| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Mar 2015 19:08:01 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Laura Abbott <lauraa@...eaurora.org>
Cc: fengguang.wu@...el.com, LKP <lkp@...org>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: [mm/flatmem] BUG: Int 6: CR2 (null)
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
commit e928abcb309c3423e27680c845b1c7c374a2bb50
Author: Laura Abbott <lauraa@...eaurora.org>
AuthorDate: Fri Mar 20 11:13:27 2015 +1100
Commit: Stephen Rothwell <sfr@...b.auug.org.au>
CommitDate: Fri Mar 20 11:13:27 2015 +1100
mm: don't offset memmap for flatmem
Srinivas Kandagatla reported bad page messages when trying to remove the
bottom 2MB on an ARM based IFC6410 board
BUG: Bad page state in process swapper pfn:fffa8
page:ef7fb500 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x96640253(locked|error|dirty|active|arch_1|reclaim|mlocked)
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
bad because of flags:
flags: 0x200041(locked|active|mlocked)
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 3.19.0-rc3-00007-g412f9ba-dirty #816
Hardware name: Qualcomm (Flattened Device Tree)
[<c0218280>] (unwind_backtrace) from [<c0212be8>] (show_stack+0x20/0x24)
[<c0212be8>] (show_stack) from [<c0af7124>] (dump_stack+0x80/0x9c)
[<c0af7124>] (dump_stack) from [<c0301570>] (bad_page+0xc8/0x128)
[<c0301570>] (bad_page) from [<c03018a8>] (free_pages_prepare+0x168/0x1e0)
[<c03018a8>] (free_pages_prepare) from [<c030369c>] (free_hot_cold_page+0x3c/0x174)
[<c030369c>] (free_hot_cold_page) from [<c0303828>] (__free_pages+0x54/0x58)
[<c0303828>] (__free_pages) from [<c030395c>] (free_highmem_page+0x38/0x88)
[<c030395c>] (free_highmem_page) from [<c0f62d5c>] (mem_init+0x240/0x430)
[<c0f62d5c>] (mem_init) from [<c0f5db3c>] (start_kernel+0x1e4/0x3c8)
[<c0f5db3c>] (start_kernel) from [<80208074>] (0x80208074)
Disabling lock debugging due to kernel taint
Removing the lower 2MB made the start of the lowmem zone to no longer
be page block aligned. IFC6410 uses CONFIG_FLATMEM where
alloc_node_mem_map allocates memory for the mem_map. alloc_node_mem_map
will offset for unaligned nodes with the assumption the pfn/page
translation functions will account for the offset. The functions for
CONFIG_FLATMEM do not offset however, resulting in overrunning
the memmap array. Just use the allocated memmap without any offset
when running with CONFIG_FLATMEM to avoid the overrun.
The thread got too deep so I split this out into a new thread.
See http://marc.info/?l=linux-mm&m=142188852025672&w=2 for previous
thread discussion, last comment by Vlastimil
http://marc.info/?l=linux-mm&m=142505070430844&w=2
Signed-off-by: Laura Abbott <lauraa@...eaurora.org>
Reported-by: Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Acked-by: Vlastimil Babka <vbabka@...e.cz>
Cc: Santosh Shilimkar <ssantosh@...nel.org>
Cc: Russell King <rmk@....linux.org.uk>
Cc: Kevin Hilman <khilman@...aro.org>
Cc: Arnd Bergman <arnd@...db.de>
Cc: Stephen Boyd <sboyd@...eaurora.org>
Cc: Kumar Gala <galak@...eaurora.org>
Cc: Mel Gorman <mgorman@...e.de>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
+---------------------------------+------------+------------+---------------+
| | b00cad456e | e928abcb30 | next-20150320 |
+---------------------------------+------------+------------+---------------+
