Re: vhost kernel BUG at /build/linux/mm/slub.c:3352!
On Tue, Jun 04, 2013 at 09:50:59PM +0300, Tommi Rantala wrote: Hello, Hit this right after killing trinity with Ctrl-C. Was fuzzing v3.10-rc4-0-gd683b96 in a qemu virtual machine as the root user. Tommi Thanks a lot for the report. If found some bugs when looking at this: I think they were introduced by 2839400f8fe28ce216eeeba3fb97bdf90977f7ad though I don't exactly see how ctrl-c can trigger this. I'll work on patches - is this reproducible at all? [29175] Random reseed: 3970521611 [29175] Random reseed: 202886419 [29175] Random reseed: 2930978521 [179904.099501] binder: 29175:2539 ioctl 4010630e fff returned -22 [29175] Random reseed: 2776471322 [29175] Random reseed: 3086119361 child 2606 exiting [29175] Bailing main loop. Exit reason: ctrl-c [179906.393060] [ cut here ] [179906.396341] kernel BUG at /build/linux/mm/slub.c:3352! [179906.399693] invalid opcode: [#1] SMP DEBUG_PAGEALLOC [179906.403272] CPU: 0 PID: 29175 Comm: trinity-main Not tainted 3.10.0-rc4 #1 [179906.407692] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [179906.411475] task: 8800b69e47c0 ti: 880092f2e000 task.ti: 880092f2e000 [179906.416305] RIP: 0010:[81225255] [81225255] kfree+0x155/0x2c0 [179906.421462] RSP: :880092f2fdb0 EFLAGS: 00010246 [179906.424983] RAX: 0100 RBX: 88009e588000 RCX: [179906.429746] RDX: 8800b69e47c0 RSI: 000a0004 RDI: 88009e588000 [179906.434499] RBP: 880092f2fdd8 R08: 0001 R09: [179906.439226] R10: R11: 0001 R12: [179906.443835] R13: ea0002796200 R14: 8800b9a960f8 R15: 8800ba06f6a0 [179906.448470] FS: 7f04cd25c700() GS:8800bf60() knlGS: [179906.453857] CS: 0010 DS: ES: CR0: 80050033 [179906.456956] CR2: 7f98e29d8f50 CR3: 9294a000 CR4: 06f0 [179906.460558] DR0: DR1: DR2: [179906.464059] DR3: DR6: 0ff0 DR7: 0400 [179906.467617] Stack: [179906.468704] 88001a7c 8800b9a960f8 [179906.472638] 8800ba06f6a0 880092f2fdf0 81c1c6df 88001a7c [179906.476583] 880092f2fe18 81c1c771 8800b69718c0 0008 [179906.480377] Call Trace: [179906.481636] [81c1c6df] vhost_net_vq_reset+0x7f/0xb0 [179906.484611] [81c1c771] vhost_net_release+0x61/0xb0 [179906.487481] [8123237a] __fput+0x12a/0x230 [179906.489968] [81232489] fput+0x9/0x10 [179906.492422] [8113a79e] task_work_run+0xae/0xf0 [179906.495169] [811172bc] do_exit+0x44c/0xb40 [179906.497789] [822a24d8] ? retint_swapgs+0x13/0x1b [179906.500652] [81117a74] do_group_exit+0x84/0xd0 [179906.503348] [81117ad2] SyS_exit_group+0x12/0x20 [179906.506146] [822a2e29] system_call_fastpath+0x16/0x1b [179906.509147] Code: 49 c1 ed 0c 49 c1 e5 06 49 01 c5 49 8b 45 00 f6 c4 80 74 0a 4d 8b 6d 30 66 0f 1f 44 00 00 49 8b 45 00 a8 80 75 28 f6 c4 c0 75 02 0f 0b 49 8b 45 00 31 f6 f6 c4 40 74 04 41 8b 75 68 4c 89 ef e8 [179906.522213] RIP [81225255] kfree+0x155/0x2c0 [179906.524937] RSP 880092f2fdb0 [179906.575627] ---[ end trace 3d4ce10faaa29990 ]--- [179906.577103] Fixing recursive fault but reboot is needed! [29174] Watchdog exiting -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: vhost kernel BUG at /build/linux/mm/slub.c:3352!
2013/6/5 Michael S. Tsirkin m...@redhat.com: On Tue, Jun 04, 2013 at 09:50:59PM +0300, Tommi Rantala wrote: Hello, Hit this right after killing trinity with Ctrl-C. Was fuzzing v3.10-rc4-0-gd683b96 in a qemu virtual machine as the root user. Tommi Thanks a lot for the report. If found some bugs when looking at this: I think they were introduced by 2839400f8fe28ce216eeeba3fb97bdf90977f7ad though I don't exactly see how ctrl-c can trigger this. I'll work on patches - is this reproducible at all? Thanks, glad to hear that the report was useful. Yes, I did reproduce this quite quickly yesterday with trinity, but did not dig any deeper into what was going on. Tommi -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: vhost kernel BUG at /build/linux/mm/slub.c:3352!
