* 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops [not found] ` <1115392141.12197.3.camel@cobra> @ 2005-05-07 16:31 ` Antoine Martin 2005-05-07 15:57 ` Alexander Nyberg 2005-05-08 14:12 ` Andi Kleen 0 siblings, 2 replies; 19+ messages in thread From: Antoine Martin @ 2005-05-07 16:31 UTC (permalink / raw) To: linux-kernel I can crash a host repeatedly just by running a UML instance (and causing some load on that instance - like running gcc) I captured these messages from the serial console after it crashed: Host: Linux x86_64 2.6.11.8 (built with selinux but not enforcing) Guest: 2.6.12-rc3-uml The UML patch applied on top of rc3 is available here: http://213.228.237.37/uml/2.6.12-rc3/uml-x86_64-2.6.12-rc3.patch.bz2 It was built using the instructions from Jeff Dike at: http://user-mode-linux.sourceforge.net/patches.html The thread 'kernel-4' is the UML instance, running as a nobody user. This was reported to the UML ML and Jeff Dike who advised me to post it here too. Let me know if you need anything else / testing / etc. I am not subscribed to LKML, so please CC me on all emails. general protection fault: 0000 [1] CPU 0 Pid: 26926, comm: kernel-4 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8010ca47>] <ffffffff8010ca47>{__switch_to+311} RSP: 0018:ffff8100a7635d48 EFLAGS: 00010016 RAX: 0000c8e816000002 RBX: ffff8100b895f320 RCX: 00000000c0000102 RDX: 000000000000c8e8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff810090db3a00 R09: 0000000000006933 R10: 0000000000000000 R11: 0000000000000202 R12: ffff8100a827b890 R13: ffff8100b895f010 R14: ffff8100a827b580 R15: ffff8100a827b7f8 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000006880d010 CR3: 00000000a2321000 CR4: 00000000000006e0 Process kernel-4 (pid: 26926, threadinfo ffff810060884000, task ffff8100a827b580) Stack: ffff8100dc37e180 ffff8100b895f010 ffffffff806b6d50 ffff8100b895f010 000003595b049ed6 ffffffff804f4de4 ffff8100a7635de8 0000000000000086 0000007500000020 ffff8100b895f010 Call Trace:<ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit+0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: 0f 30 66 41 89 6c 24 2e 65 48 8b 04 25 20 00 00 00 49 89 44 RIP <ffffffff8010ca47>{__switch_to+311} RSP <ffff8100a7635d48> <0>general protection fault: 0000 [2] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8010ca47>] <ffffffff8010ca47>{__switch_to+311} RSP: 0018:ffff8100a7635d48 EFLAGS: 00010016 RAX: 0000c8e816000002 RBX: ffff8100b895f320 RCX: 00000000c0000102 RDX: 000000000000c8e8 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf909f0 R13: ffff8100b895f010 R14: ffff8100fbf906e0 R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 000000006880d010 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffff8100dc37e180 ffff8100b895f010 ffffffff806b6d50 ffff8100b895f010 00000359c1aeb8da ffffffff804f4de4 ffff8100a7635de8 0000000000000086 0000007500000020 ffff8100b895f010 Call Trace:<ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit+0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: 0f 30 66 41 89 6c 24 2e 65 48 8b 04 25 20 00 00 00 49 89 44 RIP <ffffffff8010ca47>{__switch_to+311} RSP <ffff8100a7635d48> <1>Unable to handle kernel NULL pointer dereference at 0000000000000278 RIP: <ffffffff804f4c99>{schedule+873} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [3] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff804f4c99>] <ffffffff804f4c99>{schedule+873} RSP: 0018:ffff8100a7635b68 EFLAGS: 00010007 RAX: 0000000002d3ca44 RBX: 0000000000000000 RCX: ffff810090db3a00 RDX: 000000003b9ac880 RSI: ffff8100b895f010 RDI: ffff8100fbf906e0 RBP: ffff8100a7635bc8 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff806b6d50 R13: ffff8100b895f010 R14: 0000035a27fb7d77 R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000278 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: 0000007300000000 ffff8100fbf906e0 0000000000000180 ffff8100b895f010 ffffffff806a6fc0 0000000000000000 ffff8100fbf906e0 ffff8100a7635be8 ffff8100fbf906e0 ffff8100fbf91440 Call Trace:<ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end +28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to +311} <ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit+0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: 0f ba b3 78 02 00 00 00 0f ba a9 78 02 00 00 00 48 8b 51 38 RIP <ffffffff804f4c99>{schedule+873} RSP <ffff8100a7635b68> CR2: 0000000000000278 <1>Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: <ffffffff8012e134>{dequeue_task+4} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [4] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8012e134>] <ffffffff8012e134>{dequeue_task+4} RSP: 0018:ffff8100a76358c8 EFLAGS: 00010006 RAX: 0000000000000020 RBX: ffff8100fbf906e0 RCX: ffff8100fbf90718 RDX: ffff8100fbf906e0 RSI: 0000000000000000 RDI: ffff8100fbf906e0 RBP: ffff8100a76358d8 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf906e0 R13: ffff8100fbf91440 R14: 0000035aa7f554c4 R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffffffff8012e3d4 ffff8100a7635968 ffff8100a7635948 ffffffff804f4ae2 0000000000000000 ffff8100fbf906e0 00000000069f6bc7 ffffffff801301bf 00000000ffffff01 0000000000000000 Call Trace:<ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8010e905>{error_exit+0} <ffffffff804f4c99>{schedule+873} <ffffffff804f4ae2>{schedule+434} <ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to+311} <ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit +0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: ff 0e 55 48 8b 47 38 48 8b 51 08 48 89 e5 48 89 02 48 89 50 RIP <ffffffff8012e134>{dequeue_task+4} RSP <ffff8100a76358c8> CR2: 0000000000000000 <1>Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: <ffffffff8012e134>{dequeue_task+4} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [5] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8012e134>] <ffffffff8012e134>{dequeue_task+4} RSP: 0018:ffff8100a7635628 EFLAGS: 00010002 RAX: 0000000000000020 RBX: ffff8100fbf906e0 RCX: ffff8100fbf90718 RDX: ffff8100fbf906e0 RSI: 0000000000000000 RDI: ffff8100fbf906e0 RBP: ffff8100a7635638 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf906e0 R13: ffff8100fbf91440 R14: 0000035b3fc7d274 R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffffffff8012e3d4 ffff8100a76356c8 ffff8100a76356a8 ffffffff804f4ae2 0000000000000000 ffff8100fbf906e0 00000000069f6bc7 ffffffff801301bf 00000000ffffff01 0000000000000000 Call Trace:<ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8010e905>{error_exit+0} <ffffffff804f4c99>{schedule+873} <ffffffff804f4ae2>{schedule+434} <ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to+311} <ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit +0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: ff 0e 55 48 8b 47 38 48 8b 51 08 48 89 e5 48 89 02 48 89 50 RIP <ffffffff8012e134>{dequeue_task+4} RSP <ffff8100a7635628> CR2: 0000000000000000 <1>Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: <ffffffff8012e134>{dequeue_task+4} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [6] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8012e134>] <ffffffff8012e134>{dequeue_task+4} RSP: 0018:ffff8100a7635388 EFLAGS: 00010006 RAX: 0000000000000020 RBX: ffff8100fbf906e0 RCX: ffff8100fbf90718 RDX: ffff8100fbf906e0 RSI: 0000000000000000 RDI: ffff8100fbf906e0 RBP: ffff8100a7635398 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf906e0 R13: ffff8100fbf91440 R14: 0000035bf2d22de7 R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffffffff8012e3d4 ffff8100a7635428 ffff8100a7635408 ffffffff804f4ae2 0000000000000000 ffff8100fbf906e0 00000000069f6bc7 ffffffff801301bf 00000000ffffff01 0000000000000000 Call Trace:<ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8010e905>{error_exit+0} <ffffffff804f4c99>{schedule+873} <ffffffff804f4ae2>{schedule+434} <ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to+311} <ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit +0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: ff 0e 55 48 8b 47 38 48 8b 51 08 48 89 e5 48 89 02 48 89 50 RIP <ffffffff8012e134>{dequeue_task+4} RSP <ffff8100a7635388> CR2: 0000000000000000 <1>Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: <ffffffff8012e134>{dequeue_task+4} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [7] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8012e134>] <ffffffff8012e134>{dequeue_task+4} RSP: 0018:ffff8100a76350e8 EFLAGS: 00010006 RAX: 0000000000000020 RBX: ffff8100fbf906e0 RCX: ffff8100fbf90718 RDX: ffff8100fbf906e0 RSI: 0000000000000000 RDI: ffff8100fbf906e0 RBP: ffff8100a76350f8 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf906e0 R13: ffff8100fbf91440 R14: 0000035cc114f6cf R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffffffff8012e3d4 ffff8100a7635188 ffff8100a7635168 ffffffff804f4ae2 0000000000000000 ffff8100fbf906e0 00000000069f6bc7 ffffffff801301bf 00000000ffffff01 0000000000000000 Call