From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from psmtp.com (na3sys010amx155.postini.com [74.125.245.155]) by kanga.kvack.org (Postfix) with SMTP id 558546B0005 for ; Tue, 9 Apr 2013 05:05:34 -0400 (EDT) From: Fanhenglong Subject: PROBLEM: Kernel oops -- IP: [] kfree+0x5a/0x200 Date: Tue, 9 Apr 2013 09:04:49 +0000 Message-ID: <7EE47F9F3BEC294493BA3E433F16E08A242BFD4A@szxeml539-mbx.china.huawei.com> Content-Language: zh-CN Content-Type: multipart/alternative; boundary="_000_7EE47F9F3BEC294493BA3E433F16E08A242BFD4Aszxeml539mbxchi_" MIME-Version: 1.0 Sender: owner-linux-mm@kvack.org List-ID: To: "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" Cc: Xuzhichuang --_000_7EE47F9F3BEC294493BA3E433F16E08A242BFD4Aszxeml539mbxchi_ Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 SGksDQoNCkZ1bGwgZGVzY3JpcHRpb24gb2YgdGhlIHByb2JsZW06DQoNCktlcm5lbCB2ZXJzaW9u OiAyLjYuMzIuMzYNCg0KT29wcyBpbmZvcm1hdGlvbjoNCg0KWzk2MzgyNzEuNjk1NjYzXSBCVUc6 IHVuYWJsZSB0byBoYW5kbGUga2VybmVsIHBhZ2luZyByZXF1ZXN0IGF0IDAwMDAwMDAwMDBhM2Fk OTANCls5NjM4MjcxLjY5NTY4NV0gSVA6IFs8ZmZmZmZmZmY4MDBjZGRmYT5dIGtmcmVlKzB4NWEv MHgyMDANCls5NjM4MjcxLjY5NTcwMV0gUEdEIGY5NGZmMDY3IFBVRCBmZDY1MjA2NyBQTUQgMA0K Wzk2MzgyNzEuNjk1NzA3XSBPb3BzOiAwMDAwIFsjMV0gU01QDQpbOTYzODI3MS42OTU3MTJdIGxh c3Qgc3lzZnMgZmlsZTogL3N5cy9kZXZpY2VzL3hlbi1iYWNrZW5kL3ZiZC00MTUtNTE3NzYvc3Rh dGlzdGljcy93cl9zZWN0DQoNClRyYXAgbnVtYmVyOjE0LCBtZXNzYWdlOk9vcHMNCkVycm9yIG51 bTogMA0KU2lnYWwgTnVtOjExX1NJR1NFR1YNCkV2ZW50IElEOkRJRV9PT1BTDQpSSVA6IGUwMzA6 WzxmZmZmZmZmZjgwMGNkZGZhPl0NCjxmZmZmZmZmZjgwMGNkZGZhPntrZnJlZSsweDVhfQ0KUlNQ OiBlMDJiOmZmZmY4ODAwMWNlNjVkYTggIEVGTEFHUzogMDAwMTAwMDYNClJBWDogMDAwMDAwMDAw MGEzYWQ5MCBSQlg6IDAwMDAwMDAwMDAwMDAwMDAgUkNYOiAwMDAwMDAwMDAwMDAwMmViDQpSRFg6 IDAwMDAwMDAwMDAxNzYxZjAgUlNJOiAwMDAwMDAwMDAwMDAwMmViIFJESTogZmZmZjg4MDAyZWMz ZTNlMA0KUkJQOiBmZmZmZmZmZmZmZmZmZmZlIFIwODogMDAwMDAwMDAwMDAwMDAwMCBSMDk6IGZm ZmY4ODAwMmVjM2UzZTANClIxMDogZmZmZmZmZmZmZmZmZmZmZiBSMTE6IGZmZmZmZmZmODAxYjBl NTAgUjEyOiAwMDAwMDAwMDAwMDA4MDAxDQpSMTM6IDAwMDAwMDAwMDAwMDAwMjQgUjE0OiAwMDAw MDAwMGZmZmZmZjljIFIxNTogZmZmZjg4MDAxY2U2NWU0OA0KRlM6ICAwMDAwN2ZiZTA1ZTcxNzAw KDAwMDApIEdTOmZmZmY4ODAwMDIwMDgwMDAoMDAwMCkga25sR1M6MDAwMDAwMDAwMDAwMDAwMA0K Q1M6ICBlMDMzIERTOiAwMDAwIEVTOiAwMDAwIENSMDogMDAwMDAwMDA4MDA1MDAzMw0KQ1IyOiAw MDAwMDAwMDAwYTNhZDkwIENSMzogMDAwMDAwMDBmOTAwOTAwMCBDUjQ6IDAwMDAwMDAwMDAwMDI2 MjANCkRSMDogMDAwMDAwMDAwMDAwMDAwMCBEUjE6IDAwMDAwMDAwMDAwMDAwMDAgRFIyOiAwMDAw MDAwMDAwMDAwMDAwDQpEUjM6IDAwMDAwMDAwMDAwMDAwMDAgRFI2OiAwMDAwMDAwMGZmZmYwZmYw IERSNzogMDAwMDAwMDAwMDAwMDQwMA0KPGtlcm5lbF90cmFjZT4NCiAgICAgICA8ZmZmZmZmZmY4 MDAwOWIwNT57ZHVtcF90cmFjZSsweDY1fQ0KICAgICAgIDxmZmZmZmZmZjgwMzdkODk3Pntub3Rp Zmllcl9jYWxsX2NoYWluKzB4Mzd9DQogICAgICAgPGZmZmZmZmZmODAwNWExZWQ+e25vdGlmeV9k aWUrMHgyZH0NCiAgICAgICA8ZmZmZmZmZmY4MDM3YmQwYj57X19kaWUrMHg4Yn0NCiAgICAgICA8 ZmZmZmZmZmY4MDAxYmVkMT57bm9fY29udGV4dCsweGQxfQ0KICAgICAgIDxmZmZmZmZmZjgwMDFj MWY1PntfX2JhZF9hcmVhX25vc2VtYXBob3JlKzB4MTc1fQ0KICAgICAgIDxmZmZmZmZmZjgwMzdi Mjk4PntwYWdlX2ZhdWx0KzB4Mjh9DQogICAgICAgPGZmZmZmZmZmODAwY2RkZmE+e2tmcmVlKzB4 NWF9DQogICAgICAgPGZmZmZmZmZmODAwZGEwM2Q+e3B1dF9maWxwKzB4MWR9DQogICAgICAgPGZm ZmZmZmZmODAwZTcxMzM+e2RvX2ZpbHBfb3BlbisweDcyM30NCiAgICAgICA8ZmZmZmZmZmY4MDBk NjJiNz57ZG9fc3lzX29wZW4rMHg5N30NCiAgICAgICA8ZmZmZmZmZmY4MDAwNzM3OD57c3lzdGVt X2NhbGxfZmFzdHBhdGgrMHgxNn0NCiAgICAgICBbPDAwMDA3ZmJlMDU5YzgwNDA+XQ0KPC9rZXJu ZWxfdHJhY2U+DQoNCkZvbGxvd2luZyBpcyBteSBvd24gcHJlbGltaW5hcnkgYW5hbHlzaXM6DQoN CmNyYXNoPiBkaXMga2ZyZWUNCjB4ZmZmZmZmZmY4MDBjZGRhMCA8a2ZyZWU+OiAgICAgcHVzaCAg ICVyMTUNCjB4ZmZmZmZmZmY4MDBjZGRhMiA8a2ZyZWUrMj46ICAgcHVzaCAgICVyMTQNCjB4ZmZm ZmZmZmY4MDBjZGRhNCA8a2ZyZWUrND46ICAgcHVzaCAgICVyMTMNCjB4ZmZmZmZmZmY4MDBjZGRh NiA8a2ZyZWUrNj46ICAgcHVzaCAgICVyMTINCjB4ZmZmZmZmZmY4MDBjZGRhOCA8a2ZyZWUrOD46 ICAgcHVzaCAgICVyYnANCjB4ZmZmZmZmZmY4MDBjZGRhOSA8a2ZyZWUrOT46ICAgcHVzaCAgICVy YngNCjB4ZmZmZmZmZmY4MDBjZGRhYSA8a2ZyZWUrMTA+OiAgc3ViICAgICQweDE4LCVyc3ANCjB4 ZmZmZmZmZmY4MDBjZGRhZSA8a2ZyZWUrMTQ+OiAgY21wICAgICQweDEwLCVyZGkNCjB4ZmZmZmZm ZmY4MDBjZGRiMiA8a2ZyZWUrMTg+OiAgbW92ICAgICVyZGksMHg4KCVyc3ApDQoweGZmZmZmZmZm ODAwY2RkYjcgPGtmcmVlKzIzPjogIGpiZSAgICAweGZmZmZmZmZmODAwY2RlN2MgPGtmcmVlKzIy MD4NCjB4ZmZmZmZmZmY4MDBjZGRiZCA8a2ZyZWUrMjk+OiAgbW92ICAgICVnczoweDY3YzEsJWFs DQoweGZmZmZmZmZmODAwY2RkYzUgPGtmcmVlKzM3PjogIG1vdmIgICAkMHgxLCVnczoweDY3YzEN CjB4ZmZmZmZmZmY4MDBjZGRjZSA8a2ZyZWUrNDY+OiAgbW92ICAgICVhbCwweDE3KCVyc3ApDQow eGZmZmZmZmZmODAwY2RkZDIgPGtmcmVlKzUwPjogIG1vdiAgICAweDgoJXJzcCksJXJkaQ0KMHhm ZmZmZmZmZjgwMGNkZGQ3IDxrZnJlZSs1NT46ICBtb3YgICAgMHg3NTg4NzIoJXJpcCksJXJieCAg ICAgICAgIyAweGZmZmZmZmZmODA4MjY2NTANCjB4ZmZmZmZmZmY4MDBjZGRkZSA8a2ZyZWUrNjI+ OiAgY2FsbHEgIDB4ZmZmZmZmZmY4MDAyMjhlMCA8X19waHlzX2FkZHI+DQoweGZmZmZmZmZmODAw Y2RkZTMgPGtmcmVlKzY3PjogIHNociAgICAkMHhjLCVyYXgNCjB4ZmZmZmZmZmY4MDBjZGRlNyA8 a2ZyZWUrNzE+OiAgbGVhICAgIDB4MCgsJXJheCw4KSwlcmR4DQoweGZmZmZmZmZmODAwY2RkZWYg PGtmcmVlKzc5PjogIHNobCAgICAkMHg2LCVyYXgNCjB4ZmZmZmZmZmY4MDBjZGRmMyA8a2ZyZWUr ODM+OiAgc3ViICAgICVyZHgsJXJheA0KMHhmZmZmZmZmZjgwMGNkZGY2IDxrZnJlZSs4Nj46ICBs ZWEgICAgKCVyYngsJXJheCwxKSwlcmF4DQoweGZmZmZmZmZmODAwY2RkZmEgPGtmcmVlKzkwPjog IG1vdiAgICAoJXJheCksJXJkeA0KMHhmZmZmZmZmZjgwMGNkZGZkIDxrZnJlZSs5Mz46ICB0ZXN0 ICAgJDB4MjAwMDAsJWVkeA0KMHhmZmZmZmZmZjgwMGNkZTAzIDxrZnJlZSs5OT46ICBqZSAgICAg MHhmZmZmZmZmZjgwMGNkZTFiIDxrZnJlZSsxMjM+DQoweGZmZmZmZmZmODAwY2RlMDUgPGtmcmVl KzEwMT46IG1vdiAgICAweDEwKCVyYXgpLCVyYXgNCjB4ZmZmZmZmZmY4MDBjZGUwOSA8a2ZyZWUr MTA1PjogbW92ICAgICglcmF4KSwlcmR4DQoweGZmZmZmZmZmODAwY2RlMGMgPGtmcmVlKzEwOD46 IHRlc3QgICAkMHgyMDAwMCwlZWR4DQoweGZmZmZmZmZmODAwY2RlMTIgPGtmcmVlKzExND46IGpl ICAgICAweGZmZmZmZmZmODAwY2RlMWIgPGtmcmVlKzEyMz4NCi4uLi4uLg0KDQpOb3JtYWxseSAl cmJ4IHNob3VsZCBiZSB0aGUgdmFsdWUgb2YgbWVtX21hcCB3aGljaCBpcyBhIGZpeGVkIHZhbHVl IGluIG15IHN5c3RlbSwgdGhlIGFkZHJlc3Mgb2YgdGhlIG1lbV9tYXAgaXMgMHhmZmZmZmZmZjgw ODI2NjUwLCBhbmQgdGhlIHZhbHVlIG9mIG1lbV9tYXAgaXMgMHhmZmZmODgwMDA0ODAyMDAwLg0K DQpCdXQgaGVyZSwgJXJieCB3YXMgY2hhbmdlZCB0byAweDAwMDAwMDAwMDAwMDAwMDAsIGluIG15 IG9waW5pb24sIHRoZSBwb3NzaWJsZSByZWFzb24gaXMgYmVsb3c6DQoNCjEuIG1lbV9tYXAgd2Fz IGNoYW5nZWQgd2l0aCBhbiB1bmtub3duIHJlYXNvbiwgbGVkIHRvICVyYnggaXMgd3JvbmcuDQoy LiBtZW1fbWFwIGlzIHJpZ2h0LCBidXQgJXJpcCBpcyB3cm9uZywgbGVkIHRvICVyYnggaXMgd3Jv bmcuDQozLiBtZW1fbWFwIGlzIHJpZ2h0LCBhbmQgJXJpcCBpcyBhbHNvIHJpZ2h0LCBidXQgJXJi eCB3YXMgY2hhbmdlZCBhZnRlciBsYXRlci4NCg0KSSBjaGFuZ2VkIHRoZSBtZW1fbWFwIHZhbHVl IHRvIDB4MDAwMDAwMDAwMDAwMDAwMCwga2VybmVsIGlzIHBhbmljIGltbWVkaWF0ZWx5LCBidXQg aXQgY2Fuoa90IHByb2R1Y2UgdGhlIHZtY29yZSwgdGhpcyBwcm9ibGVtIGhhcyB0aGUgdm1jb3Jl KHNhZCB0byBzYXksIHZtY29yZSB3YXMgZ29uZSBiZWNhdXNlIG9mIGNhcmVsZXNzbmVzcykuDQoN ClNvIHdlIGNhbiBleGNsdWRlIHRoZSByZWFzb24gb25lLCB0aGUgcmVzdCBvZiB0aGUgcmVhc29u IGlzIHR3byBhbmQgdGhyZWUsIGJ1dCBpIGRvbqGvdCBrbm93IGhvdyB0aGV5IGNhbiBoYXBwZW4u DQoNCkkgZG9uJ3QgZG8gYW55dGhpbmcgYmVmb3JlIHRoZSBzeXN0ZW0gcGFuaWMsIGFuZCBpIGNh bqGvdCByZXByb2R1Y2UgdGhpcyBwcm9ibGVtLg0KDQoNCg== --_000_7EE47F9F3BEC294493BA3E433F16E08A242BFD4Aszxeml539mbxchi_ Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable

Hi,

Full description of the problem:

Kernel version: 2.6.32.36

Oops information:

[9638271.695663] BUG: unable to handle kernel paging request at 00000000= 00a3ad90
[9638271.695685] IP: [<ffffffff800cddfa>] kfree+0x5a/0x200
[9638271.695701] PGD f94ff067 PUD fd652067 PMD 0
[9638271.695707] Oops: 0000 [#1] SMP
[9638271.695712] last sysfs file: /sys/devices/xen-backend/vbd-415-51776/st= atistics/wr_sect

Trap number:14, message:Oops
Error num: 0
Sigal Num:11_SIGSEGV
Event ID:DIE_OOPS
RIP: e030:[<ffffffff800cddfa>]
<ffffffff800cddfa>{kfree+0x5a}
RSP: e02b:ffff88001ce65da8  EFLAGS: 00010006
RAX: 0000000000a3ad90 RBX: 0000000000000000 RCX: 00000000000002eb
RDX: 00000000001761f0 RSI: 00000000000002eb RDI: ffff88002ec3e3e0
RBP: fffffffffffffffe R08: 0000000000000000 R09: ffff88002ec3e3e0
R10: ffffffffffffffff R11: ffffffff801b0e50 R12: 0000000000008001
R13: 0000000000000024 R14: 00000000ffffff9c R15: ffff88001ce65e48
FS:  00007fbe05e71700(0000) GS:ffff880002008000(0000) knlGS:0000000000= 000000
CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000a3ad90 CR3: 00000000f9009000 CR4: 0000000000002620
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
<kernel_trace>
       <ffffffff80009b05>{dump_trace= 3;0x65}
       <ffffffff8037d897>{notifier_call= _chain+0x37}
       <ffffffff8005a1ed>{notify_die= 3;0x2d}
       <ffffffff8037bd0b>{__die+0x8= b}
       <ffffffff8001bed1>{no_context= 3;0xd1}
       <ffffffff8001c1f5>{__bad_area_no= semaphore+0x175}
       <ffffffff8037b298>{page_fault= 3;0x28}
       <ffffffff800cddfa>{kfree+0x5= a}
       <ffffffff800da03d>{put_filp+= 0x1d}
       <ffffffff800e7133>{do_filp_open&= #43;0x723}
       <ffffffff800d62b7>{do_sys_open&#= 43;0x97}
       <ffffffff80007378>{system_call_f= astpath+0x16}
       [<00007fbe059c8040>]
</kernel_trace>


Following is my own preliminary analysis:

crash> dis kfree
0xffffffff800cdda0 <kfree>:     push   = %r15
0xffffffff800cdda2 <kfree+2>:   push   %r14 0xffffffff800cdda4 <kfree+4>:   push   %r13 0xffffffff800cdda6 <kfree+6>:   push   %r12 0xffffffff800cdda8 <kfree+8>:   push   %rbp 0xffffffff800cdda9 <kfree+9>:   push   %rbx 0xffffffff800cddaa <kfree+10>:  sub    $0x18,= %rsp
0xffffffff800cddae <kfree+14>:  cmp    $0x10,= %rdi
0xffffffff800cddb2 <kfree+18>:  mov    %rdi,0= x8(%rsp)
0xffffffff800cddb7 <kfree+23>:  jbe    0xffff= ffff800cde7c <kfree+220>
0xffffffff800cddbd <kfree+29>:  mov    %gs:0x= 67c1,%al
0xffffffff800cddc5 <kfree+37>:  movb   $0x1,%gs:0x= 67c1
0xffffffff800cddce <kfree+46>:  mov    %al,0x= 17(%rsp)
0xffffffff800cddd2 <kfree+50>:  mov    0x8(%r= sp),%rdi
0xffffffff800cddd7 <kfree+55>:  mov    0x7588= 72(%rip),%rbx        # 0xffffffff8082665= 0
0xffffffff800cddde <kfree+62>:  callq  0xffffffff800228= e0 <__phys_addr>
0xffffffff800cdde3 <kfree+67>:  shr    $0xc,%= rax
0xffffffff800cdde7 <kfree+71>:  lea    0x0(,%= rax,8),%rdx
0xffffffff800cddef <kfree+79>:  shl    $0x6,%= rax
0xffffffff800cddf3 <kfree+83>:  sub    %rdx,%= rax
0xffffffff800cddf6 <kfree+86>:  lea    (%rbx,= %rax,1),%rax
0xffffffff800cddfa <kfree+90>:  mov    (%rax)= ,%rdx
0xffffffff800cddfd <kfree+93>:  test   $0x20000,%e= dx
0xffffffff800cde03 <kfree+99>:  je     0= xffffffff800cde1b <kfree+123>
0xffffffff800cde05 <kfree+101>: mov    0x10(%rax),= %rax
0xffffffff800cde09 <kfree+105>: mov    (%rax),%rdx=
0xffffffff800cde0c <kfree+108>: test   $0x20000,%edx 0xffffffff800cde12 <kfree+114>: je     0xffff= ffff800cde1b <kfree+123>
......

Normally %rbx should be the value of mem_map which is a fixed value in m= y system, the address of the mem_map is 0xffffffff80826650, and the value o= f mem_map is 0xffff880004802000.

But here, %rbx was changed to 0x0000000000000000, in my opinion, the pos= sible reason is below:

1. mem_map was changed with an unknown reason, led to %rbx is wrong= .
2. mem_map is right, but %rip is wrong, led to %rbx is wrong.
3. mem_map is right, and %rip is also right, but %rbx was changed afte= r later.

I changed the mem_map value to 0x0000000000000000, kernel is panic immed= iately, but it can=A1=AFt produce the vmcore, this problem has the vmcore(s= ad to say, vmcore was gone because of carelessness).

So we can exclude the reason one, the rest of the reason is two and thre= e, but i don=A1=AFt know how they can happen.

I don't do anything before the system panic, and i can=A1=AFt reproduce = this problem.


 

--_000_7EE47F9F3BEC294493BA3E433F16E08A242BFD4Aszxeml539mbxchi_-- -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org