From: Qian Cai <cai@lca.pw>
To: "Huang, Ying" <ying.huang@intel.com>
Cc: Linux-MM <linux-mm@kvack.org>,
LKML <linux-kernel@vger.kernel.org>,
Minchan Kim <minchan@kernel.org>, Hugh Dickins <hughd@google.com>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: linux-next: not-present page at swap_vma_readahead()
Date: Sun, 19 Jul 2020 22:12:28 -0400 [thread overview]
Message-ID: <20200720021227.GA7354@lca.pw> (raw)
In-Reply-To: <CA2E3DE2DD06CA4FA11644750E4E292F454E35A9@SHSMSX104.ccr.corp.intel.com>
On Mon, Jul 20, 2020 at 12:37:30AM +0000, Huang, Ying wrote:
> Hi,
>
> Sorry for late reply. I found a problem in the swap readahead code. Can you help to check whether it can fix this?
Unfortunately, I can still reproduce it easily after applied the patch.
# git clone https://gitlab.com/cailca/linux-mm
# git checkout v5.8-rc1 -- *.sh
# dnf -y install tar wget golang libseccomp-devel jq
# ./runc.sh
[ 575.517290][T28667] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.522901][T28650] BUG: KASAN: slab-out-of-bounds in swapin_readahead+0x780/0xbd8
swap_vma_readahead at mm/swap_state.c:758
(inlined by) swapin_readahead at mm/swap_state.c:802
[ 575.522928][T28650] Read of size 8 at addr ffff0089a603ffe8 by task trinity-c92/28650
[ 575.522947][T28650] CPU: 126 PID: 28650 Comm: trinity-c92 Not tainted 5.8.0-rc5-next-20200717+ #1
[ 575.522958][T28650] Hardware name: HPE Apollo 70 /C01_APACHE_MB , BIOS L50_5.13_1.11 06/18/2019
[ 575.522966][T28650] Call trace:
[ 575.529895][T28667] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.535819][T28590] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.535829][T28590] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.535836][T28590] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.537424][T28650] dump_backtrace+0x0/0x398
[ 575.537438][T28650] show_stack+0x14/0x20
[ 575.545308][T28667] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.554134][T28650] dump_stack+0x140/0x1c8
[ 575.554148][T28650] print_address_description.constprop.10+0x54/0x550
[ 575.554159][T28650] kasan_report+0x134/0x1b8
[ 575.554173][T28650] __asan_report_load8_noabort+0x2c/0x50
[ 575.559496][T28588] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.559506][T28588] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.559513][T28588] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.562203][T28586] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.562215][T28586] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.562223][T28586] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.665163][T28560] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.671260][T28650] swapin_readahead+0x780/0xbd8
[ 575.671280][T28650] do_swap_page+0xb1c/0x1a78
do_swap_page at mm/memory.c:3166
[ 575.678067][T28560] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.682774][T28650] handle_mm_fault+0xfd0/0x2c50
handle_pte_fault at mm/memory.c:4234
(inlined by) __handle_mm_fault at mm/memory.c:4368
(inlined by) handle_mm_fault at mm/memory.c:4466
[ 575.682789][T28650] do_page_fault+0x230/0x818
[ 575.682804][T28650] do_translation_fault+0x90/0xb0
[ 575.682819][T28650] do_mem_abort+0x64/0x180
[ 575.687259][T28560] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.694051][T28650] el1_sync_handler+0x188/0x1b8
[ 575.694064][T28650] el1_sync+0x7c/0x100
[ 575.694079][T28650] strncpy_from_user+0x270/0x3e8
[ 575.694100][T28650] getname_flags+0x80/0x330
