lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20170323020846.GF802@shells.gnugeneration.com>
Date:   Wed, 22 Mar 2017 19:08:46 -0700
From:   lkml@...garu.com
To:     linux-kernel <linux-kernel@...r.kernel.org>
Subject: [BUG] 4.11.0-rc3 xterm hung in D state on exit, wchan is
 tty_release_struct

Hello list,

After approximately one day day of running 4.11.0-rc3 with 7e54d9d reverted to
enable regular use, this happened upon destroying an xterm:

[80817.525112] BUG: unable to handle kernel paging request at 0000000000002260
[80817.525239] IP: n_tty_receive_buf_common+0x68/0xab0
[80817.525312] PGD 0 

[80817.525387] Oops: 0000 [#1] PREEMPT SMP
[80817.525452] CPU: 0 PID: 9532 Comm: kworker/u4:3 Not tainted 4.11.0-rc3-00001-gc56a355 #53
[80817.525564] Hardware name: LENOVO 7668CTO/7668CTO, BIOS 7NETC2WW (2.22 ) 03/22/2011
[80817.525673] Workqueue: events_unbound flush_to_ldisc
[80817.525752] task: ffff967d91d80000 task.stack: ffff9add81f40000
[80817.525839] RIP: 0010:n_tty_receive_buf_common+0x68/0xab0
[80817.525917] RSP: 0018:ffff9add81f43d38 EFLAGS: 00010297
[80817.525992] RAX: 0000000000000000 RBX: ffff967d91c98c00 RCX: 0000000000000001
[80817.526035] RDX: ffff967e73bba58d RSI: ffff967e73bba48d RDI: ffff967d91c98cc0
[80817.526035] RBP: ffff9add81f43dd0 R08: 0000000000000001 R09: 0000000000000000
[80817.526035] R10: 00004980cbe001e0 R11: 0000000000000000 R12: ffff967d87aacf20
[80817.526035] R13: ffff967e73bba58d R14: 0000000000000001 R15: ffff967e74aa8008
[80817.526035] FS:  0000000000000000(0000) GS:ffff967e7bc00000(0000) knlGS:0000000000000000
[80817.526035] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[80817.526035] CR2: 0000000000002260 CR3: 0000000099009000 CR4: 00000000000006f0
[80817.526035] Call Trace:
[80817.526035]  ? update_curr+0xbb/0x1a0
[80817.526035]  n_tty_receive_buf2+0xf/0x20
[80817.526035]  tty_ldisc_receive_buf+0x1d/0x50
[80817.526035]  tty_port_default_receive_buf+0x40/0x60
[80817.526035]  flush_to_ldisc+0x94/0xa0
[80817.526035]  process_one_work+0x13b/0x3e0
[80817.526035]  worker_thread+0x64/0x4a0
[80817.526035]  kthread+0x10f/0x150
[80817.526035]  ? process_one_work+0x3e0/0x3e0
[80817.526035]  ? __kthread_create_on_node+0x150/0x150
[80817.526035]  ret_from_fork+0x29/0x40
[80817.526035] Code: 85 70 ff ff ff e8 59 75 57 00 48 8d 83 00 02 00 00 c7 45 c8 00 00 00 00 48 89 45 98 48 8d 83 28 02 00 00 48 89 45 90 48 8b 45 b8 <48> 8b b0 60 22 00 00 48 8b 08 89 f0 29 c8 f6 83 10 01 00 00 08 
[80817.526035] RIP: n_tty_receive_buf_common+0x68/0xab0 RSP: ffff9add81f43d38
[80817.526035] CR2: 0000000000002260
[80817.526035] ---[ end trace 640aec4765d350f2 ]---


That xterm process is stuck, and I am unable to start any new xterms, switching to virtual consoles proves useless, presumably there's an important lock held.

Here's a sysrq dump of blocked tasks as of now:


[81474.721981] sysrq: SysRq : Show Blocked State
[81474.721995]   task                        PC stack   pid father
[81474.722002] systemd         D    0     1      0 0x00000000
[81474.722136] Call Trace:
[81474.722152]  __schedule+0x348/0x8c0
[81474.722161]  schedule+0x38/0x90
[81474.722168]  rwsem_down_write_failed+0x110/0x250
[81474.722178]  call_rwsem_down_write_failed+0x17/0x30
[81474.722184]  down_write+0x1f/0x30
[81474.722192]  tty_unthrottle+0x19/0x60
[81474.722199]  n_tty_open+0xba/0xd0
[81474.722206]  tty_ldisc_open.isra.5+0x2d/0x60
[81474.722211]  tty_ldisc_setup+0x18/0x60
[81474.722218]  tty_init_dev+0x7a/0x1a0
[81474.722224]  tty_open+0x4f0/0x540
[81474.722232]  chrdev_open+0x76/0x160
[81474.722239]  ? exact_lock+0x20/0x20
[81474.722247]  do_dentry_open.isra.18+0x1b9/0x2c0
[81474.722254]  vfs_open+0x43/0x60
[81474.722260]  path_openat+0x547/0x1240
[81474.722268]  ? umount_tree+0xb0/0x290
[81474.722274]  do_filp_open+0x79/0xd0
[81474.722281]  ? __alloc_fd+0xa9/0x160
[81474.722288]  do_sys_open+0x115/0x1e0
[81474.722294]  SyS_open+0x19/0x20
[81474.722301]  entry_SYSCALL_64_fastpath+0x13/0x94
[81474.722308] RIP: 0033:0x7fa8508d8190
[81474.722313] RSP: 002b:00007fff58dd1f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[81474.722321] RAX: ffffffffffffffda RBX: 00005600f5eddf68 RCX: 00007fa8508d8190
[81474.722327] RDX: 0000000000000000 RSI: 0000000000080102 RDI: 00005600f5ee8020
[81474.722332] RBP: 0000000000000000 R08: 00007fa850684775 R09: 00007fff58dd1af0
[81474.722337] R10: 00005600f5e4c5e0 R11: 0000000000000246 R12: 0000000000000000
[81474.722342] R13: 0000000000000001 R14: 00005600f5eae710 R15: 00000000000025de
[81474.722379] screen          D    0   764    763 0x00000000
[81474.722387] Call Trace:
[81474.722395]  __schedule+0x348/0x8c0
[81474.722403]  schedule+0x38/0x90
[81474.722410]  schedule_preempt_disabled+0x10/0x20
[81474.722416]  __mutex_lock.isra.7+0x1fa/0x540
[81474.722423]  __mutex_lock_slowpath+0xe/0x10
[81474.722428]  mutex_lock+0x1e/0x20
[81474.722435]  ptmx_open+0x96/0x180
[81474.722442]  chrdev_open+0x76/0x160
[81474.722448]  ? exact_lock+0x20/0x20
[81474.722456]  do_dentry_open.isra.18+0x1b9/0x2c0
[81474.722462]  vfs_open+0x43/0x60
[81474.722468]  path_openat+0x547/0x1240
[81474.722474]  ? putname+0x4e/0x60
[81474.722480]  ? filename_lookup+0xd5/0x150
[81474.722487]  do_filp_open+0x79/0xd0
[81474.722493]  ? __alloc_fd+0xa9/0x160
[81474.722500]  do_sys_open+0x115/0x1e0
[81474.722507]  SyS_open+0x19/0x20
[81474.722513]  entry_SYSCALL_64_fastpath+0x13/0x94
[81474.722519] RIP: 0033:0x7f1d7f8df960
[81474.722523] RSP: 002b:00007ffc0d07b808 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[81474.722532] RAX: ffffffffffffffda RBX: 0000000001512130 RCX: 00007f1d7f8df960
[81474.722537] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007f1d7f96a7fd
[81474.722542] RBP: 00007ffc0d07f070 R08: 0000000000000000 R09: 0000000000000005
[81474.722547] R10: 0000000001512130 R11: 0000000000000246 R12: 00007ffc0d07f1b8
[81474.722553] R13: 00007ffc0d07f0b4 R14: 00007ffc0d07f3f2 R15: 000000000000008c
[81474.722566] xterm           D    0  9577   9576 0x00000000
[81474.722574] Call Trace:
[81474.722581]  __schedule+0x348/0x8c0
[81474.722588]  schedule+0x38/0x90
[81474.722595]  schedule_preempt_disabled+0x10/0x20
[81474.722602]  __mutex_lock.isra.7+0x1fa/0x540
[81474.722608]  __mutex_lock_slowpath+0xe/0x10
[81474.722614]  mutex_lock+0x1e/0x20
[81474.722621]  tty_release_struct+0x61/0x80
[81474.722627]  tty_release+0x3a7/0x4b0
[81474.722633]  __fput+0x9d/0x1d0
[81474.722639]  ____fput+0x9/0x10
[81474.722646]  task_work_run+0x79/0xa0
[81474.722655]  exit_to_usermode_loop+0x8d/0x90
[81474.722662]  syscall_return_slowpath+0x43/0x50
[81474.722669]  entry_SYSCALL_64_fastpath+0x92/0x94
[81474.722674] RIP: 0033:0x7ff21b3751c0
[81474.722679] RSP: 002b:00007ffd50a31988 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[81474.722687] RAX: 0000000000000000 RBX: 000000000134af90 RCX: 00007ff21b3751c0
[81474.722692] RDX: 0000000000000001 RSI: 000000000000540b RDI: 0000000000000004
[81474.722697] RBP: 0000000000000000 R08: 00000000ffffff00 R09: 00000000013f5fd0
[81474.722702] R10: 00007ffd50a31740 R11: 0000000000000246 R12: ffffffffffffffff
[81474.722708] R13: 000000000134af90 R14: 0000000000683780 R15: 00000000013f5d80

Machine is X61s 1.8Ghz, userspace is Debian jessie amd64, .config attached.

Regards,
Vito Caputo


View attachment "4.11.0-rc3-config" of type "text/plain" (106547 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