From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=1S6H=ZW=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=3.0 tests=FREEMAIL_FORGED_FROMDOMAIN,
	FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C653CC432C0
	for <linux-mm@archiver.kernel.org>; Sat, 30 Nov 2019 08:32:45 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 45A202082E
	for <linux-mm@archiver.kernel.org>; Sat, 30 Nov 2019 08:32:45 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 45A202082E
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 9538C6B05D3; Sat, 30 Nov 2019 03:32:44 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 903B06B05D4; Sat, 30 Nov 2019 03:32:44 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 8195D6B05D6; Sat, 30 Nov 2019 03:32:44 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0058.hostedemail.com [216.40.44.58])
	by kanga.kvack.org (Postfix) with ESMTP id 6B7D96B05D3
	for <linux-mm@kvack.org>; Sat, 30 Nov 2019 03:32:44 -0500 (EST)
Received: from smtpin28.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with SMTP id 18EE5180AD81C
	for <linux-mm@kvack.org>; Sat, 30 Nov 2019 08:32:44 +0000 (UTC)
X-FDA: 76212277848.28.pie75_6ef73ed1fb058
X-HE-Tag: pie75_6ef73ed1fb058
X-Filterd-Recvd-Size: 5290
Received: from mail3-167.sinamail.sina.com.cn (mail3-167.sinamail.sina.com.cn [202.108.3.167])
	by imf16.hostedemail.com (Postfix) with SMTP
	for <linux-mm@kvack.org>; Sat, 30 Nov 2019 08:32:42 +0000 (UTC)
Received: from unknown (HELO localhost.localdomain)([123.115.166.224])
	by sina.com with ESMTP
	id 5DE2291F0001817A; Sat, 30 Nov 2019 16:32:39 +0800 (CST)
X-Sender: hdanton@sina.com
X-Auth-ID: hdanton@sina.com
X-SMAIL-MID: 868611629313
From: Hillf Danton <hdanton@sina.com>
To: syzbot <syzbot+4925d60532bf4c399608@syzkaller.appspotmail.com>
Cc: akpm@linux-foundation.org,
	linux-kernel@vger.kernel.org,
	Hillf Danton <hdanton@sina.com>,
	linux-mm@kvack.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: BUG: sleeping function called from invalid context in __alloc_pages_nodemask
Date: Sat, 30 Nov 2019 16:32:23 +0800
Message-Id: <20191130083223.1568-1-hdanton@sina.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>


On Fri, 29 Nov 2019 23:35:08 -0800
> Hello,
>=20
> syzbot found the following crash on:
>=20
> HEAD commit:    419593da Add linux-next specific files for 20191129
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=3D12cc369ce00=
000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3D7c04b0959e7=
5c206
> dashboard link: https://syzkaller.appspot.com/bug?extid=3D4925d60532bf4=
c399608
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
>=20
> Unfortunately, I don't have any reproducer for this crash yet.
