Re: kernel BUG at kernel/futex.c:679 on v4.13-rc3-ish on arm64

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Mark Rutland <mark.rutland@arm.com>
To: linux-kernel@vger.kernel.org, Mel Gorman <mgorman@suse.de>,
	Davidlohr Bueso <dbueso@suse.de>, Ingo Molnar <mingo@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>, Chris Mason <clm@fb.com>,
	Darren Hart <dvhart@linux.intel.com>,
	Hugh Dickins <hughd@google.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
	dave@stgolabs.net
Subject: Re: kernel BUG at kernel/futex.c:679 on v4.13-rc3-ish on arm64
Date: Tue, 8 Aug 2017 16:14:30 +0100	[thread overview]
Message-ID: <20170808151429.GE19207@leverpostej> (raw)
In-Reply-To: <20170808145732.GD19207@leverpostej>

On Tue, Aug 08, 2017 at 03:57:32PM +0100, Mark Rutland wrote:
> The below test case fires for me in a few seconds on an arm64 platform,
> triggering the kernel BUG at kernel/futex.c:679. If left running for longer, I
> then get a stream of other BUGs that I believe are a result of the first issue.

Likewise on v4.12 x86_64:

[2503756.486650] ------------[ cut here ]------------
[2503756.491450] WARNING: CPU: 0 PID: 21380 at kernel/futex.c:679 get_futex_key+0x2d8/0x330
[2503756.499527] Modules linked in:
[2503756.502754] CPU: 0 PID: 21380 Comm: futex-test Not tainted 4.12.0+ #14
[2503756.509441] Hardware name: LENOVO 7484A3G/LENOVO, BIOS 5CKT54AUS 09/07/2009
[2503756.516561] task: ffff9696e9abc800 task.stack: ffffa72c8637c000
[2503756.522648] RIP: 0010:get_futex_key+0x2d8/0x330
[2503756.527344] RSP: 0018:ffffa72c8637fcd8 EFLAGS: 00010246
[2503756.532734] RAX: 0000000000000000 RBX: ffffa72c8637fd88 RCX: ffff9696c618e690
[2503756.540025] RDX: ffffd98dc68b5f00 RSI: ffff9696c618e528 RDI: 0000000000000000
[2503756.547319] RBP: ffffa72c8637fd10 R08: ffff9696c618e670 R09: ffffa72c8637fc9c
[2503756.554609] R10: 0000008000000000 R11: ffff9696e5f65a58 R12: 00007f595cf4a000
[2503756.561900] R13: 0000000000000000 R14: 0000000000000001 R15: ffff9696e5fa4000
[2503756.569191] FS:  00007f595b759700(0000) GS:ffff9696fec00000(0000) knlGS:0000000000000000
[2503756.577439] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[2503756.583347] CR2: 00007f595cf4a000 CR3: 00000001a5e1d000 CR4: 00000000000406f0
[2503756.590646] Call Trace:
[2503756.593265]  ? iput+0x85/0x1d0
[2503756.596491]  futex_requeue+0x101/0x880
[2503756.600410]  do_futex+0xbe/0xa00
[2503756.603810]  ? pick_next_entity+0xa0/0x150
[2503756.608073]  ? pick_next_task_fair+0x3fc/0x460
[2503756.612685]  SyS_futex+0x6c/0x150
[2503756.616169]  ? schedule+0x31/0x80
[2503756.619657]  ? exit_to_usermode_loop+0x27/0x72
[2503756.624267]  entry_SYSCALL_64_fastpath+0x13/0x94
[2503756.629051] RIP: 0033:0x7f595c84e4e9
[2503756.632795] RSP: 002b:00007f595b758e78 EFLAGS: 00000202 ORIG_RAX: 00000000000000ca
[2503756.640521] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f595c84e4e9
[2503756.647813] RDX: 0000000000000001 RSI: 000000000000000c RDI: 00007f595cf4a000
[2503756.655109] RBP: 00007f595b758ec0 R08: 00007f595cf4a004 R09: 0000000000000001
[2503756.662401] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f595cb2e880
[2503756.669693] R13: 00007f595b7599c0 R14: 0000000000000000 R15: 0000000000000003
[2503756.676986] Code: 83 ef 01 e9 ea fd ff ff 48 8d 78 ff e9 20 fe ff ff e8 7d 6d 06 00 eb a7 b8 ea ff ff ff e9 35 fe ff ff 48 8d 78 ff e9 d9 fe ff ff <0f> ff 48 8b 7d d0 e8 4d f3 ff ff e9 7f fd ff ff 0f ff 48 89 f7 
[2503756.695988] ---[ end trace adb5ba028949a89a ]---

Thanks,
Mark

> ---->8----
> #include <linux/futex.h>
> #include <pthread.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <sys/mman.h>
> #include <sys/syscall.h>
> #include <sys/time.h>
> #include <unistd.h>
> 
> #define NR_FUTEX_THREADS 16
> 
> pthread_t threads[NR_FUTEX_THREADS];
> 
> void *mem;
> 
> #define MEM_PROT        (PROT_READ | PROT_WRITE)
> #define MEM_SIZE        65536
> 
> static int futex_wrapper(int *uaddr, int op, int val,
>                          const struct timespec *timeout,
>                          int *uaddr2, int val3)
> {
>         syscall(SYS_futex, uaddr, op, val, timeout, uaddr2, val3);
> }
> 
> void *poll_futex(void *unused)
> {
>         for (;;) {
>                 futex_wrapper(mem, FUTEX_CMP_REQUEUE_PI, 1, NULL, mem + 4, 1);
>         }
> }
> 
> int main(int argc, char *argv[])
> {
>         int i;
> 
>         mem = mmap(NULL, MEM_SIZE, MEM_PROT,
>                    MAP_SHARED | MAP_ANONYMOUS, -1, 0);
> 
>         printf("Mapping @ %p\n", mem);
> 
>         printf("Creating futex threads...\n");
> 
>         for (i = 0; i < NR_FUTEX_THREADS; i++)
>                 pthread_create(&threads[i], NULL, poll_futex, NULL);
> 
>         printf("Flipping mapping...\n");
>         for (;;) {
>                 mmap(mem, MEM_SIZE, MEM_PROT,
>                      MAP_FIXED | MAP_SHARED | MAP_ANONYMOUS, -1, 0);
>         }
> 
>         return 0;
> }

next prev parent reply	other threads:[~2017-08-08 15:15 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-08 10:52 kernel BUG at kernel/futex.c:679 on v4.13-rc3-ish on arm64 Mark Rutland
2017-08-08 14:57 ` Mark Rutland
2017-08-08 15:14   ` Mark Rutland [this message]
2017-08-08 15:32 ` Mel Gorman
2017-08-08 15:41   ` Mark Rutland
2017-08-08 16:06     ` Linus Torvalds
2017-08-08 16:44       ` Mel Gorman
2017-08-08 16:59         ` Mark Rutland

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170808151429.GE19207@leverpostej \
    --to=mark.rutland@arm.com \
    --cc=bigeasy@linutronix.de \
    --cc=clm@fb.com \
    --cc=dave@stgolabs.net \
    --cc=dbueso@suse.de \
    --cc=dvhart@linux.intel.com \
    --cc=hughd@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mgorman@suse.de \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox