From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 328C5C433EF
	for <linux-mm@archiver.kernel.org>; Wed, 30 Mar 2022 20:05:22 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 8B50A6B0072; Wed, 30 Mar 2022 16:05:21 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 865456B0073; Wed, 30 Mar 2022 16:05:21 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 72D088D0001; Wed, 30 Mar 2022 16:05:21 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0136.hostedemail.com [216.40.44.136])
	by kanga.kvack.org (Postfix) with ESMTP id 633036B0072
	for <linux-mm@kvack.org>; Wed, 30 Mar 2022 16:05:21 -0400 (EDT)
Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 20C14A7260
	for <linux-mm@kvack.org>; Wed, 30 Mar 2022 20:05:21 +0000 (UTC)
X-FDA: 79302132042.25.8E1568E
Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53])
	by imf17.hostedemail.com (Postfix) with ESMTP id 8E82A4000F
	for <linux-mm@kvack.org>; Wed, 30 Mar 2022 20:05:20 +0000 (UTC)
Received: by mail-lf1-f53.google.com with SMTP id z12so23956880lfu.10
        for <linux-mm@kvack.org>; Wed, 30 Mar 2022 13:05:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=leYvi+cDZUOrDBc7G8or9bc7gxfHRObwcuo9/M9zt8A=;
        b=Cb72t/cRjaiariN8lx6yjbeoYYe+LTSD1X0yXgkFAsVKShM9sXIaEj6kIA3dxLzoPC
         ZI3TJ/dsOPCcHBHGs+0s/a+le08A4UDAO8XzJUfImHKwDtW4m0rluPtB29SRmoMvx/jY
         IiJCe6dZ8ZGw1AZGSznUgKyCguN8z/Nw3ocnA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=leYvi+cDZUOrDBc7G8or9bc7gxfHRObwcuo9/M9zt8A=;
        b=lkoMiS3cGs28amDAfawwzQyHfHNFgcof+W8T+W/j89+jjqW2pC91k7eq2kyAYYgVQr
         i3YvsBMBrRTDq0OTYMpD2A8qlovcCUQ+6D+7SgY9hdqNG7mbEcwygmEIDOkox4Mv2dGd
         Ccu35cYNnd3LrbY7pb2omrTPABy/16knZj8AxFge/7rXkcKUDxE7NTABGzn1GtZn6sBL
         Dht8JskTkQKGMDowG4xHq6HioQejiqTwY3xzSlSsIviSgAql2wBgw+33heBfyiz+uclO
         f6zNn47JZ2ekY1RtncXe04fiDnen0G1+QRtYwbk9WT9bxLou7S8b0hoKhrL471ayt39h
         3YdA==
X-Gm-Message-State: AOAM533EORfSo6s0WGFpAlP8y4jYxwyC+5UCV50onCSiiVemPJAoFU55
	FH7lm54Q0gfs9FSZMvGteiplGbrrdf4ZEoK/
X-Google-Smtp-Source: ABdhPJw5h7hNYWMJBL4dJavEPvtCVy2SK00Duz9PBqKRe38sBnbfqHnUbUrRdqnGO/gnsueSUCJueA==
X-Received: by 2002:a05:6512:2082:b0:443:4236:5f57 with SMTP id t2-20020a056512208200b0044342365f57mr8095520lfr.335.1648670718426;
        Wed, 30 Mar 2022 13:05:18 -0700 (PDT)
Received: from mail-lf1-f50.google.com (mail-lf1-f50.google.com. [209.85.167.50])
        by smtp.gmail.com with ESMTPSA id w19-20020a194913000000b0044821ce7e0fsm2439020lfa.148.2022.03.30.13.05.16
        for <linux-mm@kvack.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 30 Mar 2022 13:05:16 -0700 (PDT)
Received: by mail-lf1-f50.google.com with SMTP id p15so37745195lfk.8
        for <linux-mm@kvack.org>; Wed, 30 Mar 2022 13:05:16 -0700 (PDT)
X-Received: by 2002:ac2:4203:0:b0:448:8053:d402 with SMTP id
 y3-20020ac24203000000b004488053d402mr8016762lfh.687.1648670716244; Wed, 30
 Mar 2022 13:05:16 -0700 (PDT)
MIME-Version: 1.0
References: <20220330154208.71aca532@gandalf.local.home>
In-Reply-To: <20220330154208.71aca532@gandalf.local.home>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Wed, 30 Mar 2022 13:05:00 -0700
X-Gmail-Original-Message-ID: <CAHk-=whz_8tRNGCr09X59nMW3JBzFLE-g-F-brxd+AkK+RceCw@mail.gmail.com>
Message-ID: <CAHk-=whz_8tRNGCr09X59nMW3JBzFLE-g-F-brxd+AkK+RceCw@mail.gmail.com>
Subject: Re: [BUG] Crash on x86_32 for: mm: page_alloc: avoid merging
 non-fallbackable pageblocks with others
To: Steven Rostedt <rostedt@goodmis.org>
Cc: LKML <linux-kernel@vger.kernel.org>, Zi Yan <ziy@nvidia.com>, 
	Mel Gorman <mgorman@techsingularity.net>, David Hildenbrand <david@redhat.com>, 
	Vlastimil Babka <vbabka@suse.cz>, Mike Rapoport <rppt@linux.ibm.com>, Oscar Salvador <osalvador@suse.de>, 
	Andrew Morton <akpm@linux-foundation.org>, Linux-MM <linux-mm@kvack.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: 8E82A4000F
X-Stat-Signature: qwxqyuqxscj4ayx8epqcqjp3wwhrrd8k
X-Rspam-User: 
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=google header.b="Cb72t/cR";
	dmarc=none;
	spf=pass (imf17.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.53 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org
X-HE-Tag: 1648670720-282336
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Mar 30, 2022 at 12:42 PM Steven Rostedt <rostedt@goodmis.org> wrote:
>
> I started testing new patches and it crashed when doing the x86-32 test on
> boot up.
>
> Initializing HighMem for node 0 (000375fe:0021ee00)
> BUG: kernel NULL pointer dereference, address: 00000878
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> *pdpt = 0000000000000000 *pde = f0000000f000eef3
> Oops: 0000 [#1] PREEMPT SMP PTI
> CPU: 0 PID: 0 Comm: swapper Not tainted 5.17.0-test+ #469
> Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014
> EIP: get_pfnblock_flags_mask+0x2c/0x36
> Code: 6d ea ff 55 89 e5 56 89 ce 53 8b 18 89 d8 c1 eb 1e e8 f7 fb ff ff 69 db c0 02 00 00 89 c1 89 c2 c1 ea 05 8b 83 7c d7 79 c1 5b <8b> 04 90 d3 e8 21 f0 5e 5d c3 55 89 e5 57 56 89 d6 53 89 c3 64 a1

