Re: [PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock

From: Suren Baghdasaryan
Date: Tue Jun 10 2025 - 10:03:07 EST

Next message: Ujwal Kundur: "Re: [PATCH] bpf: cpumap: report Rx queue index to xdp_rxq_info"
Previous message: Philipp Stanner: "Re: [PATCH v2] ata: pata_macio: Fix PCI region leak"
In reply to: kernel test robot: "Re: [PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock"
Next in thread: Lorenzo Stoakes: "Re: [PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 10, 2025 at 12:51 AM kernel test robot
<oliver.sang@xxxxxxxxx> wrote:
>
>
>
> Hello,
>
> kernel test robot noticed "WARNING:at_include/linux/rwsem.h:#anon_vma_name" on:
>
> commit: 5c3ce17006c6188d249bc07bfa639f2d76bbd8ac ("[PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock")
> url: https://github.com/intel-lab-lkp/linux/commits/Suren-Baghdasaryan/selftests-proc-add-proc-pid-maps-tearing-from-vma-split-test/20250605-071433
> patch link: https://lore.kernel.org/all/20250604231151.799834-7-surenb@xxxxxxxxxx/
> patch subject: [PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock

Ah, I'll need to change anon_vma_name() to allow for only VMA to be
locked instead of doing mmap_assert_locked().

>
> in testcase: locktorture
> version:
> with following parameters:
>
> runtime: 300s
> test: cpuhotplug
>
>
>
> config: x86_64-randconfig-005-20250606
> compiler: clang-20
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
> +-------------------------------------------------------------------------------+------------+------------+
> | | fa0f347301 | 5c3ce17006 |
> +-------------------------------------------------------------------------------+------------+------------+
> | WARNING:at_include/linux/rwsem.h:#anon_vma_name | 0 | 10 |
> | RIP:anon_vma_name | 0 | 10 |
> +-------------------------------------------------------------------------------+------------+------------+
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
> | Closes: https://lore.kernel.org/oe-lkp/202506101503.903c6ffa-lkp@xxxxxxxxx
>
>
> [ 41.709983][ T353] ------------[ cut here ]------------
> [ 41.710541][ T353] WARNING: CPU: 1 PID: 353 at include/linux/rwsem.h:195 anon_vma_name (include/linux/rwsem.h:195)
> [ 41.711251][ T353] Modules linked in:
> [ 41.711616][ T353] CPU: 1 UID: 0 PID: 353 Comm: grep Tainted: G T 6.15.0-11198-g5c3ce17006c6 #1 PREEMPT ce6b47a049c5ee6720891bd644c96f2c3c349eba
> [ 41.712738][ T353] Tainted: [T]=RANDSTRUCT
> [ 41.713101][ T353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 41.713902][ T353] RIP: 0010:anon_vma_name (include/linux/rwsem.h:195)
> [ 41.714327][ T353] Code: 74 28 48 83 c3 40 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 ac 4b 02 00 48 8b 03 5b 41 5e 41 5f c3 cc cc cc cc cc <0f> 0b eb d4 48 c7 c1 74 46 b4 89 80 e1 07 80 c1 03 38 c1 7c 87 48
> All code
> ========
> 0: 74 28 je 0x2a
> 2: 48 83 c3 40 add $0x40,%rbx
> 6: 48 89 d8 mov %rbx,%rax
> 9: 48 c1 e8 03 shr $0x3,%rax
> d: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1)
> 12: 74 08 je 0x1c
> 14: 48 89 df mov %rbx,%rdi
> 17: e8 ac 4b 02 00 call 0x24bc8
> 1c: 48 8b 03 mov (%rbx),%rax
> 1f: 5b pop %rbx
> 20: 41 5e pop %r14
> 22: 41 5f pop %r15
> 24: c3 ret
> 25: cc int3
> 26: cc int3
> 27: cc int3
> 28: cc int3
> 29: cc int3
> 2a:* 0f 0b ud2 <-- trapping instruction
> 2c: eb d4 jmp 0x2
> 2e: 48 c7 c1 74 46 b4 89 mov $0xffffffff89b44674,%rcx
> 35: 80 e1 07 and $0x7,%cl
> 38: 80 c1 03 add $0x3,%cl
> 3b: 38 c1 cmp %al,%cl
> 3d: 7c 87 jl 0xffffffffffffffc6
> 3f: 48 rex.W
>
> Code starting with the faulting instruction
> ===========================================
> 0: 0f 0b ud2
> 2: eb d4 jmp 0xffffffffffffffd8
> 4: 48 c7 c1 74 46 b4 89 mov $0xffffffff89b44674,%rcx
> b: 80 e1 07 and $0x7,%cl
> e: 80 c1 03 add $0x3,%cl
> 11: 38 c1 cmp %al,%cl
> 13: 7c 87 jl 0xffffffffffffff9c
> 15: 48 rex.W
> [ 41.715798][ T353] RSP: 0018:ffffc90002dcf9d8 EFLAGS: 00010246
> [ 41.716286][ T353] RAX: 0000000000000000 RBX: ffff888135319c40 RCX: ffffc90002dcfa78
> [ 41.716889][ T353] RDX: ffffc90002dcfa70 RSI: ffff88816ea2bc30 RDI: ffff88816d7485a8
> [ 41.717509][ T353] RBP: ffffc90002dcfa80 R08: 0000000000000000 R09: 0000000000000002
> [ 41.718117][ T353] R10: 0000000000000000 R11: ffffffff81ebd610 R12: dffffc0000000000
> [ 41.718710][ T353] R13: ffff888135319d10 R14: ffff888135319d10 R15: dffffc0000000000
> [ 41.719318][ T353] FS: 00007f17e7a81740(0000) GS:ffff88842312b000(0000) knlGS:0000000000000000
> [ 41.719998][ T353] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 41.720503][ T353] CR2: 000055c5de49dc78 CR3: 0000000135bcc000 CR4: 00000000000406b0
> [ 41.721114][ T353] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 41.721717][ T353] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 41.722373][ T353] Call Trace:
> [ 41.722640][ T353] <TASK>
> [ 41.722881][ T353] get_vma_name (fs/proc/task_mmu.c:?)
> [ 41.723253][ T353] show_map_vma (fs/proc/task_mmu.c:509)
> [ 41.723617][ T353] show_map (fs/proc/task_mmu.c:525)
> [ 41.723922][ T353] seq_read_iter (fs/seq_file.c:231)
> [ 41.724311][ T353] seq_read (fs/seq_file.c:162)
> [ 41.724653][ T353] vfs_read (fs/read_write.c:570)
> [ 41.724981][ T353] ? do_syscall_64 (arch/x86/entry/syscall_64.c:113)
> [ 41.725384][ T353] ksys_read (fs/read_write.c:715)
> [ 41.725703][ T353] ? entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> [ 41.726174][ T353] do_syscall_64 (arch/x86/entry/syscall_64.c:?)
> [ 41.726538][ T353] ? find_held_lock (kernel/locking/lockdep.c:5353)
> [ 41.726900][ T353] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:109 arch/x86/include/asm/irqflags.h:151 arch/x86/mm/fault.c:1484 arch/x86/mm/fault.c:1532)
> [ 41.727288][ T353] ? do_user_addr_fault (arch/x86/include/asm/atomic.h:93 include/linux/atomic/atomic-arch-fallback.h:949 include/linux/atomic/atomic-instrumented.h:401 include/linux/refcount.h:389 include/linux/refcount.h:432 include/linux/mmap_lock.h:142 include/linux/mmap_lock.h:237 arch/x86/mm/fault.c:1338)
> [ 41.727706][ T353] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:473)
> [ 41.728190][ T353] ? exc_page_fault (arch/x86/mm/fault.c:1536)
> [ 41.728590][ T353] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> [ 41.729073][ T353] RIP: 0033:0x7f17e7b7c19d
> [ 41.729432][ T353] Code: 31 c0 e9 c6 fe ff ff 50 48 8d 3d 66 54 0a 00 e8 49 ff 01 00 66 0f 1f 84 00 00 00 00 00 80 3d 41 24 0e 00 00 74 17 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec
> All code
> ========
> 0: 31 c0 xor %eax,%eax
> 2: e9 c6 fe ff ff jmp 0xfffffffffffffecd
> 7: 50 push %rax
> 8: 48 8d 3d 66 54 0a 00 lea 0xa5466(%rip),%rdi # 0xa5475
> f: e8 49 ff 01 00 call 0x1ff5d
> 14: 66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
> 1b: 00 00
> 1d: 80 3d 41 24 0e 00 00 cmpb $0x0,0xe2441(%rip) # 0xe2465
> 24: 74 17 je 0x3d
> 26: 31 c0 xor %eax,%eax
> 28: 0f 05 syscall
> 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
> 30: 77 5b ja 0x8d
> 32: c3 ret
> 33: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> 3a: 00 00 00
> 3d: 48 rex.W
> 3e: 83 .byte 0x83
> 3f: ec in (%dx),%al
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
> 6: 77 5b ja 0x63
> 8: c3 ret
> 9: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> 10: 00 00 00
> 13: 48 rex.W
> 14: 83 .byte 0x83
> 15: ec in (%dx),%al
> [ 41.730862][ T353] RSP: 002b:00007fffc13c12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
> [ 41.731448][ T353] RAX: ffffffffffffffda RBX: 00007fffc13c138c RCX: 00007f17e7b7c19d
> [ 41.732038][ T353] RDX: 0000000000002000 RSI: 00007f17e7a20000 RDI: 0000000000000003
> [ 41.732635][ T353] RBP: 00007fffc13c1390 R08: 00000000ffffffff R09: 0000000000000000
> [ 41.733252][ T353] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000003
> [ 41.733850][ T353] R13: 0000000000001000 R14: 000055c5de485951 R15: 0000000000002000
> [ 41.734481][ T353] </TASK>
> [ 41.734719][ T353] irq event stamp: 3793
> [ 41.735058][ T353] hardirqs last enabled at (3805): __console_unlock (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:109 arch/x86/include/asm/irqflags.h:151 kernel/printk/printk.c:344 kernel/printk/printk.c:2885)
> [ 41.735754][ T353] hardirqs last disabled at (3814): __console_unlock (kernel/printk/printk.c:342)
> [ 41.736478][ T353] softirqs last enabled at (3488): handle_softirqs (arch/x86/include/asm/preempt.h:27 kernel/softirq.c:426 kernel/softirq.c:607)
> [ 41.737219][ T353] softirqs last disabled at (3835): __irq_exit_rcu (arch/x86/include/asm/atomic.h:23)
> [ 41.737925][ T353] ---[ end trace 0000000000000000 ]---
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20250610/202506101503.903c6ffa-lkp@xxxxxxxxx
>
>
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>

Next message: Ujwal Kundur: "Re: [PATCH] bpf: cpumap: report Rx queue index to xdp_rxq_info"
Previous message: Philipp Stanner: "Re: [PATCH v2] ata: pata_macio: Fix PCI region leak"
In reply to: kernel test robot: "Re: [PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock"
Next in thread: Lorenzo Stoakes: "Re: [PATCH v4 6/7] mm/maps: read proc/pid/maps under per-vma lock"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]