From: Sergei Trofimovich <slyich@gmail.com>
To: linux-ia64@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: 5.?? regression: strace testsuite OOpses kernel on ia64
Date: Tue, 23 Feb 2021 18:53:21 +0000 [thread overview]
Message-ID: <20210223185321.359e34bc@sf> (raw)
The crash seems to be related to sock_filter-v test from strace:
https://github.com/strace/strace/blob/master/tests/seccomp-filter-v.c
Here is an OOps:
[ 818.089904] BUG: Bad page map in process sock_filter-v pte:00000001 pmd:118580001
[ 818.089904] page:00000000e6a429c8 refcount:1 mapcount:-1 mapping:0000000000000000 index:0x0 pfn:0x0
[ 818.089904] flags: 0x1000(reserved)
[ 818.089904] raw: 0000000000001000 a000400000000008 a000400000000008 0000000000000000
[ 818.089904] raw: 0000000000000000 0000000000000000 00000001fffffffe
[ 818.089904] page dumped because: bad pte
[ 818.089904] addr:0000000000000000 vm_flags:04044011 anon_vma:0000000000000000 mapping:0000000000000000 index:0
[ 818.095483] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 818.095483] CPU: 0 PID: 5990 Comm: sock_filter-v Not tainted 5.11.0-00003-gbfa5a4929c90 #57
[ 818.095483] Hardware name: hp server rx3600 , BIOS 04.03 04/08/2008
[ 818.095483]
[ 818.095483] Call Trace:
[ 818.095483] [<a000000100014a70>] show_stack+0x90/0xc0
[ 818.095483] spà00000118707bb0 bspà000001187013c0
[ 818.095483] [<a00000010100c2b0>] dump_stack+0x120/0x160
[ 818.095483] spà00000118707d80 bspà00000118701348
[ 818.095483] [<a0000001002e7b40>] print_bad_pte+0x300/0x3a0
[ 818.095483] spà00000118707d80 bspà000001187012e0
[ 818.099483] [<a0000001002ec190>] unmap_page_range+0xa90/0x11a0
[ 818.099483] spà00000118707d80 bspà00000118701140
[ 818.099483] [<a0000001002ecba0>] unmap_vmas+0xc0/0x100
[ 818.099483] spà00000118707da0 bspà00000118701108
[ 818.099483] [<a000000100302db0>] exit_mmap+0x150/0x320
[ 818.099483] spà00000118707da0 bspà000001187010d8
[ 818.099483] [<a00000010005dba0>] mmput+0x60/0x200
[ 818.099483] spà00000118707e20 bspà000001187010b0
[ 818.103482] [<a00000010006e570>] do_exit+0x6f0/0x18a0
[ 818.103482] spà00000118707e20 bspà00000118701038
[ 818.103482] [<a000000100072070>] do_group_exit+0x90/0x2a0
[ 818.103482] spà00000118707e30 bspà00000118700ff0
[ 818.103482] [<a0000001000722a0>] sys_exit_group+0x20/0x40
[ 818.103482] spà00000118707e30 bspà00000118700f98
[ 818.107482] [<a00000010000c5f0>] ia64_trace_syscall+0xf0/0x130
[ 818.107482] spà00000118707e30 bspà00000118700f98
[ 818.107482] [<a000000000040720>] ia64_ivt+0xffffffff00040720/0x400
[ 818.107482] spà00000118708000 bspà00000118700f98
[ 818.115482] Disabling lock debugging due to kernel taint
[ 818.115482] BUG: Bad rss-counter state mm:000000002eec6412 type:MM_FILEPAGES val:-1
[ 818.132256] Unable to handle kernel NULL pointer dereference (address 0000000000000068)
[ 818.133904] sock_filter-v-X[5999]: Oops 11012296146944 [1]
[ 818.133904] Modules linked in: acpi_ipmi ipmi_si usb_storage e1000 ipmi_devintf ipmi_msghandler rtc_efi
[ 818.133904]
[ 818.133904] CPU: 0 PID: 5999 Comm: sock_filter-v-X Tainted: G B 5.11.0-00003-gbfa5a4929c90 #57
[ 818.133904] Hardware name: hp server rx3600 , BIOS 04.03 04/08/2008
[ 818.133904] psr : 0000121008026010 ifs : 8000000000000288 ip : [<a0000001001eaa61>] Tainted: G B (5.11.0-00003-gbfa5a4929c90)
[ 818.133904] ip is at bpf_prog_free+0x21/0xe0
[ 818.133904] unat: 0000000000000000 pfs : 0000000000000307 rsc : 0000000000000003
[ 818.133904] rnat: 0000000000000000 bsps: 0000000000000000 pr : 00106a5a51665965
[ 818.133904] ldrs: 0000000000000000 ccv : 0000000012088904 fpsr: 0009804c8a70033f
[ 818.133904] csd : 0000000000000000 ssd : 0000000000000000
[ 818.133904] b0 : a000000100d54080 b6 : a000000100d53fe0 b7 : a00000010000cef0
[ 818.133904] f6 : 0ffefb0c50daa1b67f89a f7 : 0ffed8b3e4fdb08000000
