[Bug 103109] New: userptr vs swap -- BUG: unable to handle kernel paging request
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Oct 5 12:59:14 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=103109
Bug ID: 103109
Summary: userptr vs swap -- BUG: unable to handle kernel
paging request
Product: DRI
Version: XOrg git
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: DRM/Intel
Assignee: intel-gfx-bugs at lists.freedesktop.org
Reporter: chris at chris-wilson.co.uk
QA Contact: intel-gfx-bugs at lists.freedesktop.org
CC: intel-gfx-bugs at lists.freedesktop.org
[ 2791.372779] [IGT] gem_userptr_blits: starting subtest mlocked-unsync-normal
[ 2807.626009] perf invoked oom-killer:
gfp_mask=0x14201ca(GFP_HIGHUSER_MOVABLE|__GFP_COLD), nodemask=(null), order=0,
oom_score_adj=0
[ 2807.626138] perf cpuset=/ mems_allowed=0
[ 2807.626277] CPU: 3 PID: 372 Comm: perf Tainted: G U 4.14.0-rc3+
#263
[ 2807.626307] Hardware name: /NUC6CAYB, BIOS
AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
[ 2807.626344] Call Trace:
[ 2807.626366] dump_stack+0x68/0x9f
[ 2807.626389] dump_header+0x92/0x26b
[ 2807.626411] ? trace_hardirqs_on+0xd/0x10
[ 2807.626434] oom_kill_process+0x212/0x480
[ 2807.626457] out_of_memory+0xf1/0x330
[ 2807.626483] __alloc_pages_slowpath+0xd1a/0xe00
[ 2807.626507] ? fs_reclaim_acquire+0x20/0x20
[ 2807.626530] __alloc_pages_nodemask+0x1ca/0x1e0
[ 2807.626554] filemap_fault+0x402/0x740
[ 2807.626584] ? filemap_map_pages+0x211/0x400
[ 2807.626608] ? ext4_filemap_fault+0x27/0x50
[ 2807.626630] ext4_filemap_fault+0x2f/0x50
[ 2807.626653] __do_fault+0x17/0x60
[ 2807.626674] __handle_mm_fault+0x8f5/0xe10
[ 2807.626724] handle_mm_fault+0x169/0x2b0
[ 2807.626751] __do_page_fault+0x15d/0x3d0
[ 2807.626777] ? trace_hardirqs_on_caller+0xee/0x180
[ 2807.626804] do_page_fault+0xc/0x10
[ 2807.626832] page_fault+0x1f/0x30
[ 2807.626857] RIP: 0033:0x55b875f3a320
[ 2807.626881] RSP: 002b:00007ffcf08015c8 EFLAGS: 00010246
[ 2807.626917] RAX: 000055b8760ba920 RBX: 000055b877e4bab0 RCX:
000055b8760ba920
[ 2807.626947] RDX: 0000000000000000 RSI: 000055b8760ba920 RDI:
000055b8760ba920
[ 2807.626983] RBP: 00007ffcf08015e0 R08: 0000000000000000 R09:
00007ffcf0801920
[ 2807.627014] R10: 00007ffcf0801920 R11: 00007ffcf08018f8 R12:
000055b877e2c4f0
[ 2807.627045] R13: 000055b87936dde0 R14: 00007ffcf0801620 R15:
000055b87957b718
[ 2807.627278] Mem-Info:
[ 2807.627301] active_anon:31 inactive_anon:99 isolated_anon:0
[ 2807.627301] active_file:34 inactive_file:38 isolated_file:0
[ 2807.627301] unevictable:1935618 dirty:0 writeback:0 unstable:0
[ 2807.627301] slab_reclaimable:4472 slab_unreclaimable:16635
[ 2807.627301] mapped:510 shmem:97 pagetables:4536 bounce:0
[ 2807.627301] free:26796 free_pcp:18 free_cma:0
[ 2807.627393] Node 0 active_anon:124kB inactive_anon:396kB active_file:136kB
inactive_file:152kB unevictable:7742472kB isolated(anon):0kB isolated(file):0kB
