← Back to team overview

kernel-packages team mailing list archive

[Bug 1576564] [NEW] Xen 32bit dom0 on 64bit hypervisor: bad page flags

 

Public bug reported:

This problem is a mix between running certain versions of 32bit Linux
kernel dom0 on certain versions of 64bit Xen hypervisor, combined with
certain memory clamping settings.

Xen 4.4.1 + Linux 3.13.x -> at least boots without messages
Xen 4.5.1 + Linux 4.2.x -> boot without messages (dom0_mem=512M,4096M,unlimited)
Xen 4.5.1 + Linux 4.2.x -> bad page messages but boots (dom0_mem[1024M...3072M])
Xen 4.6 + Linux 4.2.x -> all cases as with Xen 4.5.1
Xen 4.6 + Linux 4.4.x
 The boot for 512M,4096M, and unlimited looks good as well. Though trying to start a
  domU without dom0_mem set caused a crash why ballooning (but I think this should be
  a seperate bug)
 Using a dom0_mem range between 1G and 3G it looks like still producing the bad page
 flags bug message and additionally panicking + reboot. Unfortunately there is no clear
 panic message, the serial console seems to be overwhelmed.

The bad page bug generally looks like this (the pfn numbers seem to be
towards the end of the allocated range.

[    8.980150] BUG: Bad page state in process swapper/0  pfn:7fc22
[    8.980238] page:f4566550 count:0 mapcount:0 mapping:  (null) index:0x0
[    8.980328] flags: 0x7000400(reserved)
[    8.980486] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
[    8.980575] bad because of flags:
[    8.980688] flags: 0x400(reserved)
[    8.980844] Modules linked in:
[    8.980960] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G    B           4.2.0-19-
generic #23-Ubuntu
[    8.981084] Hardware name: Supermicro H8SGL/H8SGL, BIOS 3.0        08/31/2012
[    8.981177]  c1a649a7 23e07668 00000000 e9cafce4 c175e501 f4566550 e9cafd08 c
1166897
[    8.981608]  c19750a4 e9d183ec 0007fc22 007fffff c1975630 c1978e86 00000001 e
9cafd74
[    8.982074]  c1169f83 00000002 00000141 0004a872 c1af3644 00000000 ee44bce4 e
e44bce4
[    8.982506] Call Trace:
[    8.982582]  [<c175e501>] dump_stack+0x41/0x52
[    8.982666]  [<c1166897>] bad_page+0xb7/0x110
[    8.982749]  [<c1169f83>] get_page_from_freelist+0x2d3/0x610
[    8.982838]  [<c116a4f3>] __alloc_pages_nodemask+0x153/0x910
[    8.982926]  [<c122ee62>] ? find_entry.isra.13+0x52/0x90
[    8.983013]  [<c11b0f75>] ? kmem_cache_alloc_trace+0x175/0x1e0
[    8.983102]  [<c10b1c96>] ? __raw_callee_save___pv_queued_spin_unlock+0x6/0x10
[    8.983223]  [<c11b0ddd>] ? __kmalloc+0x21d/0x240
[    8.983308]  [<c119cc2e>] __vmalloc_node_range+0x10e/0x210
[    8.983433]  [<c1148fa7>] ? bpf_prog_alloc+0x37/0xa0
[    8.983518]  [<c119cd96>] __vmalloc_node+0x66/0x70
[    8.983604]  [<c1148fa7>] ? bpf_prog_alloc+0x37/0xa0
[    8.983689]  [<c119cdd4>] __vmalloc+0x34/0x40
[    8.983773]  [<c1148fa7>] ? bpf_prog_alloc+0x37/0xa0
[    8.983859]  [<c1148fa7>] bpf_prog_alloc+0x37/0xa0
[    8.983944]  [<c167cc8c>] bpf_prog_create+0x2c/0x90
[    8.984034]  [<c1b6741e>] ? bsp_pm_check_init+0x11/0x11
[    8.984121]  [<c1b68401>] ptp_classifier_init+0x2b/0x44
[    8.984207]  [<c1b6749a>] sock_init+0x7c/0x83
[    8.984291]  [<c100211a>] do_one_initcall+0xaa/0x200
[    8.984376]  [<c1b6741e>] ? bsp_pm_check_init+0x11/0x11
[    8.984463]  [<c1b1654c>] ? repair_env_string+0x12/0x54
[    8.984551]  [<c1b16cf6>] ? kernel_init_freeable+0x126/0x1d9
[    8.984726]  [<c1755fb0>] kernel_init+0x10/0xe0
[    8.984846]  [<c10929b1>] ? schedule_tail+0x11/0x50
[    8.984932]  [<c1764141>] ret_from_kernel_thread+0x21/0x30
[    8.985019]  [<c1755fa0>] ? rest_init+0x70/0x70

** Affects: linux (Ubuntu)
     Importance: High
     Assignee: Stefan Bader (smb)
         Status: Triaged

** Affects: xen (Ubuntu)
     Importance: High
     Assignee: Stefan Bader (smb)
         Status: Triaged

** Also affects: linux (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu)
       Status: New => Triaged

** Changed in: linux (Ubuntu)
   Importance: Undecided => High

** Changed in: linux (Ubuntu)
     Assignee: (unassigned) => Stefan Bader (smb)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1576564

Title:
  Xen 32bit dom0 on 64bit hypervisor: bad page flags

Status in linux package in Ubuntu:
  Triaged
Status in xen package in Ubuntu:
  Triaged

Bug description:
  This problem is a mix between running certain versions of 32bit Linux
  kernel dom0 on certain versions of 64bit Xen hypervisor, combined with
  certain memory clamping settings.

