From: Richard Weinberger <richard@nod.at>
To: Michal Hocko <mhocko@suse.cz>
Cc: LKML <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
cgroups mailinglist <cgroups@vger.kernel.org>,
"kamezawa.hiroyu@jp.fujitsu.com" <kamezawa.hiroyu@jp.fujitsu.com>,
bsingharora@gmail.com, hannes@cmpxchg.org
Subject: Re: mem_cgroup_page_lruvec: BUG: unable to handle kernel NULL pointer dereference at 00000000000001a8
Date: Thu, 13 Jun 2013 14:06:20 +0200 [thread overview]
Message-ID: <51B9B5BC.4090702@nod.at> (raw)
In-Reply-To: <20130613120248.GB23070@dhcp22.suse.cz>
Am 13.06.2013 14:02, schrieb Michal Hocko:
> On Thu 13-06-13 13:48:27, richard -rw- weinberger wrote:
>> Hi!
>>
>> While playing with user namespaces my kernel crashed under heavy load.
>> Kernel is 3.9.0 plus some trivial patches.
>
> Could you post disassembly for mem_cgroup_page_lruvec?
Sure!
00000000000035e0 <mem_cgroup_page_lruvec>:
35e0: 55 push %rbp
35e1: 48 8d 86 c8 03 00 00 lea 0x3c8(%rsi),%rax
35e8: 48 89 e5 mov %rsp,%rbp
35eb: 48 83 ec 10 sub $0x10,%rsp
35ef: 48 89 5d f0 mov %rbx,-0x10(%rbp)
35f3: 48 89 f3 mov %rsi,%rbx
35f6: 8b 35 00 00 00 00 mov 0x0(%rip),%esi # 35fc <mem_cgroup_page_lruvec+0x1c>
35fc: 4c 89 65 f8 mov %r12,-0x8(%rbp)
3600: 85 f6 test %esi,%esi
3602: 75 55 jne 3659 <mem_cgroup_page_lruvec+0x79>
3604: 49 89 fc mov %rdi,%r12
3607: e8 00 00 00 00 callq 360c <mem_cgroup_page_lruvec+0x2c>
360c: 49 8b 14 24 mov (%r12),%rdx
3610: 48 8b 48 08 mov 0x8(%rax),%rcx
3614: 83 e2 20 and $0x20,%edx
3617: 75 1f jne 3638 <mem_cgroup_page_lruvec+0x58>
3619: 48 8b 10 mov (%rax),%rdx
361c: 83 e2 02 and $0x2,%edx
361f: 75 17 jne 3638 <mem_cgroup_page_lruvec+0x58>
3621: 48 8b 15 00 00 00 00 mov 0x0(%rip),%rdx # 3628 <mem_cgroup_page_lruvec+0x48>
3628: 48 39 d1 cmp %rdx,%rcx
362b: 74 0b je 3638 <mem_cgroup_page_lruvec+0x58>
362d: 48 89 50 08 mov %rdx,0x8(%rax)
3631: 48 89 d1 mov %rdx,%rcx
3634: 0f 1f 40 00 nopl 0x0(%rax)
3638: 49 8b 04 24 mov (%r12),%rax
363c: 48 89 c2 mov %rax,%rdx
363f: 48 c1 e8 38 shr $0x38,%rax
3643: 83 e0 03 and $0x3,%eax
3646: 48 c1 ea 3a shr $0x3a,%rdx
364a: 48 69 c0 38 01 00 00 imul $0x138,%rax,%rax
3651: 48 03 84 d1 e0 02 00 add 0x2e0(%rcx,%rdx,8),%rax
3658: 00
3659: 48 3b 58 70 cmp 0x70(%rax),%rbx
365d: 75 0a jne 3669 <mem_cgroup_page_lruvec+0x89>
365f: 48 8b 5d f0 mov -0x10(%rbp),%rbx
3663: 4c 8b 65 f8 mov -0x8(%rbp),%r12
3667: c9 leaveq
3668: c3 retq
3669: 48 89 58 70 mov %rbx,0x70(%rax)
366d: eb f0 jmp 365f <mem_cgroup_page_lruvec+0x7f>
366f: 90 nop
FWIW the ./scripts/decodecode output:
All code
========
0: 89 50 08 mov %edx,0x8(%rax)
3: 48 89 d1 mov %rdx,%rcx
6: 0f 1f 40 00 nopl 0x0(%rax)
a: 49 8b 04 24 mov (%r12),%rax
e: 48 89 c2 mov %rax,%rdx
11: 48 c1 e8 38 shr $0x38,%rax
