| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jul 2014 22:20:49 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Vladimir Davydov <vdavydov@...allels.com>
Cc: Jet Chen <jet.chen@...el.com>, Su Tao <tao.su@...el.com>,
Yuanhan Liu <yuanhan.liu@...el.com>, LKP <lkp@...org>,
linux-kernel@...r.kernel.org
Subject: [fork] BUG: unable to handle kernel paging request at
ffff88000bb15010
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
commit 0a5f047dcd90af4cb72df583e3ee21a8d9262c4f
Author: Vladimir Davydov <vdavydov@...allels.com>
AuthorDate: Thu Jul 10 10:26:23 2014 +1000
Commit: Stephen Rothwell <sfr@...b.auug.org.au>
CommitDate: Thu Jul 10 10:26:23 2014 +1000
fork: reset mm->pinned_vm
mm->pinned_vm counts pages of mm's address space that were permanently
pinned in memory by increasing their reference counter. The counter was
introduced by commit bc3e53f682d9 ("mm: distinguish between mlocked and
pinned pages"), while before it locked_vm had been used for such pages.
Obviously, we should reset the counter on fork if !CLONE_VM, just like
we do with locked_vm, but currently we don't. Let's fix it.
This patch will fix the contents of /proc/pid/status:VmPin.
ib_umem_get[infiniband] and perf_mmap still check pinned_vm against
RLIMIT_MEMLOCK. It's left from the times when pinned pages were accounted
under locked_vm, but today it looks wrong. It isn't clear how we should
deal with it.
We still have some drivers accounting pinned pages under mm->locked_vm -
this is what commit bc3e53f682d9 was fighting against. It's
infiniband/usnic and vfio.
Signed-off-by: Vladimir Davydov <vdavydov@...allels.com>
Cc: Oleg Nesterov <oleg@...hat.com>
Cc: David Rientjes <rientjes@...gle.com>
Cc: Christoph Lameter <cl@...ux.com>
Cc: Roland Dreier <roland@...nel.org>
Cc: Sean Hefty <sean.hefty@...el.com>
Cc: Hal Rosenstock <hal.rosenstock@...il.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
===================================================
PARENT COMMIT NOT CLEAN. LOOK OUT FOR WRONG BISECT!
===================================================
Attached dmesg for the parent commit, too, to help confirm whether it is a noise error.
+-------------------------------------------------------+------------+------------+---------------+
| | 8df59fd2a3 | 0a5f047dcd | next-20140714 |
+-------------------------------------------------------+------------+------------+---------------+
| boot_successes | 94 | 14 | 6 |
| boot_failures | 20 | 21 | 5 |
| BUG:kernel_boot_hang | 20 | 2 | |
| general_protection_fault | 0 | 9 | 2 |
| RIP:lookup_object | 0 | 5 | 1 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 12 | 3 |
| backtrace:cryptomgr_test | 0 | 11 | 3 |
| BUG:unable_to_handle_kernel_paging_request | 0 | 9 | 2 |
| Oops | 0 | 10 | 2 |
| RIP:debug_print_object | 0 | 4 | |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 7 | 2 |
| backtrace:smpboot_thread_fn | 0 | 4 | |
| RIP:slob_page_alloc | 0 | 3 | 1 |
| RIP:crypto_ahash_setkey | 0 | 2 | 1 |
| RIP:__debug_object_init | 0 | 2 | |
| backtrace:__debug_object_init | 0 | 2 | |
| backtrace:debug_object_init | 0 | 2 | |
| backtrace:do_fork | 0 | 2 | 1 |
| RIP:slob_free | 0 | 1 | |
| RIP:__list_del_entry | 0 | 1 | |
| BUG:unable_to_handle_kernel_NULL_pointer_dereference | 0 | 1 | |
| RIP:debug_check_no_obj_freed | 0 | 1 | |
| kernel_BUG_at_kernel/cred.c | 0 | 0 | 1 |
| invalid_opcode | 0 | 0 | 1 |
| RIP:__invalid_creds | 0 | 0 | 1 |
| RIP:kernfs_name_compare | 0 | 0 | 1 |
| backtrace:kobject_add_varg | 0 | 0 | 1 |
| backtrace:kobject_init_and_add | 0 | 0 | 1 |
| backtrace:__platform_driver_register | 0 | 0 | 1 |
| backtrace:u132_hcd_init | 0 | 0 | 1 |
| backtrace:kernel_init_freeable | 0 | 0 | 1 |
+-------------------------------------------------------+------------+------------+---------------+
[ 3.304558] sha1_ssse3: Using AVX optimized SHA-1 implementation
[ 3.307272] alg: No test for crc32 (crc32-pclmul)
[ 3.307987] sha512_ssse3: Using AVX optimized SHA-512 implementation
[ 3.314309] BUG: unable to handle kernel paging request at ffff88000bb15010
[ 3.316371] IP: [<ffffffff8124c717>] slob_free+0x437/0x750
[ 3.316842] PGD 44d2067 PUD 44d3067 PMD 12792067 PTE 800000000bb15060
[ 3.316842] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 3.316842] CPU: 1 PID: 14 Comm: ksoftirqd/1 Not tainted 3.16.0-rc4-00340-g0a5f047 #3
[ 3.316842] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 3.316842] task: ffff8800120ec000 ti: ffff8800120f0000 task.ti: ffff8800120f0000
[ 3.316842] RIP: 0010:[<ffffffff8124c717>] [<ffffffff8124c717>] slob_free+0x437/0x750
[ 3.316842] RSP: 0000:ffff8800120f3c30 EFLAGS: 00010046
[ 3.316842] RAX: 0000000000000028 RBX: ffff88000bb14fc0 RCX: 0000000000000292
[ 3.316842] RDX: ffff88000bb15010 RSI: 0000000000000808 RDI: ffff88000bb14fb8
[ 3.316842] RBP: ffff8800120f3c60 R08: ffff8800120ec7d0 R09: 0000000000000002
[ 3.316842] R10: 0000000000000000 R11: ffffffb97fd5a00f R12: ffff88000bb14fb8
[ 3.316842] R13: ffff88000bb15010 R14: 0000000000000028 R15: ffff88000bb14000
[ 3.316842] FS: 0000000000000000(0000) GS:ffff880012500000(0000) knlGS:0000000000000000
[ 3.316842] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.316842] CR2: ffff88000bb15010 CR3: 0000000002c0b000 CR4: 00000000000406e0
[ 3.316842] Stack:
[ 3.316842] 0000000000000292 0000000000000000 ffff88000bb14fc0 ffff8800000964b0
[ 3.316842] 0000000000000000 ffff88000bb1f888 ffff8800120f3c70 ffffffff8124ca85
[ 3.316842] ffff8800120f3c98 ffffffff8124dcb4 ffffffff82c37220 0000000000000000
[ 3.316842] Call Trace:
[ 3.316842] [<ffffffff8124ca85>] __kmem_cache_free+0x55/0x60
[ 3.316842] [<ffffffff8124dcb4>] kmem_cache_free+0x124/0x170
[ 3.316842] [<ffffffff810e8f94>] put_pid+0x64/0x70
[ 3.316842] [<ffffffff810e8fb2>] delayed_put_pid+0x12/0x20
[ 3.316842] [<ffffffff8205e845>] rcu_do_batch.isra.47+0x73a/0xbbc
[ 3.316842] [<ffffffff8205e60a>] ? rcu_do_batch.isra.47+0x4ff/0xbbc
[ 3.316842] [<ffffffff8114de50>] rcu_process_callbacks+0x630/0x640
[ 3.316842] [<ffffffff810c1734>] __do_softirq+0x1f4/0x5a0
[ 3.316842] [<ffffffff810c1b35>] run_ksoftirqd+0x55/0x90
[ 3.316842] [<ffffffff810f9a3b>] smpboot_thread_fn+0x40b/0x4b0
[ 3.316842] [<ffffffff810f9630>] ? in_egroup_p+0x60/0x60
[ 3.316842] [<ffffffff810ee08f>] kthread+0x12f/0x140
[ 3.316842] [<ffffffff810edf60>] ? __kthread_parkme+0x90/0x90
[ 3.316842] [<ffffffff82092f3c>] ret_from_fork+0x7c/0xb0
[ 3.316842] [<ffffffff810edf60>] ? __kthread_parkme+0x90/0x90
