| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202409031602.14479174-lkp@intel.com>
Date: Tue, 3 Sep 2024 16:45:50 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Dev Jain <dev.jain@....com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
<linux-mm@...ck.org>, <akpm@...ux-foundation.org>, <david@...hat.com>,
<willy@...radead.org>, <kirill.shutemov@...ux.intel.com>,
<ryan.roberts@....com>, <anshuman.khandual@....com>,
<catalin.marinas@....com>, <cl@...two.org>, <vbabka@...e.cz>,
<mhocko@...e.com>, <apopple@...dia.com>, <dave.hansen@...ux.intel.com>,
<will@...nel.org>, <baohua@...nel.org>, <jack@...e.cz>,
<mark.rutland@....com>, <hughd@...gle.com>, <aneesh.kumar@...nel.org>,
<yang@...amperecomputing.com>, <peterx@...hat.com>, <ioworker0@...il.com>,
<jglisse@...gle.com>, <linux-arm-kernel@...ts.infradead.org>, Dev Jain
<dev.jain@....com>, <oliver.sang@...el.com>
Subject: Re: [PATCH 2/2] mm: Allocate THP on hugezeropage wp-fault
Hello,
kernel test robot noticed "BUG:sleeping_function_called_from_invalid_context_at_mm/memory.c" on:
commit: c636ba74f021bfe8d72845f9e53ee2b8ea16f5f8 ("[PATCH 2/2] mm: Allocate THP on hugezeropage wp-fault")
url: https://github.com/intel-lab-lkp/linux/commits/Dev-Jain/mm-Abstract-THP-allocation/20240830-164300
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20240830084117.4079805-3-dev.jain@arm.com/
patch subject: [PATCH 2/2] mm: Allocate THP on hugezeropage wp-fault
in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:
runtime: 600s
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202409031602.14479174-lkp@intel.com
[ 189.202955][T15284] BUG: sleeping function called from invalid context at mm/memory.c:6690
[ 189.203611][T15284] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 15284, name: trinity-c6
[ 189.204103][T15284] preempt_count: 1, expected: 0
[ 189.204364][T15284] RCU nest depth: 0, expected: 0
[ 189.204630][T15284] 2 locks held by trinity-c6/15284:
[189.204909][T15284] #0: ffff888164fc27b0 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/jump_label.h:261 include/linux/jump_label.h:273 include/linux/mmap_lock.h:35 include/linux/mmap_lock.h:164 mm/memory.c:6067 mm/memory.c:6127)
[189.205536][T15284] #1: ffff888160945c48 (ptlock_ptr(ptdesc)){+.+.}-{2:2}, at: do_huge_pmd_wp_page (mm/huge_memory.c:1816 mm/huge_memory.c:1838)
[ 189.206099][T15284] CPU: 1 UID: 65534 PID: 15284 Comm: trinity-c6 Not tainted 6.11.0-rc4-00551-gc636ba74f021 #1
[ 189.206657][T15284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 189.207205][T15284] Call Trace:
[ 189.207389][T15284] <TASK>
[189.207552][T15284] dump_stack_lvl (lib/dump_stack.c:122)
[189.207803][T15284] __might_resched (kernel/sched/core.c:8462)
[189.208106][T15284] ? __pfx___might_resched (kernel/sched/core.c:8416)
[189.208397][T15284] folio_zero_user (include/linux/kernel.h:73 mm/memory.c:6690 mm/memory.c:6767)
[189.208657][T15284] thp_fault_alloc (include/linux/page-flags.h:785 (discriminator 2) mm/huge_memory.c:1156 (discriminator 2))
[189.208914][T15284] do_huge_pmd_wp_page (mm/huge_memory.c:1792 mm/huge_memory.c:1818 mm/huge_memory.c:1838)
[189.209197][T15284] ? __lock_release+0x3fe/0x860
[189.209494][T15284] ? __pfx_do_huge_pmd_wp_page (mm/huge_memory.c:1826)
[189.209802][T15284] __handle_mm_fault (mm/memory.c:5614 mm/memory.c:5852)
[189.210072][T15284] ? mt_find (lib/maple_tree.c:6961)
[189.210303][T15284] ? __pfx___handle_mm_fault (mm/memory.c:5771)
[189.210595][T15284] ? __pfx_mt_find (lib/maple_tree.c:6927)
[189.210875][T15284] handle_mm_fault (mm/memory.c:6042)
[189.211134][T15284] ? __pfx_handle_mm_fault (mm/memory.c:5997)