On Wed, Jun 05, 2013 at 03:06:33PM +0300, Tommi Rantala wrote: 2013/6/5 Michael S. Tsirkin m...@redhat.com: On Tue, Jun 04, 2013 at 09:50:59PM +0300, Tommi Rantala wrote: Hello, Hit this right after killing trinity with Ctrl-C. Was fuzzing v3.10-rc4-0-gd683b96 in a qemu virtual machine as the root user. Tommi Thanks a lot for the report. If found some bugs when looking at this: I think they were introduced by 2839400f8fe28ce216eeeba3fb97bdf90977f7ad though I don't exactly see how ctrl-c can trigger this. I'll work on patches - is this reproducible at all? Thanks, glad to hear that the report was useful. Yes, I did reproduce this quite quickly yesterday with trinity, but did not dig any deeper into what was going on. Tommi Great, I'll post patches and we can see if it's fixed. -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
vhost kernel BUG at /build/linux/mm/slub.c:3352!
Hello, Hit this right after killing trinity with Ctrl-C. Was fuzzing v3.10-rc4-0-gd683b96 in a qemu virtual machine as the root user. Tommi [29175] Random reseed: 3970521611 [29175] Random reseed: 202886419 [29175] Random reseed: 2930978521 [179904.099501] binder: 29175:2539 ioctl 4010630e fff returned -22 [29175] Random reseed: 2776471322 [29175] Random reseed: 3086119361 child 2606 exiting [29175] Bailing main loop. Exit reason: ctrl-c [179906.393060] [ cut here ] [179906.396341] kernel BUG at /build/linux/mm/slub.c:3352! [179906.399693] invalid opcode: [#1] SMP DEBUG_PAGEALLOC [179906.403272] CPU: 0 PID: 29175 Comm: trinity-main Not tainted 3.10.0-rc4 #1 [179906.407692] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 [179906.411475] task: 8800b69e47c0 ti: 880092f2e000 task.ti: 880092f2e000 [179906.416305] RIP: 0010:[81225255] [81225255] kfree+0x155/0x2c0 [179906.421462] RSP: :880092f2fdb0 EFLAGS: 00010246 [179906.424983] RAX: 0100 RBX: 88009e588000 RCX: [179906.429746] RDX: 8800b69e47c0 RSI: 000a0004 RDI: 88009e588000 [179906.434499] RBP: 880092f2fdd8 R08: 0001 R09: [179906.439226] R10: R11: 0001 R12: [179906.443835] R13: ea0002796200 R14: 8800b9a960f8 R15: 8800ba06f6a0 [179906.448470] FS: 7f04cd25c700() GS:8800bf60() knlGS: [179906.453857] CS: 0010 DS: ES: CR0: 80050033 [179906.456956] CR2: 7f98e29d8f50 CR3: 9294a000 CR4: 06f0 [179906.460558] DR0: DR1: DR2: [179906.464059] DR3: DR6: 0ff0 DR7: 0400 [179906.467617] Stack: [179906.468704] 88001a7c 8800b9a960f8 [179906.472638] 8800ba06f6a0 880092f2fdf0 81c1c6df 88001a7c [179906.476583] 880092f2fe18 81c1c771 8800b69718c0 0008 [179906.480377] Call Trace: [179906.481636] [81c1c6df] vhost_net_vq_reset+0x7f/0xb0 [179906.484611] [81c1c771] vhost_net_release+0x61/0xb0 [179906.487481] [8123237a] __fput+0x12a/0x230 [179906.489968] [81232489] fput+0x9/0x10 [179906.492422] [8113a79e] task_work_run+0xae/0xf0 [179906.495169] [811172bc] do_exit+0x44c/0xb40 [179906.497789] [822a24d8] ? retint_swapgs+0x13/0x1b [179906.500652] [81117a74] do_group_exit+0x84/0xd0 [179906.503348] [81117ad2] SyS_exit_group+0x12/0x20 [179906.506146] [822a2e29] system_call_fastpath+0x16/0x1b [179906.509147] Code: 49 c1 ed 0c 49 c1 e5 06 49 01 c5 49 8b 45 00 f6 c4 80 74 0a 4d 8b 6d 30 66 0f 1f 44 00 00 49 8b 45 00 a8 80 75 28 f6 c4 c0 75 02 0f 0b 49 8b 45 00 31 f6 f6 c4 40 74 04 41 8b 75 68 4c 89 ef e8 [179906.522213] RIP [81225255] kfree+0x155/0x2c0 [179906.524937] RSP 880092f2fdb0 [179906.575627] ---[ end trace 3d4ce10faaa29990 ]--- [179906.577103] Fixing recursive fault but reboot is needed! [29174] Watchdog exiting -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html