From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DB366C04A95
	for <linux-mm@archiver.kernel.org>; Sat, 22 Oct 2022 10:19:18 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 082618E0002; Sat, 22 Oct 2022 06:19:18 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 0326E8E0001; Sat, 22 Oct 2022 06:19:17 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E63D98E0002; Sat, 22 Oct 2022 06:19:17 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id D81458E0001
	for <linux-mm@kvack.org>; Sat, 22 Oct 2022 06:19:17 -0400 (EDT)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 902B28098F
	for <linux-mm@kvack.org>; Sat, 22 Oct 2022 10:19:17 +0000 (UTC)
X-FDA: 80048187954.03.6D5B660
Received: from www262.sakura.ne.jp (www262.sakura.ne.jp [202.181.97.72])
	by imf28.hostedemail.com (Postfix) with ESMTP id B392FC000B
	for <linux-mm@kvack.org>; Sat, 22 Oct 2022 10:19:15 +0000 (UTC)
Received: from fsav311.sakura.ne.jp (fsav311.sakura.ne.jp [153.120.85.142])
	by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 29MAJ98D025819;
	Sat, 22 Oct 2022 19:19:09 +0900 (JST)
	(envelope-from penguin-kernel@I-love.SAKURA.ne.jp)
Received: from www262.sakura.ne.jp (202.181.97.72)
 by fsav311.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav311.sakura.ne.jp);
 Sat, 22 Oct 2022 19:19:09 +0900 (JST)
X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav311.sakura.ne.jp)
Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33])
	(authenticated bits=0)
	by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 29MAJ9D5025816
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO);
	Sat, 22 Oct 2022 19:19:09 +0900 (JST)
	(envelope-from penguin-kernel@I-love.SAKURA.ne.jp)
Message-ID: <e24b949d-3596-b634-9332-35fa2bd8c50e@I-love.SAKURA.ne.jp>
Date: Sat, 22 Oct 2022 19:19:06 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.3.3
Subject: Re: [syzbot] BUG: sleeping function called from invalid context in
 break_ksm
Content-Language: en-US
To: David Hildenbrand <david@redhat.com>,
        syzbot <syzbot+78a0878b3076f71313b3@syzkaller.appspotmail.com>,
        akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
        linux-mm@kvack.org, syzkaller-bugs@googlegroups.com
References: <0000000000000f3fec05eb76e68f@google.com>
 <c2cf3416-f762-3949-d97c-47dbbc2c6689@redhat.com>
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
In-Reply-To: <c2cf3416-f762-3949-d97c-47dbbc2c6689@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
ARC-Authentication-Results: i=1;
	imf28.hostedemail.com;
	dkim=none;
	spf=none (imf28.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp;
	dmarc=none
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1666433956; a=rsa-sha256;
	cv=none;
	b=VSHTuNZZFWWvrlQV2tb6Y/j6xSlVkKScPbNrNPZ6AMsnOYpB3HiwJqpVyEh3AzRdXNYmb2
	h/qMZ5vKpIJjSxZjuWTmGrrdqnKeESusUEDrnRA6+0Xh35rWUBo4aEsAo0YcanVtkhH+gb
	EWBO19tXxl8WrhfNjfOBxhAhJ6GUCWE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1666433956;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=o9rOVZOpaY2xc+N3bgcX+S2d2ZYvoRFGFe33xsuOT0I=;
	b=FBDXRs+xvMdTxdNFXBJy6x0zWoDKCrRgX9VazWaVRjBm7rLpf/a3otexNtVS+AnM9IxMAY
	eF+9CGXNFWI1FRSQnfgZrFiGtSoxkh1JhxIB6nCsTn2TCmZiL2cEqGN0YprbB94FK6pBNv
	IZq6N3mKWeAlDJGOMeKp7Bh3ny26HIA=
X-Stat-Signature: 13jq3mdc8b3pwm441s533w4axopwgoe1
X-Rspamd-Queue-Id: B392FC000B
X-Rspam-User: 
Authentication-Results: imf28.hostedemail.com;
	dkim=none;
	spf=none (imf28.hostedemail.com: domain of penguin-kernel@I-love.SAKURA.ne.jp has no SPF policy when checking 202.181.97.72) smtp.mailfrom=penguin-kernel@I-love.SAKURA.ne.jp;
	dmarc=none
X-Rspamd-Server: rspam06
X-HE-Tag: 1666433955-404283
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 2022/10/20 22:40, David Hildenbrand wrote:
> This might be due a missing page table lock unlock:
> 
> https://lkml.kernel.org/r/8c86678a-3bfb-3854-b1a9-ae5969e730b8@redhat.com
> 

Yes. Already fixed by commit b232a629b70cccb65d0c in linux-next-20221021.

