| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Mar 2012 11:51:16 +0400
From: "Yurij M. Plotnikov" <Yurij.Plotnikov@...etlabs.ru>
To: linux-kernel@...r.kernel.org, jbaron@...hat.com,
"Alexandra N. Kossovsky" <Alexandra.Kossovsky@...etlabs.ru>
Subject: Dead circle in epoll file descriptor causes soft lockup on kernel
3.2.12
Adding epoll file descriptors in each other in circle causes soft lockup
on kernel 3.2.12 (I'm using Debian kernel 3.2.0-0.bpo.1-amd64). The
following steps describe the problem:
1. epoll_create(1) -> 3
2. epoll_create(1) -> 4
3. socket(SOCK_STREAM) -> 5
4. bind(5, 0.0.0.0:0) -> 0
5. listen(5, 1) -> 0
6. epoll_ctl(3, ADD, 5, events = 0) -> 0
7. epoll_ctl(3, ADD, 4, events = EPOLLIN) -> 0
8. epoll_ctl(4, ADD, 3, events = EPOLLIN) -> -1(ELOOP)
9. close(3) -> 0
10. close(4) -> 0
11. close(5) -> 0
After repetaing this sequence 2-3 times soft lockup appers. In
attachment c program to reproduce this problem.
Error logs from the host:
[ 144.021060] BUG: soft lockup - CPU#3 stuck for 23s! [epoll_dead:1848]
[ 144.027853] Modules linked in: autofs4 des_generic cbc
rpcsec_gss_krb5 nfsd nfs lockd fscache auth_rpcgss nfs_acl sunrpc 8021q
garp stp w83627ehf hwmon_vid coretemp loop snd_hda_intel snd_hda_codec
snd_hwdep i915 drm_kms_helper drm snd_pcm iTCO_wdt processor snd_timer
snd video mtdchar iTCO_vendor_support thermal_sys i2c_i801 soundcore
snd_page_alloc evdev pcspkr button ext3 jbd mbcache dm_mod sd_mod
crc_t10dif ata_generic ehci_hcd ata_piix sfc mtd i2c_algo_bit i2c_core
mdio libata usbcore usb_common e1000e scsi_mod [last unloaded:
scsi_wait_scan]
[ 144.080190] CPU 3
[ 144.082148] Modules linked in: autofs4 des_generic cbc
rpcsec_gss_krb5 nfsd nfs lockd fscache auth_rpcgss nfs_acl sunrpc 8021q
garp stp w83627ehf hwmon_vid coretemp loop snd_hda_intel snd_hda_codec
snd_hwdep i915 drm_kms_helper drm snd_pcm iTCO_wdt processor snd_timer
snd video mtdchar iTCO_vendor_support thermal_sys i2c_i801 soundcore
snd_page_alloc evdev pcspkr button ext3 jbd mbcache dm_mod sd_mod
crc_t10dif ata_generic ehci_hcd ata_piix sfc mtd i2c_algo_bit i2c_core
mdio libata usbcore usb_common e1000e scsi_mod [last unloaded:
scsi_wait_scan]
[ 144.134763]
[ 144.136335] Pid: 1848, comm: epoll_dead Not tainted 3.2.0-2-amd64
#1 /DH55HC
[ 144.145441] RIP: 0010:[<ffffffff8104b253>] [<ffffffff8104b253>]
arch_local_irq_enable+0x4/0x8
[ 144.154602] RSP: 0018:ffff880077263ef8 EFLAGS: 00000206
[ 144.160208] RAX: 0000000000000003 RBX: ffffffff810248c2 RCX:
0000000000000020
[ 144.167698] RDX: 000000218711a000 RSI: 0000000000000096 RDI:
0000000000000100
[ 144.175232] RBP: ffff880036963fd8 R08: 0000000000000200 R09:
0000000000000200
[ 144.182871] R10: 0000000000000800 R11: ffff88007726e780 R12:
ffff880077263e68
[ 144.190430] R13: ffffffff8134eade R14: ffff880036963fd8 R15:
ffffffff81604080