[ 818.133904] f8 : 10017fbd1bc0000000000 f9 : 1000eb95f000000000000
[ 818.133904] f10 : 10008ade20716a6c83cc1 f11 : 1003e00000000000002b7
[ 818.133904] r1 : a00000010176b300 r2 : a000000200008004 r3 : 0000000000000000
[ 818.133904] r8 : 0000000000000008 r9 : e00000011873f800 r10 : e000000102c18600
[ 818.133904] r11 : e000000102c19600 r12 : e00000011873f7f0 r13 : e000000118738000
[ 818.133904] r14 : 0000000000000068 r15 : a000000200008028 r16 : e000000005606a70
[ 818.133904] r17 : e000000102c18600 r18 : e000000104370748 r19 : e000000102c18600
[ 818.133904] r20 : e000000102c18600 r21 : e000000005606a78 r22 : a00000010156bd28
[ 818.133904] r23 : a00000010147fdf4 r24 : 0000000000004000 r25 : e000000104370750
[ 818.133904] r26 : a0000001012f7088 r27 : a000000100d53fe0 r28 : 0000000000000001
[ 818.133904] r29 : e00000011873f800 r30 : e00000011873f810 r31 : e00000011873f808
[ 818.133904]
[ 818.133904] Call Trace:
[ 818.133904] [<a000000100014a70>] show_stack+0x90/0xc0
[ 818.133904] spà0000011873f420 bspà000001187396d0
[ 818.133904] [<a000000100015170>] show_regs+0x6d0/0xa40
[ 818.133904] spà0000011873f5f0 bspà00000118739660
[ 818.133904] [<a000000100026e90>] die+0x1b0/0x4a0
[ 818.133904] spà0000011873f610 bspà00000118739620
[ 818.133904] [<a000000100059220>] ia64_do_page_fault+0x820/0xb60
[ 818.133904] spà0000011873f610 bspà00000118739580
[ 818.133904] [<a00000010000c8e0>] ia64_leave_kernel+0x0/0x270
[ 818.133904] spà0000011873f620 bspà00000118739580
[ 818.133904] [<a0000001001eaa60>] bpf_prog_free+0x20/0xe0
[ 818.133904] spà0000011873f7f0 bspà00000118739540
[ 818.133904] [<a000000100d54080>] sk_filter_release_rcu+0xa0/0x120
[ 818.133904] spà0000011873f7f0 bspà00000118739510
[ 818.133904] [<a00000010016a7f0>] rcu_core+0x530/0xf20
[ 818.133904] spà0000011873f7f0 bspà000001187394a8
[ 818.133904] [<a00000010016b200>] rcu_core_si+0x20/0x40
[ 818.133904] spà0000011873f810 bspà00000118739490
[ 818.133904] [<a0000001010279f0>] __do_softirq+0x230/0x640
[ 818.133904] spà0000011873f810 bspà000001187393a0
[ 818.133904] [<a000000100074770>] irq_exit+0x170/0x200
[ 818.133904] spà0000011873f810 bspà00000118739388
[ 818.133904] [<a000000100013310>] ia64_handle_irq+0x1b0/0x360
[ 818.133904] spà0000011873f810 bspà00000118739308
[ 818.133904] [<a00000010000c8e0>] ia64_leave_kernel+0x0/0x270
[ 818.133904] spà0000011873f820 bspà00000118739308
[ 818.133904] [<a000000101027700>] flush_icache_range+0x80/0xa0
[ 818.133904] spà0000011873f9f0 bspà000001187392f8
[ 818.133904] [<a0000001002f7ae0>] __access_remote_vm+0x1e0/0x320
[ 818.133904] spà0000011873f9f0 bspà00000118739258
[ 818.133904] [<a0000001002f7c80>] access_process_vm+0x60/0xa0
[ 818.133904] spà0000011873fa00 bspà00000118739210
[ 818.133904] [<a000000100018210>] ia64_sync_user_rbs+0x70/0xe0
[ 818.133904] spà0000011873fa00 bspà000001187391d0
[ 818.133904] [<a000000100018b00>] do_sync_rbs+0xc0/0x100
[ 818.133904] spà0000011873fa10 bspà00000118739198
[ 818.133904] [<a00000010000cf30>] unw_init_running+0x70/0xa0
[ 818.133904] spà0000011873fa10 bspà00000118739170
[ 818.133904] [<a00000010001ae90>] ia64_ptrace_stop+0x130/0x160
[ 818.133904] spà0000011873fdf0 bspà00000118739158
[ 818.133904] [<a00000010008af60>] ptrace_stop+0xc0/0x880
[ 818.133904] spà0000011873fdf0 bspà00000118739118
[ 818.133904] [<a00000010008b820>] ptrace_do_notify+0x100/0x120
[ 818.133904] spà0000011873fdf0 bspà000001187390e8
[ 818.133904] [<a00000010008b8d0>] ptrace_notify+0x90/0x260
[ 818.133904] spà0000011873fe30 bspà000001187390c8
[ 818.133904] [<a00000010001e3d0>] syscall_trace_enter+0xf0/0x2c0
[ 818.133904] spà0000011873fe30 bspà00000118739070
[ 818.133904] [<a00000010000c540>] ia64_trace_syscall+0x40/0x130
[ 818.133904] spà0000011873fe30 bspà00000118739020
[ 818.186114] Kernel panic - not syncing: Aiee, killing interrupt handler!
