INFO: task hung in migrate_pages

From: Hao Sun
Date: Tue Sep 14 2021 - 22:06:18 EST

Next message: Andrew Morton: "Re: [PATCH v3] mm/page_isolation: guard against possible putback unisolated page"
Previous message: Samuel Zou: "Re: [PATCH 5.4 000/144] 5.4.146-rc1 review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

When using Healer to fuzz the latest Linux kernel, the following crash
was triggered.

HEAD commit: 6880fa6c5660 Linux 5.15-rc1
git tree: upstream
console output:
https://drive.google.com/file/d/11Zt6XyEDkbGHQTN6qCAdSyCvDzTtoWPH/view?usp=sharing
kernel config: https://drive.google.com/file/d/1rUzyMbe5vcs6khA3tL9EHTLJvsUdWcgB/view?usp=sharing

Sorry, I don't have a reproducer for this crash, hope the symbolized
report can help.
If you fix this issue, please add the following tag to the commit:
Reported-by: Hao Sun <sunhao.th@xxxxxxxxx>

INFO: task kcompactd1:43 blocked for more than 147 seconds.
Not tainted 5.15.0-rc1 #16
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kcompactd1 state:D stack:14152 pid: 43 ppid: 2 flags:0x00004000
Call Trace:
context_switch kernel/sched/core.c:4940 [inline]
__schedule+0x323/0xae0 kernel/sched/core.c:6287
schedule+0x36/0xe0 kernel/sched/core.c:6366
io_schedule+0xd/0x30 kernel/sched/core.c:8389
wait_on_page_bit_common+0x234/0x5c0 mm/filemap.c:1356
lock_page include/linux/pagemap.h:625 [inline]
__unmap_and_move mm/migrate.c:987 [inline]
unmap_and_move mm/migrate.c:1211 [inline]
migrate_pages+0x1271/0x1be0 mm/migrate.c:1488
compact_zone+0x838/0x1710 mm/compaction.c:2393
kcompactd_do_work+0x16e/0x590 mm/compaction.c:2833
kcompactd+0x36e/0x550 mm/compaction.c:2935
kthread+0x178/0x1b0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

