lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <51BF3827.4060606@mozilla.com>
Date:	Mon, 17 Jun 2013 12:24:07 -0400
From:	Dhaval Giani <dgiani@...illa.com>
To:	John Stultz <john.stultz@...aro.org>
CC:	LKML <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Android Kernel Team <kernel-team@...roid.com>,
	Robert Love <rlove@...gle.com>, Mel Gorman <mel@....ul.ie>,
	Hugh Dickins <hughd@...gle.com>,
	Dave Hansen <dave@...ux.vnet.ibm.com>,
	Rik van Riel <riel@...hat.com>,
	Dmitry Adamushko <dmitry.adamushko@...il.com>,
	Dave Chinner <david@...morbit.com>, Neil Brown <neilb@...e.de>,
	Andrea Righi <andrea@...terlinux.com>,
	Andrea Arcangeli <aarcange@...hat.com>,
	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>,
	Mike Hommey <mh@...ndium.org>, Taras Glek <tglek@...illa.com>,
	Jan Kara <jack@...e.cz>,
	KOSAKI Motohiro <kosaki.motohiro@...il.com>,
	Michel Lespinasse <walken@...gle.com>,
	Minchan Kim <minchan@...nel.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>
Subject: Re: [PATCH 0/8] Volatile Ranges (v8?)

Hi John,

I have been giving your git tree a whirl, and in order to simulate a 
limited memory environment, I was using memory cgroups.

The program I was using to test is attached here. It is your test code, 
with some changes (changing the syscall interface, reducing the memory 
pressure to be generated).