mapped:2040kB dirty:0kB writeback:0kB shmem:388kB shmem_thp: 0kB
shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB
all_unreclaimable? yes
[ 2807.627500] DMA free:15896kB min:132kB low:164kB high:196kB active_anon:0kB
inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB
writepending:0kB present:15984kB managed:15896kB mlocked:0kB kernel_stack:0kB
pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 2807.627570] lowmem_reserve[]: 0 1793 7780 7780
[ 2807.627617] DMA32 free:39444kB min:15544kB low:19428kB high:23312kB
active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:0kB
unevictable:1793548kB writepending:0kB present:1926480kB managed:1836596kB
mlocked:1793548kB kernel_stack:0kB pagetables:3504kB bounce:0kB free_pcp:0kB
local_pcp:0kB free_cma:0kB
[ 2807.627695] lowmem_reserve[]: 0 0 5987 5987
[ 2807.627771] Normal free:51844kB min:51900kB low:64872kB high:77844kB
active_anon:116kB inactive_anon:396kB active_file:136kB inactive_file:172kB
unevictable:5948924kB writepending:0kB present:6291456kB managed:6130952kB
mlocked:5948924kB kernel_stack:18000kB pagetables:14640kB bounce:0kB
free_pcp:72kB local_pcp:72kB free_cma:0kB
[ 2807.627850] lowmem_reserve[]: 0 0 0 0
[ 2807.627892] DMA: 2*4kB (U) 2*8kB (U) 2*16kB (U) 3*32kB (U) 2*64kB (U)
0*128kB 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15896kB
[ 2807.628063] DMA32: 3*4kB (U) 1*8kB (U) 4*16kB (UM) 4*32kB (UM) 1*64kB (M)
2*128kB (UM) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 9*4096kB (UM) =
39444kB
[ 2807.628214] Normal: 459*4kB (UME) 1030*8kB (UME) 504*16kB (UME) 276*32kB
(UME) 181*64kB (UME) 78*128kB (U) 5*256kB (M) 2*512kB (M) 1*1024kB (M) 0*2048kB
0*4096kB = 51868kB
[ 2807.628379] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0
hugepages_size=2048kB
[ 2807.628409] 209 total pagecache pages
[ 2807.628439] 25 pages in swap cache
[ 2807.628460] Swap cache stats: add 18432, delete 18408, find 2353/6883
[ 2807.628486] Free swap = 8173308kB
[ 2807.628505] Total swap = 8233980kB
[ 2807.628568] 2058480 pages RAM
[ 2807.628586] 0 pages HighMem/MovableOnly
[ 2807.628606] 62619 pages reserved
[ 2807.628625] [ pid ] uid tgid total_vm rss nr_ptes nr_pmds swapents
oom_score_adj name
[ 2807.628693] [ 140] 0 140 11524 1 25 3 125
0 systemd-journal
[ 2807.628813] [ 154] 0 154 10862 1 22 3 199
-1000 systemd-udevd
[ 2807.628853] [ 242] 0 242 12469 0 27 3 124
0 rpcbind
[ 2807.628890] [ 243] 100 243 31822 0 30 3 135
0 systemd-timesyn
[ 2807.628932] [ 298] 0 298 7410 1 18 3 63
0 cron
[ 2807.628968] [ 299] 0 299 62530 0 27 3 225
0 rsyslogd
[ 2807.629005] [ 300] 0 300 1055 0 7 3 36
0 acpid
[ 2807.629180] [ 301] 0 301 6992 0 18 3 55
0 atd
[ 2807.629226] [ 302] 0 302 8953 0 21 3 91
0 irqbalance
[ 2807.629266] [ 303] 0 303 11606 1 27 3 138
0 systemd-logind
[ 2807.629307] [ 304] 105 304 11281 0 27 3 119
-900 dbus-daemon
[ 2807.629346] [ 311] 0 311 17487 0 35 3 193
-1000 sshd
[ 2807.629391] [ 315] 0 315 3635 0 11 3 39
0 agetty
[ 2807.629430] [ 320] 0 320 23794 1 47 3 243
0 sshd
[ 2807.629472] [ 322] 1000 322 16217 0 33 3 224
0 systemd
[ 2807.629511] [ 323] 1000 323 20620 0 39 3 386
0 (sd-pam)
[ 2807.629550] [ 329] 1000 329 23794 0 46 3 248
0 sshd
[ 2807.629588] [ 330] 1000 330 5347 1 15 3 520
0 bash
[ 2807.629625] [ 350] 0 350 23794 1 50 4 242
0 sshd
[ 2807.629663] [ 356] 1000 356 23794 0 48 4 268
0 sshd
[ 2807.629701] [ 357] 1000 357 5346 1 14 3 517
0 bash
[ 2807.629762] [ 371] 0 371 12315 1 28 3 109
0 sudo
[ 2807.629800] [ 372] 0 372 44586 405 41 3 8239
0 perf
[ 2807.629837] [ 399] 0 399 12315 1 28 3 109
0 sudo
[ 2807.629875] [ 400] 0 400 9911 1 23 3 341
1000 gem_userptr_bli
[ 2807.630146] [ 1736] 0 1736 1948856 1935611 3801 11 341
1000 gem_userptr_bli
[ 2807.630192] Out of memory: Kill process 1736 (gem_userptr_bli) score 1463 or
sacrifice child
[ 2807.630495] Killed process 1736 (gem_userptr_bli) total-vm:7795424kB,
anon-rss:7742444kB, file-rss:0kB, shmem-rss:0kB
[ 2809.425396] oom_reaper: reaped process 1736 (gem_userptr_bli), now
anon-rss:0kB, file-rss:0kB, shmem-rss:0kB
[ 2809.458506] [IGT] gem_userptr_blits: starting subtest swapping-unsync-normal
[ 2866.773714] kernel tried to execute NX-protected page - exploit attempt?
(uid: 0)
[ 2866.773759] BUG: unable to handle kernel paging request at ffffea00052f5b40
[ 2866.773784] IP: 0xffffea00052f5b40
[ 2866.773798] PGD 27e844067 P4D 27e844067 PUD 27e843067 PMD 8000000279a001e3
[ 2866.773823] Oops: 0011 [#1] SMP DEBUG_PAGEALLOC
[ 2866.773839] Modules linked in: i915 prime_numbers intel_gtt drm_kms_helper
[ 2866.773871] CPU: 1 PID: 1252 Comm: kworker/1:62H Tainted: G U
4.14.0-rc3+ #263
[ 2866.773893] Hardware name: /NUC6CAYB, BIOS
AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
[ 2866.773957] Workqueue: i915-userptr-acquire
__i915_gem_userptr_get_pages_worker [i915]
[ 2866.773980] task: ffff88025e1f8040 task.stack: ffffc90001f10000
[ 2866.773999] RIP: 0010:0xffffea00052f5b40
[ 2866.774013] RSP: 0018:ffffc90001f13578 EFLAGS: 00010246
[ 2866.774032] RAX: 0000000000000080 RBX: ffffea0008839bc0 RCX:
0000000000000000
[ 2866.774051] RDX: 0000000000000000 RSI: ffffc90001f135c0 RDI:
ffff88026ad56a98
[ 2866.774070] RBP: ffffc90001f13610 R08: 28f5c28f5c28f5c3 R09:
0000000000000000
[ 2866.774088] R10: 000000007475c8cf R11: ffffffff8229b9a0 R12:
0000000000000000
[ 2866.774107] R13: 0000000000000000 R14: 0000000000000010 R15:
ffff88026ad56a98
[ 2866.774131] FS: 0000000000000000(0000) GS:ffff88027ee80000(0000)
knlGS:0000000000000000
[ 2866.774151] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2866.774169] CR2: ffffea00052f5b40 CR3: 000000027437c000 CR4:
00000000001406e0
[ 2866.774188] Call Trace:
[ 2866.774207] ? shrink_slab.part.42+0xed/0x290
[ 2866.774227] shrink_node+0x222/0x320
[ 2866.774243] do_try_to_free_pages+0xdb/0x340
[ 2866.774260] try_to_free_pages+0xac/0xd0
[ 2866.774276] __alloc_pages_slowpath+0x420/0xe00
[ 2866.774294] ? fs_reclaim_acquire+0x20/0x20
[ 2866.774310] __alloc_pages_nodemask+0x1ca/0x1e0
[ 2866.774328] __read_swap_cache_async+0x126/0x1b0
[ 2866.774345] swapin_readahead+0x14f/0x230
[ 2866.774366] shmem_swapin+0x3f/0x50
[ 2866.774382] ? shmem_swapin+0x3f/0x50
[ 2866.774404] ? shmem_getpage_gfp.isra.48+0x843/0xe40
[ 2866.774419] shmem_getpage_gfp.isra.48+0x86d/0xe40
[ 2866.774436] ? save_stack_trace+0x16/0x20
[ 2866.774449] shmem_fault+0x87/0x1d0
[ 2866.774462] ? follow_page_pte+0x105/0x500
[ 2866.774475] __do_fault+0x17/0x60
[ 2866.774487] __handle_mm_fault+0x6fd/0xe10
[ 2866.774500] handle_mm_fault+0x169/0x2b0
[ 2866.774513] __get_user_pages+0xf7/0x580
[ 2866.774526] get_user_pages_remote+0x124/0x1b0
[ 2866.774572] __i915_gem_userptr_get_pages_worker+0x18a/0x240 [i915]
[ 2866.774590] process_one_work+0x1d9/0x3f0
[ 2866.774604] ? process_one_work+0x175/0x3f0
[ 2866.774622] worker_thread+0x49/0x3a0
[ 2866.774637] kthread+0x13d/0x170
[ 2866.774649] ? process_one_work+0x3f0/0x3f0
[ 2866.774662] ? kthread_create_on_node+0x40/0x40
[ 2866.774677] ret_from_fork+0x27/0x40
[ 2866.774688] Code: 88 ff ff 01 00 00 00 01 00 00 00 60 53 2f 05 00 ea ff ff
60 6d 2f 05 00 ea ff ff 00 95 a8 74 02 88 ff ff 00 00 00 00 00 00 00 00 <00> 00
00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2866.774797] RIP: 0xffffea00052f5b40 RSP: ffffc90001f13578
[ 2866.774811] CR2: ffffea00052f5b40
[ 2866.774824] ---[ end trace baf7838fde4a4300 ]---
[ 2866.774828] kernel tried to execute NX-protected page - exploit attempt?
(uid: 0)
[ 2866.774830] BUG: unable to handle kernel paging request at ffffea00052f5b40
[ 2866.774836] IP: 0xffffea00052f5b40
[ 2866.774838] PGD 27e844067 P4D 27e844067 PUD 27e843067 PMD 8000000279a001e3
[ 2866.774844] Oops: 0011 [#2] SMP DEBUG_PAGEALLOC
[ 2866.774846] Modules linked in: i915 prime_numbers intel_gtt drm_kms_helper
[ 2866.774854] CPU: 2 PID: 400 Comm: gem_userptr_bli Tainted: G UD
4.14.0-rc3+ #263
[ 2866.774855] Hardware name: /NUC6CAYB, BIOS
AYAPLCEL.86A.0029.2016.1124.1625 11/24/2016
[ 2866.774858] task: ffff88026b67e440 task.stack: ffffc90000494000
[ 2866.774859] RIP: 0010:0xffffea00052f5b40
[ 2866.774860] RSP: 0018:ffffc90000497548 EFLAGS: 00010246
[ 2866.774862] RAX: 0000000000000080 RBX: ffffea0008839bc0 RCX:
0000000000000000
[ 2866.774863] RDX: 0000000000000000 RSI: ffffc90000497590 RDI:
ffff88026ad56a98
[ 2866.774864] RBP: ffffc900004975e0 R08: 28f5c28f5c28f5c3 R09:
0000000000000000
[ 2866.774865] R10: ffffc900004975f0 R11: 0000000000000000 R12:
0000000000000000
[ 2866.774866] R13: 0000000000000000 R14: 0000000000000010 R15:
ffff88026ad56a98
[ 2866.774868] FS: 00007fabc8555740(0000) GS:ffff88027ef00000(0000)
knlGS:0000000000000000