[ 3.316842] Code: 77 ba 4c 89 e7 48 89 4d d0 e8 d6 f5 ff ff 85 c0 48 8b 4d d0 0f 85 6a 01 00 00 49 0f bf c6 48 8d 14 43 4c 39 ea 0f 85 59 01 00 00 <41> 0f b7 75 00 48 83 05 7c d2 ce 01 01 66 85 f6 0f 9f c0 48 89
[ 3.316842] RIP [<ffffffff8124c717>] slob_free+0x437/0x750
[ 3.316842] RSP <ffff8800120f3c30>
[ 3.316842] CR2: ffff88000bb15010
[ 3.316842] ---[ end trace 5a5f8cab8c473caa ]---
[ 3.316842] Kernel panic - not syncing: Fatal exception in interrupt
git bisect start a20416c4071010be525f74c70c7a79c5ee6a2a05 64e3245c870e583004f19d989cdf9edcab6133fd --
git bisect bad c9cb84a9b04de8c162cfd5d1a5d656bfba605100 # 12:21 7- 22 Merge branch 'akpm-current/current'
git bisect good fdb7e2faf0cfcc31540a7c3315a1036ca68fc55e # 12:28 35+ 23 fs.h, drivers/hwmon/asus_atk0110.c: fix DEFINE_SIMPLE_ATTRIBUTE semicolon definition and use
git bisect good 2a1fe6f43ede0e7ce681d403d5b56813316b710a # 12:32 35+ 0 nilfs2: add /sys/fs/nilfs2/<device>/mounted_snapshots group
git bisect bad 34e7589daf2c48535f87b761f934c0036864c78a # 12:34 5- 13 kexec-bzimage64: fix the ordering of registers
git bisect bad 0a5f047dcd90af4cb72df583e3ee21a8d9262c4f # 12:37 17- 20 fork: reset mm->pinned_vm
git bisect good e18cc0b956df9e73e9715923bb50e85e6bca84ea # 12:44 38+ 0 fs/reiserfs: use linux/uaccess.h
git bisect good b96511231ed78d735de9a83568762956b0747066 # 12:47 38+ 0 proc: add and remove /proc entry create checks
git bisect good 8e5b9d83da10c0ba5c40f3f57dd54c68dcc49b18 # 12:51 38+ 4 proc: remove proc_tty_ldisc variable
git bisect good 8df59fd2a350161bd39c3c9f8f4213b2a2a61847 # 12:56 38+ 0 fork/exec: cleanup mm initialization
# first bad commit: [0a5f047dcd90af4cb72df583e3ee21a8d9262c4f] fork: reset mm->pinned_vm
git bisect good 8df59fd2a350161bd39c3c9f8f4213b2a2a61847 # 12:59 114+ 20 fork/exec: cleanup mm initialization
git bisect bad a20416c4071010be525f74c70c7a79c5ee6a2a05 # 13:00 0- 5 Add linux-next specific files for 20140714
git bisect good 1795cd9b3a91d4b5473c97f491d63892442212ab # 13:04 114+ 22 Linux 3.16-rc5
git bisect bad a20416c4071010be525f74c70c7a79c5ee6a2a05 # 13:04 0- 5 Add linux-next specific files for 20140714
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=quantal-core-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/blob/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu Haswell,+smep,+smap
-kernel $kernel
-initrd $initrd
-m 320
-smp 2
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=10
softlockup_panic=1
nmi_watchdog=panic
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-quantal-kbuild-21:20140715123401:x86_64-randconfig-iv0-07151152:3.16.0-rc4-00340-g0a5f047:3" of type "text/plain" (27616 bytes)
View attachment "dmesg-quantal-ivb41-101:20140715125811:x86_64-randconfig-iv0-07151152::" of type "text/plain" (234021 bytes)
Download attachment "x86_64-randconfig-iv0-07151152-a20416c4071010be525f74c70c7a79c5ee6a2a05-BUG:-unable-to-handle-kernel-paging-request-95016.log" of type "application/octet-stream" (39911 bytes)
View attachment "config-3.16.0-rc4-00340-g0a5f047" of type "text/plain" (107867 bytes)
_______________________________________________
LKP mailing list
LKP@...ux.intel.com
Powered by blists - more mailing lists