lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 17 Feb 2016 20:04:58 +0100 (CET)
From:	Sebastian Ott <sebott@...ux.vnet.ibm.com>
To:	"Kirill A. Shutemov" <kirill@...temov.name>
cc:	Gerald Schaefer <gerald.schaefer@...ibm.com>,
	Andrea Arcangeli <aarcange@...hat.com>,
	Christian Borntraeger <borntraeger@...ibm.com>,
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Michael Ellerman <mpe@...erman.id.au>,
	Benjamin Herrenschmidt <benh@...nel.crashing.org>,
	Paul Mackerras <paulus@...ba.org>,
	linuxppc-dev@...ts.ozlabs.org,
	Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will.deacon@....com>,
	linux-arm-kernel@...ts.infradead.org,
	Martin Schwidefsky <schwidefsky@...ibm.com>,
	Heiko Carstens <heiko.carstens@...ibm.com>,
	linux-s390@...r.kernel.org
Subject: Re: [BUG] random kernel crashes after THP rework on s390 (maybe also
 on PowerPC and ARM)

Hi,

On Wed, 17 Feb 2016, Kirill A. Shutemov wrote:
> On Tue, Feb 16, 2016 at 05:24:44PM +0100, Gerald Schaefer wrote:
> > On Mon, 15 Feb 2016 23:35:26 +0200
> > "Kirill A. Shutemov" <kirill@...temov.name> wrote:
> > 
> > > Is there any chance that I'll be able to trigger the bug using QEMU?
> > > Does anybody have an QEMU image I can use?
> > > 
> > 
> > I have no image, but trying to reproduce this under virtualization may
> > help to trigger this also on other architectures. After ruling out IPI
> > vs. fast_gup I do not really see why this should be arch-specific, and
> > it wouldn't be the first time that we hit subtle races first on s390, due
> > to our virtualized environment (my test case is make -j20 with 10 CPUs and
> > 4GB of memory, no swap).
> 
> Could you post your kernel config?

Attached.

> It would be nice also to check if disabling split_huge_page() would make
> any difference:
> 
> diff --git a/mm/huge_memory.c b/mm/huge_memory.c
> index a75081ca31cf..26d2b7b21021 100644
> --- a/mm/huge_memory.c
> +++ b/mm/huge_memory.c
> @@ -3364,6 +3364,8 @@ int split_huge_page_to_list(struct page *page, struct list_head *list)
>  	bool mlocked;
>  	unsigned long flags;
> 
> +	return -EBUSY;
> +
>  	VM_BUG_ON_PAGE(is_huge_zero_page(page), page);
>  	VM_BUG_ON_PAGE(!PageAnon(page), page);
>  	VM_BUG_ON_PAGE(!PageLocked(page), page);
> -- 

65c23c6 + this patch also oopsed:

¢ 1707.903808! ODEBUG: active_state not available (active state 0) object type:
rcu_head hint:           (null)
¢ 1707.903852! ------------¢ cut here !------------
¢ 1707.903854! WARNING: at lib/debugobjects.c:263
¢ 1707.903856! Modules linked in: bridge stp llc btrfs mlx4_ib mlx4_en ib_sa vxl
an ib_mad ip6_udp_tunnel ib_core udp_tunnel ptp pps_core ib_addr xor raid6_pq gh
ash_s390 mlx4_core prng ecb aes_s390 des_s390 des_generic sha512_s390 dm_mod sha
256_s390 genwqe_card sha1_s390 sha_common crc_itu_t scm_block eadm_sch vhost_net
tun vhost macvtap macvlan kvm autofs4