Trace:<ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8010e905>{error_exit+0} <ffffffff804f4c99>{schedule+873} <ffffffff804f4ae2>{schedule+434} <ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to+311} <ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit +0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: ff 0e 55 48 8b 47 38 48 8b 51 08 48 89 e5 48 89 02 48 89 50 RIP <ffffffff8012e134>{dequeue_task+4} RSP <ffff8100a76350e8> CR2: 0000000000000000 <1>Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: <ffffffff8012e134>{dequeue_task+4} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [8] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8012e134>] <ffffffff8012e134>{dequeue_task+4} RSP: 0018:ffff8100a7634e48 EFLAGS: 00010002 RAX: 0000000000000020 RBX: ffff8100fbf906e0 RCX: ffff8100fbf90718 RDX: ffff8100fbf906e0 RSI: 0000000000000000 RDI: ffff8100fbf906e0 RBP: ffff8100a7634e58 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf906e0 R13: ffff8100fbf91440 R14: 0000035daaa6e647 R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffffffff8012e3d4 ffff8100a7634ee8 ffff8100a7634ec8 ffffffff804f4ae2 0000000000000000 ffff8100fbf906e0 00000000069f6bc7 ffffffff801301bf 00000000ffffff01 0000000000000000 Call Trace:<ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8010e905>{error_exit+0} <ffffffff804f4c99>{schedule+873} <ffffffff804f4ae2>{schedule+434} <ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to+311} <ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit +0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: ff 0e 55 48 8b 47 38 48 8b 51 08 48 89 e5 48 89 02 48 89 50 RIP <ffffffff8012e134>{dequeue_task+4} RSP <ffff8100a7634e48> CR2: 0000000000000000 <1>Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: <ffffffff8012e134>{dequeue_task+4} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [9] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8012e134>] <ffffffff8012e134>{dequeue_task+4} RSP: 0018:ffff8100a7634ba8 EFLAGS: 00010002 RAX: 0000000000000020 RBX: ffff8100fbf906e0 RCX: ffff8100fbf90718 RDX: ffff8100fbf906e0 RSI: 0000000000000000 RDI: ffff8100fbf906e0 RBP: ffff8100a7634bb8 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf906e0 R13: ffff8100fbf91440 R14: 0000035eaf57d638 R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffffffff8012e3d4 ffff8100a7634c48 ffff8100a7634c28 ffffffff804f4ae2 0000000000000000 ffff8100fbf906e0 00000000069f6bc7 ffffffff801301bf 00000000ffffff01 0000000000000000 Call Trace:<ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8010e905>{error_exit+0} <ffffffff804f4c99>{schedule+873} <ffffffff804f4ae2>{schedule+434} <ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to+311} <ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit +0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: ff 0e 55 48 8b 47 38 48 8b 51 08 48 89 e5 48 89 02 48 89 50 RIP <ffffffff8012e134>{dequeue_task+4} RSP <ffff8100a7634ba8> CR2: 0000000000000000 <1>Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: <ffffffff8012e134>{dequeue_task+4} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [10] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8012e134>] <ffffffff8012e134>{dequeue_task+4} RSP: 0018:ffff8100a7634908 EFLAGS: 00010002 RAX: 0000000000000020 RBX: ffff8100fbf906e0 RCX: ffff8100fbf90718 RDX: ffff8100fbf906e0 RSI: 0000000000000000 RDI: ffff8100fbf906e0 RBP: ffff8100a7634918 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf906e0 R13: ffff8100fbf91440 R14: 0000035fcf41c4f5 R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffffffff8012e3d4 ffff8100a76349a8 ffff8100a7634988 ffffffff804f4ae2 0000000000000000 ffff8100fbf906e0 00000000069f6bc7 ffffffff801301bf 00000000ffffff01 0000000000000000 Call Trace:<ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8010e905>{error_exit+0} <ffffffff804f4c99>{schedule+873} <ffffffff804f4ae2>{schedule+434} <ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to+311} <ffffffff804f4de4>{thread_return+0} <ffffffff8013cb08>{ptrace_stop+280} <ffffffff8013cde6>{get_signal_to_deliver+358} <ffffffff8010d4e3>{do_signal+163} <ffffffff8010e905>{error_exit +0} <ffffffff8010de67>{sys_rt_sigreturn+535} <ffffffff8010dee9>{sys_rt_sigreturn+665} <ffffffff8010e2b6>{int_signal+18} Code: ff 0e 55 48 8b 47 38 48 8b 51 08 48 89 e5 48 89 02 48 89 50 RIP <ffffffff8012e134>{dequeue_task+4} RSP <ffff8100a7634908> CR2: 0000000000000000 <1>Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: <ffffffff8012e134>{dequeue_task+4} PGD c8175067 PUD 31aea067 PMD 0 Oops: 0002 [11] CPU 0 Pid: 3, comm: events/0 Not tainted 2.6.11.8 RIP: 0010:[<ffffffff8012e134>] <ffffffff8012e134>{dequeue_task+4} RSP: 0018:ffff8100a7634668 EFLAGS: 00010002 RAX: 0000000000000020 RBX: ffff8100fbf906e0 RCX: ffff8100fbf90718 RDX: ffff8100fbf906e0 RSI: 0000000000000000 RDI: ffff8100fbf906e0 RBP: ffff8100a7634678 R08: 0000000000000000 R09: 000000000000000d R10: 0000000000000000 R11: 0000000000000000 R12: ffff8100fbf906e0 R13: ffff8100fbf91440 R14: 000003610a89cc6d R15: ffff8100fbf90950 FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) knlGS:0000000000000d7e CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000000 CR3: 00000000a2321000 CR4: 00000000000006e0 Process events/0 (pid: 3, threadinfo ffff8100fbfaa000, task ffff8100fbf906e0) Stack: ffffffff8012e3d4 ffff8100a7634708 ffff8100a76346e8 ffffffff804f4ae2 0000000000000000 ffff8100fbf906e0 00000000069f6bc7 ffffffff801301bf 00000000ffffff01 0000000000000000 Call Trace:<ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8013218c>{__call_console_drivers+76} <ffffffff8032d55b>{scrup+123} <ffffffff8010e905>{error_exit+0} <ffffffff8012e134>{dequeue_task +4} <ffffffff8012e3d4>{deactivate_task+20} <ffffffff804f4ae2>{schedule+434} <ffffffff801301bf>{mm_release+47} <ffffffff801347a7>{do_exit +2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8011f4cf>{do_page_fault +1855} <ffffffff8010e905>{error_exit+0} <ffffffff804f4c99>{schedule+873} <ffffffff804f4ae2>{schedule+434} <ffffffff801347a7>{do_exit+2535} <ffffffff8010f5ac>{oops_end+28} <ffffffff8010f6e5>{die+69} <ffffffff801100fe>{do_general_protection+270} <ffffffff8010e905>{error_exit+0} <ffffffff8010ca47>{__switch_to+311} <ffffffff804f4de4>{thread_return+0} <ff ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-07 16:31 ` 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops Antoine Martin @ 2005-05-07 15:57 ` Alexander Nyberg 2005-05-07 18:03 ` Jeff Dike 2005-05-07 18:06 ` Antoine Martin 2005-05-08 14:12 ` Andi Kleen 1 sibling, 2 replies; 19+ messages in thread From: Alexander Nyberg @ 2005-05-07 15:57 UTC (permalink / raw) To: Antoine Martin; +Cc: linux-kernel > I can crash a host repeatedly just by running a UML instance > (and causing some load on that instance - like running gcc) > I captured these messages from the serial console after it crashed: > > Host: Linux x86_64 2.6.11.8 (built with selinux but not enforcing) > Guest: 2.6.12-rc3-uml > The UML patch applied on top of rc3 is available here: > http://213.228.237.37/uml/2.6.12-rc3/uml-x86_64-2.6.12-rc3.patch.bz2 > It was built using the instructions from Jeff Dike at: > http://user-mode-linux.sourceforge.net/patches.html > The thread 'kernel-4' is the UML instance, running as a nobody user. > This was reported to the UML ML and Jeff Dike who advised me to > post it here too. > Let me know if you need anything else / testing / etc. > I am not subscribed to LKML, so please CC me on all emails. I never get uml to compile around here, 2.6.12-rc3 + that patchkit from the link you sent blows up with defconfig any my minimal config. Please attach your guest .config and if you can you might aswell put your guest vmlinux somewhere where i can download it too. > general protection fault: 0000 [1] > CPU 0 > Pid: 26926, comm: kernel-4 Not tainted 2.6.11.8 > RIP: 0010:[<ffffffff8010ca47>] <ffffffff8010ca47>{__switch_to+311} > RSP: 0018:ffff8100a7635d48 EFLAGS: 00010016 > RAX: 0000c8e816000002 RBX: ffff8100b895f320 RCX: 00000000c0000102 > RDX: 000000000000c8e8 RSI: 0000000000000000 RDI: 0000000000000000 > RBP: 0000000000000000 R08: ffff810090db3a00 R09: 0000000000006933 > R10: 0000000000000000 R11: 0000000000000202 R12: ffff8100a827b890 > R13: ffff8100b895f010 R14: ffff8100a827b580 R15: ffff8100a827b7f8 > FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) > knlGS:0000000000000d7e > CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b > CR2: 000000006880d010 CR3: 00000000a2321000 CR4: 00000000000006e0 > Process kernel-4 (pid: 26926, threadinfo ffff810060884000, task > ffff8100a827b580) > Stack: ffff8100dc37e180 ffff8100b895f010 ffffffff806b6d50 > ffff8100b895f010 > 000003595b049ed6 ffffffff804f4de4 ffff8100a7635de8 > 0000000000000086 > 0000007500000020 ffff8100b895f010 > Call Trace:<ffffffff804f4de4>{thread_return+0} > <ffffffff8013cb08>{ptrace_stop+280} > <ffffffff8013cde6>{get_signal_to_deliver+358} > <ffffffff8010d4e3>{do_signal+163} > <ffffffff8010e905>{error_exit+0} > <ffffffff8010de67>{sys_rt_sigreturn+535} > <ffffffff8010dee9>{sys_rt_sigreturn+665} > <ffffffff8010e2b6>{int_signal+18} > ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-07 15:57 ` Alexander Nyberg @ 2005-05-07 18:03 ` Jeff Dike 2005-05-08 0:18 ` Al Viro 2005-05-07 18:06 ` Antoine Martin 1 sibling, 1 reply; 19+ messages in thread From: Jeff Dike @ 2005-05-07 18:03 UTC (permalink / raw) To: Alexander Nyberg; +Cc: Antoine Martin, linux-kernel On Sat, May 07, 2005 at 05:57:48PM +0200, Alexander Nyberg wrote: > I never get uml to compile around here, 2.6.12-rc3 + that patchkit from > the link you sent blows up with defconfig any my minimal config. Please > attach your guest .config and if you can you might aswell put your guest > vmlinux somewhere where i can download it too. Start with -rc3, and all the patches from http://user-mode-linux.sf.net/patches.html up to and including skas0. You'll see a note to x86_64 users on that patch. Jeff ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-07 18:03 ` Jeff Dike @ 2005-05-08 0:18 ` Al Viro 2005-05-08 6:10 ` Al Viro 2005-05-08 16:28 ` Jeff Dike 0 siblings, 2 replies; 19+ messages in thread From: Al Viro @ 2005-05-08 0:18 UTC (permalink / raw) To: Jeff Dike; +Cc: Alexander Nyberg, Antoine Martin, linux-kernel On Sat, May 07, 2005 at 02:03:56PM -0400, Jeff Dike wrote: > On Sat, May 07, 2005 at 05:57:48PM +0200, Alexander Nyberg wrote: > > I never get uml to compile around here, 2.6.12-rc3 + that patchkit from > > the link you sent blows up with defconfig any my minimal config. Please > > attach your guest .config and if you can you might aswell put your guest > > vmlinux somewhere where i can download it too. > > Start with -rc3, and all the patches from > http://user-mode-linux.sf.net/patches.html > up to and including skas0. You'll see a note to x86_64 users on that patch. Hrm... a) stub.S handling breaks on O= builds. Actually, your unprofile breaks there - it's bypassing the machinery that deals with include path. b) stub_segv.c on amd64 includes <signal.h>. Not a good idea... c) sysdep-x86_64/checksum.h in -rc4 has csum_partial_copy_from_user() that needs updating (AFAICS, you have that in your patchset, but it hadn't reached Linus) d) ip_compute_csum() prototype is missing (same file) e) #define UPT_SYSCALL_RET(r) UPT_RAX(r) is needed in amd64 ptrace.h f) take a good look at UPT_SET() in the same file ;-) g) CFLAGS_csum-partial.o := -Dcsum_partial=arch_csum_partial in sys-x86_64/Makefile needs to be removed. h) Makefile.rules should be included _after_ SYMLINKS = in the same file. i) sys-x86_64/delay.c needs exports of __udelay() and __const_udelay(), include of linux/module.h and barriers in your delay loop bodies (or games with volatile - anything that would guarantee that gcc won't decide to optimize the entire loop away). The last part applies to i386 as well. j) ip_compute_csum should be exported on amd64. k) sys-x86_64/syscalls.c needs include "kern.h" l) elf-i386.h should include <asm/user.h>, not "user.h" m) elf-x86_64.h lacks R_X86_64_... definitions n) WTF _is_ that #ifdef TIF_IA32 in there? Aside of the trailing \, we could as well put #error there - free-floating clear_thread_flag(TIF_IA32); outside of any function body will have that effect anyway. o) in drivers/chan_kern.c we have several printf(KERN_ERR "..."); these should become printk, as they clearly had been intended. As it is, they give instant panic if we ever call them. p) TOP_ADDR in Kconfig_x86_64 got lost in transmission - your patchset has it, but same patch in Linus' tree does not. I've got patches for everything except (a); that one is really nasty. I hope to sort it out by tonight; if not, I'll just send what I've got by now. ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 0:18 ` Al Viro @ 2005-05-08 6:10 ` Al Viro 2005-05-09 21:07 ` Al Viro 2005-05-08 16:28 ` Jeff Dike 1 sibling, 1 reply; 19+ messages in thread From: Al Viro @ 2005-05-08 6:10 UTC (permalink / raw) To: Jeff Dike; +Cc: Alexander Nyberg, Antoine Martin, linux-kernel On Sun, May 08, 2005 at 01:18:32AM +0100, Al Viro wrote: > a) stub.S handling breaks on O= builds. Actually, your unprofile > breaks there - it's bypassing the machinery that deals with include path. Solved. > p) TOP_ADDR in Kconfig_x86_64 got lost in transmission - your patchset > has it, but same patch in Linus' tree does not. q) skas/mmu.c is calling pte_alloc_map() without ->page_table_lock. Trivially fixed, needed if you want spinlock debugging to produce something useful. r) when built static, kernel dies ugly death with #0 0x00000000601e4178 in ptmalloc_init () at swab.h:134 #1 0x00000000601e4034 in malloc_hook_ini () at swab.h:134 #2 0x00000000601e1698 in malloc () at swab.h:134 #3 0x00000000602068ee in _dl_init_paths () at swab.h:134 #4 0x00000000601eba45 in _dl_non_dynamic_init () at swab.h:134 #5 0x00000000601ebc60 in __libc_init_first () at swab.h:134 #6 0x00000000601cfa4f in __libc_start_main () at swab.h:134 #7 0x000000006001202a in _start () at proc_fs.h:183 as stack trace. Buggered offsets in uml.lds, perhaps? Dynamically built it works; for i386 the same tree works both with both static and dynamic. It _might_ be libc difference, in theory (i386 libc is 2.3.2.ds1-18, amd64 - 2.3.2.ds1-21, both from sarge), but I wouldn't bet on it. Anyway, I'm going down right now; carving the fixes into sane patch series + experimenting with static/amd64 breakage will have to wait until the morning... ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 6:10 ` Al Viro @ 2005-05-09 21:07 ` Al Viro 2005-05-10 2:26 ` Al Viro 0 siblings, 1 reply; 19+ messages in thread From: Al Viro @ 2005-05-09 21:07 UTC (permalink / raw) To: Jeff Dike; +Cc: Alexander Nyberg, Antoine Martin, linux-kernel On Sun, May 08, 2005 at 07:10:44AM +0100, Al Viro wrote: > r) when built static, kernel dies ugly death with > #0 0x00000000601e4178 in ptmalloc_init () at swab.h:134 > #1 0x00000000601e4034 in malloc_hook_ini () at swab.h:134 > #2 0x00000000601e1698 in malloc () at swab.h:134 > #3 0x00000000602068ee in _dl_init_paths () at swab.h:134 > #4 0x00000000601eba45 in _dl_non_dynamic_init () at swab.h:134 > #5 0x00000000601ebc60 in __libc_init_first () at swab.h:134 > #6 0x00000000601cfa4f in __libc_start_main () at swab.h:134 > #7 0x000000006001202a in _start () at proc_fs.h:183 > as stack trace. Buggered offsets in uml.lds, perhaps? Apparently solved by adding .tdata and .tbss to uml.lds.S. That change does not give any visible regression on i386. s) i386 TT-only won't compile, due to mispaced include in sysdep/ptrace.h (under ifdef for skas). Trivial fix apparently gets it to work correctly. Which is surprising - when running that sucker on amd64 we get zero from *host_size_out = ROUND_4M((unsigned long) &arg); Of course, the real size rounded up to 4M is 4Gb there - 32bit tasks do not have to share the lower 4Gb of address space with the kernel. Looks like we survive, though - it boots and apparently works both on i386 and (as 32bit process) on amd64. t) amd64 TT-only builds just fine, but gets buggered due to mismatch between CONFIG_TOP_ADDR and start address - we get *both* set to 0x60000000, which is obviously b0rken and doesn't match the old code, while we are at it. We want TOP_ADDR at 0x80000000 to match start address. u) amd64 TT is _still_ buggered due to unmap_fin.o attempts at magic. errno sits in TLS for amd64, so unmap_fin.o gets very interesting stuff leaking from libc and messing the link. IMO that should be dealt with by brute force; namely, unmap-$(SUBARCH).S instead of trying to play games with pulling stuff from libc.a. For fsck sake, we are just making 3 syscalls there and switcheroo() is as low-level as it gets... Will post once that's done... ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-09 21:07 ` Al Viro @ 2005-05-10 2:26 ` Al Viro 2005-05-10 3:50 ` Jeff Dike 0 siblings, 1 reply; 19+ messages in thread From: Al Viro @ 2005-05-10 2:26 UTC (permalink / raw) To: Jeff Dike; +Cc: Alexander Nyberg, Antoine Martin, linux-kernel On Mon, May 09, 2005 at 10:07:53PM +0100, Al Viro wrote: > u) amd64 TT is _still_ buggered due to unmap_fin.o attempts at > magic. errno sits in TLS for amd64, so unmap_fin.o gets very interesting > stuff leaking from libc and messing the link. IMO that should be dealt > with by brute force; namely, unmap-$(SUBARCH).S instead of trying to > play games with pulling stuff from libc.a. For fsck sake, we are just > making 3 syscalls there and switcheroo() is as low-level as it gets... > Will post once that's done... OK, actually - C with use of _syscall(); still, per-architecture due to different calling conventions (mmap() has enough arguments to trigger irregularities). That deals with errno / __libc_errno getting screwed, but there's more... v) phys_mappings rbtree gets screwed in fixrange_init() - no surprise, seeing what it does in for ( ; (i < PTRS_PER_PGD) && (vaddr < end); pgd++, i++) { pmd = (pmd_t *)pgd; for (; (j < PTRS_PER_PMD) && (vaddr != end); pmd++, j++) { Note that here PTR_PER_PGD and PTRS_PER_PMD are both 512. Fun... Liberal stealing from arch/i386/mm/init.c deals with that one, AFAICS. Now we have the following: uml/i386 - all variants work uml/amd64 TT-only - panics in execve() on /sbin/init (hey, a progress) uml/amd64 other variants - work Now to figure out WTF is happening in that execve()... ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-10 2:26 ` Al Viro @ 2005-05-10 3:50 ` Jeff Dike 2005-05-10 10:02 ` Al Viro 0 siblings, 1 reply; 19+ messages in thread From: Jeff Dike @ 2005-05-10 3:50 UTC (permalink / raw) To: Al Viro; +Cc: Alexander Nyberg, Antoine Martin, linux-kernel On Tue, May 10, 2005 at 03:26:31AM +0100, Al Viro wrote: > Now we have > the following: > uml/i386 - all variants work > uml/amd64 TT-only - panics in execve() on /sbin/init (hey, a progress) > uml/amd64 other variants - work Nice, send patches when you get a chance? Jeff ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-10 3:50 ` Jeff Dike @ 2005-05-10 10:02 ` Al Viro 0 siblings, 0 replies; 19+ messages in thread From: Al Viro @ 2005-05-10 10:02 UTC (permalink / raw) To: Jeff Dike; +Cc: Alexander Nyberg, Antoine Martin, linux-kernel On Mon, May 09, 2005 at 11:50:52PM -0400, Jeff Dike wrote: > On Tue, May 10, 2005 at 03:26:31AM +0100, Al Viro wrote: > > Now we have > > the following: > > uml/i386 - all variants work > > uml/amd64 TT-only - panics in execve() on /sbin/init (hey, a progress) > > uml/amd64 other variants - work > > Nice, send patches when you get a chance? ftp.linux.org.uk/pub/people/viro/UM*-RC12-rc4. The first one is your skas0 rediffed to -rc4, the rest - fixes (matching the bug list upthread; the last two are actually older than the rest, missed them in the original list of bugs; one is obvious missing include, another is dereferencing userland pointer instead of dealing with copied value + missing chunk in amd64/tt sc_copy_...). ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 0:18 ` Al Viro 2005-05-08 6:10 ` Al Viro @ 2005-05-08 16:28 ` Jeff Dike 1 sibling, 0 replies; 19+ messages in thread From: Jeff Dike @ 2005-05-08 16:28 UTC (permalink / raw) To: Al Viro; +Cc: Alexander Nyberg, Antoine Martin, linux-kernel On Sun, May 08, 2005 at 01:18:32AM +0100, Al Viro wrote: > Hrm... I had a lot of these fixed already. These will be mostly in the fixlets patch. > a) stub.S handling breaks on O= builds. Actually, your unprofile > breaks there - it's bypassing the machinery that deals with include path. This? $(patsubst -pg,,$(patsubst -fprofile-arcs -ftest-coverage,,$(1))) I don't see any connection to include paths there. > b) stub_segv.c on amd64 includes <signal.h>. Not a good idea... x86_64 doesn't, but i386 does. Fixed now. > c) sysdep-x86_64/checksum.h in -rc4 has csum_partial_copy_from_user() > that needs updating (AFAICS, you have that in your patchset, but it hadn't > reached Linus) Fixed. > d) ip_compute_csum() prototype is missing (same file) > j) ip_compute_csum should be exported on amd64. OK, I need to look at this a bit more. > e) #define UPT_SYSCALL_RET(r) UPT_RAX(r) is needed in amd64 ptrace.h Fixed. > f) take a good look at UPT_SET() in the same file ;-) Sigh. Fixed now. > g) CFLAGS_csum-partial.o := -Dcsum_partial=arch_csum_partial in > sys-x86_64/Makefile needs to be removed. Fixed. > h) Makefile.rules should be included _after_ SYMLINKS = in the same > file. Fixed. > i) sys-x86_64/delay.c needs exports of __udelay() and __const_udelay(), > include of linux/module.h and barriers in your delay loop bodies (or games > with volatile - anything that would guarantee that gcc won't decide to optimize > the entire loop away). The last part applies to i386 as well. Looks to me like it all applies to i386 too, except that __delay looks unoptimizable. It also looks to me like I could implement __udelay as n=... ; __delay(n); And also never mind the fact that __udelay and __const_udelay are identical. > k) sys-x86_64/syscalls.c needs include "kern.h" Fixed now. > l) elf-i386.h should include <asm/user.h>, not "user.h" Fixed now. > m) elf-x86_64.h lacks R_X86_64_... definitions Fixed now. > n) WTF _is_ that #ifdef TIF_IA32 in there? Aside of the trailing \, > we could as well put #error there - free-floating clear_thread_flag(TIF_IA32);> outside of any function body will have that effect anyway. The trailing \ aside, which is fixed, that's a reminder for me when I add the 32-bit compatibility code. > o) in drivers/chan_kern.c we have several printf(KERN_ERR "..."); > these should become printk, as they clearly had been