I trapped it in a memory cgroup with 1MB memory.limit_in_bytes and hit this,

[  406.207612] ------------[ cut here ]------------
[  406.207621] kernel BUG at mm/vrange.c:523!
[  406.207626] invalid opcode: 0000 [#1] SMP
[  406.207631] Modules linked in:
[  406.207637] CPU: 0 PID: 1579 Comm: volatile-test Not tainted 
3.10.0-rc5+ #2
[  406.207650] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS 
VirtualBox 12/01/2006
[  406.207655] task: ffff880006fe0000 ti: ffff88001c8b0000 task.ti: 
ffff88001c8b0000
[  406.207659] RIP: 0010:[<ffffffff81155758>] [<ffffffff81155758>] 
try_to_discard_one+0x1f8/0x210
[  406.207667] RSP: 0000:ffff88001c8b1598  EFLAGS: 00010246
[  406.207671] RAX: 0000000000000000 RBX: 00007fde082c0000 RCX: 
ffff88001f199600
[  406.207675] RDX: 0000000000000006 RSI: 0000000000000007 RDI: 
0000000000000000
[  406.207679] RBP: ffff88001c8b15f8 R08: 0000000000000591 R09: 
0000000000000055
[  406.207683] R10: 0000000000000000 R11: 0000000000000000 R12: 
ffffea00002ae2c0
[  406.207687] R13: ffff88001ef9e540 R14: ffff88001ef9e5e0 R15: 
ffff88000b7cfda8
[  406.207692] FS:  00007fde08320740(0000) GS:ffff88001fc00000(0000) 
knlGS:0000000000000000
[  406.207696] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  406.207700] CR2: 00007fde082c0000 CR3: 000000001f131000 CR4: 
00000000000006f0
[  406.207707] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[  406.207711] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 
0000000000000400
[  406.207715] Stack:
[  406.207719]  0000000000000006 ffff88001f199600 ffff88001ef9e5d8 
0000000081154f16
[  406.207724]  ffff880000000001 ffffea00007c6670 ffff88001c8b15f8 
ffffea00002ae2c0
[  406.207729]  ffff88001f1386c0 ffff88001ef9e5d8 ffff88000b7cfda8 
ffff880005110a10
[  406.207734] Call Trace:
[  406.207743]  [<ffffffff81155b32>] discard_vpage+0x3c2/0x410
[  406.207753]  [<ffffffff81150881>] ? page_referenced+0x241/0x2c0
[  406.207762]  [<ffffffff8112e627>] shrink_page_list+0x397/0x950
[  406.207770]  [<ffffffff8112f12f>] shrink_inactive_list+0x14f/0x400
[  406.207778]  [<ffffffff8112f959>] shrink_lruvec+0x229/0x4e0
[  406.207787]  [<ffffffff8107e597>] ? wake_up_process+0x27/0x50
[  406.207795]  [<ffffffff8112fc76>] shrink_zone+0x66/0x1a0
[  406.207803]  [<ffffffff81130130>] do_try_to_free_pages+0x110/0x5a0
[  406.207812]  [<ffffffff8113074f>] try_to_free_mem_cgroup_pages+0xbf/0x140
[  406.207821]  [<ffffffff81179f6e>] mem_cgroup_reclaim+0x4e/0xe0
[  406.207829]  [<ffffffff8117a4ef>] __mem_cgroup_try_charge+0x4ef/0xbb0
[  406.207837]  [<ffffffff8117b29d>] mem_cgroup_charge_common+0x6d/0xd0
[  406.207846]  [<ffffffff8117cbeb>] mem_cgroup_newpage_charge+0x3b/0x50
[  406.207854]  [<ffffffff81142170>] do_wp_page+0x150/0x720
[  406.207862]  [<ffffffff811448ed>] handle_pte_fault+0x98d/0xae0
[  406.207871]  [<ffffffff811452c4>] handle_mm_fault+0x264/0x5e0
[  406.207880]  [<ffffffff8161c5b1>] __do_page_fault+0x171/0x4e0
[  406.207888]  [<ffffffff8161c92e>] ? do_page_fault+0xe/0x10
[  406.207896]  [<ffffffff81619172>] ? page_fault+0x22/0x30
[  406.207905]  [<ffffffff8161c92e>] do_page_fault+0xe/0x10
[  406.207913]  [<ffffffff81619172>] page_fault+0x22/0x30
[  406.207917] Code: c1 e7 39 48 09 c7 f0 49 ff 8d e8 02 00 00 48 89 55 
a0 48 89 4d a8 e8 78 42 00 00 85 c0 48 8b 55 a0 48 8b 4d a8 0f 85 50 ff 
ff ff <0f> 0b 66 0f 1f 44 00 00 31 db e9 7a fe ff ff 0f 0b e8 c1 aa 4b
[  406.207937] RIP  [<ffffffff81155758>] try_to_discard_one+0x1f8/0x210