¢ 1707.903892! CPU: 4 PID: 25215 Comm: git Not tainted 4.5.0-rc4-00037-g65c23c6-
dirty #273
¢ 1707.903894! task: 0000000006a60000 ti: 0000000063b04000 task.ti: 0000000063b0
4000
¢ 1707.903896! Krnl PSW : 0404c00180000000 0000000000486ce0 (debug_print_object+
							     0xb0/0xd0)
¢ 1707.903905!            R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 EA:
3
Krnl GPRS: 0000000001a361c7 0000000006a60000 0000000000000060 0000000000000101
¢ 1707.903908!            0000000000486cdc 0000000000000000 000000000088cbdc 000
0000001b53848
¢ 1707.903910!            0700000000000001 0000000000000000 0000000001b53850 000
00000008bb820
¢ 1707.903912!            0000000000a8d710 00000000dcdd3d38 0000000000486cdc 000
00000dcdd3c38
¢ 1707.903920! Krnl Code: 0000000000486cd0: c0200021a496        larl    %%r2,8bb
5fc
0000000000486cd6: c0e5ffee03a1       brasl   %%r14,247418
#0000000000486cdc: a7f40001           brc     15,486cde
>0000000000486ce0: c41d002f488e       lrl     %%r1,a6fdfc
0000000000486ce6: e340f0e80004       lg      %%r4,232(%%r15)
0000000000486cec: a71a0001           ahi     %%r1,1
0000000000486cf0: eb6ff0a80004       lmg     %%r6,%%r15,168(%%r15)
0000000000486cf6: c41f002f4883       strl    %%r1,a6fdfc
¢ 1707.903960! Call Trace:
¢ 1707.903962! (¢<0000000000486cdc>! debug_print_object+0xac/0xd0)
¢ 1707.903964!  ¢<0000000000488094>! debug_object_active_state+0x164/0x178
¢ 1707.903969!  ¢<00000000001b991c>! rcu_process_callbacks+0x564/0x9e8
¢ 1707.903973!  ¢<000000000013d3ee>! __do_softirq+0x256/0x568
¢ 1707.903975!  ¢<000000000013da3a>! irq_exit+0x7a/0xd8
¢ 1707.903979!  ¢<000000000010c87e>! do_IRQ+0x86/0xc0
¢ 1707.903984!  ¢<00000000006fa3f2>! ext_int_handler+0x11e/0x124
¢ 1707.903987!  ¢<0000000000199bfe>! lock_release+0x5ce/0x670
¢ 1707.903989! (¢<0000000000199be0>! lock_release+0x5b0/0x670)
¢ 1707.903993!  ¢<00000000002dffa2>! getname_flags+0x82/0x218
¢ 1707.903994!  ¢<00000000002e04e8>! user_path_at_empty+0x40/0x68
¢ 1707.903998!  ¢<00000000002d44a4>! vfs_fstatat+0x6c/0xc8
¢ 1707.903999!  ¢<00000000002d4894>! SyS_newlstat+0x2c/0x48
¢ 1707.904002!  ¢<00000000006f9cce>! system_call+0xd6/0x258
¢ 1707.904003!  ¢<000003ffb45f1124>! 0x3ffb45f1124
¢ 1707.904005! 1 lock held by git/25215:
¢ 1707.904006!  #0:  (&obj_hash¢i!.lock){-.-.-.}, at: ¢<0000000000487fdc>! debug
_object_active_state+0xac/0x178
¢ 1707.904012! Last Breaking-Event-Address:
¢ 1707.904014!  ¢<0000000000486cdc>! debug_print_object+0xac/0xd0
¢ 1707.904016! ---¢ end trace 8ce68dc422e8321c !---
¢ 1707.904018! ODEBUG: deactivate not available (active state 0) object type: rc
u_head hint:           (null)
¢ 1707.904026! ------------¢ cut here !------------
¢ 1707.904027! WARNING: at lib/debugobjects.c:263
¢ 1707.904028! Modules linked in: bridge stp llc btrfs mlx4_ib mlx4_en ib_sa vxl
an ib_mad ip6_udp_tunnel ib_core udp_tunnel ptp pps_core ib_addr xor raid6_pq gh