#syz fix: mm/ksm: convert break_ksm() to use walk_page_range_vma()

[   72.213837] BUG: sleeping function called from invalid context at mm/ksm.c:500
[   72.216580] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 874, name: a.out
[   72.218083] preempt_count: 1, expected: 0
[   72.219161] RCU nest depth: 0, expected: 0
[   72.220245] Preemption disabled at:
[   72.220253] [<ffffffff95804158>] break_ksm_pmd_entry+0xf8/0x290
[   72.223460] 
[   72.223619] ============================================
[   72.224514] WARNING: possible recursive locking detected
[   72.225491] 6.1.0-rc1-next-20221021+ #2 Tainted: G        W         
[   72.226750] --------------------------------------------
[   72.227724] a.out/874 is trying to acquire lock:
[   72.228588] ffff94fdc6756888 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: break_ksm_pmd_entry+0xf8/0x290
[   72.230229] 
[   72.230229] but task is already holding lock:
[   72.231321] ffff94fdc6756888 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: break_ksm_pmd_entry+0xf8/0x290
[   72.232975] 
[   72.232975] other info that might help us debug this:
[   72.234233]  Possible unsafe locking scenario:
[   72.234233] 
[   72.235256]        CPU0
[   72.235758]        ----
[   72.236231]   lock(ptlock_ptr(page)#2);
[   72.237118]   lock(ptlock_ptr(page)#2);
[   72.237808] 
[   72.237808]  *** DEADLOCK ***
[   72.237808] 
[   72.239045]  May be due to missing lock nesting notation
[   72.239045] 
[   72.241781] 6 locks held by a.out/874:
[   72.243135]  #0: ffff94fdc6345490 (sb_writers#6){.+.+}-{0:0}, at: ksys_write+0x70/0x100
[   72.245232]  #1: ffff94fdc5f75c90 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x11e/0x230
[   72.247591]  #2: ffff94fdc0c6bdc8 (kn->active#83){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x126/0x230
[   72.250739]  #3: ffffffff96ec7d10 (ksm_thread_mutex){+.+.}-{3:3}, at: run_store+0x59/0x390
[   72.253067]  #4: ffff94fdc47f8ff0 (&mm->mmap_lock#2){++++}-{3:3}, at: run_store+0x142/0x390
[   72.255283]  #5: ffff94fdc6756888 (ptlock_ptr(page)#2){+.+.}-{2:2}, at: break_ksm_pmd_entry+0xf8/0x290
[   72.258262] 
[   72.258262] stack backtrace:
[   72.260362] CPU: 2 PID: 874 Comm: a.out Tainted: G        W          6.1.0-rc1-next-20221021+ #2
[   72.262633] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[   72.264773] Call Trace:
[   72.265911]  <TASK>
[   72.267006]  dump_stack_lvl+0x5a/0x88
[   72.268401]  find_cpio_data.cold-0x6/0x5b
[   72.269836]  __lock_acquire.cold+0xae/0x2dc
[   72.271327]  ? lock_is_held_type+0xf3/0x160
[   72.272764]  lock_acquire+0xd6/0x320
[   72.274075]  ? break_ksm_pmd_entry+0xf8/0x290
[   72.275619]  ? __wake_up_klogd.part.0+0x64/0xb0
[   72.277104]  ? vprintk_emit+0xd0/0x360
[   72.278437]  ? __memcpy-0xd/0x30
[   72.279646]  _raw_spin_lock+0x39/0x90
[   72.280894]  ? break_ksm_pmd_entry+0xf8/0x290
[   72.282329]  break_ksm_pmd_entry+0xf8/0x290
[   72.283761]  walk_pgd_range+0x623/0xa90
[   72.285092]  ? lockdep_hardirqs_on+0x86/0x120
[   72.286563]  __walk_page_range+0x17b/0x190
[   72.287985]  ? lock_is_held_type+0xf3/0x160
[   72.289336]  walk_page_range_vma+0xae/0xf0
[   72.290643]  break_ksm.part.0+0x7d/0xe0
[   72.292001]  unmerge_ksm_pages+0x77/0xd0
[   72.293321]  run_store+0x187/0x390
[   72.294540]  kobj_attr_store+0x12/0x40
[   72.295817]  sysfs_kf_write+0x4b/0x80
[   72.297035]  kernfs_fop_write_iter+0x171/0x230
[   72.298373]  vfs_write+0x357/0x530
[   72.299616]  ksys_write+0x70/0x100
[   72.300758]  __x64_sys_write+0x19/0x30
[   72.301947]  do_syscall_64+0x5c/0xa0
[   72.303155]  ? syscall_exit_to_user_mode+0x37/0x60
[   72.304590]  ? do_syscall_64+0x69/0xa0
[   72.305721]  ? irqentry_exit+0x6b/0xa0
[   72.306877]  ? __memcpy-0xd/0x30
[   72.307919]  ? lockdep_hardirqs_on+0x86/0x120
[   72.309143]  ? irqentry_exit_to_user_mode+0x25/0x40
[   72.310548]  ? irqentry_exit+0x6b/0xa0
[   72.311637]  ? exc_page_fault+0xa8/0x310
[   72.312755]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[   72.314108] RIP: 0033:0x7fe2ca91ea3d
[   72.315121] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 a3 0f 00 f7 d8 64 89 01 48
[   72.319924] RSP: 002b:00007ffdb4131158 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   72.321870] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe2ca91ea3d
[   72.323727] RDX: 0000000000000002 RSI: 0000000020000000 RDI: 0000000000000003
[   72.325523] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   72.327431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb4131278
[   72.329256] R13: 00005648601cc060 R14: 00005648601cedc0 R15: 00007fe2cab74040
[   72.331140]  </TASK>