Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp1272825ybg; Wed, 23 Oct 2019 13:06:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqzfEkm7Wb5o+3wfyHH8jtfLZreVlz5OQOdFXyDlTVBqfqx9M96rEvQQArtnpYmoCt1qxpjS X-Received: by 2002:aa7:cb5a:: with SMTP id w26mr39680743edt.188.1571861210988; Wed, 23 Oct 2019 13:06:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571861210; cv=none; d=google.com; s=arc-20160816; b=C/d3k0H3VeBvHIJNT/gG/5I4pVHKsT/+Cpger+GTTYtoFUeHX5lR1C99Hj8lO7xbCk a7+ammv6US7hrgZJx7j11WauHF1DysBlt/1qL1TyPedP7autGrStGA4UQo6usMb2hD7L Pay4ZY1V+gXgPk9fiIOo96C5W2SwLNlXCgvFxB1Oc3lvCxB8k9OZ9OoDgac2lq5c/ZkE 1iqf+WnJQxCxbz7lqeKMycKflFr+xprq+rm8dUVvG0MrcjP6Uz5W+iAgx5J8aJyqgnOQ zYRVU+PVnkRb5iwXQVwsguewdQM9i6km4SQYQl2H7MOYg58JB0KQ4136zjfcKc8fmiRF IWRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=84W9VPaJvdccj09lIgXvTsnQgezzTDa/8ohImBggR5M=; b=jdRf3XKX3EsyUVNKA5ThXQULOQVzKOPbDNWnrBMRqvz/x0ZbEIXwJChiNOUnkIhhVq AzSKN6HVQgxKES+JqYMKmwOW+WNSAat7Yq3bOh1EB34ToqmS0sAsdMvU4oOqqV2uyGAd y7hDmX2Ga9vvFDflZCg673Msq6yuSlhv/LPW2QCDuMglBYEwcwec+RvRCSJl2zrJZ1TA fZoHzhzLjjo5loJMj+o9lj+br35vq1jVwGS83SWnPPDtVcT/4NMmKmU18lypk9vlRjGd axVCv+kIBo3d1EkR7fM17pw/ZeXwTZICioXx4Prm4sc09iN6Oal10FdtPx5MiTDFeuX4 O/4A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l5si10818664edb.341.2019.10.23.13.06.25; Wed, 23 Oct 2019 13:06:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405298AbfJWNVK (ORCPT + 99 others); Wed, 23 Oct 2019 09:21:10 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:49283 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727923AbfJWNVJ (ORCPT ); Wed, 23 Oct 2019 09:21:09 -0400 Received: from [5.158.153.52] (helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iNGZV-0002MI-Uz; Wed, 23 Oct 2019 15:21:06 +0200 Date: Wed, 23 Oct 2019 15:21:05 +0200 (CEST) From: Thomas Gleixner To: Cyrill Gorcunov cc: LKML , Ingo Molnar , Peter Zijlstra , linux-mm@kvack.org, Catalin Marinas Subject: Re: [BUG -tip] kmemleak and stacktrace cause page faul In-Reply-To: <20191022145619.GE12121@uranus.lan> Message-ID: References: <20191019114421.GK9698@uranus.lan> <20191022142325.GD12121@uranus.lan> <20191022145619.GE12121@uranus.lan> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 22 Oct 2019, Cyrill Gorcunov wrote: > On Tue, Oct 22, 2019 at 05:23:25PM +0300, Cyrill Gorcunov wrote: > > > > I presume the kmemleak tries to save stack trace too early when estack_pages are not > > yet filled. > > Indeed, at this stage of boot the percpu_setup_exception_stacks has not been called > yet and estack_pages full of crap > > [ 0.157502] stk 0x1008 k 1 begin 0x0 end 0xd000 estack_pages 0xffffffff82014880 ep 0xffffffff82014888 > [ 0.159395] estack_pages[0] = 0x0 > [ 0.160046] estack_pages[1] = 0x5100000001000 > [ 0.160881] estack_pages[2] = 0x0 > [ 0.161530] estack_pages[3] = 0x6100000003000 > [ 0.162343] estack_pages[4] = 0x0 > [ 0.162962] estack_pages[5] = 0x0 > [ 0.163523] estack_pages[6] = 0x0 > [ 0.164065] estack_pages[7] = 0x8100000007000 > [ 0.164978] estack_pages[8] = 0x0 > [ 0.165624] estack_pages[9] = 0x9100000009000 > [ 0.166448] estack_pages[10] = 0x0 > [ 0.167064] estack_pages[11] = 0xa10000000b000 > [ 0.168055] estack_pages[12] = 0x0 Errm. estack_pages is statically initialized and it's an array of:. struct estack_pages { u32 offs; u16 size; u16 type; }; [0,2,4,5,6,8,10,12] are guard pages so 0 is not that crappy at all The rest looks completely valid if you actually decode it proper. e.g. 0x51000 00001000 bit 0-31: 00001000 Offset 0x1000: 1 Page bit 32-47: 1000 Size 0x1000: 1 Page bit 48-63: 5 Type 5: STACK_TYPE_EXCEPTION + ESTACK_DF So, no. This is NOT the problem. But yes, you are right that percpu_setup_exception_stacks() has not yet been called simply because the percpu entry area has not been mapped yet. So lets look at the full context: begin = (unsigned long)__this_cpu_read(cea_exception_stacks); When percpu_setup_exception_stacks() has not been called yet, then begin should be 0. end = begin + sizeof(struct cea_exception_stacks); end should be 0 + sizeof(struct cea_exception_stacks); /* Bail if @stack is outside the exception stack area. */ if (stk < begin || stk >= end) return false; So 'begin <= stk < end' must be true to get to the below: /* Calc page offset from start of exception stacks */ k = (stk - begin) >> PAGE_SHIFT; which gives a valid 'k' no matter what 'begin' is. And obviously 'k' cannot be outside of the array size of estack_pages. /* Lookup the page descriptor */ ep = &estack_pages[k]; Ergo ep must be a valid pointer pointing to the statically allocated and statically initialized estack_pages array. /* Guard page? */ if (!ep->size) How on earth can dereferencing ep crash the machine? return false; That does not make any sense. Surely, we should not even try to decode exception stack when cea_exception_stacks is not yet initialized, but that does not explain anything what you are observing. Thanks, tglx