[  406.207941]  RSP <ffff88001c8b1598>
[  406.207946] ---[ end trace fe9729b910a78aff ]---
[  406.207951] ------------[ cut here ]------------
[  406.207957] WARNING: at kernel/exit.c:715 do_exit+0x55/0xa30()
[  406.207960] Modules linked in:
[  406.207965] CPU: 0 PID: 1579 Comm: volatile-test Tainted: G D      
3.10.0-rc5+ #2
[  406.207969] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS 
VirtualBox 12/01/2006
[  406.207973]  0000000000000009 ffff88001c8b1288 ffffffff81612a03 
ffff88001c8b12c8
[  406.207978]  ffffffff81049bb0 ffff88001c8b14e8 000000000000000b 
ffff88001c8b14e8
[  406.207983]  0000000000000246 0000000000000000 ffff880006fe0000 
ffff88001c8b12d8
[  406.207988] Call Trace:
[  406.207997]  [<ffffffff81612a03>] dump_stack+0x19/0x1b
[  406.208189]  [<ffffffff81049bb0>] warn_slowpath_common+0x70/0xa0
[  406.208207]  [<ffffffff81049bfa>] warn_slowpath_null+0x1a/0x20
[  406.208222]  [<ffffffff8104f2e5>] do_exit+0x55/0xa30
[  406.208238]  [<ffffffff8160e4e0>] ? printk+0x61/0x63
[  406.208253]  [<ffffffff81619c9b>] oops_end+0x9b/0xe0
[  406.208269]  [<ffffffff81005908>] die+0x58/0x90
[  406.208285]  [<ffffffff8161956b>] do_trap+0x6b/0x170
[  406.208298]  [<ffffffff8161c9b2>] ? 
__atomic_notifier_call_chain+0x12/0x20
[  406.208309]  [<ffffffff81002e75>] do_invalid_op+0x95/0xb0
[  406.208317]  [<ffffffff81155758>] ? try_to_discard_one+0x1f8/0x210
[  406.208328]  [<ffffffff812b882e>] ? blk_queue_bio+0x32e/0x3b0
[  406.208338]  [<ffffffff81622128>] invalid_op+0x18/0x20
[  406.208348]  [<ffffffff81155758>] ? try_to_discard_one+0x1f8/0x210
[  406.208360]  [<ffffffff81155748>] ? try_to_discard_one+0x1e8/0x210
[  406.208370]  [<ffffffff81155b32>] discard_vpage+0x3c2/0x410
[  406.208383]  [<ffffffff81150881>] ? page_referenced+0x241/0x2c0
[  406.208394]  [<ffffffff8112e627>] shrink_page_list+0x397/0x950
[  406.208405]  [<ffffffff8112f12f>] shrink_inactive_list+0x14f/0x400
[  406.208417]  [<ffffffff8112f959>] shrink_lruvec+0x229/0x4e0
[  406.208429]  [<ffffffff8107e597>] ? wake_up_process+0x27/0x50
[  406.208440]  [<ffffffff8112fc76>] shrink_zone+0x66/0x1a0
[  406.208452]  [<ffffffff81130130>] do_try_to_free_pages+0x110/0x5a0
[  406.208464]  [<ffffffff8113074f>] try_to_free_mem_cgroup_pages+0xbf/0x140
[  406.208476]  [<ffffffff81179f6e>] mem_cgroup_reclaim+0x4e/0xe0
[  406.208489]  [<ffffffff8117a4ef>] __mem_cgroup_try_charge+0x4ef/0xbb0
[  406.208501]  [<ffffffff8117b29d>] mem_cgroup_charge_common+0x6d/0xd0
[  406.208514]  [<ffffffff8117cbeb>] mem_cgroup_newpage_charge+0x3b/0x50
[  406.208533]  [<ffffffff81142170>] do_wp_page+0x150/0x720
[  406.208543]  [<ffffffff811448ed>] handle_pte_fault+0x98d/0xae0
[  406.208556]  [<ffffffff811452c4>] handle_mm_fault+0x264/0x5e0
[  406.208568]  [<ffffffff8161c5b1>] __do_page_fault+0x171/0x4e0
[  406.208579]  [<ffffffff8161c92e>] ? do_page_fault+0xe/0x10
[  406.208591]  [<ffffffff81619172>] ? page_fault+0x22/0x30
[  406.208604]  [<ffffffff8161c92e>] do_page_fault+0xe/0x10
[  406.208615]  [<ffffffff81619172>] page_fault+0x22/0x30
[  406.208621] ---[ end trace fe9729b910a78b00 ]---
[  406.208643] BUG: Bad page map in process volatile-test 
pte:800000000ab8b005 pmd:163b2067
[  406.208651] page:ffffea00002ae2c0 count:3 mapcount:-1 
mapping:ffff88001bc769c1 index:0x7fde082c0
[  406.208657] page flags: 
0x3ff00000090009(locked|uptodate|swapcache|swapbacked)
[  406.208666] pc:ffff88001e12b8b0 pc->flags:2 
