[lkp] [mm] b720bfad4e: kernel BUG at mm/mmap.c:324!

Thursday, 29 September 2016

FYI, we noticed the following commit:

git://git.cmpxchg.org/linux-mmotm.git master
commit b720bfad4ee73c0801ca2a3352464242f1806417 ("mm: vma_merge: fix vm_page_prot SMP
race condition against rmap_walk")

in testcase: trinity
with following parameters:

	runtime: 300s

Trinity is a linux system call fuzz tester.

on test machine: qemu-system-x86_64 -enable-kvm -m 320M

caused below changes:

+-----------------------------------------------------------------------------+------------+------------+
|                                                                             | 4f38cc6f62
| b720bfad4e |
+-----------------------------------------------------------------------------+------------+------------+
| boot_successes                                                              | 8         
| 4          |
| boot_failures                                                               | 33        
| 38         |
| invoked_oom-killer:gfp_mask=0x                                              | 32        
| 1          |
| Mem-Info                                                                    | 32        
| 1          |
| page_allocation_failure:order:#,mode:#(GFP_KERNEL|__GFP_COMP|__GFP_NOTRACK) | 5         
|            |
| warn_alloc_failed+0x                                                        | 15        
|            |
| Out_of_memory:Kill_process                                                  | 5         
|            |
| BUG:kernel_reboot-without-warning_in_test_stage                             | 1         
|            |
| kernel_BUG_at_mm/mmap.c                                                     | 0         
| 37         |
| invalid_opcode:#[##]PREEMPT_SMP_KASAN                                       | 0         
| 37         |
| RIP:validate_mm_rb                                                          | 0         
| 37         |
| calltrace:SyS_mprotect                                                      | 0         
| 37         |
| Kernel_panic-not_syncing:Fatal_exception                                    | 0         
| 37         |
+-----------------------------------------------------------------------------+------------+------------+

[   70.257752] pgoff 0 file ffff880004b8bc00 private_data           (null)
[   70.257752] flags:
0x80000fb(read|write|shared|mayread|maywrite|mayexec|mayshare|softdirty)
[   70.265697] ------------[ cut here ]------------
[   70.268256] kernel BUG at mm/mmap.c:324!
[   70.269129] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   70.269849] Modules linked in:
[   70.270322] CPU: 0 PID: 1349 Comm: trinity-c3 Not tainted 4.8.0-rc7-mm1-00115-gb720bfa
#1
[   70.280632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1
04/01/2014
[   70.282012] task: ffff8800044be000 task.stack: ffff880003cb8000
[   70.282833] RIP: 0010:[<ffffffffaa0dfaed>]  [<ffffffffaa0dfaed>]
validate_mm_rb+0x5b/0x73
[   70.283962] RSP: 0018:ffff880003cbfae0  EFLAGS: 00010282
[   70.284657] RAX: 0000000000000154 RBX: ffff8800030d0320 RCX: 0000000000000000
[   70.289730] RDX: 0000000000000154 RSI: ffffffffaae810e0 RDI: ffffed0000797f3a
[   70.290992] RBP: ffff880003cbfb00 R08: 0000000000000001 R09: 0000000000000000
[   70.293051] R10: 0000000000000000 R11: ffffffffac9e33fe R12: ffff8800030d0300
[   70.294035] R13: ffff88000447bc00 R14: dffffc0000000000 R15: 0000000000000000
[   70.295074] FS:  0000000000000000(0000) GS:ffff88000be00000(0063)
knlGS:0000000008df2840
[   70.296198] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   70.300873] CR2: 0000000008f285ec CR3: 00000000029b1000 CR4: 00000000000006f0
[   70.301834] Stack:
[   70.302121]  ffff88000447bc00 dffffc0000000000 ffff88000447bc00 ffff8800096c6008
[   70.305306]  ffff880003cbfb50 ffffffffaa0e0a1a ffff8800032c4878 0000000000000000
[   70.306403]  ffff88000447bc58 ffff88000447bc00 dffffc0000000000 ffff8800030d0300
[   70.307462] Call Trace:
[   70.307820]  [<ffffffffaa0e0a1a>] vma_rb_erase+0x22/0x6ce
[   70.308534]  [<ffffffffaa0e1f98>] __vma_adjust+0xbb8/0x109c
[   70.313391]  [<ffffffffaa0e13e0>] ? vma_link+0xff/0xff
[   70.314115]  [<ffffffffaa067950>] ? perf_pending_event+0xab/0xab
[   70.314989]  [<ffffffffaadf3c28>] ? _raw_spin_unlock+0x2c/0x3f
[   70.319758]  [<ffffffffaa0d17dc>] ? do_wp_page+0xcf7/0x16b2
[   70.323876]  [<ffffffffaa0e2e78>] vma_merge+0x51c/0x75d
[   70.324601]  [<ffffffffaa0e9b4c>] mprotect_fixup+0x26f/0x49f
[   70.325470]  [<ffffffffaa0ea23b>] SyS_mprotect+0x4bf/0x5d6
[   70.326272]  [<ffffffffaa0e9d7c>] ? mprotect_fixup+0x49f/0x49f
[   70.327102]  [<ffffffffaa067c8a>] ? __perf_sw_event+0x45/0x5a
[   70.327882]  [<ffffffffa9e8d0b0>] ? __do_page_fault+0x862/0x871
[   70.328665]  [<ffffffffaa0e9d7c>] ? mprotect_fixup+0x49f/0x49f
[   70.333542]  [<ffffffffa9e03700>] do_fast_syscall_32+0x3ef/0x5bb
[   70.334356]  [<ffffffffaadf58ac>] entry_SYSENTER_compat+0x4c/0x5b
[   70.335206] Code: 7b 18 48 89 f8 48 c1 e8 03 42 80 3c 30 00 74 05 e8 b3 f6 02 00 4c 89
e7 e8 1f f5 ff ff 48 39 43 18 74 0a 4c 89 e7 e8 0d 9b fe ff <0f> 0b 48 89 df e8 34
13 2b 00 48 89 c3 eb b6 5b 41 5c 41 5d 41 
[   70.343385] RIP  [<ffffffffaa0dfaed>] validate_mm_rb+0x5b/0x73
[   70.349287]  RSP <ffff880003cbfae0>
[   70.355869] ---[ end trace 489bddbe11d3578f ]---
[   70.434206] Kernel panic - not syncing: Fatal exception

To reproduce:

        git clone git://git.kernel.org/pub/scm/linux/kernel/git/wfg/lkp-tests.git
        cd lkp-tests
        bin/lkp install job.yaml  # job file is attached in this email
        bin/lkp run     job.yaml

Thanks,
Xiaolong

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013