[189.211424][T15284] ? down_read_trylock (kernel/locking/rwsem.c:1568)
[189.211701][T15284] ? lock_mm_and_find_vma (mm/memory.c:6130)
[189.211997][T15284] do_user_addr_fault (arch/x86/mm/fault.c:1391)
[189.212283][T15284] exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[189.212539][T15284] asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
[189.212811][T15284] RIP: 0010:__put_user_4 (arch/x86/lib/putuser.S:88)
[ 189.213091][T15284] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 1f 00 <89> 01 31 c9 0f 1f 00 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90
All code
========
0: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
7: 00
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: f3 0f 1e fa endbr64
1d: 48 89 cb mov %rcx,%rbx
20: 48 c1 fb 3f sar $0x3f,%rbx
24: 48 09 d9 or %rbx,%rcx
27: 0f 1f 00 nopl (%rax)
2a:* 89 01 mov %eax,(%rcx) <-- trapping instruction
2c: 31 c9 xor %ecx,%ecx
2e: 0f 1f 00 nopl (%rax)
31: c3 ret
32: cc int3
33: cc int3
34: cc int3
35: cc int3
36: 0f 1f 00 nopl (%rax)
39: 90 nop
3a: 90 nop
3b: 90 nop
3c: 90 nop
3d: 90 nop
3e: 90 nop
3f: 90 nop
Code starting with the faulting instruction
===========================================
0: 89 01 mov %eax,(%rcx)
2: 31 c9 xor %ecx,%ecx
4: 0f 1f 00 nopl (%rax)
7: c3 ret
8: cc int3
9: cc int3
a: cc int3
b: cc int3
c: 0f 1f 00 nopl (%rax)
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
[ 189.214257][T15284] RSP: 0000:ffff88812fc0fd70 EFLAGS: 00010206
[ 189.214726][T15284] RAX: 0000000020080522 RBX: 0000000000000000 RCX: 00000000ff7fffff
[ 189.215167][T15284] RDX: 1ffff1102bfd712e RSI: 1ffff11075e09456 RDI: ffff88815feb8970
[ 189.215605][T15284] RBP: 00000000ff7fffff R08: ffff88815feb8978 R09: fffffbfff50eecad
[ 189.216059][T15284] R10: ffffffffa877656f R11: 0000000000000000 R12: 1ffff11025f81faf
[ 189.216637][T15284] R13: ffff88812fc0fe30 R14: 00000000000000b9 R15: 0000000000000000
[189.217074][T15284] cap_validate_magic (kernel/capability.c:94)
[189.217349][T15284] ? __pfx_cap_validate_magic (kernel/capability.c:76)
[189.217654][T15284] __do_sys_capset (kernel/capability.c:230)
[189.217925][T15284] ? __pfx___do_sys_capset (kernel/capability.c:221)
[189.218226][T15284] do_int80_emulation (arch/x86/entry/common.c:165 arch/x86/entry/common.c:253)
[189.218497][T15284] asm_int80_emulation (arch/x86/include/asm/idtentry.h:626)
[ 189.218871][T15284] RIP: 0023:0xf7f30092
[ 189.219200][T15284] Code: 00 00 00 e9 90 ff ff ff ff a3 24 00 00 00 68 30 00 00 00 e9 80 ff ff ff ff a3 f8 ff ff ff 66 90 00 00 00 00 00 00 00 00 cd 80 <c3> 8d b4 26 00 00 00 00 8d b6 00 00 00 00 8b 1c 24 c3 8d b4 26 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 e9 add %ch,%cl
4: 90 nop
5: ff (bad)
6: ff (bad)
7: ff (bad)
8: ff a3 24 00 00 00 jmp *0x24(%rbx)
e: 68 30 00 00 00 push $0x30
13: e9 80 ff ff ff jmp 0xffffffffffffff98
18: ff a3 f8 ff ff ff jmp *-0x8(%rbx)
1e: 66 90 xchg %ax,%ax
...
28: cd 80 int $0x80
2a:* c3 ret <-- trapping instruction
2b: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
32: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
38: 8b 1c 24 mov (%rsp),%ebx
3b: c3 ret
3c: 8d .byte 0x8d
3d: b4 26 mov $0x26,%ah
...
Code starting with the faulting instruction
===========================================
0: c3 ret
1: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
8: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
e: 8b 1c 24 mov (%rsp),%ebx
11: c3 ret
12: 8d .byte 0x8d
13: b4 26 mov $0x26,%ah
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240903/202409031602.14479174-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists