lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 23 Jun 2017 11:18:42 +0530
From:   Naresh Kamboju <naresh.kamboju@...aro.org>
To:     valdis.kletnieks@...edu
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        linux-mm@...ck.org
Subject: Re: next-20170620 BUG in do_page_fault / do_huge_pmd_wp_page

Hi Valdis,

On 23 June 2017 at 08:56,  <valdis.kletnieks@...edu> wrote:
> Saw this at boot of next-20170620.  Not sure how I managed to hit 4 BUG in a row...
>
> Looked in 'git log -- mm/' but not seeing anything blatantly obvious.
>
> This ringing any bells?  I'm not in a position to recreate or bisect this until
> the weekend.
>
> [  315.409076] BUG: Bad rss-counter state mm:ffff8a223deb4640 idx:0 val:-512
> [  315.412889] BUG: Bad rss-counter state mm:ffff8a223deb4640 idx:1 val:512
> [  315.416694] BUG: non-zero nr_ptes on freeing mm: 1
> [  315.436098] BUG: Bad page state in process gdm  pfn:3e8400
> [  315.439802] page:ffffe8af0fa10000 count:-1 mapcount:0 mapping:          (null) index:0x1
> [  315.443264] flags: 0x4000000000000000()
> [  315.446715] raw: 4000000000000000 0000000000000000 0000000000000001 ffffffffffffffff
> [  315.450181] raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
> [  315.453628] page dumped because: nonzero _count
> [  315.457023] Modules linked in: ts_bm nf_log_ipv4 xt_string nf_log_ipv6 nf_log_common xt_LOG sunrpc vfat fat brcmsmac cordic brcmutil dell
> _wmi x86_pkg_temp_thermal crct10dif_pclmul dell_laptop crc32_pclmul crc32c_intel dell_smbios ghash_clmulni_intel dell_smm_hwmon cryptd bcma
> mei_wdt dell_smo8800 dell_rbtn sch_fq tcp_bbr
> [  315.457116] CPU: 3 PID: 6684 Comm: gdm Not tainted 4.12.0-rc6-next-20170620 #506
> [  315.457119] Hardware name: Dell Inc. Latitude E6530/07Y85M, BIOS A19 01/04/2017
> [  315.457122] Call Trace:
> [  315.457131]  dump_stack+0x83/0xd1
> [  315.457141]  bad_page+0x10c/0x1b0
> [  315.457151]  check_new_page_bad+0x12e/0x180
> [  315.457159]  get_page_from_freelist+0x756/0x1840
> [  315.457170]  ? native_sched_clock+0x80/0xf0
> [  315.457184]  ? find_held_lock+0x38/0x160
> [  315.457194]  __alloc_pages_nodemask+0x145/0x5a0
> [  315.457211]  do_huge_pmd_wp_page+0x58d/0x1380
> [  315.457217]  ? cyc2ns_read_begin+0x82/0xb0
> [  315.457224]  ? cyc2ns_read_end+0x22/0x40
> [  315.457229]  ? native_sched_clock+0x80/0xf0
> [  315.457236]  ? native_sched_clock+0x80/0xf0
> [  315.457247]  __handle_mm_fault+0x831/0x14e0
> [  315.457253]  ? sched_clock_cpu+0x1b/0x1e0
> [  315.457273]  handle_mm_fault+0x23c/0x6f0
> [  315.457283]  __do_page_fault+0x460/0x950
> [  315.457298]  do_page_fault+0xc/0x10
> [  315.457305]  page_fault+0x22/0x30
> [  315.457310] RIP: 0033:0x7fe15390e5c1
> [  315.457314] RSP: 002b:00007ffd2acdca30 EFLAGS: 00010202
> [  315.457320] RAX: 0000000000000000 RBX: 00007ffd2acdca50 RCX: 0000000000000000
> [  315.457324] RDX: 0000000000801000 RSI: 00007fe14bfff9c0 RDI: 00007fe14b7fec10
> [  315.457328] RBP: 00007ffd2acdcac0 R08: 00007fe14b7fed10 R09: 00007fe153b22030
> [  315.457331] R10: 00007fe155346900 R11: 0000000000000202 R12: 0000000000000000
> [  315.457335] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fe155413000
> [  315.457354] Disabling lock debugging due to kernel taint
>
>
>


This bug occurred on HiKey (arm64) while booting.
Here is the boot log,

Linux version:
-------------------
Linux version 4.12.0-rc6-next-20170622 (buildslave@...-64-08) (gcc
version 6.2.1 20161016 (Linaro GCC 6.2-2016.11)) #1 SMP PREEMPT Thu
Jun 22 15:54:05 UTC 2017

Error log:
-------------
[    8.759348] BUG: Bad page state in process dockerd  pfn:6f800
[    8.765806] page:ffff7e0001be0000 count:-1 mapcount:0 mapping:
    (null) index:0x1
[    8.774115] flags: 0xfffc00000000000()
[    8.777970] raw: 0fffc00000000000 0000000000000000 0000000000000001
ffffffffffffffff
[    8.785915] raw: dead000000000100 dead000000000200 0000000000000000
0000000000000000
[    8.793857] page dumped because: nonzero _count
[    8.798506] Modules linked in: asix usbnet adv7511 dw_drm_dsi
kirin_drm drm_kms_helper drm fuse
[    8.812369] CPU: 6 PID: 2419 Comm: dockerd Not tainted
4.12.0-rc6-next-20170622 #1
[    8.825053] Hardware name: HiKey Development Board (DT)
[    8.835330] Call trace:
[    8.842735] [<ffff000008089b50>] dump_backtrace+0x0/0x230
[    8.853141] [<ffff000008089e44>] show_stack+0x14/0x20
[    8.863121] [<ffff000008afbb20>] dump_stack+0xb8/0xf0
[    8.873018] [<ffff0000081ffa94>] bad_page+0xe4/0x148
[    8.882766] [<ffff0000081ffc04>] check_new_page_bad+0x64/0xa0
[    8.893262] [<ffff0000082044ec>] get_page_from_freelist+0xab4/0xca0
[    8.904251] [<ffff000008204ca4>] __alloc_pages_nodemask+0x10c/0x1328
[    8.915273] [<ffff000008262d30>] alloc_pages_current+0x80/0xe8
[    8.925737] [<ffff0000081f91d0>] __page_cache_alloc+0xf8/0x128
[    8.936138] [<ffff00000820cf48>] __do_page_cache_readahead+0x128/0x340
[    8.947212] [<ffff0000081fba40>] filemap_fault+0x328/0x6c8
[    8.957166] [<ffff0000083589c0>] ext4_filemap_fault+0x30/0x50
[    8.967394] [<ffff00000823a2a0>] __do_fault+0x20/0x88
[    8.976907] [<ffff00000824058c>] __handle_mm_fault+0x97c/0x10d0
[    8.987311] [<ffff000008240e88>] handle_mm_fault+0x1a8/0x338
[    8.997385] [<ffff000008b19980>] do_page_fault+0x2c0/0x3d0
[    9.007222] [<ffff000008081388>] do_mem_abort+0x40/0x98
[    9.016720] Exception stack(0xffff800073b63e20 to 0xffff800073b63f50)
[    9.027469] 3e20: 0000000000000200 000080006ee78000
ffffffffffffffff 0000000000426724
[    9.039643] 3e40: 0000000000000200 000080006ee78000
ffff800073b63ec0 000000000047ac20
[    9.051783] 3e60: 0000000060000000 0000000000000015
0000000000000124 000000000047ac20
[    9.063889] 3e80: 0000000000000000 ffff0000080837d8
0000000000000200 000080006ee78000
[    9.075945] 3ea0: ffffffffffffffff 000000000047ac20
0000000060000000 0000000000000015
[    9.087975] 3ec0: 0000000000000000 0000000000000000
000000481ffff9fd 0000000000000004
[    9.099910] 3ee0: 0000000001a5e1e0 0000000000001808
0000000000000005 0000000000000010
[    9.111772] 3f00: 0000000000000062 0000000000000030
0000000001faebb4 0000000000000000
[    9.123614] 3f20: 0000000000000039 0000000000000000
0000000000000000 0000000000000040
[    9.135437] 3f40: 0000004820051ed8 0000000001fb6a00
[    9.144221] [<ffff0000080833b4>] el0_da+0x20/0x24
[    9.152697] Disabling lock debugging due to kernel taint
[    9.161887] BUG: Bad rss-counter state mm:ffff800073dec800 idx:0 val:-512
[    9.172421] BUG: Bad rss-counter state mm:ffff800073dec800 idx:1 val:512
[    9.182760] BUG: non-zero nr_ptes on freeing mm: 1


Detailed boot log link,
https://lkft.validation.linaro.org/scheduler/job/3855#L1090

- Naresh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