[ 575.698001][T28827] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.698048][T28827] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.698056][T28827] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.755679][T28620] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.757304][T28650] user_path_at_empty+0x2c/0x60
[ 575.764131][T28620] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.768782][T28650] do_linkat+0x10c/0x528
[ 575.768792][T28650] __arm64_sys_linkat+0xa0/0xf8
[ 575.768802][T28650] do_el0_svc+0x124/0x228
[ 575.768812][T28650] el0_sync_handler+0x260/0x410
[ 575.768820][T28650] el0_sytack+0x24/0x50+0x14/0x20
[ 5ap file entry 58_object+0x58/0x968c/0x1880
[ 575.779790][T28650] __alloc_percpu_gfp+0x14/0x20
[ 575.779799][T28650] qdisc_alloc+0x2bc/0xb98
[ 575.779809][T28650] qdisc_create_dflt+0x60/0x748
[ 575.803406][T28643] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.806107][T28650] mq_init+0x1a0/0x3b8
[ 575.806120][T28650] qdisc_create_dflt+0xc8/0x748
[ 575.811321][T28643] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.815788][T28650] dev_activate+0x488/0x8b8
[ 575.815806][T28650] __dev_open+0x240/0x360
[ 575.820848][T28643] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 575.827542][T28650] __dev_change_flags+0x344/0x480
[ 575.827553][T28650] dev_change_flags+0x74/0x140
[ 575.906574][T28650] do_setlink+0x7c8/0x2760
[ 575.910856][T28650] __rtnl_newlink+0x80c/0x1000
[ 575.915481][T28650] rtnl_newlink+0x68/0xa0
[ 575.919671][T28650] rtnetlink_rcv_msg+0x394/0xa48
[ 575.924477][T28650] netlink_rcv_skb+0x19c/0x340
[ 575.929103][T28650] rtnetlink_rcv+0x14/0x20
[ 575.933380][T28650] netlink_unicast+0x3ec/0x5e0
[ 575.938005][T28650] netlink_sendmsg+0x63c/0xa60
[ 575.942632][T28650] ____sys_sendmsg+0x5b0/0x740
[ 575.947261][T28650] ___sys_sendmsg+0xec/0x160
[ 575.949053][T28716] futex_wake_op: trinity-c158 tries to shift op by -1; fix this program
[ 575.951712][T28650] __sys_sendmsg+0xb8/0x130
[ 575.951727][T28650] __arm64_sys_sendmsg+0x6c/0x98
[ 575.969052][T28650] do_el0_svc+0x124/0x228
[ 575.973248][T28650] el0_sync_handler+0x260/0x410
[ 575.977959][T28650] el0_sync+0x140/0x180
[ 575.981974][T28650] Last call_rcu():
[ 575.985557][T28650] kasan_save_stack+0x24/0x50
[ 575.990099][T28650] kasan_record_aux_stack+0xe0/0x110
[ 575.995249][T28650] call_rcu+0x114/0x680
[ 575.999273][T28650] put_object+0x84/0xc0
[ 576.003303][T28650] __delete_object+0xc4/0x110
[ 576.007848][T28650] delete_object_full+0x18/0x20
[ 576.012565][T28650] kmemleak_free+0x2c/0x38
[ 576.016844][T28650] slab_free_freelist_hook+0x190/0x298
[ 576.022158][T28650] kmem_cache_free+0x128/0x518
[ 576.026775][T28650] file_free_rcu+0x68/0xb0
[ 576.031045][T28650] rcu_core+0x8b8/0xf90
[ 576.035059][T28650] rcu_core_si+0xc/0x18
[ 576.039079][T28650] efi_header_end+0x358/0x14d4
[ 576.043712][T28650] Second to last call_rcu():
[ 576.048176][T28650] kasan_save_stack+0x24/0x50
[ 576.052723][T28650] kasan_record_aux_stack+0xe0/0x110
[ 576.057871][T28650] call_rcu+0x114/0x680
[ 576.057998][T28976] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.061888][T28650] put_object+0x84/0xc0
[ 576.061898][T28650] __delete_object+0xc4/0x110
[ 576.061906][T28650] delete_object_full+0x18/0x20
[ 576.061917][T28650] kmemleak_free+0x2c/0x38
[ 576.061925][T28650] slab_free_freelist_hook+0x190/0x298
[ 576.061933][T28650] kmem_cache_free+0x128/0x518
[ 576.061950][T28650] putname+0xb8/0x108
[ 576.065453][T28678] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.065462][T28678] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.065470][T28678] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.068777][T28976] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.072740][T28650] do_sys_openat2+0x26c/0x4c0
