From: Konstantin Khlebnikov <khlebnikov@openvz.org>
To: Martin Mokrejs <mmokrejs@fold.natur.cuni.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
"markus@trippelsdorf.de" <markus@trippelsdorf.de>,
"hughd@google.com" <hughd@google.com>,
"kamezawa.hiroyu@jp.fujitsu.com" <kamezawa.hiroyu@jp.fujitsu.com>,
Michal Hocko <mhocko@suse.cz>,
"linux-mm@kvack.org" <linux-mm@kvack.org>
Subject: Re: 3.4-rc7: BUG: Bad rss-counter state mm:ffff88040b56f800 idx:1 val:-59
Date: Wed, 30 May 2012 16:22:31 +0400 [thread overview]
Message-ID: <4FC61107.8050002@openvz.org> (raw)
In-Reply-To: <4FC60BBC.203@fold.natur.cuni.cz>
Martin Mokrejs wrote:
>
>
> Konstantin Khlebnikov wrote:
>> Martin Mokrejs wrote:
>>> Andrew Morton wrote:
>>>> On Wed, 30 May 2012 00:18:31 +0400
>>>> Konstantin Khlebnikov<khlebnikov@openvz.org> wrote:
>>>>
>>>>> Oleg Nesterov wrote:
>>>>>> On 05/22, Andrew Morton wrote:
>>>>>>>
>>>>>>> Also, I have a note here that Oleg was unhappy with the patch. Oleg
>>>>>>> happiness is important. Has he cheered up yet?
>>>>>>
>>>>>> Well, yes, I do not really like this patch ;) Because I think there is
>>>>>> a more simple/straightforward fix, see below. In my opinion it also
>>>>>> makes the original code simpler.
>>>>>>
>>>>>> But. Obviously this is subjective, I can't prove my patch is "better",
>>>>>> and I didn't try to test it.
>>>>>>
>>>>>> So I won't argue with Konstantin who dislikes my patch, although I
>>>>>> would like to know the reason.
>>>>>
>>>>> I don't remember why I dislike your patch.
>>>>> For now I can only say ACK )
>>>>
>>>> We'll need a changelogged signed-off patch, please Oleg. And some evidence
>>>> that it was tested would be nice ;)
>>>
>>> I will reboot in few hours, finally after few days ... I am running this first
>>> patch. I will try to test the second/alternative patch more quickly. Sorry for
>>> the delay.
>>>
>>
>> easiest way trigger this bug:
>>
>> #define _GNU_SOURCE
>> #include<unistd.h>
>> #include<sched.h>
>> #include<sys/syscall.h>
>> #include<sys/mman.h>
>>
>> static inline int sys_clone(unsigned long flags, void *stack, int *ptid, int *ctid)
>> {
>> return syscall(SYS_clone, flags, stack, ptid, ctid);
>> }
>>
>> int main(int argc, char **argv)
>> {
>> void *page;
>>
>> page = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
>> sys_clone(CLONE_VFORK | CLONE_VM | CLONE_CHILD_CLEARTID, NULL, NULL, page);
>> }
>>
>
> I am getting segfaults with this.
>
> (gdb) where
> #0 0x0000000000000000 in ?? ()
> #1 0x00007f430f70a7e0 in __elf_set___libc_subfreeres_element_free_mem__ () from /lib64/libc.so.6
> #2 0x00007f430f70a7e8 in __elf_set___libc_atexit_element__IO_cleanup__ () from /lib64/libc.so.6
> #3 0x0000000000000001 in ?? ()
> #4 0x0000000000000000 in ?? ()
> (gdb)
>
> What number should I give it as an argument? ;-)
there is no arguments.
yeah it corrupts stack. I'm too lazy to write it properly =)
but on non-patched kernel it also triggers this bug:
[206732.025131] BUG: Bad rss-counter state mm:ffff88000d8a6c80 idx:1 val:-1
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Konstantin Khlebnikov <khlebnikov@openvz.org>
To: Martin Mokrejs <mmokrejs@fold.natur.cuni.cz>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
"markus@trippelsdorf.de" <markus@trippelsdorf.de>,
"hughd@google.com" <hughd@google.com>,
"kamezawa.hiroyu@jp.fujitsu.com" <kamezawa.hiroyu@jp.fujitsu.com>,
Michal Hocko <mhocko@suse.cz>,
"linux-mm@kvack.org" <linux-mm@kvack.org>
Subject: Re: 3.4-rc7: BUG: Bad rss-counter state mm:ffff88040b56f800 idx:1 val:-59
Date: Wed, 30 May 2012 16:22:31 +0400 [thread overview]
Message-ID: <4FC61107.8050002@openvz.org> (raw)
In-Reply-To: <4FC60BBC.203@fold.natur.cuni.cz>
Martin Mokrejs wrote:
>
>
> Konstantin Khlebnikov wrote:
>> Martin Mokrejs wrote:
>>> Andrew Morton wrote:
>>>> On Wed, 30 May 2012 00:18:31 +0400
>>>> Konstantin Khlebnikov<khlebnikov@openvz.org> wrote:
>>>>
>>>>> Oleg Nesterov wrote:
>>>>>> On 05/22, Andrew Morton wrote:
>>>>>>>
>>>>>>> Also, I have a note here that Oleg was unhappy with the patch. Oleg
>>>>>>> happiness is important. Has he cheered up yet?