15: 83 e0 03 and $0x3,%eax
18: 48 c1 ea 3a shr $0x3a,%rdx
1c: 48 69 c0 38 01 00 00 imul $0x138,%rax,%rax
23: 48 03 84 d1 e0 02 00 add 0x2e0(%rcx,%rdx,8),%rax
2a: 00
2b:* 48 3b 58 70 cmp 0x70(%rax),%rbx <-- trapping instruction
2f: 75 0a jne 0x3b
31: 48 8b 5d f0 mov -0x10(%rbp),%rbx
35: 4c 8b 65 f8 mov -0x8(%rbp),%r12
39: c9 leaveq
3a: c3 retq
3b: 48 89 58 70 mov %rbx,0x70(%rax)
3f: eb .byte 0xeb
Code starting with the faulting instruction
===========================================
0: 48 3b 58 70 cmp 0x70(%rax),%rbx
4: 75 0a jne 0x10
6: 48 8b 5d f0 mov -0x10(%rbp),%rbx
a: 4c 8b 65 f8 mov -0x8(%rbp),%r12
e: c9 leaveq
f: c3 retq
10: 48 89 58 70 mov %rbx,0x70(%rax)
14: eb .byte 0xeb
Thanks,
//richard
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Richard Weinberger <richard@nod.at>
To: Michal Hocko <mhocko@suse.cz>
Cc: LKML <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
cgroups mailinglist <cgroups@vger.kernel.org>,
"kamezawa.hiroyu@jp.fujitsu.com" <kamezawa.hiroyu@jp.fujitsu.com>,
bsingharora@gmail.com, hannes@cmpxchg.org
Subject: Re: mem_cgroup_page_lruvec: BUG: unable to handle kernel NULL pointer dereference at 00000000000001a8
Date: Thu, 13 Jun 2013 14:06:20 +0200 [thread overview]
Message-ID: <51B9B5BC.4090702@nod.at> (raw)
In-Reply-To: <20130613120248.GB23070@dhcp22.suse.cz>
Am 13.06.2013 14:02, schrieb Michal Hocko:
> On Thu 13-06-13 13:48:27, richard -rw- weinberger wrote:
>> Hi!
>>
>> While playing with user namespaces my kernel crashed under heavy load.
>> Kernel is 3.9.0 plus some trivial patches.
>
> Could you post disassembly for mem_cgroup_page_lruvec?
Sure!
00000000000035e0 <mem_cgroup_page_lruvec>:
35e0: 55 push %rbp
35e1: 48 8d 86 c8 03 00 00 lea 0x3c8(%rsi),%rax
35e8: 48 89 e5 mov %rsp,%rbp
35eb: 48 83 ec 10 sub $0x10,%rsp
35ef: 48 89 5d f0 mov %rbx,-0x10(%rbp)
35f3: 48 89 f3 mov %rsi,%rbx
35f6: 8b 35 00 00 00 00 mov 0x0(%rip),%esi # 35fc <mem_cgroup_page_lruvec+0x1c>
35fc: 4c 89 65 f8 mov %r12,-0x8(%rbp)
3600: 85 f6 test %esi,%esi
3602: 75 55 jne 3659 <mem_cgroup_page_lruvec+0x79>
3604: 49 89 fc mov %rdi,%r12
3607: e8 00 00 00 00 callq 360c <mem_cgroup_page_lruvec+0x2c>
360c: 49 8b 14 24 mov (%r12),%rdx
3610: 48 8b 48 08 mov 0x8(%rax),%rcx
3614: 83 e2 20 and $0x20,%edx
3617: 75 1f jne 3638 <mem_cgroup_page_lruvec+0x58>
3619: 48 8b 10 mov (%rax),%rdx
361c: 83 e2 02 and $0x2,%edx
361f: 75 17 jne 3638 <mem_cgroup_page_lruvec+0x58>
3621: 48 8b 15 00 00 00 00 mov 0x0(%rip),%rdx # 3628 <mem_cgroup_page_lruvec+0x48>
3628: 48 39 d1 cmp %rdx,%rcx
362b: 74 0b je 3638 <mem_cgroup_page_lruvec+0x58>
362d: 48 89 50 08 mov %rdx,0x8(%rax)
3631: 48 89 d1 mov %rdx,%rcx
3634: 0f 1f 40 00 nopl 0x0(%rax)
