Re: [PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock

Tue, 10 Jun 2025 00:59:31 -0700 


Hello,

kernel test robot noticed "WARNING:at_include/linux/rwsem.h:#anon_vma_name" on:

commit: 5c3ce17006c6188d249bc07bfa639f2d76bbd8ac ("[PATCH v4 6/7] mm/maps: read 
proc/pid/maps under per-vma lock")
url: 
https://github.com/intel-lab-lkp/linux/commits/Suren-Baghdasaryan/selftests-proc-add-proc-pid-maps-tearing-from-vma-split-test/20250605-071433
patch link: 
https://lore.kernel.org/all/20250604231151.799834-7-sur...@google.com/
patch subject: [PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock

in testcase: locktorture
version: 
with following parameters:

        runtime: 300s
        test: cpuhotplug



config: x86_64-randconfig-005-20250606
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+-------------------------------------------------------------------------------+------------+------------+
|                                                                               
| fa0f347301 | 5c3ce17006 |
+-------------------------------------------------------------------------------+------------+------------+
| WARNING:at_include/linux/rwsem.h:#anon_vma_name                               
| 0          | 10         |
| RIP:anon_vma_name                                                             
| 0          | 10         |
+-------------------------------------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.s...@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202506101503.903c6ffa-...@intel.com


[   41.709983][  T353] ------------[ cut here ]------------
[ 41.710541][ T353] WARNING: CPU: 1 PID: 353 at include/linux/rwsem.h:195 
anon_vma_name (include/linux/rwsem.h:195) 
[   41.711251][  T353] Modules linked in:
[   41.711616][  T353] CPU: 1 UID: 0 PID: 353 Comm: grep Tainted: G             
   T   6.15.0-11198-g5c3ce17006c6 #1 PREEMPT  
ce6b47a049c5ee6720891bd644c96f2c3c349eba
[   41.712738][  T353] Tainted: [T]=RANDSTRUCT
[   41.713101][  T353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), 
BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 41.713902][ T353] RIP: 0010:anon_vma_name (include/linux/rwsem.h:195) 
[ 41.714327][ T353] Code: 74 28 48 83 c3 40 48 89 d8 48 c1 e8 03 42 80 3c 38 00 
74 08 48 89 df e8 ac 4b 02 00 48 8b 03 5b 41 5e 41 5f c3 cc cc cc cc cc <0f> 0b 
eb d4 48 c7 c1 74 46 b4 89 80 e1 07 80 c1 03 38 c1 7c 87 48
All code
========
   0:   74 28                   je     0x2a
   2:   48 83 c3 40             add    $0x40,%rbx
   6:   48 89 d8                mov    %rbx,%rax
   9:   48 c1 e8 03             shr    $0x3,%rax
   d:   42 80 3c 38 00          cmpb   $0x0,(%rax,%r15,1)
  12:   74 08                   je     0x1c
  14:   48 89 df                mov    %rbx,%rdi
  17:   e8 ac 4b 02 00          call   0x24bc8
  1c:   48 8b 03                mov    (%rbx),%rax
  1f:   5b                      pop    %rbx
  20:   41 5e                   pop    %r14
  22:   41 5f                   pop    %r15
  24:   c3                      ret
  25:   cc                      int3
  26:   cc                      int3
  27:   cc                      int3
  28:   cc                      int3
  29:   cc                      int3
  2a:*  0f 0b                   ud2             <-- trapping instruction
  2c:   eb d4                   jmp    0x2
  2e:   48 c7 c1 74 46 b4 89    mov    $0xffffffff89b44674,%rcx
  35:   80 e1 07                and    $0x7,%cl
  38:   80 c1 03                add    $0x3,%cl
  3b:   38 c1                   cmp    %al,%cl
  3d:   7c 87                   jl     0xffffffffffffffc6
  3f:   48                      rex.W