  Xen 4.4.1 + Linux 3.13.x -> at least boots without messages
  Xen 4.5.1 + Linux 4.2.x -> boot without messages (dom0_mem=512M,4096M,unlimited)
  Xen 4.5.1 + Linux 4.2.x -> bad page messages but boots (dom0_mem[1024M...3072M])
  Xen 4.6 + Linux 4.2.x -> all cases as with Xen 4.5.1
  Xen 4.6 + Linux 4.4.x
   The boot for 512M,4096M, and unlimited looks good as well. Though trying to start a
    domU without dom0_mem set caused a crash why ballooning (but I think this should be
    a seperate bug)
   Using a dom0_mem range between 1G and 3G it looks like still producing the bad page
   flags bug message and additionally panicking + reboot. Unfortunately there is no clear
   panic message, the serial console seems to be overwhelmed.

  The bad page bug generally looks like this (the pfn numbers seem to be
  towards the end of the allocated range.

  [    8.980150] BUG: Bad page state in process swapper/0  pfn:7fc22
  [    8.980238] page:f4566550 count:0 mapcount:0 mapping:  (null) index:0x0
  [    8.980328] flags: 0x7000400(reserved)
  [    8.980486] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
  [    8.980575] bad because of flags:
  [    8.980688] flags: 0x400(reserved)
  [    8.980844] Modules linked in:
  [    8.980960] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G    B           4.2.0-19-
  generic #23-Ubuntu
  [    8.981084] Hardware name: Supermicro H8SGL/H8SGL, BIOS 3.0        08/31/2012
  [    8.981177]  c1a649a7 23e07668 00000000 e9cafce4 c175e501 f4566550 e9cafd08 c
  1166897
  [    8.981608]  c19750a4 e9d183ec 0007fc22 007fffff c1975630 c1978e86 00000001 e
  9cafd74
  [    8.982074]  c1169f83 00000002 00000141 0004a872 c1af3644 00000000 ee44bce4 e
  e44bce4
  [    8.982506] Call Trace:
  [    8.982582]  [<c175e501>] dump_stack+0x41/0x52
  [    8.982666]  [<c1166897>] bad_page+0xb7/0x110
  [    8.982749]  [<c1169f83>] get_page_from_freelist+0x2d3/0x610
  [    8.982838]  [<c116a4f3>] __alloc_pages_nodemask+0x153/0x910
  [    8.982926]  [<c122ee62>] ? find_entry.isra.13+0x52/0x90
  [    8.983013]  [<c11b0f75>] ? kmem_cache_alloc_trace+0x175/0x1e0
  [    8.983102]  [<c10b1c96>] ? __raw_callee_save___pv_queued_spin_unlock+0x6/0x10
  [    8.983223]  [<c11b0ddd>] ? __kmalloc+0x21d/0x240
  [    8.983308]  [<c119cc2e>] __vmalloc_node_range+0x10e/0x210
  [    8.983433]  [<c1148fa7>] ? bpf_prog_alloc+0x37/0xa0
  [    8.983518]  [<c119cd96>] __vmalloc_node+0x66/0x70
  [    8.983604]  [<c1148fa7>] ? bpf_prog_alloc+0x37/0xa0
  [    8.983689]  [<c119cdd4>] __vmalloc+0x34/0x40
  [    8.983773]  [<c1148fa7>] ? bpf_prog_alloc+0x37/0xa0
  [    8.983859]  [<c1148fa7>] bpf_prog_alloc+0x37/0xa0
  [    8.983944]  [<c167cc8c>] bpf_prog_create+0x2c/0x90
  [    8.984034]  [<c1b6741e>] ? bsp_pm_check_init+0x11/0x11
  [    8.984121]  [<c1b68401>] ptp_classifier_init+0x2b/0x44
  [    8.984207]  [<c1b6749a>] sock_init+0x7c/0x83
  [    8.984291]  [<c100211a>] do_one_initcall+0xaa/0x200
  [    8.984376]  [<c1b6741e>] ? bsp_pm_check_init+0x11/0x11
  [    8.984463]  [<c1b1654c>] ? repair_env_string+0x12/0x54
  [    8.984551]  [<c1b16cf6>] ? kernel_init_freeable+0x126/0x1d9
  [    8.984726]  [<c1755fb0>] kernel_init+0x10/0xe0
  [    8.984846]  [<c10929b1>] ? schedule_tail+0x11/0x50
  [    8.984932]  [<c1764141>] ret_from_kernel_thread+0x21/0x30
  [    8.985019]  [<c1755fa0>] ? rest_init+0x70/0x70

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1576564/+subscriptions


Follow ups