pc->mem_cgroup:ffff88000329f000
[  406.208672] addr:00007fde082c0000 vm_flags:00100073 
anon_vma:ffff88001f137dc0 mapping:          (null) index:7fde082c0
[  406.208678] CPU: 0 PID: 1579 Comm: volatile-test Tainted: G D W    
3.10.0-rc5+ #2
[  406.208683] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS 
VirtualBox 12/01/2006
[  406.208688]  ffff880005110a10 ffff88001c8b10b8 ffffffff81612a03 
ffff88001c8b1108
[  406.208695]  ffffffff81140d54 800000000ab8b005 00000007fde082c0 
ffff88001c8b1108
[  406.208703]  00007fde08323000 00007fde082c0000 ffff8800163b2600 
ffffea00002ae2c0
[  406.208710] Call Trace:
[  406.208722]  [<ffffffff81612a03>] dump_stack+0x19/0x1b
[  406.208742]  [<ffffffff81140d54>] print_bad_pte+0x194/0x230
[  406.208754]  [<ffffffff81142e8b>] unmap_single_vma+0x74b/0x810
[  406.208765]  [<ffffffff81143759>] unmap_vmas+0x49/0x60
[  406.208777]  [<ffffffff8114c311>] exit_mmap+0xb1/0x150
[  406.208790]  [<ffffffff8116af53>] ? kmem_cache_free+0x1d3/0x1f0
[  406.208802]  [<ffffffff81046f7f>] mmput+0x8f/0xf0
[  406.208814]  [<ffffffff8104f507>] do_exit+0x277/0xa30
[  406.208826]  [<ffffffff8160e4e0>] ? printk+0x61/0x63
[  406.208836]  [<ffffffff81619c9b>] oops_end+0x9b/0xe0
[  406.208845]  [<ffffffff81005908>] die+0x58/0x90
[  406.208854]  [<ffffffff8161956b>] do_trap+0x6b/0x170
[  406.208863]  [<ffffffff8161c9b2>] ? 
__atomic_notifier_call_chain+0x12/0x20
[  406.208874]  [<ffffffff81002e75>] do_invalid_op+0x95/0xb0
[  406.208951]  [<ffffffff81155758>] ? try_to_discard_one+0x1f8/0x210
[  406.208964]  [<ffffffff812b882e>] ? blk_queue_bio+0x32e/0x3b0
[  406.208977]  [<ffffffff81622128>] invalid_op+0x18/0x20
[  406.208987]  [<ffffffff81155758>] ? try_to_discard_one+0x1f8/0x210
[  406.208996]  [<ffffffff81155748>] ? try_to_discard_one+0x1e8/0x210
[  406.209485]  [<ffffffff81155b32>] discard_vpage+0x3c2/0x410
[  406.209497]  [<ffffffff81150881>] ? page_referenced+0x241/0x2c0
[  406.209507]  [<ffffffff8112e627>] shrink_page_list+0x397/0x950
[  406.209532]  [<ffffffff8112f12f>] shrink_inactive_list+0x14f/0x400
[  406.209542]  [<ffffffff8112f959>] shrink_lruvec+0x229/0x4e0
[  406.209551]  [<ffffffff8107e597>] ? wake_up_process+0x27/0x50
[  406.209560]  [<ffffffff8112fc76>] shrink_zone+0x66/0x1a0
[  406.209569]  [<ffffffff81130130>] do_try_to_free_pages+0x110/0x5a0
[  406.209577]  [<ffffffff8113074f>] try_to_free_mem_cgroup_pages+0xbf/0x140
[  406.209586]  [<ffffffff81179f6e>] mem_cgroup_reclaim+0x4e/0xe0
[  406.209595]  [<ffffffff8117a4ef>] __mem_cgroup_try_charge+0x4ef/0xbb0
[  406.209605]  [<ffffffff8117b29d>] mem_cgroup_charge_common+0x6d/0xd0
[  406.209618]  [<ffffffff8117cbeb>] mem_cgroup_newpage_charge+0x3b/0x50
[  406.209629]  [<ffffffff81142170>] do_wp_page+0x150/0x720
[  406.209640]  [<ffffffff811448ed>] handle_pte_fault+0x98d/0xae0
[  406.209652]  [<ffffffff811452c4>] handle_mm_fault+0x264/0x5e0
[  406.209664]  [<ffffffff8161c5b1>] __do_page_fault+0x171/0x4e0
[  406.209758]  [<ffffffff8161c92e>] ? do_page_fault+0xe/0x10
[  406.209771]  [<ffffffff81619172>] ? page_fault+0x22/0x30
[  406.209781]  [<ffffffff8161c92e>] do_page_fault+0xe/0x10
[  406.209791]  [<ffffffff81619172>] page_fault+0x22/0x30

I can send you the full dmesg/config if you care about it. It took me 
3-4 attempts of running the code before I hit this bug. It is reproducible.

Thanks!
Dhaval

View attachment "volatile-test.c" of type "text/plain" (2413 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