The whole function is in that Code: thing, and it decodes to:

   0: 55                    push   %ebp
   1: 89 e5                mov    %esp,%ebp
   3: 56                    push   %esi
   4: 89 ce                mov    %ecx,%esi
   6: 53                    push   %ebx
   7: 8b 18                mov    (%eax),%ebx
   9: 89 d8                mov    %ebx,%eax
   b: c1 eb 1e              shr    $0x1e,%ebx
   e: e8 f7 fb ff ff        call   0xfffffc0a
  13: 69 db c0 02 00 00    imul   $0x2c0,%ebx,%ebx
  19: 89 c1                mov    %eax,%ecx
  1b: 89 c2                mov    %eax,%edx
  1d: c1 ea 05              shr    $0x5,%edx
  20: 8b 83 7c d7 79 c1    mov    -0x3e862884(%ebx),%eax
  26: 5b                    pop    %ebx
  27:* 8b 04 90              mov    (%eax,%edx,4),%eax <-- trapping instruction
  2a: d3 e8                shr    %cl,%eax
  2c: 21 f0                and    %esi,%eax
  2e: 5e                    pop    %esi
  2f: 5d                    pop    %ebp
  30: c3                    ret

with '%eax' being NULL, and %edx being 0x21e.

(The call seems to be to 'pfn_to_bitidx().isra.0' if my compiler does
similar code generation, so it's out-of-lined part of pfn_to_bitidx()
despite being marked inline)

So that oops is that

        word = bitmap[word_bitidx];

line, with 'bitmap' being NULL (and %edx contains 'word_bitidx').

Looking around, your 'config-bad' doesn't even have
CONFIG_MEMORY_ISOLATION enabled, and so I suspect the culprit is this
part of the change:

-               if (unlikely(has_isolate_pageblock(zone))) {

which used to always be false for that config, and now the code is
suddenly enabled.

Alternatively, that code just can't deal with highmem properly.

But I didn't really analyze things, I'm mainly doing pattern matching here.

Zi Yan - and all the people who ack'ed and reviewed this - please take
a deeper look..

                Linus