[ 2866.774869] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2866.774870] CR2: ffffea00052f5b40 CR3: 000000027437c000 CR4:
00000000001406e0
[ 2866.774871] Call Trace:
[ 2866.774878] ? shrink_slab.part.42+0xed/0x290
[ 2866.774882] shrink_node+0x222/0x320
[ 2866.774884] do_try_to_free_pages+0xdb/0x340
[ 2866.774886] try_to_free_pages+0xac/0xd0
[ 2866.774888] __alloc_pages_slowpath+0x420/0xe00
[ 2866.774892] ? fs_reclaim_acquire+0x20/0x20
[ 2866.774894] __alloc_pages_nodemask+0x1ca/0x1e0
[ 2866.774934] __setup_page_dma.constprop.73+0x16b/0x230 [i915]
[ 2866.774968] alloc_pt+0x37/0x60 [i915]
[ 2866.774999] gen8_ppgtt_alloc_pdp+0x187/0x430 [i915]
[ 2866.775030] gen8_ppgtt_alloc_4lvl+0x5f/0x250 [i915]
[ 2866.775060] ppgtt_bind_vma+0x6d/0x80 [i915]
[ 2866.775093] i915_vma_bind+0x8f/0xe0 [i915]
[ 2866.775126] __i915_vma_do_pin+0x3fd/0x670 [i915]
[ 2866.775156] eb_lookup_vmas+0x863/0xf00 [i915]
[ 2866.775187] i915_gem_do_execbuffer+0x361/0x14c0 [i915]
[ 2866.775191] ? __kernel_map_pages+0x77/0x170
[ 2866.775193] ? kvmalloc_node+0x43/0x80
[ 2866.775195] ? kvmalloc_node+0x43/0x80
[ 2866.775197] ? cache_alloc_debugcheck_after.isra.66+0x197/0x1e0
[ 2866.775201] ? kvmalloc_node+0x43/0x80
[ 2866.775203] ? __kmalloc+0xcf/0x780
[ 2866.775207] ? __intel_pmu_enable_all.constprop.21+0x27/0x80
[ 2866.775237] ? i915_gem_execbuffer+0x2a0/0x2a0 [i915]
[ 2866.775268] i915_gem_execbuffer2+0x198/0x350 [i915]
[ 2866.775272] ? drm_copy_field+0x1a/0x60
[ 2866.775301] ? i915_gem_execbuffer+0x2a0/0x2a0 [i915]
[ 2866.775304] drm_ioctl_kernel+0x64/0xb0
[ 2866.775306] drm_ioctl+0x2f4/0x3d0
[ 2866.775336] ? i915_gem_execbuffer+0x2a0/0x2a0 [i915]
[ 2866.775339] do_vfs_ioctl+0x8f/0x650
[ 2866.775341] ? nmi_handle+0xeb/0x170
[ 2866.775344] ? trace_hardirqs_on_caller+0xee/0x180
[ 2866.775345] SyS_ioctl+0x3c/0x70
[ 2866.775348] entry_SYSCALL_64_fastpath+0x18/0xad
[ 2866.775350] RIP: 0033:0x7fabc67c5e07
[ 2866.775352] RSP: 002b:00007fff3205b848 EFLAGS: 00000246 ORIG_RAX:
0000000000000010
[ 2866.775354] RAX: ffffffffffffffda RBX: 000055f8701e7a50 RCX:
00007fabc67c5e07
[ 2866.775355] RDX: 00007fff3205b910 RSI: 0000000040406469 RDI:
0000000000000003
[ 2866.775356] RBP: 0000000000000003 R08: 0000000000000000 R09:
000000000004ff50
[ 2866.775357] R10: 000055f870238000 R11: 0000000000000246 R12:
00000000000016d7
[ 2866.775358] R13: 0000000000002180 R14: 0000000000000678 R15:
00000000000006e6
[ 2866.775359] Code: 88 ff ff 01 00 00 00 01 00 00 00 60 53 2f 05 00 ea ff ff
60 6d 2f 05 00 ea ff ff 00 95 a8 74 02 88 ff ff 00 00 00 00 00 00 00 00 <00> 00
00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2866.775402] RIP: 0xffffea00052f5b40 RSP: ffffc90000497548
[ 2866.775403] CR2: ffffea00052f5b40
[ 2866.775406] ---[ end trace baf7838fde4a4301 ]---
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20171005/120d8236/attachment-0001.html>
More information about the intel-gfx-bugs
mailing list