| boot_successes | 60 | 0 | 0 |
| boot_failures | 0 | 20 | 12 |
| BUG:Int#:CR2(null) | 0 | 20 | 12 |
| backtrace:early_idt_handler | 0 | 20 | 12 |
| backtrace:free_area_init_node | 0 | 20 | 12 |
| backtrace:free_area_init_nodes | 0 | 20 | 12 |
| backtrace:zone_sizes_init | 0 | 20 | 12 |
| backtrace:paging_init | 0 | 20 | 12 |
| backtrace:native_pagetable_init | 0 | 20 | 12 |
+---------------------------------+------------+------------+---------------+
[ 0.000000] node 0: [mem 0x0000000000100000-0x0000000013fdffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000001000-0x0000000013fdffff]
[ 0.000000] On node 0 totalpages: 81790
[ 0.000000] BUG: Int 6: CR2 (null)
[ 0.000000] EDI 00013fe0 ESI 00000020 EBP c1b4bec4 EBX 00000001
[ 0.000000] ESP c1b4bebc ES 0000007b DS 0000007b
[ 0.000000] EDX 00000061 ECX (null) EAX 00000001
[ 0.000000] vec 00000006 err (null) EIP c176853b CS 00000060 flg 00210002
[ 0.000000] Stack: 00013f7e 00000003 c1b4bf04 c1daac87 c1aae888 (null) 00013f7e 00000001
[ 0.000000] c1b4bef8 (null) c1b4bf08 (null) 00000001 00000001 00013fe0 c1b4bf28
[ 0.000000] c1b4bf2c c1b4bf1c c1b4bf3c c1dab4ef (null) 00000001 00000001 (null)
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.0.0-rc4-00251-ge928abc #16
[ 0.000000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 0.000000] 00000001 00000001 00000020 c1b4be6c c176d5ce c1b4bec4 c1d891db c1df9f89
[ 0.000000] 00000006 00000000 00013fe0 00000020 c1b4bec4 00000001 c1b4bebc 0000007b
[ 0.000000] 0000007b 00000061 00000000 00000001 00000006 00000000 c176853b 00000060
[ 0.000000] Call Trace:
[ 0.000000] [<c176d5ce>] dump_stack+0x16/0x18
[ 0.000000] [<c1d891db>] early_idt_handler+0x6b/0x6b
[ 0.000000] [<c176853b>] ? alloc_node_mem_map+0xef/0x104
[ 0.000000] [<c1daac87>] free_area_init_node+0x12b/0x41f
[ 0.000000] [<c1dab4ef>] free_area_init_nodes+0x574/0x5a1
[ 0.000000] [<c1d9e57c>] zone_sizes_init+0x35/0x3b
[ 0.000000] [<c1d9eee0>] paging_init+0xb8/0xbb
[ 0.000000] [<c1d9ef89>] native_pagetable_init+0xa6/0x157
[ 0.000000] [<c1d8d453>] setup_arch+0xe05/0xf12
[ 0.000000] [<c1d89a27>] start_kernel+0x78/0x483
[ 0.000000] [<c1d892d1>] i386_start_kernel+0x9b/0x9f
Elapsed time: 10
qemu-system-x86_64 -cpu kvm64 -enable-kvm -kernel /kernel/i386-randconfig-r1-0317/e928abcb309c3423e27680c845b1c7c374a2bb50/vmlinuz-4.0.0-rc4-00251-ge928abc -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 rd.udev.log-priority=err systemd.log_target=journal systemd.log_level=warning debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/i386-randconfig-r1-0317/next:master:e928abcb309c3423e27680c845b1c7c374a2bb50:bisect-linux-9/.vmlinuz-e928abcb309c3423e27680c845b1c7c374a2bb50-20150321033152-19-client9 branch=next/master BOOT_IMAGE=/kernel/i386-randconfig-r1-0317/e928abcb309c3423e27680c845b1c7c374a2bb50/vmlinuz-4.0.0-rc4-00251-ge928abc drbd.minor_count=8' -initrd /kernel-tests/initrd/quantal-core-i386.cgz -m 320 -smp 2 -net nic,vlan=1,model=e1000 -net user,vlan=1 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-quantal-client9-19 -serial file:/dev/shm/kboot/serial-quantal-client9-19 -daemonize -display none -monitor null
git bisect start 1cfef77614b0d18ee3ac9ff77f17d31bff5d519f 06e5801b8cb3fc057d88cb4dc03c0b64b2744cda --
git bisect good b5de73a16fd28b51efb20f6f58d86509c8b3a10a # 00:52 20+ 0 Merge remote-tracking branch 'thermal-soc/next'
