* [syzbot] BUG: sleeping function called from invalid context in break_ksm
@ 2022-10-20 12:59 syzbot
2022-10-20 13:40 ` David Hildenbrand
0 siblings, 1 reply; 3+ messages in thread
From: syzbot @ 2022-10-20 12:59 UTC (permalink / raw)
To: akpm, linux-kernel, linux-mm, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: acee3e83b493 Add linux-next specific files for 20221020
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=15961f62880000
kernel config: https://syzkaller.appspot.com/x/.config?x=c82245cfb913f766
dashboard link: https://syzkaller.appspot.com/bug?extid=78a0878b3076f71313b3
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1255612c880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12a1bed2880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98cc5896cded/disk-acee3e83.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b3d3eb3aa10a/vmlinux-acee3e83.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+78a0878b3076f71313b3@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at mm/ksm.c:500
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3610, name: syz-executor212
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 0 PID: 3610 Comm: syz-executor212 Not tainted 6.1.0-rc1-next-20221020-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
__might_resched.cold+0x222/0x26b kernel/sched/core.c:9890
break_ksm.part.0+0xbe/0x160 mm/ksm.c:500
break_ksm mm/ksm.c:875 [inline]
unmerge_ksm_pages+0x1a0/0x240 mm/ksm.c:881
unmerge_and_remove_all_rmap_items mm/ksm.c:1021 [inline]
run_store+0x3cf/0xa30 mm/ksm.c:2983
kobj_attr_store+0x50/0x80 lib/kobject.c:824
sysfs_kf_write+0x110/0x160 fs/sysfs/file.c:136
kernfs_fop_write_iter+0x3f8/0x610 fs/kernfs/file.c:330
call_write_iter include/linux/fs.h:2191 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x9e9/0xdd0 fs/read_write.c:584
ksys_write+0x127/0x250 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc23ce26b39
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff3f50c3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc23ce26b39
RDX: 0000000000000002 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007fc23cdeace0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc23cdead70
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [syzbot] BUG: sleeping function called from invalid context in break_ksm
2022-10-20 12:59 [syzbot] BUG: sleeping function called from invalid context in break_ksm syzbot
@ 2022-10-20 13:40 ` David Hildenbrand
2022-10-22 10:19 ` Tetsuo Handa
0 siblings, 1 reply; 3+ messages in thread
From: David Hildenbrand @ 2022-10-20 13:40 UTC (permalink / raw)
To: syzbot, akpm, linux-kernel, linux-mm, syzkaller-bugs
On 20.10.22 14:59, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: acee3e83b493 Add linux-next specific files for 20221020
> git tree: linux-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=15961f62880000
> kernel config: https://syzkaller.appspot.com/x/.config?x=c82245cfb913f766
> dashboard link: https://syzkaller.appspot.com/bug?extid=78a0878b3076f71313b3
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1255612c880000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12a1bed2880000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/98cc5896cded/disk-acee3e83.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/b3d3eb3aa10a/vmlinux-acee3e83.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+78a0878b3076f71313b3@syzkaller.appspotmail.com
>
> BUG: sleeping function called from invalid context at mm/ksm.c:500
> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3610, name: syz-executor212
> preempt_count: 1, expected: 0
> RCU nest depth: 0, expected: 0
> INFO: lockdep is turned off.
> Preemption disabled at:
> [<0000000000000000>] 0x0
> CPU: 0 PID: 3610 Comm: syz-executor212 Not tainted 6.1.0-rc1-next-20221020-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
> Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:88 [inline]
> dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
> __might_resched.cold+0x222/0x26b kernel/sched/core.c:9890
> break_ksm.part.0+0xbe/0x160 mm/ksm.c:500
> break_ksm mm/ksm.c:875 [inline]
> unmerge_ksm_pages+0x1a0/0x240 mm/ksm.c:881
> unmerge_and_remove_all_rmap_items mm/ksm.c:1021 [inline]
> run_store+0x3cf/0xa30 mm/ksm.c:2983
> kobj_attr_store+0x50/0x80 lib/kobject.c:824
> sysfs_kf_write+0x110/0x160 fs/sysfs/file.c:136
> kernfs_fop_write_iter+0x3f8/0x610 fs/kernfs/file.c:330
> call_write_iter include/linux/fs.h:2191 [inline]
> new_sync_write fs/read_write.c:491 [inline]
> vfs_write+0x9e9/0xdd0 fs/read_write.c:584
> ksys_write+0x127/0x250 fs/read_write.c:637
> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
This might be due a missing page table lock unlock:
https://lkml.kernel.org/r/8c86678a-3bfb-3854-b1a9-ae5969e730b8@redhat.com
--
Thanks,
David / dhildenb
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [syzbot] BUG: sleeping function called from invalid context in break_ksm
2022-10-20 13:40 ` David Hildenbrand
@ 2022-10-22 10:19 ` Tetsuo Handa
0 siblings, 0 replies; 3+ messages in thread
From: Tetsuo Handa @ 2022-10-22 10:19 UTC (permalink / raw)
To: David Hildenbrand, syzbot, akpm, linux-kernel, linux-mm, syzkaller-bugs
On 2022/10/20 22:40, David Hildenbrand wrote:
> This might be due a missing page table lock unlock:
>
> https://lkml.kernel.org/r/8c86678a-3bfb-3854-b1a9-ae5969e730b8@redhat.com
>
Yes. Already fixed by commit b232a629b70cccb65d0c in linux-next-20221021.