>>>>>>
>>>>>> Well, yes, I do not really like this patch ;) Because I think there is
>>>>>> a more simple/straightforward fix, see below. In my opinion it also
>>>>>> makes the original code simpler.
>>>>>>
>>>>>> But. Obviously this is subjective, I can't prove my patch is "better",
>>>>>> and I didn't try to test it.
>>>>>>
>>>>>> So I won't argue with Konstantin who dislikes my patch, although I
>>>>>> would like to know the reason.
>>>>>
>>>>> I don't remember why I dislike your patch.
>>>>> For now I can only say ACK )
>>>>
>>>> We'll need a changelogged signed-off patch, please Oleg. And some evidence
>>>> that it was tested would be nice ;)
>>>
>>> I will reboot in few hours, finally after few days ... I am running this first
>>> patch. I will try to test the second/alternative patch more quickly. Sorry for
>>> the delay.
>>>
>>
>> easiest way trigger this bug:
>>
>> #define _GNU_SOURCE
>> #include<unistd.h>
>> #include<sched.h>
>> #include<sys/syscall.h>
>> #include<sys/mman.h>
>>
>> static inline int sys_clone(unsigned long flags, void *stack, int *ptid, int *ctid)
>> {
>> return syscall(SYS_clone, flags, stack, ptid, ctid);
>> }
>>
>> int main(int argc, char **argv)
>> {
>> void *page;
>>
>> page = mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
>> sys_clone(CLONE_VFORK | CLONE_VM | CLONE_CHILD_CLEARTID, NULL, NULL, page);
>> }
>>
>
> I am getting segfaults with this.
>
> (gdb) where
> #0 0x0000000000000000 in ?? ()
> #1 0x00007f430f70a7e0 in __elf_set___libc_subfreeres_element_free_mem__ () from /lib64/libc.so.6
> #2 0x00007f430f70a7e8 in __elf_set___libc_atexit_element__IO_cleanup__ () from /lib64/libc.so.6
> #3 0x0000000000000001 in ?? ()
> #4 0x0000000000000000 in ?? ()
> (gdb)
>
> What number should I give it as an argument? ;-)
there is no arguments.
yeah it corrupts stack. I'm too lazy to write it properly =)
but on non-patched kernel it also triggers this bug:
[206732.025131] BUG: Bad rss-counter state mm:ffff88000d8a6c80 idx:1 val:-1
next prev parent reply other threads:[~2012-05-30 12:22 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-22 22:41 3.4-rc7: BUG: Bad rss-counter state mm:ffff88040b56f800 idx:1 val:-59 Martin Mokrejs
2012-05-22 23:28 ` Andrew Morton
2012-05-22 23:28 ` Andrew Morton
2012-05-22 23:29 ` Andrew Morton
2012-05-22 23:29 ` Andrew Morton
2012-05-23 17:21 ` Oleg Nesterov
2012-05-23 17:21 ` Oleg Nesterov
2012-05-29 20:18 ` Konstantin Khlebnikov
2012-05-29 20:18 ` Konstantin Khlebnikov
2012-05-29 20:26 ` Andrew Morton
2012-05-29 20:26 ` Andrew Morton
2012-05-29 21:59 ` Martin Mokrejs
2012-05-29 21:59 ` Martin Mokrejs
2012-05-30 11:39 ` Konstantin Khlebnikov
2012-05-30 11:39 ` Konstantin Khlebnikov
2012-05-30 11:59 ` Martin Mokrejs
2012-05-30 11:59 ` Martin Mokrejs
2012-05-30 12:22 ` Konstantin Khlebnikov [this message]
2012-05-30 12:22 ` Konstantin Khlebnikov
2012-05-30 12:54 ` Konstantin Khlebnikov
2012-05-30 12:54 ` Konstantin Khlebnikov
2012-05-30 14:20 ` Martin Mokrejs
2012-05-30 14:20 ` Martin Mokrejs
2012-05-30 17:11 ` Oleg Nesterov
2012-05-30 17:11 ` Oleg Nesterov
2012-06-07 7:59 ` Konstantin Khlebnikov
2012-06-07 7:59 ` Konstantin Khlebnikov
2012-06-07 8:23 ` richard -rw- weinberger
2012-06-07 8:23 ` richard -rw- weinberger
2012-06-07 13:18 ` Oleg Nesterov
2012-06-07 13:18 ` Oleg Nesterov
2012-06-07 13:53 ` Konstantin Khlebnikov
2012-06-07 13:53 ` Konstantin Khlebnikov
2012-05-30 9:54 ` Martin Mokrejs
2012-05-30 9:54 ` Martin Mokrejs
2012-05-23 6:07 ` Konstantin Khlebnikov
2012-05-23 6:07 ` Konstantin Khlebnikov
2012-05-30 8:25 ` Martin Mokrejs
2012-05-30 8:25 ` Martin Mokrejs
2012-05-23 17:04 ` Martin Mokrejs
2012-05-23 17:04 ` Martin Mokrejs
2012-05-24 10:36 ` Konstantin Khlebnikov
2012-05-24 10:36 ` Konstantin Khlebnikov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FC61107.8050002@openvz.org \
--to=khlebnikov@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=markus@trippelsdorf.de \
--cc=mhocko@suse.cz \
--cc=mmokrejs@fold.natur.cuni.cz \
--cc=oleg@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.