git bisect good 3a3d14708b0fec1b6dbeccafb978fefb3093e6d8 # 01:26 20+ 0 Merge remote-tracking branch 'edac-amd/for-next'
git bisect good 832d31670e6477a8619f0ff6fb04af83689209f0 # 01:43 20+ 0 Merge remote-tracking branch 'char-misc/char-misc-next'
git bisect good afb8daa79a0a5e83f0b68b72bab661e34b7ac157 # 02:05 20+ 0 Merge remote-tracking branch 'dma-mapping/dma-mapping-next'
git bisect good 59ec9d1437d64e84fbb680c267753220ab9e5d1f # 02:09 20+ 0 Merge remote-tracking branch 'kselftest/next'
git bisect good 89e72fce2d65e180070d3322a6a87fe72c73a223 # 02:30 20+ 0 Merge remote-tracking branch 'livepatching/for-next'
git bisect bad de30ba99221410daf9017f3442a772d01cae032e # 02:34 0- 13 Merge branch 'akpm-current/current'
git bisect bad 81551204b42ae1d76090e7cdbf7ef5ebaddd7af2 # 02:39 0- 20 fs/mpage.c: forgotten WRITE_SYNC in case of data integrity write
git bisect good 345bf585c370f5dbaa5ffb9a8a41c878b9d2b668 # 02:47 20+ 0 mm-hide-per-cpu-lists-in-output-of-show_mem-fix
git bisect good 6e4ecd56b986bc1e8dd3391867a8af1ccaf822ac # 02:52 20+ 0 x86, mm: support huge I/O mapping capability I/F
git bisect good dfa6432bd0f540dfe101ad33d13be00a6f790b3d # 02:58 20+ 0 mm: move memtest under mm
git bisect bad c21454999e71e77696fc0e267156481ec8508a01 # 03:08 0- 20 memcg: remove obsolete comment
git bisect good ea996688321956316bf25103aa865d81b079c8aa # 03:17 20+ 0 Kconfig: memtest: update number of test patterns up to 17
git bisect good 01cae9c02ee843fdff2a3e54763ae95cefbdaf5c # 03:30 20+ 0 mm: refactor zone_movable_is_highmem()
git bisect bad e928abcb309c3423e27680c845b1c7c374a2bb50 # 03:32 0- 20 mm: don't offset memmap for flatmem
git bisect good b00cad456e91e903447d0198b277c39721a6a2e8 # 03:40 20+ 0 memcg: zap mem_cgroup_lookup()
# first bad commit: [e928abcb309c3423e27680c845b1c7c374a2bb50] mm: don't offset memmap for flatmem
git bisect good b00cad456e91e903447d0198b277c39721a6a2e8 # 03:43 60+ 0 memcg: zap mem_cgroup_lookup()
# extra tests with DEBUG_INFO
git bisect bad e928abcb309c3423e27680c845b1c7c374a2bb50 # 03:49 0- 60 mm: don't offset memmap for flatmem
# extra tests on HEAD of next/master
git bisect bad 1cfef77614b0d18ee3ac9ff77f17d31bff5d519f # 03:49 0- 12 Add linux-next specific files for 20150320
# extra tests on tree/branch next/master
git bisect bad 1cfef77614b0d18ee3ac9ff77f17d31bff5d519f # 03:49 0- 12 Add linux-next specific files for 20150320
# extra tests with first bad commit reverted
# extra tests on tree/branch linus/master
git bisect good b314acaccd7e0d55314d96be4a33b5f50d0b3344 # 04:00 60+ 0 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
# extra tests on tree/branch next/master
git bisect bad 1cfef77614b0d18ee3ac9ff77f17d31bff5d519f # 04:00 0- 12 Add linux-next specific files for 20150320
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
kvm=(
qemu-system-x86_64
-cpu kvm64
-enable-kvm
-kernel $kernel
-m 320
-smp 2
-net nic,vlan=1,model=e1000
-net user,vlan=1
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
rd.udev.log-priority=err
systemd.log_target=journal
systemd.log_level=warning
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
Thanks,
Fengguang
View attachment "dmesg-quantal-client9-19:20150321033141:i386-randconfig-r1-0317:4.0.0-rc4-00251-ge928abc:16" of type "text/plain" (8084 bytes)
View attachment "config-4.0.0-rc4-00251-ge928abc" of type "text/plain" (81180 bytes)
Powered by blists - more mailing lists