[Xen-devel] VM_BUG_ON_PAGE(!PageOffline(page), page) in alloc_xenballooned_pages - Marek Marczykowski-Górecki

From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: xen-devel@lists.xenproject.org
Cc: Juergen Gross <jgross@suse.com>, David Hildenbrand <david@redhat.com>
Subject: [Xen-devel] VM_BUG_ON_PAGE(!PageOffline(page), page) in alloc_xenballooned_pages
Date: Thu, 26 Sep 2019 23:34:28 +0200	[thread overview]
Message-ID: <20190926213428.GU8065@mail-itl> (raw)

[-- Attachment #1.1: Type: text/plain, Size: 3219 bytes --]

Hi,

I've hit VM_BUG_ON_PAGE(!PageOffline(page), page) in
alloc_xenballooned_pages, when trying to use gnttab from userspace
application. It happens on Xen PV, but not on Xen PVH or HVM with the
same kernel. This happens at least with 5.1.6, but also 5.2.15
(as seen below). Based on this, it looks related to 0266def91377
(xen/balloon: Fix mapping PG_offline pages to user space) and probably
77c4adf6a6df (xen/balloon: mark inflated pages PG_offline).

Any idea? Below is full message.

page:ffffea0003e7ffc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0xffffe00001000(reserved)
raw: 000ffffe00001000 dead000000000100 dead000000000200 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: VM_BUG_ON_PAGE(!PageOffline(page))
------------[ cut here ]------------
kernel BUG at include/linux/page-flags.h:744!
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 0 PID: 551 Comm: qubesdb-daemon Tainted: G        W         5.2.15-200.fc30.x86_64 #1
RIP: e030:alloc_xenballooned_pages+0xef/0x110
Code: c0 0c 10 00 e8 b2 fa ff ff 85 c0 0f 84 60 ff ff ff 41 89 dd b8 f4 ff ff ff eb b0 48 c7 c6 e8 af 14 82 48 89 c7 e8 31 32 ca ff <0f> 0b 48 c7 c7 40 f 0 4d 82 e8 13 85 3f 00 31 c0 48 83 c4 08 5b 5d
RSP: e02b:ffffc90001113d98 EFLAGS: 00010246
RAX: 0000000000000037 RBX: 0000000000000000 RCX: 0000000000000149
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff82143bbc
RBP: 0000000000000001 R08: 0000000000000181 R09: 0000000000000149
R10: 000000000000000a R11: ffffc90001113c38 R12: ffff88800d670960
R13: 00007fffdff236a0 R14: 00007fffdff236a0 R15: ffff8880108bd000
FS:  00007f30e205e7c0(0000) GS:ffff888013e00000(0000) knlGS:0000000000000000
CS:  e030 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f30e2082000 CR3: 000000000c920000 CR4: 0000000000040660
Call Trace:
 ? __kmalloc+0x16c/0x210
 gnttab_alloc_pages+0x11/0x40
 gntdev_alloc_map+0xe7/0x180 [xen_gntdev]
 gntdev_ioctl+0x203/0x530 [xen_gntdev]
 do_vfs_ioctl+0x405/0x660
 ksys_ioctl+0x5e/0x90
 __x64_sys_ioctl+0x16/0x20
 do_syscall_64+0x5f/0x1a0
 ? page_fault+0x8/0x30
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f30e239b3bb
Code: 0f 1e fa 48 8b 05 cd ca 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 9d ca 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007fffdff23698 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f30e239b3bb
RDX: 00007fffdff236a0 RSI: 0000000000184700 RDI: 000000000000000b
RBP: 00007fffdff23730 R08: 00007fffdff2375c R09: 00007fffdff23758
R10: fffffffffffffcc9 R11: 0000000000000202 R12: 00007fffdff236a0
R13: 0000000000001000 R14: 000000000000000b R15: 0000000000000001
Modules linked in: xenfs ip_tables crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel xen_blkfront xen_scsiback target_core_mod xen_netback xen_privcmd xen_gntdev xen_gntalloc xen_blkback xen_evtchn

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

[-- Attachment #2: Type: text/plain, Size: 157 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel