lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Feb 2024 10:14:37 +0530
From: Vimal Kumar <vimal.kumar32@...il.com>
To: kernel test robot <oliver.sang@...el.com>
Cc: oe-lkp@...ts.linux.dev, lkp@...el.com,
	Chinmoy Ghosh <chinmoyghosh2001@...il.com>,
	Mintu Patel <mintupatel89@...il.com>,
	Vishal Badole <badolevishal1116@...il.com>,
	linux-pm@...r.kernel.org, rui.zhang@...el.com, yu.c.chen@...el.com,
	"Rafael J. Wysocki" <rafael@...nel.org>,
	Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] PM / sleep: Mechanism to find source aborting kernel
 suspend transition

On Mon, Jan 29, 2024 at 10:08:32PM +0800, kernel test robot wrote:
> 
> 
> Hello,
> 
> kernel test robot noticed "BUG:sleeping_function_called_from_invalid_context_at_include/linux/sched/mm.h" on:
> 
> commit: e2d228456d500f3b00ad746b353fa85eee235b7a ("[PATCH v3] PM / sleep: Mechanism to find source aborting kernel suspend transition")
> url: https://github.com/intel-lab-lkp/linux/commits/Vimal-Kumar/PM-sleep-Mechanism-to-find-source-aborting-kernel-suspend-transition/20240109-210519
> base: https://git.kernel.org/cgit/linux/kernel/git/rafael/linux-pm.git linux-next
> patch link: https://lore.kernel.org/all/20240109130210.31938-1-vimal.kumar32@gmail.com/
> patch subject: [PATCH v3] PM / sleep: Mechanism to find source aborting kernel suspend transition
> 
> in testcase: suspend-stress
> version: 
> with following parameters:
> 
> 	mode: freeze
> 	iterations: 10
> 
> 
> 
> compiler: gcc-12
> test machine: 4 threads (Broadwell) with 8G memory
> 
> (please refer to attached dmesg/kmsg for entire log/backtrace)
> 
> 
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@...el.com>
> | Closes: https://lore.kernel.org/oe-lkp/202401292109.f115a688-oliver.sang@intel.com
> 
> 
> kern  :err   : [   97.935754] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:306
> kern  :err   : [   97.935886] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1
> kern  :err   : [   97.936000] preempt_count: 10002, expected: 0
> kern  :err   : [   97.936071] RCU nest depth: 0, expected: 0
> kern  :warn  : [   97.936138] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.7.0-rc8-00169-ge2d228456d50 #1
> kern  :warn  : [   97.936255] Hardware name:  /NUC5i3RYB, BIOS RYBDWi35.86A.0363.2017.0316.1028 03/16/2017
> kern  :warn  : [   97.936371] Call Trace:
> kern  :warn  : [   97.936419]  <IRQ>
> kern :warn : [   97.936461] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1)) 
> kern :warn : [   97.936529] __might_resched (kernel/sched/core.c:10152) 
> kern :warn : [   97.936598] ? preempt_notifier_dec (kernel/sched/core.c:10106) 
> kern :warn : [   97.936672] __kmem_cache_alloc_node (include/linux/kernel.h:107 include/linux/sched/mm.h:306 mm/slab.h:710 mm/slub.c:3460 mm/slub.c:3517) 
> kern :warn : [   97.936750] ? kasprintf (lib/kasprintf.c:54) 
> kern :warn : [   97.936812] ? pointer (lib/vsprintf.c:2755) 
> kern :warn : [   97.936875] ? kasprintf (lib/kasprintf.c:54) 
> kern :warn : [   97.936936] __kmalloc_node_track_caller (include/linux/kasan.h:198 mm/slab_common.c:1007 mm/slab_common.c:1027) 
> kern :warn : [   97.937017] kvasprintf (lib/kasprintf.c:25) 
> kern :warn : [   97.937079] ? bust_spinlocks (lib/kasprintf.c:16) 
> kern :warn : [   97.937146] ? enqueue_hrtimer (kernel/time/hrtimer.c:1095 (discriminator 3)) 
> kern :warn : [   97.937214] ? tick_nohz_highres_handler (kernel/time/tick-sched.c:1530) 
> kern :warn : [   97.937295] kasprintf (lib/kasprintf.c:54) 
> kern :warn : [   97.937354] ? kvasprintf_const (lib/kasprintf.c:54) 
> kern :warn : [   97.937426] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:115 include/linux/atomic/atomic-arch-fallback.h:2164 include/linux/atomic/atomic-instrumented.h:1296 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) 
> kern :warn : [   97.937501] ? _raw_read_unlock_irqrestore (kernel/locking/spinlock.c:161) 
> kern :warn : [   97.937581] ? _raw_spin_lock (arch/x86/include/asm/atomic.h:115 include/linux/atomic/atomic-arch-fallback.h:2164 include/linux/atomic/atomic-instrumented.h:1296 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154) 
> kern :warn : [   97.937648] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153) 
> kern :warn : [   97.937719] ? irq_pm_check_wakeup (kernel/irq/pm.c:24) 
> kern :warn : [   97.937793] pm_system_wakeup (drivers/base/power/wakeup.c:981) 
> kern :warn : [   97.937862] irq_pm_check_wakeup (kernel/irq/pm.c:24) 
> kern :warn : [   97.937933] handle_fasteoi_irq (kernel/irq/chip.c:518 kernel/irq/chip.c:502 kernel/irq/chip.c:698) 
> kern :warn : [   97.938006] __common_interrupt (arch/x86/kernel/irq.c:271 (discriminator 22)) 
> kern :warn : [   97.938078] common_interrupt (arch/x86/kernel/irq.c:247 (discriminator 14)) 
> kern  :warn  : [   97.938145]  </IRQ>
> kern  :warn  : [   97.938187]  <TASK>
> kern :warn : [   97.938230] asm_common_interrupt (arch/x86/include/asm/idtentry.h:640) 
> kern :warn : [   97.938301] RIP: 0010:cpuidle_enter_s2idle (arch/x86/include/asm/irqflags.h:78 drivers/cpuidle/cpuidle.c:199) 
> kern :warn : [ 97.938384] Code: d9 75 83 85 d2 7f 11 48 83 c4 20 89 d0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4c 89 c6 48 89 cf 89 14 24 e8 fb 64 9b 00 fb 8b 14 24 <eb> db 31 d2 eb d7 48 89 0c 24 48 89 74 24 08 e8 03 51 9f fe 4c 8b
> All code
> ========
>    0:	d9 75 83             	fnstenv -0x7d(%rbp)
>    3:	85 d2                	test   %edx,%edx
>    5:	7f 11                	jg     0x18
>    7:	48 83 c4 20          	add    $0x20,%rsp
>    b:	89 d0                	mov    %edx,%eax
>    d:	5b                   	pop    %rbx
>    e:	5d                   	pop    %rbp
>    f:	41 5c                	pop    %r12
>   11:	41 5d                	pop    %r13
>   13:	41 5e                	pop    %r14
>   15:	41 5f                	pop    %r15
>   17:	c3                   	retq   
>   18:	4c 89 c6             	mov    %r8,%rsi
>   1b:	48 89 cf             	mov    %rcx,%rdi
>   1e:	89 14 24             	mov    %edx,(%rsp)
>   21:	e8 fb 64 9b 00       	callq  0x9b6521
>   26:	fb                   	sti    
>   27:	8b 14 24             	mov    (%rsp),%edx
>   2a:*	eb db                	jmp    0x7		<-- trapping instruction
>   2c:	31 d2                	xor    %edx,%edx
>   2e:	eb d7                	jmp    0x7
>   30:	48 89 0c 24          	mov    %rcx,(%rsp)
>   34:	48 89 74 24 08       	mov    %rsi,0x8(%rsp)
>   39:	e8 03 51 9f fe       	callq  0xfffffffffe9f5141
>   3e:	4c                   	rex.WR
>   3f:	8b                   	.byte 0x8b
> 
> Code starting with the faulting instruction
> ===========================================
>    0:	eb db                	jmp    0xffffffffffffffdd
>    2:	31 d2                	xor    %edx,%edx
>    4:	eb d7                	jmp    0xffffffffffffffdd
>    6:	48 89 0c 24          	mov    %rcx,(%rsp)
>    a:	48 89 74 24 08       	mov    %rsi,0x8(%rsp)
>    f:	e8 03 51 9f fe       	callq  0xfffffffffe9f5117
>   14:	4c                   	rex.WR
>   15:	8b                   	.byte 0x8b
> kern  :warn  : [   97.938632] RSP: 0018:ffffc90000177db8 EFLAGS: 00000286
> kern  :warn  : [   97.938717] RAX: 00000000037a402c RBX: 0000000000000009 RCX: 0000000000000000
> kern  :warn  : [   97.938823] RDX: 0000000000000008 RSI: 0000000937e23ad2 RDI: 0000000000000000
> kern  :warn  : [   97.938927] RBP: ffffffff84f7f680 R08: 0000000000000000 R09: ffffed1021ad5530
> kern  :warn  : [   97.939032] R10: ffff88810d6aa987 R11: 0000000000000000 R12: ffff88820decca10
> kern  :warn  : [   97.939137] R13: dffffc0000000000 R14: 000000000027ac40 R15: 000000000027ac40
> kern :warn : [   97.939244] ? cpuidle_enter_s2idle (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 drivers/cpuidle/cpuidle.c:199) 
> kern :warn : [   97.939319] cpuidle_idle_call (kernel/sched/idle.c:190) 
> kern :warn : [   97.939389] ? arch_cpu_idle_exit+0x40/0x40 
> kern :warn : [   97.939459] ? mark_tsc_async_resets (arch/x86/kernel/tsc_sync.c:51) 
> kern :warn : [   97.939536] do_idle (kernel/sched/idle.c:282) 
> kern :warn : [   97.939594] cpu_startup_entry (kernel/sched/idle.c:379 (discriminator 1)) 
> kern :warn : [   97.939662] start_secondary (arch/x86/kernel/smpboot.c:224 arch/x86/kernel/smpboot.c:304) 
> kern :warn : [   97.939731] ? set_cpu_sibling_map (arch/x86/kernel/smpboot.c:254) 
> kern :warn : [   97.939808] ? soft_restart_cpu (arch/x86/kernel/head_64.S:485) 
> kern :warn : [   97.939878] secondary_startup_64_no_verify (arch/x86/kernel/head_64.S:448) 
> kern  :warn  : [   97.939963]  </TASK>
> kern :info : [   97.948803] bdw_uncore 0000:00:00.0: PM: calling pci_pm_resume_noirq+0x0/0x390 @ 85, parent: 00 
> kern :info : [   97.948993] bdw_uncore 0000:00:00.0: PM: pci_pm_resume_noirq+0x0/0x390 returned 0 after 17 usecs 
> 
> 
> 
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20240129/202401292109.f115a688-oliver.sang@intel.com
> 
> 
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
> 

Hi Greg,

This is an example where "pm_system_wakeup" can be called from atomic context. It also gives an actual instance where we can utilise this feature to find the source.

The bug reported due to "GFP_KERNEL" flag, but it will be applicable for using "mutex_lock" as well.
I will change to ATOMIC flag in kmalloc, as well as use raw_spin_lock* instead of mutex_lock.


Warm regards,
Vimal Kumar  

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