| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Jan 2011 11:46:53 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: LKML <linux-kernel@...r.kernel.org>
Cc: Andrea Arcangeli <aarcange@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Rik van Riel <riel@...hat.com>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [BUG] khugepaged crashes on x86_32
Running ktest.pl overnight using a x86_32 kernel, it crashed several
times at the same location:
[ 138.204712] kobject: 'firewire_ohci' (f1f6ae70): fill_kobj_path: path = '/bus/pci/drivers/firewire_ohci'^M
[ 143.120618] BUG: unable to handle kernel paging request at fff90004
[ 143.121007] IP: [<c050888d>] khugepaged+0x8ee/0xd88
[ 143.121007] *pdpt = 0000000001857001 *pde = 00000000023ea067 *pte = 0000000000000000
[ 143.121007] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 143.121007] last sysfs file: /sys/devices/pci0000:00/0000:00:1e.0/0000:07:00.0/device
[ 143.121007] Modules linked in: firewire_ohci firewire_core e1000 iTCO_wdt i2c_i801 iTCO_vendor_support ata_generic
[ 143.121007]
[ 143.121007] Pid: 43, comm: khugepaged Not tainted 2.6.38-rc1-test #1 DG965MQ/
[ 143.167626] kobject: 'fw0' (f26d3ac0): kobject_add_internal: parent: '0000:07:03.0', set: 'devices'
[ 143.167876] kobject: 'fw0' (f26d3ac0): kobject_uevent_env
[ 143.167891] kobject: 'fw0' (f26d3ac0): fill_kobj_path: path = '/devices/pci0000:00/0000:00:1e.0/0000:07:03.0/fw0'
[ 143.167919] firewire_core: created device fw0: GUID 0090270001a9a277, S400
[ 143.203012] EIP: 0060:[<c050888d>] EFLAGS: 00010287 CPU: 1
[ 143.203012] EIP is at khugepaged+0x8ee/0xd88^M
[ 143.203012] EAX: b7600000 EBX: fff91000 ECX: fff90000 EDX: f7356000^M
[ 143.203012] ESI: f26327e0 EDI: f26327e0 EBP: f3be3f90 ESP: f3be3ed0
[ 143.203012] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 143.203012] Process khugepaged (pid: 43, ti=f3be2000 task=f3905500 task.ti=f3be2000)
[ 143.203012] Stack:
[ 143.203012] f73b2340 f3905500 f3905500 f3905500 00000067 fff91000 00001000 f3905500
[ 143.203012] f3905500 ffa51b4e f3be3f00 7e2da000 00000000 7e2da000 00000000 fff91000
[ 143.203012] f2fb85a8 00000001 00000000 f3905500 00000000 00001000 b7600000 f1891000
[ 143.203012] Call Trace:
[ 143.203012] [<c047dc33>] ? autoremove_wake_function+0x0/0x2f
[ 143.203012] [<c0507f9f>] ? khugepaged+0x0/0xd88^M
[ 143.203012] [<c047d8d2>] kthread+0x6d/0x72
[ 143.203012] [<c047d865>] ? kthread+0x0/0x72
[ 143.203012] [<c042c502>] kernel_thread_helper+0x6/0x10
[ 143.203012] Code: 7d d8 8b 47 44 8b 00 83 c0 04 e8 91 a3 9c 00 8b 45 d0 8b 55 c4 89 75 b0 89 fe 89 5d ac 89 45 d4 89 55 bc e9 c0 00 00 00 8b 4d dc <8b> 51 04 8b 01 89 d3 09 c3 75 26 8b 45 bc e8 bc 8e f4 ff b9 00
[ 143.203012] EIP: [<c050888d>] khugepaged+0x8ee/0xd88 SS:ESP 0068:f3be3ed0
[ 143.203012] CR2: 00000000fff90004
[ 143.203012] ---[ end trace 9d821574f573609c ]---
[ 145.478023] i2c i2c-9: master_xfer[0] W, addr=0x38, len=2
It's happening in this loop:
static void __collapse_huge_page_copy(pte_t *pte, struct page *page,
struct vm_area_struct *vma,
unsigned long address,
spinlock_t *ptl)
{
pte_t *_pte;
for (_pte = pte; _pte < pte+HPAGE_PMD_NR; _pte++) {
pte_t pteval = *_pte;
struct page *src_page;
The fault (according to gdb) is at the:
pte_t pteval = *_pte;
Attached is one of the configs I used to produce this bug.
I hit this bug with both v2.6.38-rc1 and with
HEAD == 12fcdba1b7ae8b25696433f420b775aeb556d89b
Let me know if you need to know anything more.
-- Steve
Download attachment "config.gz" of type "application/x-gzip" (29576 bytes)
Powered by blists - more mailing lists