Code starting with the faulting instruction
===========================================
   0:   0f 0b                   ud2
   2:   eb d4                   jmp    0xffffffffffffffd8
   4:   48 c7 c1 74 46 b4 89    mov    $0xffffffff89b44674,%rcx
   b:   80 e1 07                and    $0x7,%cl
   e:   80 c1 03                add    $0x3,%cl
  11:   38 c1                   cmp    %al,%cl
  13:   7c 87                   jl     0xffffffffffffff9c
  15:   48                      rex.W
[   41.715798][  T353] RSP: 0018:ffffc90002dcf9d8 EFLAGS: 00010246
[   41.716286][  T353] RAX: 0000000000000000 RBX: ffff888135319c40 RCX: 
ffffc90002dcfa78
[   41.716889][  T353] RDX: ffffc90002dcfa70 RSI: ffff88816ea2bc30 RDI: 
ffff88816d7485a8
[   41.717509][  T353] RBP: ffffc90002dcfa80 R08: 0000000000000000 R09: 
0000000000000002
[   41.718117][  T353] R10: 0000000000000000 R11: ffffffff81ebd610 R12: 
dffffc0000000000
[   41.718710][  T353] R13: ffff888135319d10 R14: ffff888135319d10 R15: 
dffffc0000000000
[   41.719318][  T353] FS:  00007f17e7a81740(0000) GS:ffff88842312b000(0000) 
knlGS:0000000000000000
[   41.719998][  T353] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.720503][  T353] CR2: 000055c5de49dc78 CR3: 0000000135bcc000 CR4: 
00000000000406b0
[   41.721114][  T353] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[   41.721717][  T353] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400
[   41.722373][  T353] Call Trace:
[   41.722640][  T353]  <TASK>
[ 41.722881][ T353] get_vma_name (fs/proc/task_mmu.c:?) 
[ 41.723253][ T353] show_map_vma (fs/proc/task_mmu.c:509) 
[ 41.723617][ T353] show_map (fs/proc/task_mmu.c:525) 
[ 41.723922][ T353] seq_read_iter (fs/seq_file.c:231) 
[ 41.724311][ T353] seq_read (fs/seq_file.c:162) 
[ 41.724653][ T353] vfs_read (fs/read_write.c:570) 
[ 41.724981][ T353] ? do_syscall_64 (arch/x86/entry/syscall_64.c:113) 
[ 41.725384][ T353] ksys_read (fs/read_write.c:715) 
[ 41.725703][ T353] ? entry_SYSCALL_64_after_hwframe 
(arch/x86/entry/entry_64.S:130) 
[ 41.726174][ T353] do_syscall_64 (arch/x86/entry/syscall_64.c:?) 
[ 41.726538][ T353] ? find_held_lock (kernel/locking/lockdep.c:5353) 
[ 41.726900][ T353] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 
arch/x86/include/asm/irqflags.h:109 arch/x86/include/asm/irqflags.h:151 
arch/x86/mm/fault.c:1484 arch/x86/mm/fault.c:1532) 
[ 41.727288][ T353] ? do_user_addr_fault (arch/x86/include/asm/atomic.h:93 
include/linux/atomic/atomic-arch-fallback.h:949 
include/linux/atomic/atomic-instrumented.h:401 include/linux/refcount.h:389 
include/linux/refcount.h:432 include/linux/mmap_lock.h:142 
include/linux/mmap_lock.h:237 arch/x86/mm/fault.c:1338) 
[ 41.727706][ T353] ? lockdep_hardirqs_on_prepare 
(kernel/locking/lockdep.c:473) 
[ 41.728190][ T353] ? exc_page_fault (arch/x86/mm/fault.c:1536) 
[ 41.728590][ T353] entry_SYSCALL_64_after_hwframe 
(arch/x86/entry/entry_64.S:130) 
[   41.729073][  T353] RIP: 0033:0x7f17e7b7c19d
[ 41.729432][ T353] Code: 31 c0 e9 c6 fe ff ff 50 48 8d 3d 66 54 0a 00 e8 49 ff 
01 00 66 0f 1f 84 00 00 00 00 00 80 3d 41 24 0e 00 00 74 17 31 c0 0f 05 <48> 3d 
00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec
All code
========
   0:   31 c0                   xor    %eax,%eax
   2:   e9 c6 fe ff ff          jmp    0xfffffffffffffecd
   7:   50                      push   %rax
   8:   48 8d 3d 66 54 0a 00    lea    0xa5466(%rip),%rdi        # 0xa5475
   f:   e8 49 ff 01 00          call   0x1ff5d
  14:   66 0f 1f 84 00 00 00    nopw   0x0(%rax,%rax,1)
  1b:   00 00 
  1d:   80 3d 41 24 0e 00 00    cmpb   $0x0,0xe2441(%rip)        # 0xe2465
  24:   74 17                   je     0x3d
  26:   31 c0                   xor    %eax,%eax
  28:   0f 05                   syscall
  2a:*  48 3d 00 f0 ff ff       cmp    $0xfffffffffffff000,%rax         <-- 
trapping instruction
  30:   77 5b                   ja     0x8d
  32:   c3                      ret
  33:   66 2e 0f 1f 84 00 00    cs nopw 0x0(%rax,%rax,1)
  3a:   00 00 00 
  3d:   48                      rex.W
  3e:   83                      .byte 0x83
  3f:   ec                      in     (%dx),%al

Code starting with the faulting instruction
===========================================
   0:   48 3d 00 f0 ff ff       cmp    $0xfffffffffffff000,%rax
   6:   77 5b                   ja     0x63
   8:   c3                      ret
   9:   66 2e 0f 1f 84 00 00    cs nopw 0x0(%rax,%rax,1)
  10:   00 00 00 
  13:   48                      rex.W
  14:   83                      .byte 0x83
  15:   ec                      in     (%dx),%al
[   41.730862][  T353] RSP: 002b:00007fffc13c12e8 EFLAGS: 00000246 ORIG_RAX: 
0000000000000000
[   41.731448][  T353] RAX: ffffffffffffffda RBX: 00007fffc13c138c RCX: 
00007f17e7b7c19d
[   41.732038][  T353] RDX: 0000000000002000 RSI: 00007f17e7a20000 RDI: 
0000000000000003
[   41.732635][  T353] RBP: 00007fffc13c1390 R08: 00000000ffffffff R09: 
0000000000000000
[   41.733252][  T353] R10: 0000000000000022 R11: 0000000000000246 R12: 
0000000000000003
[   41.733850][  T353] R13: 0000000000001000 R14: 000055c5de485951 R15: 
0000000000002000
[   41.734481][  T353]  </TASK>
[   41.734719][  T353] irq event stamp: 3793
[ 41.735058][ T353] hardirqs last enabled at (3805): __console_unlock 
(arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:109 
arch/x86/include/asm/irqflags.h:151 kernel/printk/printk.c:344 
kernel/printk/printk.c:2885) 
[ 41.735754][ T353] hardirqs last disabled at (3814): __console_unlock 
(kernel/printk/printk.c:342) 
[ 41.736478][ T353] softirqs last enabled at (3488): handle_softirqs 
(arch/x86/include/asm/preempt.h:27 kernel/softirq.c:426 kernel/softirq.c:607) 
[ 41.737219][ T353] softirqs last disabled at (3835): __irq_exit_rcu 
(arch/x86/include/asm/atomic.h:23) 
[   41.737925][  T353] ---[ end trace 0000000000000000 ]---


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250610/202506101503.903c6ffa-...@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

























					Reply via email to