#syz fix: mm/ksm: convert break_ksm() to use walk_page_range_vma()
[ 72.213837] BUG: sleeping function called from invalid context at mm/ksm.c:500
[ 72.216580] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 874, name: a.out
[ 72.218083] preempt_count: 1, expected: 0
[ 72.219161] RCU nest depth: 0, expected: 0
[ 72.220245] Preemption disabled at:
[ 72.220253] [<ffffffff95804158>] break_ksm_pmd_entry+0xf8/0x290
[ 72.223460]
[ 72.223619] ============================================
[ 72.224514] WARNING: possible recursive locking detected
[ 72.225491] 6.1.0-rc1-next-20221021+ #2 Tainted: G W
[ 72.226750] --------------------------------------------
[ 72.227724] a.out/874 is trying to acquire lock:
[ 72.228588] ffff94fdc6756888 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: break_ksm_pmd_entry+0xf8/0x290
[ 72.230229]
[ 72.230229] but task is already holding lock:
[ 72.231321] ffff94fdc6756888 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: break_ksm_pmd_entry+0xf8/0x290
[ 72.232975]
[ 72.232975] other info that might help us debug this:
[ 72.234233] Possible unsafe locking scenario:
[ 72.234233]
[ 72.235256] CPU0
[ 72.235758] ----
[ 72.236231] lock(ptlock_ptr(page)#2);
[ 72.237118] lock(ptlock_ptr(page)#2);
[ 72.237808]
[ 72.237808] *** DEADLOCK ***
[ 72.237808]
[ 72.239045] May be due to missing lock nesting notation
[ 72.239045]
[ 72.241781] 6 locks held by a.out/874:
[ 72.243135] #0: ffff94fdc6345490 (sb_writers#6){.+.+}-{0:0}, at: ksys_write+0x70/0x100
[ 72.245232] #1: ffff94fdc5f75c90 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x11e/0x230
[ 72.247591] #2: ffff94fdc0c6bdc8 (kn->active#83){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x126/0x230
[ 72.250739] #3: ffffffff96ec7d10 (ksm_thread_mutex){+.+.}-{3:3}, at: run_store+0x59/0x390
[ 72.253067] #4: ffff94fdc47f8ff0 (&mm->mmap_lock#2){++++}-{3:3}, at: run_store+0x142/0x390
[ 72.255283] #5: ffff94fdc6756888 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: break_ksm_pmd_entry+0xf8/0x290
[ 72.258262]
[ 72.258262] stack backtrace:
[ 72.260362] CPU: 2 PID: 874 Comm: a.out Tainted: G W 6.1.0-rc1-next-20221021+ #2
[ 72.262633] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 72.264773] Call Trace:
[ 72.265911] <TASK>
[ 72.267006] dump_stack_lvl+0x5a/0x88
[ 72.268401] find_cpio_data.cold-0x6/0x5b
[ 72.269836] __lock_acquire.cold+0xae/0x2dc
[ 72.271327] ? lock_is_held_type+0xf3/0x160
[ 72.272764] lock_acquire+0xd6/0x320
[ 72.274075] ? break_ksm_pmd_entry+0xf8/0x290
[ 72.275619] ? __wake_up_klogd.part.0+0x64/0xb0
[ 72.277104] ? vprintk_emit+0xd0/0x360
[ 72.278437] ? __memcpy-0xd/0x30
[ 72.279646] _raw_spin_lock+0x39/0x90
[ 72.280894] ? break_ksm_pmd_entry+0xf8/0x290
[ 72.282329] break_ksm_pmd_entry+0xf8/0x290
[ 72.283761] walk_pgd_range+0x623/0xa90
[ 72.285092] ? lockdep_hardirqs_on+0x86/0x120
[ 72.286563] __walk_page_range+0x17b/0x190
[ 72.287985] ? lock_is_held_type+0xf3/0x160
[ 72.289336] walk_page_range_vma+0xae/0xf0
[ 72.290643] break_ksm.part.0+0x7d/0xe0
[ 72.292001] unmerge_ksm_pages+0x77/0xd0
[ 72.293321] run_store+0x187/0x390
[ 72.294540] kobj_attr_store+0x12/0x40
[ 72.295817] sysfs_kf_write+0x4b/0x80
[ 72.297035] kernfs_fop_write_iter+0x171/0x230
[ 72.298373] vfs_write+0x357/0x530
[ 72.299616] ksys_write+0x70/0x100
[ 72.300758] __x64_sys_write+0x19/0x30
[ 72.301947] do_syscall_64+0x5c/0xa0
[ 72.303155] ? syscall_exit_to_user_mode+0x37/0x60
[ 72.304590] ? do_syscall_64+0x69/0xa0
[ 72.305721] ? irqentry_exit+0x6b/0xa0
[ 72.306877] ? __memcpy-0xd/0x30
[ 72.307919] ? lockdep_hardirqs_on+0x86/0x120
[ 72.309143] ? irqentry_exit_to_user_mode+0x25/0x40
[ 72.310548] ? irqentry_exit+0x6b/0xa0
[ 72.311637] ? exc_page_fault+0xa8/0x310
[ 72.312755] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 72.314108] RIP: 0033:0x7fe2ca91ea3d
[ 72.315121] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 a3 0f 00 f7 d8 64 89 01 48
[ 72.319924] RSP: 002b:00007ffdb4131158 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 72.321870] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe2ca91ea3d
[ 72.323727] RDX: 0000000000000002 RSI: 0000000020000000 RDI: 0000000000000003
[ 72.325523] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 72.327431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb4131278
[ 72.329256] R13: 00005648601cc060 R14: 00005648601cedc0 R15: 00007fe2cab74040
[ 72.331140] </TASK>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-22 11:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-20 12:59 [syzbot] BUG: sleeping function called from invalid context in break_ksm syzbot
2022-10-20 13:40 ` David Hildenbrand
2022-10-22 10:19 ` Tetsuo Handa
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.