3638: 49 8b 04 24 mov (%r12),%rax
363c: 48 89 c2 mov %rax,%rdx
363f: 48 c1 e8 38 shr $0x38,%rax
3643: 83 e0 03 and $0x3,%eax
3646: 48 c1 ea 3a shr $0x3a,%rdx
364a: 48 69 c0 38 01 00 00 imul $0x138,%rax,%rax
3651: 48 03 84 d1 e0 02 00 add 0x2e0(%rcx,%rdx,8),%rax
3658: 00
3659: 48 3b 58 70 cmp 0x70(%rax),%rbx
365d: 75 0a jne 3669 <mem_cgroup_page_lruvec+0x89>
365f: 48 8b 5d f0 mov -0x10(%rbp),%rbx
3663: 4c 8b 65 f8 mov -0x8(%rbp),%r12
3667: c9 leaveq
3668: c3 retq
3669: 48 89 58 70 mov %rbx,0x70(%rax)
366d: eb f0 jmp 365f <mem_cgroup_page_lruvec+0x7f>
366f: 90 nop
FWIW the ./scripts/decodecode output:
All code
========
0: 89 50 08 mov %edx,0x8(%rax)
3: 48 89 d1 mov %rdx,%rcx
6: 0f 1f 40 00 nopl 0x0(%rax)
a: 49 8b 04 24 mov (%r12),%rax
e: 48 89 c2 mov %rax,%rdx
11: 48 c1 e8 38 shr $0x38,%rax
15: 83 e0 03 and $0x3,%eax
18: 48 c1 ea 3a shr $0x3a,%rdx
1c: 48 69 c0 38 01 00 00 imul $0x138,%rax,%rax
23: 48 03 84 d1 e0 02 00 add 0x2e0(%rcx,%rdx,8),%rax
2a: 00
2b:* 48 3b 58 70 cmp 0x70(%rax),%rbx <-- trapping instruction
2f: 75 0a jne 0x3b
31: 48 8b 5d f0 mov -0x10(%rbp),%rbx
35: 4c 8b 65 f8 mov -0x8(%rbp),%r12
39: c9 leaveq
3a: c3 retq
3b: 48 89 58 70 mov %rbx,0x70(%rax)
3f: eb .byte 0xeb
Code starting with the faulting instruction
===========================================
0: 48 3b 58 70 cmp 0x70(%rax),%rbx
4: 75 0a jne 0x10
6: 48 8b 5d f0 mov -0x10(%rbp),%rbx
a: 4c 8b 65 f8 mov -0x8(%rbp),%r12
e: c9 leaveq
f: c3 retq
10: 48 89 58 70 mov %rbx,0x70(%rax)
14: eb .byte 0xeb
Thanks,
//richard
next prev parent reply other threads:[~2013-06-13 12:06 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 11:48 mem_cgroup_page_lruvec: BUG: unable to handle kernel NULL pointer dereference at 00000000000001a8 richard -rw- weinberger
2013-06-13 11:48 ` richard -rw- weinberger
[not found] ` <CAFLxGvzKes7mGknTJgqFamr_-ODPBArf6BajF+m5x-S4AEtdmQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2013-06-13 12:02 ` Michal Hocko
2013-06-13 12:02 ` Michal Hocko
2013-06-13 12:02 ` Michal Hocko
2013-06-13 12:06 ` Richard Weinberger [this message]
2013-06-13 12:06 ` Richard Weinberger
2013-06-13 13:29 ` Michal Hocko
2013-06-13 13:29 ` Michal Hocko
2013-06-13 13:32 ` Michal Hocko
2013-06-13 13:32 ` Michal Hocko
2013-06-13 13:34 ` Richard Weinberger
2013-06-13 14:39 ` Michal Hocko
2013-06-13 14:39 ` Michal Hocko
2013-06-13 14:45 ` Richard Weinberger
2013-06-13 14:45 ` Richard Weinberger
2013-06-13 14:57 ` Richard Weinberger
2013-06-13 14:57 ` Richard Weinberger
2013-06-13 15:19 ` Michal Hocko
2013-06-13 15:19 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51B9B5BC.4090702@nod.at \
--to=richard@nod.at \
--cc=bsingharora@gmail.com \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.