[ 818.186114] ---[ end Kernel panic - not syncing: Aiee, killing interrupt handler! ]---
I'm not sure how to interpret it. It looks like 'bpf_prog_free'
frees the memory that is not there anymore, but previous crash
hints at already broken page tables. Maybe VM is already corrupted
by previous strace tests?
I wonder if I can enable a bit more kernel VM debugging to catch the corruption earlier.
--
Sergei
WARNING: multiple messages have this Message-ID (diff)
From: Sergei Trofimovich <slyich@gmail.com>
To: linux-ia64@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: 5.?? regression: strace testsuite OOpses kernel on ia64
Date: Tue, 23 Feb 2021 18:53:21 +0000 [thread overview]
Message-ID: <20210223185321.359e34bc@sf> (raw)
The crash seems to be related to sock_filter-v test from strace:
https://github.com/strace/strace/blob/master/tests/seccomp-filter-v.c
Here is an OOps:
[ 818.089904] BUG: Bad page map in process sock_filter-v pte:00000001 pmd:118580001
[ 818.089904] page:00000000e6a429c8 refcount:1 mapcount:-1 mapping:0000000000000000 index:0x0 pfn:0x0
[ 818.089904] flags: 0x1000(reserved)
[ 818.089904] raw: 0000000000001000 a000400000000008 a000400000000008 0000000000000000
[ 818.089904] raw: 0000000000000000 0000000000000000 00000001fffffffe
[ 818.089904] page dumped because: bad pte
[ 818.089904] addr:0000000000000000 vm_flags:04044011 anon_vma:0000000000000000 mapping:0000000000000000 index:0
[ 818.095483] file:(null) fault:0x0 mmap:0x0 readpage:0x0
[ 818.095483] CPU: 0 PID: 5990 Comm: sock_filter-v Not tainted 5.11.0-00003-gbfa5a4929c90 #57
[ 818.095483] Hardware name: hp server rx3600 , BIOS 04.03 04/08/2008
[ 818.095483]
[ 818.095483] Call Trace:
[ 818.095483] [<a000000100014a70>] show_stack+0x90/0xc0
[ 818.095483] sp=e000000118707bb0 bsp=e0000001187013c0
[ 818.095483] [<a00000010100c2b0>] dump_stack+0x120/0x160
[ 818.095483] sp=e000000118707d80 bsp=e000000118701348
[ 818.095483] [<a0000001002e7b40>] print_bad_pte+0x300/0x3a0
[ 818.095483] sp=e000000118707d80 bsp=e0000001187012e0
[ 818.099483] [<a0000001002ec190>] unmap_page_range+0xa90/0x11a0
[ 818.099483] sp=e000000118707d80 bsp=e000000118701140
[ 818.099483] [<a0000001002ecba0>] unmap_vmas+0xc0/0x100
[ 818.099483] sp=e000000118707da0 bsp=e000000118701108
[ 818.099483] [<a000000100302db0>] exit_mmap+0x150/0x320
[ 818.099483] sp=e000000118707da0 bsp=e0000001187010d8
[ 818.099483] [<a00000010005dba0>] mmput+0x60/0x200
[ 818.099483] sp=e000000118707e20 bsp=e0000001187010b0
[ 818.103482] [<a00000010006e570>] do_exit+0x6f0/0x18a0
[ 818.103482] sp=e000000118707e20 bsp=e000000118701038
[ 818.103482] [<a000000100072070>] do_group_exit+0x90/0x2a0
[ 818.103482] sp=e000000118707e30 bsp=e000000118700ff0
[ 818.103482] [<a0000001000722a0>] sys_exit_group+0x20/0x40
[ 818.103482] sp=e000000118707e30 bsp=e000000118700f98
[ 818.107482] [<a00000010000c5f0>] ia64_trace_syscall+0xf0/0x130
[ 818.107482] sp=e000000118707e30 bsp=e000000118700f98
[ 818.107482] [<a000000000040720>] ia64_ivt+0xffffffff00040720/0x400
