Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180302071757.tjih3rdohoqhodvm@inn>
Date: Fri, 2 Mar 2018 15:17:57 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: Ilya Smith <blackzert@...il.com>
Cc: akpm@...ux-foundation.org, dan.j.williams@...el.com, mhocko@...e.com,
	kirill.shutemov@...ux.intel.com, jack@...e.cz, jglisse@...hat.com,
	hughd@...gle.com, willy@...radead.org, deller@....de,
	aarcange@...hat.com, oleg@...hat.com, linux-mm@...ck.org,
	linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
	Ilya Smith <blackzert@...il.com>, lkp@...org
Subject: 097eb0af45: kernel_BUG_at_mm/hugetlb.c

FYI, we noticed the following commit (built with gcc-7):

commit: 097eb0af45c0010f9d5cbbc5f623058b3a275950 ("Randomization of address chosen by mmap.")
url: https://github.com/0day-ci/linux/commits/Ilya-Smith/Randomization-of-address-chosen-by-mmap/20180302-092859
base: git://git.cmpxchg.org/linux-mmotm.git master

in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 1G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------+------------+------------+
|                                          | 745388a346 | 097eb0af45 |
+------------------------------------------+------------+------------+
| boot_successes                           | 6          | 9          |
| boot_failures                            | 0          | 4          |
| kernel_BUG_at_mm/hugetlb.c               | 0          | 4          |
| invalid_opcode:#[##]                     | 0          | 4          |
| RIP:__unmap_hugepage_range               | 0          | 4          |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 4          |
+------------------------------------------+------------+------------+



[   21.297686] kernel BUG at mm/hugetlb.c:3329!
[   21.299026] invalid opcode: 0000 [#1] PREEMPT SMP PTI
[   21.300197] CPU: 1 PID: 507 Comm: trinity-c3 Not tainted 4.16.0-rc2-mm1-00153-g097eb0a #101
[   21.304957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   21.306766] RIP: 0010:__unmap_hugepage_range+0x5f/0x274
[   21.308305] RSP: 0018:ffffa333c0bf7d20 EFLAGS: 00010206
[   21.309410] RAX: 00000000001fffff RBX: ffff8d51ff3a1170 RCX: 0000000000000009
[   21.310950] RDX: 00007f6e7bf10000 RSI: ffff8d51ff3a1170 RDI: ffffa333c0bf7df0
[   21.312471] RBP: 00007f6e7c110000 R08: 0000000000000000 R09: 00007f6e7c110000
[   21.313961] R10: ffffa333c0bf7cc0 R11: 0000000000000000 R12: 00007f6e7bf10000
[   21.315541] R13: ffffa333c0bf7df0 R14: ffff8d51fe8e06f8 R15: ffffffffa4ad4d20
[   21.317080] FS:  0000000000000000(0000) GS:ffff8d51f5800000(0000) knlGS:0000000000000000
[   21.318828] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   21.320055] CR2: 0000560f12c38000 CR3: 000000002a816000 CR4: 00000000000006e0
[   21.322177] DR0: 00007f66fb684000 DR1: 0000000000000000 DR2: 0000000000000000
[   21.324102] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[   21.325642] Call Trace:
[   21.326268]  __unmap_hugepage_range_final+0x9/0x13
[   21.327314]  unmap_single_vma+0x8d/0xcd
[   21.328143]  unmap_vmas+0x30/0x3d
[   21.328840]  exit_mmap+0x93/0x13d
[   21.329553]  mmput+0x64/0xe5
[   21.330227]  do_exit+0x3f1/0x995
[   21.330908]  do_group_exit+0xad/0xad
[   21.331691]  SyS_exit_group+0xb/0xb
[   21.332450]  do_syscall_64+0x6d/0x103
[   21.333246]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[   21.334358] RIP: 0033:0x6f45afc331c8
[   21.335126] RSP: 002b:00007ffd436fcaa8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
[   21.336525] RAX: ffffffffffffffda RBX: 4a4a4a4a4a4a4a4a RCX: 00006f45afc331c8
[   21.337836] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   21.339366] RBP: 00006bd156196064 R08: 00000000000000e7 R09: ffffffffffffff98
[   21.340895] R10: 0000000000000207 R11: 0000000000000202 R12: 0000000000000045
[   21.342406] R13: 000000000000001a R14: 0000560f120153a0 R15: 00000000cccccccd
[   21.343895] Code: 07 00 00 4c 8b 78 58 b8 00 10 00 00 41 8b 4f 08 48 d3 e0 f6 46 52 40 48 89 04 24 75 02 0f 0b 49 8b 47 10 48 f7 d0 48 85 d0 74 02 <0f> 0b 4c 85 c8 74 02 0f 0b 8b 04 24 48 8b 6e 40 49 89 fc 4c 89 
[   21.346557] RIP: __unmap_hugepage_range+0x5f/0x274 RSP: ffffa333c0bf7d20
[   21.348945] 01 00 00 00 48 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 39 f2 07 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
[   21.348955] 
[   21.350744] ---[ end trace 685bd0bde9f67ae5 ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script  # job-script is attached in this email



Thanks,
lkp

View attachment "config-4.16.0-rc2-mm1-00153-g097eb0a" of type "text/plain" (128670 bytes)

View attachment "job-script" of type "text/plain" (3811 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (15684 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.