Showing all locks held in the system:
1 lock held by khungtaskd/39:
#0: ffffffff85a1d560 (rcu_read_lock){....}-{1:2}, at:
debug_show_all_locks+0xe/0x1a0 kernel/locking/lockdep.c:6446
1 lock held by khugepaged/45:
#0: ffffffff85a4ac48 (lock#5){+.+.}-{3:3}, at: __lru_add_drain_all
mm/swap.c:769 [inline]
#0: ffffffff85a4ac48 (lock#5){+.+.}-{3:3}, at:
lru_add_drain_all+0x40/0x380 mm/swap.c:828
3 locks held by kworker/u10:2/514:
#0: ffff8881000b6d38 ((wq_completion)writeback){+.+.}-{0:0}, at:
set_work_data kernel/workqueue.c:633 [inline]
#0: ffff8881000b6d38 ((wq_completion)writeback){+.+.}-{0:0}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]
#0: ffff8881000b6d38 ((wq_completion)writeback){+.+.}-{0:0}, at:
process_one_work+0x2a0/0x850 kernel/workqueue.c:2268
#1: ffffc9000282fe70
((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at:
set_work_data kernel/workqueue.c:633 [inline]
#1: ffffc9000282fe70
((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:661 [inline]
#1: ffffc9000282fe70
((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at:
process_one_work+0x2a0/0x850 kernel/workqueue.c:2268
#2: ffff888008d740e0 (&type->s_umount_key#47){.+.+}-{3:3}, at:
trylock_super+0x1a/0x70 fs/super.c:418
1 lock held by in:imklog/6097:
#0: ffff88800f8144f0 (&f->f_pos_lock){+.+.}-{3:3}, at:
__fdget_pos+0x55/0x60 fs/file.c:990
3 locks held by rs:main Q:Reg/6098:
#0: ffff88800f81b0f0 (&f->f_pos_lock){+.+.}-{3:3}, at:
__fdget_pos+0x55/0x60 fs/file.c:990
#1: ffff88800e6a0460 (sb_writers#5){.+.+}-{0:0}, at:
ksys_write+0xd2/0x120 fs/read_write.c:647
#2: ffff88800e6a7bd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at:
do_writepages+0xec/0x260 mm/page-writeback.c:2364
2 locks held by agetty/23165:
#0: ffff88801a712098 (&tty->ldisc_sem){++++}-{0:0}, at:
tty_ldisc_ref_wait+0x20/0x50 drivers/tty/tty_ldisc.c:252
#1: ffffc9000133f2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at:
n_tty_read+0x1df/0x720 drivers/tty/n_tty.c:2113
5 locks held by kworker/u9:0/6489:
1 lock held by syz-executor/9324:
3 locks held by syz-executor/10051:
#0: ffff88800e6a0650 (sb_internal){.+.+}-{0:0}, at: evict+0xfd/0x1e0
fs/inode.c:586
#1: ffff88800e6a4990 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0x16f/0x690 fs/jbd2/transaction.c:427
#2: ffff8880172e9578 (&ei->i_data_sem){++++}-{3:3}, at:
ext4_truncate+0x5c2/0x7e0 fs/ext4/inode.c:4263
3 locks held by syz-executor/10055:
#0: ffff88800e6a0650 (sb_internal){.+.+}-{0:0}, at: evict+0xfd/0x1e0
fs/inode.c:586
#1: ffff88800e6a4990 (jbd2_handle){++++}-{0:0}, at:
start_this_handle+0x16f/0x690 fs/jbd2/transaction.c:427
#2: ffff88810bfabb78 (&ei->i_data_sem){++++}-{3:3}, at:
ext4_truncate+0x5c2/0x7e0 fs/ext4/inode.c:4263