[ 818.107482] sp=e000000118708000 bsp=e000000118700f98
[ 818.115482] Disabling lock debugging due to kernel taint
[ 818.115482] BUG: Bad rss-counter state mm:000000002eec6412 type:MM_FILEPAGES val:-1
[ 818.132256] Unable to handle kernel NULL pointer dereference (address 0000000000000068)
[ 818.133904] sock_filter-v-X[5999]: Oops 11012296146944 [1]
[ 818.133904] Modules linked in: acpi_ipmi ipmi_si usb_storage e1000 ipmi_devintf ipmi_msghandler rtc_efi
[ 818.133904]
[ 818.133904] CPU: 0 PID: 5999 Comm: sock_filter-v-X Tainted: G B 5.11.0-00003-gbfa5a4929c90 #57
[ 818.133904] Hardware name: hp server rx3600 , BIOS 04.03 04/08/2008
[ 818.133904] psr : 0000121008026010 ifs : 8000000000000288 ip : [<a0000001001eaa61>] Tainted: G B (5.11.0-00003-gbfa5a4929c90)
[ 818.133904] ip is at bpf_prog_free+0x21/0xe0
[ 818.133904] unat: 0000000000000000 pfs : 0000000000000307 rsc : 0000000000000003
[ 818.133904] rnat: 0000000000000000 bsps: 0000000000000000 pr : 00106a5a51665965
[ 818.133904] ldrs: 0000000000000000 ccv : 0000000012088904 fpsr: 0009804c8a70033f
[ 818.133904] csd : 0000000000000000 ssd : 0000000000000000
[ 818.133904] b0 : a000000100d54080 b6 : a000000100d53fe0 b7 : a00000010000cef0
[ 818.133904] f6 : 0ffefb0c50daa1b67f89a f7 : 0ffed8b3e4fdb08000000
[ 818.133904] f8 : 10017fbd1bc0000000000 f9 : 1000eb95f000000000000
[ 818.133904] f10 : 10008ade20716a6c83cc1 f11 : 1003e00000000000002b7
[ 818.133904] r1 : a00000010176b300 r2 : a000000200008004 r3 : 0000000000000000
[ 818.133904] r8 : 0000000000000008 r9 : e00000011873f800 r10 : e000000102c18600
[ 818.133904] r11 : e000000102c19600 r12 : e00000011873f7f0 r13 : e000000118738000
[ 818.133904] r14 : 0000000000000068 r15 : a000000200008028 r16 : e000000005606a70
[ 818.133904] r17 : e000000102c18600 r18 : e000000104370748 r19 : e000000102c18600
[ 818.133904] r20 : e000000102c18600 r21 : e000000005606a78 r22 : a00000010156bd28
[ 818.133904] r23 : a00000010147fdf4 r24 : 0000000000004000 r25 : e000000104370750
[ 818.133904] r26 : a0000001012f7088 r27 : a000000100d53fe0 r28 : 0000000000000001
[ 818.133904] r29 : e00000011873f800 r30 : e00000011873f810 r31 : e00000011873f808
[ 818.133904]
[ 818.133904] Call Trace:
[ 818.133904] [<a000000100014a70>] show_stack+0x90/0xc0
[ 818.133904] sp=e00000011873f420 bsp=e0000001187396d0
[ 818.133904] [<a000000100015170>] show_regs+0x6d0/0xa40
[ 818.133904] sp=e00000011873f5f0 bsp=e000000118739660
[ 818.133904] [<a000000100026e90>] die+0x1b0/0x4a0
[ 818.133904] sp=e00000011873f610 bsp=e000000118739620
[ 818.133904] [<a000000100059220>] ia64_do_page_fault+0x820/0xb60
[ 818.133904] sp=e00000011873f610 bsp=e000000118739580
[ 818.133904] [<a00000010000c8e0>] ia64_leave_kernel+0x0/0x270
[ 818.133904] sp=e00000011873f620 bsp=e000000118739580
[ 818.133904] [<a0000001001eaa60>] bpf_prog_free+0x20/0xe0
[ 818.133904] sp=e00000011873f7f0 bsp=e000000118739540
[ 818.133904] [<a000000100d54080>] sk_filter_release_rcu+0xa0/0x120
[ 818.133904] sp=e00000011873f7f0 bsp=e000000118739510
[ 818.133904] [<a00000010016a7f0>] rcu_core+0x530/0xf20