ash_s390 mlx4_core prng ecb aes_s390 des_s390 des_generic sha512_s390 dm_mod sha
256_s390 genwqe_card sha1_s390 sha_common crc_itu_t scm_block eadm_sch vhost_net
tun vhost macvtap macvlan kvm autofs4
¢ 1707.904055! CPU: 4 PID: 25215 Comm: git Tainted: G        W       4.5.0-rc4-0
0037-g65c23c6-dirty #273
¢ 1707.904057! task: 0000000006a60000 ti: 0000000063b04000 task.ti: 0000000063b0
4000
¢ 1707.904058! Krnl PSW : 0404c00180000000 0000000000486ce0 (debug_print_object+
							     0xb0/0xd0)
¢ 1707.904062!            R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 EA:
3
Krnl GPRS: 0000000001a361c7 0000000006a60000 000000000000005e 0000000000000101
¢ 1707.904066!            0000000000486cdc 0000000000000000 000000000088cbdc 000
000000000000a
¢ 1707.904068!            0000000091cdb020 07000000dcdd3c68 0000000001b53850 000
00000008979ea
¢ 1707.904069!            0000000000a8d710 00000000dcdd3d48 0000000000486cdc 000
00000dcdd3c48
¢ 1707.904074! Krnl Code: 0000000000486cd0: c0200021a496        larl    %%r2,8bb
5fc
0000000000486cd6: c0e5ffee03a1       brasl   %%r14,247418
#0000000000486cdc: a7f40001           brc     15,486cde
>0000000000486ce0: c41d002f488e       lrl     %%r1,a6fdfc
0000000000486ce6: e340f0e80004       lg      %%r4,232(%%r15)
0000000000486cec: a71a0001           ahi     %%r1,1
0000000000486cf0: eb6ff0a80004       lmg     %%r6,%%r15,168(%%r15)
0000000000486cf6: c41f002f4883       strl    %%r1,a6fdfc
¢ 1707.904088! Call Trace:
¢ 1707.904090! (¢<0000000000486cdc>! debug_print_object+0xac/0xd0)
¢ 1707.904092!  ¢<0000000000487a38>! debug_object_deactivate+0x170/0x188
¢ 1707.904094!  ¢<00000000001b992e>! rcu_process_callbacks+0x576/0x9e8
¢ 1707.904096!  ¢<000000000013d3ee>! __do_softirq+0x256/0x568
¢ 1707.904098!  ¢<000000000013da3a>! irq_exit+0x7a/0xd8
¢ 1707.904100!  ¢<000000000010c87e>! do_IRQ+0x86/0xc0
¢ 1707.904102!  ¢<00000000006fa3f2>! ext_int_handler+0x11e/0x124
¢ 1707.904104!  ¢<0000000000199bfe>! lock_release+0x5ce/0x670
¢ 1707.904106! (¢<0000000000199be0>! lock_release+0x5b0/0x670)
¢ 1707.904108!  ¢<00000000002dffa2>! getname_flags+0x82/0x218
¢ 1707.904109!  ¢<00000000002e04e8>! user_path_at_empty+0x40/0x68
¢ 1707.904111!  ¢<00000000002d44a4>! vfs_fstatat+0x6c/0xc8
¢ 1707.904113!  ¢<00000000002d4894>! SyS_newlstat+0x2c/0x48
¢ 1707.904115!  ¢<00000000006f9cce>! system_call+0xd6/0x258
¢ 1707.904117!  ¢<000003ffb45f1124>! 0x3ffb45f1124
¢ 1707.904118! 1 lock held by git/25215:
¢ 1707.904119!  #0:  (&obj_hash¢i!.lock){-.-.-.}, at: ¢<000000000048796c>! debug
_object_deactivate+0xa4/0x188
¢ 1707.904124! Last Breaking-Event-Address:
¢ 1707.904126!  ¢<0000000000486cdc>! debug_print_object+0xac/0xd0
¢ 1707.904128! ---¢ end trace 8ce68dc422e8321d !---
¢ 1707.904150! ------------¢ cut here !------------
¢ 1707.904152! Kernel BUG at 0000000008cf8002 ¢verbose debug info unavailable!