>=20
> IMPORTANT: if you fix the bug, please add the following tag to the comm=
it:
> Reported-by: syzbot+4925d60532bf4c399608@syzkaller.appspotmail.com
>=20
> BUG: sleeping function called from invalid context at mm/page_alloc.c:4=
681
> in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2710, name: =20
> kworker/0:2
> 4 locks held by kworker/0:2/2710:
>   #0: ffff8880aa026d28 ((wq_completion)events){+.+.}, at: __write_once_=
size =20
> include/linux/compiler.h:247 [inline]
>   #0: ffff8880aa026d28 ((wq_completion)events){+.+.}, at: arch_atomic64=
_set =20
> arch/x86/include/asm/atomic64_64.h:34 [inline]
>   #0: ffff8880aa026d28 ((wq_completion)events){+.+.}, at: atomic64_set =
=20
> include/asm-generic/atomic-instrumented.h:868 [inline]
>   #0: ffff8880aa026d28 ((wq_completion)events){+.+.}, at: atomic_long_s=
et =20
> include/asm-generic/atomic-long.h:40 [inline]
>   #0: ffff8880aa026d28 ((wq_completion)events){+.+.}, at: set_work_data=
 =20
> kernel/workqueue.c:615 [inline]
>   #0: ffff8880aa026d28 ((wq_completion)events){+.+.}, at: =20
> set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline]
>   #0: ffff8880aa026d28 ((wq_completion)events){+.+.}, at: =20
> process_one_work+0x88b/0x1740 kernel/workqueue.c:2235
>   #1: ffffc9000802fdc0 (pcpu_balance_work){+.+.}, at: =20
> process_one_work+0x8c1/0x1740 kernel/workqueue.c:2239
>   #2: ffffffff8983ff20 (pcpu_alloc_mutex){+.+.}, at: =20
> pcpu_balance_workfn+0xb7/0x1310 mm/percpu.c:1845
>   #3: ffffffff89851b18 (vmap_area_lock){+.+.}, at: spin_lock =20
> include/linux/spinlock.h:338 [inline]
>   #3: ffffffff89851b18 (vmap_area_lock){+.+.}, at: =20
> pcpu_get_vm_areas+0x3b27/0x3f00 mm/vmalloc.c:3431
> Preemption disabled at:
> [<ffffffff81a89ce7>] spin_lock include/linux/spinlock.h:338 [inline]
> [<ffffffff81a89ce7>] pcpu_get_vm_areas+0x3b27/0x3f00 mm/vmalloc.c:3431
> CPU: 0 PID: 2710 Comm: kworker/0:2 Not tainted =20
> 5.4.0-next-20191129-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS=
 =20
> Google 01/01/2011
> Workqueue: events pcpu_balance_workfn
> Call Trace:
>   __dump_stack lib/dump_stack.c:77 [inline]
>   dump_stack+0x197/0x210 lib/dump_stack.c:118
>   ___might_sleep.cold+0x1fb/0x23e kernel/sched/core.c:6800
>   __might_sleep+0x95/0x190 kernel/sched/core.c:6753
>   prepare_alloc_pages mm/page_alloc.c:4681 [inline]
>   __alloc_pages_nodemask+0x523/0x910 mm/page_alloc.c:4730
>   alloc_pages_current+0x107/0x210 mm/mempolicy.c:2211
>   alloc_pages include/linux/gfp.h:532 [inline]
>   __get_free_pages+0xc/0x40 mm/page_alloc.c:4786
>   kasan_populate_vmalloc_pte mm/kasan/common.c:762 [inline]
>   kasan_populate_vmalloc_pte+0x2f/0x1c0 mm/kasan/common.c:753
>   apply_to_pte_range mm/memory.c:2041 [inline]
>   apply_to_pmd_range mm/memory.c:2068 [inline]
>   apply_to_pud_range mm/memory.c:2088 [inline]
>   apply_to_p4d_range mm/memory.c:2108 [inline]
>   apply_to_page_range+0x445/0x700 mm/memory.c:2133
>   kasan_populate_vmalloc+0x68/0x90 mm/kasan/common.c:791
>   pcpu_get_vm_areas+0x3c77/0x3f00 mm/vmalloc.c:3439
>   pcpu_create_chunk+0x24e/0x7f0 mm/percpu-vm.c:340
>   pcpu_balance_workfn+0xf1b/0x1310 mm/percpu.c:1934
>   process_one_work+0x9af/0x1740 kernel/workqueue.c:2264
>   worker_thread+0x98/0xe40 kernel/workqueue.c:2410
>   kthread+0x361/0x430 kernel/kthread.c:255
>   ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Replace the blocking gfp mask with a non-blocking one to survive
checks like might_sleep.

--- a/mm/kasan/common.c
+++ b/mm/kasan/common.c
@@ -759,7 +759,7 @@ static int kasan_populate_vmalloc_pte(pt
 	if (likely(!pte_none(*ptep)))
 		return 0;
=20
-	page =3D __get_free_page(GFP_KERNEL);
+	page =3D __get_free_page(GFP_NOWAIT);
 	if (!page)
 		return -ENOMEM;
=20