[ 576.072753][T28650] do_sys_open+0xa4/0xf8
[ 576.077404][T28976] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.082097][T28650] __arm64_sys_openat+0x88/0xc8
[ 576.082107][T+0x260/0x410
[ 6.082138][T28650s to the cache kted 336 bytes to 576.082157][T28ntry 58025a5a5a5a5a5a
[ 576.120513][T28650] page:00000000e119790b refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8a2603
[ 576.127826][T28675] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.131821][T28650] flags: 0x7ffff800000200(slab)
[ 576.131835][T28650] raw: 007ffff800000200 ffffffe0223a3908 ffffffe02234c948 ffff000000322480
[ 576.131845][T28650] raw: 0000000000000000 00000000005b005b 00000001ffffffff 0000000000000000
[ 576.131853][T28650] page dumped because: kasan: bad access detected
[ 576.131865][T28650] Memory state around the buggy address:
[ 576.131875][T28650] ffff0089a603fe80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 576.131884][T28650] ffff0089a603ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 576.131894][T28650] >ffff0089a603ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 576.131900][T28650] ^
[ 576.131908][T28650] ffff0089a6040000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 576.131917][T28650] ffff0089a6040080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 576.131923][T28650] ==================================================================
[ 576.131928][T28650] Disabling lock debugging due to kernel taint
[ 576.132028][T28650] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.132038][T28650] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.132046][T28650] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.281114][T28912] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.286297][T28675] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.293442][T28912] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
[ 576.293451][T28912] get_swap_device: Bad swap file entry 58025a5a5a5a5a5a
> From b6cad43ad3cf63d73e539e3eaadd4ec9d2744dc6 Mon Sep 17 00:00:00 2001
> From: Huang Ying <ying.huang@intel.com>
> Date: Fri, 10 Jul 2020 17:27:45 +0800
> Subject: [PATCH] dbg: Fix a logic hole in swap_ra_info()
>
> ---
> mm/swap_state.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/mm/swap_state.c b/mm/swap_state.c
> index 05889e8e3c97..8481c15829b2 100644
> --- a/mm/swap_state.c
> +++ b/mm/swap_state.c
> @@ -669,12 +669,11 @@ static void swap_ra_info(struct vm_fault *vmf,
> pte_t *tpte;
> #endif
>
> + ra_info->win = 1;
> max_win = 1 << min_t(unsigned int, READ_ONCE(page_cluster),
> SWAP_RA_ORDER_CEILING);
> - if (max_win == 1) {
> - ra_info->win = 1;
> + if (max_win == 1)
> return;
> - }
>
> faddr = vmf->address;
> orig_pte = pte = pte_offset_map(vmf->pmd, faddr);
> --
> 2.27.0
>
next prev parent reply other threads:[~2020-07-20 2:13 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-14 14:32 linux-next: not-present page at swap_vma_readahead() Qian Cai
2020-04-14 21:22 ` Qian Cai
2020-04-15 2:01 ` Huang, Ying
2020-04-15 2:12 ` Qian Cai
2020-04-15 8:54 ` Huang, Ying
2020-04-15 13:11 ` Qian Cai
2020-06-16 1:13 ` Qian Cai
2020-07-20 0:37 ` Huang, Ying
2020-07-20 2:12 ` Qian Cai [this message]
2020-07-20 3:32 ` Huang, Ying
2020-07-20 3:54 ` Qian Cai
2020-07-20 4:37 ` Huang, Ying
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200720021227.GA7354@lca.pw \
--to=cai@lca.pw \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=minchan@kernel.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.