Re: kernel BUG at kernel/futex.c:679 on v4.13-rc3-ish on arm64

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mark Rutland <mark.rutland@arm.com>
To: linux-kernel@vger.kernel.org, Mel Gorman <mgorman@suse.de>,
	Davidlohr Bueso <dbueso@suse.de>, Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>, Chris Mason <clm@fb.com>,
	Darren Hart <dvhart@linux.intel.com>,
	Hugh Dickins <hughd@google.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
	dave@stgolabs.net
Subject: Re: kernel BUG at kernel/futex.c:679 on v4.13-rc3-ish on arm64
Date: Tue, 8 Aug 2017 16:14:30 +0100	[thread overview]
Message-ID: <20170808151429.GE19207@leverpostej> (raw)
In-Reply-To: <20170808145732.GD19207@leverpostej>

On Tue, Aug 08, 2017 at 03:57:32PM +0100, Mark Rutland wrote:
> The below test case fires for me in a few seconds on an arm64 platform,
> triggering the kernel BUG at kernel/futex.c:679. If left running for longer, I
> then get a stream of other BUGs that I believe are a result of the first issue.

Likewise on v4.12 x86_64:

[2503756.486650] ------------[ cut here ]------------
[2503756.491450] WARNING: CPU: 0 PID: 21380 at kernel/futex.c:679 get_futex_key+0x2d8/0x330
[2503756.499527] Modules linked in:
[2503756.502754] CPU: 0 PID: 21380 Comm: futex-test Not tainted 4.12.0+ #14
[2503756.509441] Hardware name: LENOVO 7484A3G/LENOVO, BIOS 5CKT54AUS 09/07/2009
[2503756.516561] task: ffff9696e9abc800 task.stack: ffffa72c8637c000
[2503756.522648] RIP: 0010:get_futex_key+0x2d8/0x330
[2503756.527344] RSP: 0018:ffffa72c8637fcd8 EFLAGS: 00010246
[2503756.532734] RAX: 0000000000000000 RBX: ffffa72c8637fd88 RCX: ffff9696c618e690
[2503756.540025] RDX: ffffd98dc68b5f00 RSI: ffff9696c618e528 RDI: 0000000000000000
[2503756.547319] RBP: ffffa72c8637fd10 R08: ffff9696c618e670 R09: ffffa72c8637fc9c
[2503756.554609] R10: 0000008000000000 R11: ffff9696e5f65a58 R12: 00007f595cf4a000
[2503756.561900] R13: 0000000000000000 R14: 0000000000000001 R15: ffff9696e5fa4000
[2503756.569191] FS:  00007f595b759700(0000) GS:ffff9696fec00000(0000) knlGS:0000000000000000
[2503756.577439] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[2503756.583347] CR2: 00007f595cf4a000 CR3: 00000001a5e1d000 CR4: 00000000000406f0
[2503756.590646] Call Trace:
[2503756.593265]  ? iput+0x85/0x1d0
[2503756.596491]  futex_requeue+0x101/0x880
[2503756.600410]  do_futex+0xbe/0xa00
[2503756.603810]  ? pick_next_entity+0xa0/0x150
[2503756.608073]  ? pick_next_task_fair+0x3fc/0x460
[2503756.612685]  SyS_futex+0x6c/0x150
[2503756.616169]  ? schedule+0x31/0x80
[2503756.619657]  ? exit_to_usermode_loop+0x27/0x72
[2503756.624267]  entry_SYSCALL_64_fastpath+0x13/0x94
[2503756.629051] RIP: 0033:0x7f595c84e4e9
[2503756.632795] RSP: 002b:00007f595b758e78 EFLAGS: 00000202 ORIG_RAX: 00000000000000ca
[2503756.640521] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f595c84e4e9
[2503756.647813] RDX: 0000000000000001 RSI: 000000000000000c RDI: 00007f595cf4a000
[2503756.655109] RBP: 00007f595b758ec0 R08: 00007f595cf4a004 R09: 0000000000000001
[2503756.662401] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f595cb2e880
[2503756.669693] R13: 00007f595b7599c0 R14: 0000000000000000 R15: 0000000000000003
[2503756.676986] Code: 83 ef 01 e9 ea fd ff ff 48 8d 78 ff e9 20 fe ff ff e8 7d 6d 06 00 eb a7 b8 ea ff ff ff e9 35 fe ff ff 48 8d 78 ff e9 d9 fe ff ff <0f> ff 48 8b 7d d0 e8 4d f3 ff ff e9 7f fd ff ff 0f ff 48 89 f7 
[2503756.695988] ---[ end trace adb5ba028949a89a ]---

Thanks,
Mark

> ---->8----
> #include <linux/futex.h>
> #include <pthread.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/mman.h>
> #include <sys/syscall.h>
> #include <sys/time.h>
> #include <unistd.h>
> 
> #define NR_FUTEX_THREADS 16
> 
> pthread_t threads[NR_FUTEX_THREADS];
> 
> void *mem;
> 
> #define MEM_PROT        (PROT_READ | PROT_WRITE)
> #define MEM_SIZE        65536
> 
> static int futex_wrapper(int *uaddr, int op, int val,
>                          const struct timespec *timeout,
>                          int *uaddr2, int val3)
> {
>         syscall(SYS_futex, uaddr, op, val, timeout, uaddr2, val3);
> }
> 
> void *poll_futex(void *unused)
> {
>         for (;;) {
>                 futex_wrapper(mem, FUTEX_CMP_REQUEUE_PI, 1, NULL, mem + 4, 1);
>         }
> }
> 
> int main(int argc, char *argv[])
> {
>         int i;
> 
>         mem = mmap(NULL, MEM_SIZE, MEM_PROT,
>                    MAP_SHARED | MAP_ANONYMOUS, -1, 0);
> 
>         printf("Mapping @ %p\n", mem);
> 
>         printf("Creating futex threads...\n");
> 
>         for (i = 0; i < NR_FUTEX_THREADS; i++)
>                 pthread_create(&threads[i], NULL, poll_futex, NULL);
> 
>         printf("Flipping mapping...\n");
>         for (;;) {
>                 mmap(mem, MEM_SIZE, MEM_PROT,
>                      MAP_FIXED | MAP_SHARED | MAP_ANONYMOUS, -1, 0);
>         }
> 
>         return 0;
> }

next prev parent reply	other threads:[~2017-08-08 15:15 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-08 10:52 kernel BUG at kernel/futex.c:679 on v4.13-rc3-ish on arm64 Mark Rutland
2017-08-08 14:57 ` Mark Rutland
2017-08-08 15:14   ` Mark Rutland [this message]
2017-08-08 15:32 ` Mel Gorman
2017-08-08 15:41   ` Mark Rutland
2017-08-08 16:06     ` Linus Torvalds
2017-08-08 16:44       ` Mel Gorman
2017-08-08 16:59         ` Mark Rutland

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170808151429.GE19207@leverpostej \
    --to=mark.rutland@arm.com \
    --cc=bigeasy@linutronix.de \
    --cc=clm@fb.com \
    --cc=dave@stgolabs.net \
    --cc=dbueso@suse.de \
    --cc=dvhart@linux.intel.com \
    --cc=hughd@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mgorman@suse.de \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.