¢ 1707.904197! illegal operation: 0001 ilc:1 ¢#1! PREEMPT SMP DEBUG_PAGEALLOC
¢ 1707.904203! Modules linked in: bridge stp llc btrfs mlx4_ib mlx4_en ib_sa vxl
an ib_mad ip6_udp_tunnel ib_core udp_tunnel ptp pps_core ib_addr xor raid6_pq gh
ash_s390 mlx4_core prng ecb aes_s390 des_s390 des_generic sha512_s390 dm_mod sha
256_s390 genwqe_card sha1_s390 sha_common crc_itu_t scm_block eadm_sch vhost_net
tun vhost macvtap macvlan kvm autofs4
¢ 1707.904240! CPU: 4 PID: 25215 Comm: git Tainted: G        W       4.5.0-rc4-0
0037-g65c23c6-dirty #273
¢ 1707.904242! task: 0000000006a60000 ti: 0000000063b04000 task.ti: 0000000063b0
4000
¢ 1707.904244! Krnl PSW : 0704d00180000000 0000000008cf8002 (0x8cf8002)
¢ 1707.904248!            R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 EA:
3
Krnl GPRS: 0000000000000000 0000000008cf8000 0000000091cdb020 0000000091cdb020
¢ 1707.904252!            00000000001b9964 0000000000000000 0000000000000000 000
000000000000a
¢ 1707.904254!            0000000000000000 0000000008cf8000 0000000000000004 000
00000034d6802
¢ 1707.904256!            00000000dec0f600 00000000007063d8 00000000001b99ae 000
00000dcdd3d18
¢ 1707.904263! Krnl Code: 0000000008cf7ff6: 5a5a5a5a            a       %%r5,265
0(%%r10,%%r5)
0000000008cf7ffa: 5a5a5a5a           a       %%r5,2650(%%r10,%%r5)
#0000000008cf7ffe: 5a5a0000           a       %%r5,0(%%r10,%%r0)
>0000000008cf8002: 0000               unknown
0000000008cf8004: 0000               unknown
0000000008cf8006: 0020               unknown
0000000008cf8008: 0000               unknown
0000000008cf800a: 0000               unknown
¢ 1707.904277! Call Trace:
¢ 1707.904279! (¢<00000000001b9964>! rcu_process_callbacks+0x5ac/0x9e8)
¢ 1707.904282!  ¢<000000000013d3ee>! __do_softirq+0x256/0x568
¢ 1707.904284!  ¢<000000000013da3a>! irq_exit+0x7a/0xd8
¢ 1707.904286!  ¢<000000000010c87e>! do_IRQ+0x86/0xc0
¢ 1707.904289!  ¢<00000000006fa3f2>! ext_int_handler+0x11e/0x124
¢ 1707.904291!  ¢<0000000000199bfe>! lock_release+0x5ce/0x670
¢ 1707.904293! (¢<0000000000199be0>! lock_release+0x5b0/0x670)
¢ 1707.904295!  ¢<00000000002dffa2>! getname_flags+0x82/0x218
¢ 1707.904297!  ¢<00000000002e04e8>! user_path_at_empty+0x40/0x68
¢ 1707.904299!  ¢<00000000002d44a4>! vfs_fstatat+0x6c/0xc8
¢ 1707.904301!  ¢<00000000002d4894>! SyS_newlstat+0x2c/0x48
¢ 1707.904303!  ¢<00000000006f9cce>! system_call+0xd6/0x258
¢ 1707.904305!  ¢<000003ffb45f1124>! 0x3ffb45f1124
¢ 1707.904307! INFO: lockdep is turned off.
¢ 1707.904308! Last Breaking-Event-Address:
¢ 1707.904310!  ¢<00000000001b99ac>! rcu_process_callbacks+0x5f4/0x9e8
¢ 1707.904314!
¢ 1707.904315! Kernel panic - not syncing: Fatal exception in interrupt
View attachment "config" of type "text/plain" (51707 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