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 39 Comm: khungtaskd Not tainted 5.15.0-rc1 #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106
nmi_cpu_backtrace+0x1e9/0x210 lib/nmi_backtrace.c:105
nmi_trigger_cpumask_backtrace+0x120/0x180 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0x4e1/0x980 kernel/hung_task.c:295
kthread+0x178/0x1b0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 1 to CPUs 0,2-3:
NMI backtrace for cpu 3
CPU: 3 PID: 3008 Comm: systemd-journal Not tainted 5.15.0-rc1 #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
RIP: 0010:memset_erms+0xb/0x10 arch/x86/lib/memset_64.S:65
Code: 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48
ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3 aa <4c> 89
c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01 01 01
RSP: 0018:ffffc9000084fdc8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000001000 RSI: 0000000000000000 RDI: ffff8881000e5000
RBP: 0000000003ffffff R08: ffffc9000084fe28 R09: ffff8881000e4000
R10: ffffc9000084fcb0 R11: 0000000000000001 R12: ffffc9000084fe28
R13: 0000000000000001 R14: ffff888100005100 R15: 0000000000000000
FS: 00007f96b26c78c0(0000) GS:ffff88813dd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f96af6c3000 CR3: 0000000102679000 CR4: 0000000000750ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
memset include/linux/fortify-string.h:175 [inline]
slab_post_alloc_hook+0x48/0x3c0 mm/slab.h:521
slab_alloc_node mm/slub.c:3206 [inline]
slab_alloc mm/slub.c:3214 [inline]
kmem_cache_alloc+0x11b/0x280 mm/slub.c:3219
getname_flags+0x56/0x250 fs/namei.c:138
user_path_at_empty+0x28/0x60 fs/namei.c:2800
user_path_at include/linux/namei.h:57 [inline]
do_faccessat+0xa3/0x370 fs/open.c:421
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x34/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f96b19839c7
Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d c8 d4 2b 00 f7 d8
64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 15 00 00 00 0f 05 <48> 3d
01 f0 ff ff 73 01 c3 48 8b 0d a1 d4 2b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff85caab38 EFLAGS: 00000246 ORIG_RAX: 0000000000000015
RAX: ffffffffffffffda RBX: 00007fff85cadb60 RCX: 00007f96b19839c7
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055e70720d9a3
RBP: 00007fff85caac80 R08: 000055e7072033e5 R09: 0000000000000018
R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 000055e707c3c8a0 R15: 00007fff85cab170
NMI backtrace for cpu 2
CPU: 2 PID: 6489 Comm: kworker/u9:0 Not tainted 5.15.0-rc1 #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:440 [inline]
RIP: 0010:smp_call_function_many_cond+0x1d2/0x550 kernel/smp.c:969
Code: a6 04 00 4c 63 fd 49 8b 1c 24 49 83 ff 07 0f 87 31 03 00 00 4a
03 1c fd 80 98 62 85 8b 43 08 a8 01 74 0e e8 40 a6 04 00 f3 90 <8b> 43
08 a8 01 75 f2 e8 32 a6 04 00 eb ad 48 83 c4 40 5b 5d 41 5c
RSP: 0018:ffffc90005e77c80 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff88807dc318e0 RCX: 0000000000000000
RDX: ffff888019b60000 RSI: ffffffff8132ebc0 RDI: 00000000ffffffff
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: ffffc90005e77c28 R11: 0000000000000000 R12: ffff88807dd2a900
R13: ffff88807dd2a908 R14: ffffffff85a27620 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004dc120 CR3: 000000000588a000 CR4: 0000000000750ee0
DR0: 0000000000003000 DR1: 0000000000004000 DR2: 0000000000010000
DR3: 000000000000d000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
on_each_cpu_cond_mask+0x48/0x90 kernel/smp.c:1135
on_each_cpu include/linux/smp.h:71 [inline]
text_poke_sync arch/x86/kernel/alternative.c:929 [inline]
text_poke_bp_batch+0xb6/0x2c0 arch/x86/kernel/alternative.c:1114
text_poke_flush arch/x86/kernel/alternative.c:1268 [inline]
text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1275
arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:146
jump_label_update+0xbc/0x190 kernel/jump_label.c:830
static_key_enable_cpuslocked+0x77/0xb0 kernel/jump_label.c:177
static_key_enable+0x16/0x20 kernel/jump_label.c:190
toggle_allocation_gate+0x71/0x240 mm/kfence/core.c:626
process_one_work+0x359/0x850 kernel/workqueue.c:2297
worker_thread+0x41/0x4d0 kernel/workqueue.c:2444
kthread+0x178/0x1b0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
NMI backtrace for cpu 0
CPU: 0 PID: 9324 Comm: syz-executor Not tainted 5.15.0-rc1 #16
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
RIP: 0010:clear_page_erms+0x7/0x10 arch/x86/lib/clear_page_64.S:49
Code: 48 89 47 18 48 89 47 20 48 89 47 28 48 89 47 30 48 89 47 38 48
8d 7f 40 75 d9 90 c3 0f 1f 80 00 00 00 00 b9 00 10 00 00 31 c0 <f3> aa
c3 cc cc cc cc cc cc 41 57 41 56 41 55 41 54 55 53 48 89 fb
RSP: 0018:ffffc90003f679e0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000018a8000 RCX: 0000000000001000
RDX: ffff88811344c480 RSI: 0000000000000001 RDI: ffff888062a00000
RBP: 00000000018a8040 R08: 0000000000001000 R09: 0000000000000001
R10: ffffc90003f679c0 R11: 0000000000000001 R12: ffff888000000000
R13: 0000000000112c40 R14: 0000000000000000 R15: ffff88807fffb700
FS: 00000000021c6940(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000002eebc48 CR3: 000000011010e000 CR4: 0000000000750ef0
DR0: 0000000000003000 DR1: 0000000000004000 DR2: 0000000000010000
DR3: 000000000000d000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
clear_page arch/x86/include/asm/page_64.h:49 [inline]
clear_highpage include/linux/highmem.h:181 [inline]
kernel_init_free_pages.part.95+0x67/0xa0 mm/page_alloc.c:1278
kernel_init_free_pages mm/page_alloc.c:1267 [inline]
post_alloc_hook+0x70/0x110 mm/page_alloc.c:2414
prep_new_page+0x16/0x50 mm/page_alloc.c:2424
get_page_from_freelist+0x64d/0x29a0 mm/page_alloc.c:4153
__alloc_pages+0xde/0x2a0 mm/page_alloc.c:5375
alloc_pages+0x85/0x150 mm/mempolicy.c:2197
__page_cache_alloc+0x167/0x210 mm/filemap.c:1022
page_cache_ra_unbounded+0x106/0x370 mm/readahead.c:216
do_page_cache_ra+0x65/0x80 mm/readahead.c:269
do_sync_mmap_readahead mm/filemap.c:2981 [inline]
filemap_fault+0x5e4/0xc30 mm/filemap.c:3074
__do_fault+0x5a/0x18e mm/memory.c:3857
do_shared_fault mm/memory.c:4226 [inline]
do_fault mm/memory.c:4304 [inline]
handle_pte_fault mm/memory.c:4558 [inline]
__handle_mm_fault+0x1529/0x1c70 mm/memory.c:4693
handle_mm_fault+0x1b6/0x550 mm/memory.c:4791
do_user_addr_fault arch/x86/mm/fault.c:1390 [inline]
handle_page_fault arch/x86/mm/fault.c:1475 [inline]
exc_page_fault+0x3be/0xbf0 arch/x86/mm/fault.c:1531
asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0033:0x466d78
Code: d1 f3 a4 c3 80 fa 10 73 17 80 fa 08 73 27 80 fa 04 73 33 80 fa
01 77 3b 72 05 0f b6 0e 88 0f c3 c5 fa 6f 06 c5 fa 6f 4c 16 f0 <c5> fa
7f 07 c5 fa 7f 4c 17 f0 c3 48 8b 4c 16 f8 48 8b 36 48 89 4c
RSP: 002b:00007ffc306897d8 EFLAGS: 00010246
RAX: 00000000200000c0 RBX: 0000000000790210 RCX: 0000000000000000
RDX: 0000000000000010 RSI: 0000000000790230 RDI: 00000000200000c0
RBP: 0000000000790218 R08: 00000000000004f0 R09: 0000000008bc24f2
R10: 00007ffc30689900 R11: 0000000000000246 R12: 0000000000255d7c
R13: 000000000071f880 R14: 000000000078c0a0 R15: 0000000000255d77
----------------
Code disassembly (best guess):
0: 03 40 0f add 0xf(%rax),%eax
3: b6 f6 mov $0xf6,%dh
5: 48 b8 01 01 01 01 01 movabs $0x101010101010101,%rax
c: 01 01 01
f: 48 0f af c6 imul %rsi,%rax
13: f3 48 ab rep stos %rax,%es:(%rdi)
16: 89 d1 mov %edx,%ecx
18: f3 aa rep stos %al,%es:(%rdi)
1a: 4c 89 c8 mov %r9,%rax
1d: c3 retq
1e: 90 nop
1f: 49 89 f9 mov %rdi,%r9
22: 40 88 f0 mov %sil,%al
25: 48 89 d1 mov %rdx,%rcx
28: f3 aa rep stos %al,%es:(%rdi)
* 2a: 4c 89 c8 mov %r9,%rax <-- trapping instruction
2d: c3 retq
2e: 90 nop
2f: 49 89 fa mov %rdi,%r10
32: 40 0f b6 ce movzbl %sil,%ecx
36: 48 b8 01 01 01 01 01 movabs $0x101010101010101,%rax
3d: 01 01 01

Next message: Andrew Morton: "Re: [PATCH v3] mm/page_isolation: guard against possible putback unisolated page"
Previous message: Samuel Zou: "Re: [PATCH 5.4 000/144] 5.4.146-rc1 review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]