[ 818.133904] sp=e00000011873f7f0 bsp=e0000001187394a8
[ 818.133904] [<a00000010016b200>] rcu_core_si+0x20/0x40
[ 818.133904] sp=e00000011873f810 bsp=e000000118739490
[ 818.133904] [<a0000001010279f0>] __do_softirq+0x230/0x640
[ 818.133904] sp=e00000011873f810 bsp=e0000001187393a0
[ 818.133904] [<a000000100074770>] irq_exit+0x170/0x200
[ 818.133904] sp=e00000011873f810 bsp=e000000118739388
[ 818.133904] [<a000000100013310>] ia64_handle_irq+0x1b0/0x360
[ 818.133904] sp=e00000011873f810 bsp=e000000118739308
[ 818.133904] [<a00000010000c8e0>] ia64_leave_kernel+0x0/0x270
[ 818.133904] sp=e00000011873f820 bsp=e000000118739308
[ 818.133904] [<a000000101027700>] flush_icache_range+0x80/0xa0
[ 818.133904] sp=e00000011873f9f0 bsp=e0000001187392f8
[ 818.133904] [<a0000001002f7ae0>] __access_remote_vm+0x1e0/0x320
[ 818.133904] sp=e00000011873f9f0 bsp=e000000118739258
[ 818.133904] [<a0000001002f7c80>] access_process_vm+0x60/0xa0
[ 818.133904] sp=e00000011873fa00 bsp=e000000118739210
[ 818.133904] [<a000000100018210>] ia64_sync_user_rbs+0x70/0xe0
[ 818.133904] sp=e00000011873fa00 bsp=e0000001187391d0
[ 818.133904] [<a000000100018b00>] do_sync_rbs+0xc0/0x100
[ 818.133904] sp=e00000011873fa10 bsp=e000000118739198
[ 818.133904] [<a00000010000cf30>] unw_init_running+0x70/0xa0
[ 818.133904] sp=e00000011873fa10 bsp=e000000118739170
[ 818.133904] [<a00000010001ae90>] ia64_ptrace_stop+0x130/0x160
[ 818.133904] sp=e00000011873fdf0 bsp=e000000118739158
[ 818.133904] [<a00000010008af60>] ptrace_stop+0xc0/0x880
[ 818.133904] sp=e00000011873fdf0 bsp=e000000118739118
[ 818.133904] [<a00000010008b820>] ptrace_do_notify+0x100/0x120
[ 818.133904] sp=e00000011873fdf0 bsp=e0000001187390e8
[ 818.133904] [<a00000010008b8d0>] ptrace_notify+0x90/0x260
[ 818.133904] sp=e00000011873fe30 bsp=e0000001187390c8
[ 818.133904] [<a00000010001e3d0>] syscall_trace_enter+0xf0/0x2c0
[ 818.133904] sp=e00000011873fe30 bsp=e000000118739070
[ 818.133904] [<a00000010000c540>] ia64_trace_syscall+0x40/0x130
[ 818.133904] sp=e00000011873fe30 bsp=e000000118739020
[ 818.186114] Kernel panic - not syncing: Aiee, killing interrupt handler!
[ 818.186114] ---[ end Kernel panic - not syncing: Aiee, killing interrupt handler! ]---
I'm not sure how to interpret it. It looks like 'bpf_prog_free'
frees the memory that is not there anymore, but previous crash
hints at already broken page tables. Maybe VM is already corrupted
by previous strace tests?
I wonder if I can enable a bit more kernel VM debugging to catch the corruption earlier.
--
Sergei
next reply other threads:[~2021-02-23 18:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-23 18:53 Sergei Trofimovich [this message]
2021-02-23 18:53 ` 5.?? regression: strace testsuite OOpses kernel on ia64 Sergei Trofimovich
2021-04-09 21:20 ` Sergei Trofimovich
2021-04-09 21:20 ` Sergei Trofimovich
2021-04-10 17:36 ` Yonghong Song
2021-04-10 17:36 ` Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210223185321.359e34bc@sf \
--to=slyich@gmail.com \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.