a3e pmd:0a8d3067
> [ 40.231770][ T5099] BUG: Bad page map in process trinity-c7 pte:1713023a pmd:7ff71067
> [ 40.231883][ T5097] addr:36ed5000 vm_flags:000000fb anon_vma:00000000 mapping:485d0d80 index:1
> [ 40.232611][ T5099] addr:096e8000 vm_flags:00100073 anon_vma:bff0ab18 mapping:00000000 index:96e8
> [ 40.233429][ T5097] file:dev/zero fault:shmem_fault mmap:shmem_mmap readpage:0x0
> [ 40.234271][ T5099] file:(null) fault:0x0 mmap:0x0 readpage:0x0
> [ 40.234971][ T5097] CPU: 1 PID: 5097 Comm: trinity-c5 Tainted: G B 5.18.0-rc2-mm1-00053-gd1ec551f874e #1
> [ 40.236510][ T5097] Call Trace:
This is 32bit (i386) I assume. I wonder if something about the 32bit swp
layout is special and we have to restrict it to 64bit here.
--
Thanks,
David / dhildenb