From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75277C07E95 for ; Sat, 10 Jul 2021 12:46:49 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 7736261374 for ; Sat, 10 Jul 2021 12:46:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7736261374 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 59FF26B0073; Sat, 10 Jul 2021 08:46:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 576DA6B0078; Sat, 10 Jul 2021 08:46:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 43ED16B007B; Sat, 10 Jul 2021 08:46:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0028.hostedemail.com [216.40.44.28]) by kanga.kvack.org (Postfix) with ESMTP id 13D796B0073 for ; Sat, 10 Jul 2021 08:46:48 -0400 (EDT) Received: from smtpin32.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 3C10518484D98 for ; Sat, 10 Jul 2021 12:46:47 +0000 (UTC) X-FDA: 78346652454.32.E77B9E7 Received: from mail3-167.sinamail.sina.com.cn (mail3-167.sinamail.sina.com.cn [202.108.3.167]) by imf02.hostedemail.com (Postfix) with SMTP id 8209A700180A for ; Sat, 10 Jul 2021 12:46:45 +0000 (UTC) Received: from unknown (HELO localhost.localdomain)([222.130.245.194]) by sina.com (172.16.97.32) with ESMTP id 60E996AE000264F5; Sat, 10 Jul 2021 20:46:42 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com X-SMAIL-MID: 748796628792 From: Hillf Danton To: Igor Raits Cc: linux-mm@kvack.org, syzbot , Andrew Morton Subject: Re: kernel BUG at include/linux/swapops.h:204! Date: Sat, 10 Jul 2021 20:46:30 +0800 Message-Id: <20210710124630.542-1-hdanton@sina.com> In-Reply-To: References: MIME-Version: 1.0 Authentication-Results: imf02.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf02.hostedemail.com: domain of hdanton@sina.com designates 202.108.3.167 as permitted sender) smtp.mailfrom=hdanton@sina.com X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 8209A700180A X-Stat-Signature: qkapy99geciifyqiumbc5a3sf6ai4ftx X-HE-Tag: 1625921205-771198 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Sat, 10 Jul 2021 09:33:26 +0200 Igor Raits wrote: >Hello, > >I've seen one weird bug on 5.12.14 that happened a couple of times when = I >started a bunch of VMs on a server. Thanks for your report. > >I've briefly googled this problem but could not find any relevant commit >that would fix this issue. Not sure this is the first report - a similar one [0] from syzbot. [0] https://lore.kernel.org/linux-mm/00000000000045ff9505c1cfc9ae@google.= com/ > >Do you have any hint how to debug this further or know the fix by any >chance? This report has more info about the BUG - in pmd_migration_entry_wait() h= uge migration entry is checked under page table lock. And on the updater side= , hme should be set and removed also with ptl held, see below diff. > >Thanks in advance. Stack trace following: > >[ 376.876610] ------------[ cut here ]------------ >[ 376.881274] kernel BUG at include/linux/swapops.h:204! >[ 376.886455] invalid opcode: 0000 [#1] SMP NOPTI >[ 376.891014] CPU: 40 PID: 11775 Comm: rpc-worker Tainted: G = E > 5.12.14-1.gdc.el8.x86_64 #1 >[ 376.900464] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 >Gen10, BIOS U30 05/24/2021 >[ 376.909038] RIP: 0010:pmd_migration_entry_wait+0x132/0x140 >[ 376.914562] Code: 02 00 00 00 5b 4c 89 c7 5d e9 8a e4 f6 ff 48 81 e2 = 00 >f0 ff ff 48 f7 d2 48 21 c2 89 d1 f7 c2 81 01 00 00 75 80 e9 44 ff ff ff ><0f> 0b 48 8b 2d 75 bd 30 01 e9 ef fe ff ff 0f 1f 44 00 00 41 55 48 >[ 376.933443] RSP: 0000:ffffb65a5e1cfdc8 EFLAGS: 00010246 >[ 376.938701] RAX: 0017ffffc0000000 RBX: ffff908b8ecabaf8 RCX: >ffffffffffffffff >[ 376.945878] RDX: 0000000000000000 RSI: ffff908b8ecabaf8 RDI: >fffff497473b2ae8 >[ 376.953055] RBP: fffff497473b2ae8 R08: fffff49747fa8080 R09: >0000000000000000 >[ 376.960230] R10: 0000000000000000 R11: 0000000000000000 R12: >0000000000000af8 >[ 376.967407] R13: 0400000000000000 R14: 0400000000000080 R15: >ffff908bbef7b6a8 >[ 376.974582] FS: 00007f5bb1f81700(0000) GS:ffff90e87fd80000(0000) >knlGS:0000000000000000 >[ 376.982718] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >[ 376.988497] CR2: 00007f5b2bfffd98 CR3: 00000001f793e006 CR4: >00000000007726e0 >[ 376.995673] DR0: 0000000000000000 DR1: 0000000000000000 DR2: >0000000000000000 >[ 377.002849] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: >0000000000000400 >[ 377.010026] PKRU: 55555554 >[ 377.012745] Call Trace: >[ 377.015207] __handle_mm_fault+0x5ad/0x6e0 >[ 377.019335] handle_mm_fault+0xc5/0x290 >[ 377.023194] do_user_addr_fault+0x1cd/0x740 >[ 377.027406] exc_page_fault+0x54/0x110 >[ 377.031182] ? asm_exc_page_fault+0x8/0x30 >[ 377.035307] asm_exc_page_fault+0x1e/0x30 +++ x/mm/huge_memory.c @@ -2983,6 +2983,7 @@ void set_pmd_migration_entry(struct page struct vm_area_struct *vma =3D pvmw->vma; struct mm_struct *mm =3D vma->vm_mm; unsigned long address =3D pvmw->address; + spinlock_t *ptl; pmd_t pmdval; swp_entry_t entry; pmd_t pmdswp; @@ -2998,7 +2999,9 @@ void set_pmd_migration_entry(struct page pmdswp =3D swp_entry_to_pmd(entry); if (pmd_soft_dirty(pmdval)) pmdswp =3D pmd_swp_mksoft_dirty(pmdswp); + ptl =3D pmd_lock(mm, pvmw->pmd); set_pmd_at(mm, address, pvmw->pmd, pmdswp); + spin_unlock(ptl); page_remove_rmap(page, true); put_page(page); } @@ -3009,6 +3012,7 @@ void remove_migration_pmd(struct page_vm struct mm_struct *mm =3D vma->vm_mm; unsigned long address =3D pvmw->address; unsigned long mmun_start =3D address & HPAGE_PMD_MASK; + spinlock_t *ptl; pmd_t pmde; swp_entry_t entry; =20 @@ -3028,7 +3032,9 @@ void remove_migration_pmd(struct page_vm page_add_anon_rmap(new, vma, mmun_start, true); else page_add_file_rmap(new, true); + ptl =3D pmd_lock(mm, pvmw->pmd); set_pmd_at(mm, mmun_start, pvmw->pmd, pmde); + spin_unlock(ptl); if ((vma->vm_flags & VM_LOCKED) && !PageDoubleMap(new)) mlock_vma_page(new); update_mmu_cache_pmd(vma, address, pvmw->pmd);