UML broken for CONFIG_SLAB

From: Parag Warudkar
Date: Sun May 23 2010 - 17:40:29 EST

Next message: Markus: "Re: BUG: unable to handle kernel paging request"
Previous message: john stultz: "Re: [Regression] Negative time on Acer Ferrari One with current-git"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

UML seems to be badly broken 2.6.34 onwards - leading to random segfaults.

Reading symbols from /home/parag/devel/kernel/linux-2.6-um/linux...done.
(gdb) r
Starting program: /home/parag/devel/kernel/linux-2.6-um/linux
Checking that ptrace can change system call numbers...OK
Checking syscall emulation patch for ptrace...OK
Checking advanced syscall emulation patch for ptrace...OK
Checking for tmpfs mount on /dev/shm...OK
Checking PROT_EXEC mmap in /dev/shm/...OK
Checking for the skas3 patch in the host:
- /proc/mm...not found: No such file or directory
- PTRACE_FAULTINFO...not found
- PTRACE_LDT...not found
UML running in SKAS0 mode
Core dump limits :
soft - 0
hard - NONE

Program received signal SIGSEGV, Segmentation fault.
0x000000006007823f in alloc_kmemlist (cachep=0x61c00f40, limit=<value
optimized out>, batchcount=<value optimized out>, shared=<value optimized
out>, gfp=208) at mm/slab.c:3861
3861 l3->free_limit = (1 + nr_cpus_node(node)) *
(gdb)

(gdb) bt
#0 0x000000006007823f in alloc_kmemlist (cachep=0x61c00f40, limit=<value
optimized out>, batchcount=<value optimized out>, shared=<value optimized
out>, gfp=208) at mm/slab.c:3861
#1 do_tune_cpucache (cachep=0x61c00f40, limit=<value optimized out>,
batchcount=<value optimized out>, shared=<value optimized out>, gfp=208)
at mm/slab.c:3943
#2 0x00000000600783be in enable_cpucache (cachep=0x61c00f40,
gfp=1639983680) at mm/slab.c:3993
#3 0x000000006016e43d in setup_cpu_cache (cachep=0x61c00f40, gfp=208) at
mm/slab.c:2017
#4 0x0000000060078797 in kmem_cache_create (name=0x601c80b6
"idr_layer_cache", size=<value optimized out>, align=<value optimized
out>, flags=262144, ctor=<value optimized out>)
at mm/slab.c:2351
#5 0x000000006000982c in idr_init_cache () at lib/idr.c:676
#6 0x00000000600015df in start_kernel () at init/main.c:658

This one I tried to debug and something weird seems to be going on -

mm/slab.c:3849 does a l3 = kmalloc_node(...), which *seems* to be
returning NULL but the check on next line - if (!l3) doesn't seem to be
succeeding.

Finally it seems to happily dereference l3 (0x40 offsets etc.) up until
dereferencing free_limit at which point it explodes.

A very few times it goes a little further and explodes at

fsck from util-linux-ng 2.16
ROOT: clean, 18550/65536 files, 106443/262144 blocks

Program received signal SIGSEGV, Segmentation fault.
0x00000000600effb7 in cfq_close_cooperator (cfqd=0x7fcbe000,
cur_cfqq=0x7ff81bb0) at block/cfq-iosched.c:1801
1801 if (cfq_class_rt(cfqq) != cfq_class_rt(cur_cfqq))
(gdb) p cfqq
$1 = (struct cfq_queue *) 0x0
(gdb) p cur_cfqq
$2 = (struct cfq_queue *) 0x7ff81bb0
(gdb)

This is with CONFIG_SLAB=y.

Parag
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Markus: "Re: BUG: unable to handle kernel paging request"
Previous message: john stultz: "Re: [Regression] Negative time on Acer Ferrari One with current-git"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]