Re: LTP: fork13: kernel panic on rk3399-rock-pi-4 running mainline 6.10.rc3

From: Baolin Wang
Date: Tue Jun 11 2024 - 21:41:07 EST




On 2024/6/11 20:09, David Hildenbrand wrote:
On 11.06.24 13:39, Baolin Wang wrote:


On 2024/6/11 18:32, David Hildenbrand wrote:
On 11.06.24 12:14, Naresh Kamboju wrote:
The kernel panic was noticed while running LTP syscalls fork13 (long
running) on
the mainline master 6.10.rc3 kernel on arm64 rk3399-rock-pi-4 device.

Please find detailed logs in the links,

As you know fork13 is a stress test case trying to generate a maximum
number
of PID's in a 100,000 loop.

This device is running via NFS mounted filesystem.

I have tried to reproduce this problem in a loop but failed to
reproduce the
crash.


Crash flow:
------
fork13 run started
BUG: Bad page map in process fork13
BUG: Bad rss-counter state mm:
Unable to handle kernel paging request at virtual address
Internal error: Oops: 0000000096000046
run for 800 secs ( 13 minutes) and more.
fork14 run started and completed

fpathconf01 run started and completed
sugov:

Unable to handle kernel NULL pointer dereference at virtual address

Insufficient stack space to handle exception!
end Kernel panic - not syncing: kernel stack overflow

I have tried to decode stack dump by not being useful [1].
[1] https://people.linaro.org/~naresh.kamboju/output-rk3399.txt

Test log :
--------
tst_test.c:1733: TINFO: LTP version: 20240524
tst_test.c:1617: TINFO: Timeout per run is 0h 15m 00s
[  904.280569] BUG: Bad page map in process fork13  pte:2000000019ffc3
pmd:80000000df55003
[  904.281397] page: refcount:1 mapcount:-1 mapping:0000000000000000
index:0x0 pfn:0x19f

Mapcount underflow on a small folio (head: not printed).

[...]

[  904.294564] BUG: Bad page map in process fork13  pte:200000002e4fc3
pmd:80000000df55003
[  904.295275] page: refcount:2 mapcount:-1 mapping:000000007885152f
index:0x6 pfn:0x2e4

Another mapcount underflow on a small folio (head: not printed).


[  904.309309] BUG: Bad page map in process fork13  pte:20000000cc6fc3
pmd:80000000df55003
[  904.310031] page: refcount:1 mapcount:-1 mapping:0000000000000000
index:0x6 pfn:0xcc6
[  904.310728] head: order:3 mapcount:-1 entire_mapcount:0
nr_pages_mapped:8388607 pincount:0

Mapcount underflow on a large folio.

...

[  904.326666] BUG: Bad page map in process fork13  pte:20000000268fc3
pmd:80000000df55003
[  904.327390] page: refcount:1 mapcount:-1 mapping:00000000f0624181
index:0x1b pfn:0x268

Another mapcount underflow on a small folio (head: not printed).

[  904.328094] memcg:ffff0000016b4000
[  904.328401] aops:nfs_file_aops ino:8526e6 dentry
name:"libgpg-error.so.0.36.0"
[  904.329051] flags:
0x3fffe000000002c(referenced|uptodate|lru|node=0|zone=0|lastcpupid=0x1ffff)
[  904.329878] raw: 03fffe000000002c fffffdffc0009a48 fffffdffc022f3c8
ffff00000688bd60
[  904.330561] raw: 000000000000001b 0000000000000000 00000001fffffffe
ffff0000016b4000
[  904.331240] page dumped because: bad pte
[  904.331590] addr:0000aaaad9afe000 vm_flags:00000075
anon_vma:0000000000000000 mapping:ffff0000300d4188 index:2e
[  904.332476] file:fork13 fault:filemap_fault mmap:nfs_file_mmap
read_folio:nfs_read_folio
[  904.333245] CPU: 5 PID: 22685 Comm: fork13 Tainted: G    B


Are these maybe side-effects due to

https://lkml.kernel.org/r/20240607103241.1298388-1-wangkefeng.wang@xxxxxxxxxx

IIUC, the rk3399-rock-pi-4b device has no NUMA nodes (6 arm64 cores), so
I don't think the numa balancing will cause this issue.

Anyway, I will run fork13 test case on my arm64 server to try.

I have the faint recollection that we can (or at least could in the past) end up in do_numa_page() also without NUMA hinting.

I documented in 51d3d5eb74ff53b92dcff48b30ae2ed8edd85a32:

"
Note that do_numa_page() / do_huge_pmd_numa_page() can be reached even
without NUMA hinting (which currently doesn't seem to be applicable to
shmem), for example, by using uffd-wp with a PROT_WRITE shmem VMA.
"

I see. Thanks for explanation.