[ 144.198023] FS: 00007f2c885fd700(0000) GS:ffff880077260000(0000)
knlGS:0000000000000000
[ 144.206607] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 144.212704] CR2: 00007f2c880e4b50 CR3: 0000000037286000 CR4:
00000000000006e0
[ 144.220259] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 144.227803] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[ 144.235312] Process epoll_dead (pid: 1848, threadinfo
ffff880036962000, task ffff8800371ef810)
[ 144.244481] Stack:
[ 144.246608] ffffffff8104be38 000000219a61790e 000000030000000a
0000000000000003
[ 144.254549] 0000000000000046 ffff880077263f58 ffff880036c4d380
ffff880036c4d380
[ 144.262386] ffffffff817e6b30 0000000000000000 ffffffff8135026c
ffff880077263f58
[ 144.270288] Call Trace:
[ 144.272900] <IRQ>
[ 144.275145] [<ffffffff8104be38>] ? __do_softirq+0x59/0x177
[ 144.280933] [<ffffffff8135026c>] ? call_softirq+0x1c/0x30
[ 144.286676] [<ffffffff8100f8e5>] ? do_softirq+0x3c/0x7b
[ 144.292325] [<ffffffff8104c100>] ? irq_exit+0x3c/0x9a
[ 144.297680] [<ffffffff81023fd8>] ? smp_apic_timer_interrupt+0x74/0x82
[ 144.304470] [<ffffffff811284f4>] ? ep_call_nested.constprop.8+0xec/0xec
[ 144.311577] [<ffffffff8134eade>] ? apic_timer_interrupt+0x6e/0x80
[ 144.318124] <EOI>
[ 144.320389] [<ffffffff811284f4>] ? ep_call_nested.constprop.8+0xec/0xec
[ 144.327493] [<ffffffff8107072e>] ? arch_local_irq_restore+0x2/0x8
[ 144.333977] [<ffffffff8112848f>] ? ep_call_nested.constprop.8+0x87/0xec
[ 144.341030] [<ffffffff81129003>] ? sys_epoll_ctl+0x43a/0x696
[ 144.348417] [<ffffffff811282a0>] ? ep_set_mstimeout+0x4a/0x4a
[ 144.355994] [<ffffffff8134e012>] ? system_call_fastpath+0x16/0x1b
[ 144.363876] Code: 83 c4 58 5b 5d c3 90 90 f0 0f ab 3e 19 c0 c3 9c 58
66 66 90 66 90 c3 57 9d 66 66 90 66 90 c3 fa 66 66 90 66 66 90 c3 fb 66
66 90 <66> 66 90 c3 f0 80 67 08 fd c3 48 c7 07 00 00 00 00 48 c7 47 08
[ 144.387832] Call Trace:
[ 144.391831] <IRQ> [<ffffffff8104be38>] ? __do_softirq+0x59/0x177
[ 144.399741] [<ffffffff8135026c>] ? call_softirq+0x1c/0x30
[ 144.406861] [<ffffffff8100f8e5>] ? do_softirq+0x3c/0x7b
[ 144.413802] [<ffffffff8104c100>] ? irq_exit+0x3c/0x9a
[ 144.420594] [<ffffffff81023fd8>] ? smp_apic_timer_interrupt+0x74/0x82
[ 144.428789] [<ffffffff811284f4>] ? ep_call_nested.constprop.8+0xec/0xec
[ 144.437099] [<ffffffff8134eade>] ? apic_timer_interrupt+0x6e/0x80
[ 144.444923] <EOI> [<ffffffff811284f4>] ?
ep_call_nested.constprop.8+0xec/0xec
[ 144.453927] [<ffffffff8107072e>] ? arch_local_irq_restore+0x2/0x8
[ 144.461647] [<ffffffff8112848f>] ? ep_call_nested.constprop.8+0x87/0xec
[ 144.469962] [<ffffffff81129003>] ? sys_epoll_ctl+0x43a/0x696
[ 144.477263] [<ffffffff811282a0>] ? ep_set_mstimeout+0x4a/0x4a
[ 144.484576] [<ffffffff8134e012>] ? system_call_fastpath+0x16/0x1b
View attachment "epoll_dead.c" of type "text/x-csrc" (1698 bytes)
Powered by blists - more mailing lists