intended. As it is, > they give instant panic if we ever call them. Oops. This requires a bit of thought. Offhand, I think they need to be printf, because that early in boot, printk'd stuff may not reach the screen if UML exits then. > p) TOP_ADDR in Kconfig_x86_64 got lost in transmission - your patchset > has it, but same patch in Linus' tree does not. Fixed > > I've got patches for everything except (a); that one is really nasty. I hope > to sort it out by tonight; if not, I'll just send what I've got by now. OK, send me what you have, and if we've fixed the same thing differently, I choose one or the other. Jeff ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-07 15:57 ` Alexander Nyberg 2005-05-07 18:03 ` Jeff Dike @ 2005-05-07 18:06 ` Antoine Martin 1 sibling, 0 replies; 19+ messages in thread From: Antoine Martin @ 2005-05-07 18:06 UTC (permalink / raw) To: Alexander Nyberg; +Cc: linux-kernel > I never get uml to compile around here, 2.6.12-rc3 + that patchkit from > the link you sent blows up with defconfig any my minimal config. Please > attach your guest .config and if you can you might aswell put your guest > vmlinux somewhere where i can download it too. ok, here it is: http://213.228.237.37/uml/2.6.12-rc3/ kernel and config. Note: you will need a pure 64bit root fs, ie: gentoo 2005 works fine. ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-07 16:31 ` 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops Antoine Martin 2005-05-07 15:57 ` Alexander Nyberg @ 2005-05-08 14:12 ` Andi Kleen 2005-05-08 16:35 ` Antoine Martin 2005-05-08 16:38 ` Jeff Dike 1 sibling, 2 replies; 19+ messages in thread From: Andi Kleen @ 2005-05-08 14:12 UTC (permalink / raw) To: Antoine Martin; +Cc: linux-kernel, jdike Antoine Martin <antoine@nagafix.co.uk> writes: > > general protection fault: 0000 [1] > CPU 0 > Pid: 26926, comm: kernel-4 Not tainted 2.6.11.8 > RIP: 0010:[<ffffffff8010ca47>] <ffffffff8010ca47>{__switch_to+311} > RSP: 0018:ffff8100a7635d48 EFLAGS: 00010016 > RAX: 0000c8e816000002 RBX: ffff8100b895f320 RCX: 00000000c0000102 > RDX: 000000000000c8e8 RSI: 0000000000000000 RDI: 0000000000000000 > RBP: 0000000000000000 R08: ffff810090db3a00 R09: 0000000000006933 > R10: 0000000000000000 R11: 0000000000000202 R12: ffff8100a827b890 > R13: ffff8100b895f010 R14: ffff8100a827b580 R15: ffff8100a827b7f8 > FS: 000000006025212c(0000) GS:ffffffff80785a00(0000) > knlGS:0000000000000d7e > CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b > CR2: 000000006880d010 CR3: 00000000a2321000 CR4: 00000000000006e0 > Process kernel-4 (pid: 26926, threadinfo ffff810060884000, task > ffff8100a827b580) > Stack: ffff8100dc37e180 ffff8100b895f010 ffffffff806b6d50 > ffff8100b895f010 > 000003595b049ed6 ffffffff804f4de4 ffff8100a7635de8 > 0000000000000086 > 0000007500000020 ffff8100b895f010 > Call Trace:<ffffffff804f4de4>{thread_return+0} > <ffffffff8013cb08>{ptrace_stop+280} > <ffffffff8013cde6>{get_signal_to_deliver+358} > <ffffffff8010d4e3>{do_signal+163} > <ffffffff8010e905>{error_exit+0} > <ffffffff8010de67>{sys_rt_sigreturn+535} > <ffffffff8010dee9>{sys_rt_sigreturn+665} > <ffffffff8010e2b6>{int_signal+18} > > > Code: 0f 30 66 41 89 6c 24 2e 65 48 8b 04 25 20 00 00 00 49 89 44 That is a wrmsr to 0x00000000c0000102 (KERNEL_GS_BASE), the code is trying to write 0x0000c8e816000002 into it. That is a non canonical address, which causes the GPF. The strange thing is that the kernel should have rejected it in the first place. The code to allow user space to set kernel gs checks for the address being > TASK_SIZE and TASK_SIZE is 0x800000000000. It should have rejected it in the first place. Are you sure you did not apply any strange UML related patches to the host kernel? Maybe those are buggy. -Andi ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 14:12 ` Andi Kleen @ 2005-05-08 16:35 ` Antoine Martin 2005-05-08 15:15 ` Andi Kleen 2005-05-08 16:45 ` Jeff Dike 2005-05-08 16:38 ` Jeff Dike 1 sibling, 2 replies; 19+ messages in thread From: Antoine Martin @ 2005-05-08 16:35 UTC (permalink / raw) To: Andi Kleen; +Cc: linux-kernel, jdike > (..) > That is a wrmsr to 0x00000000c0000102 (KERNEL_GS_BASE), the code > is trying to write 0x0000c8e816000002 into it. That is a non canonical > address, which causes the GPF. > > The strange thing is that the kernel should have rejected it in > the first place. The code to allow user space to set kernel gs > checks for the address being > TASK_SIZE and TASK_SIZE is 0x800000000000. > It should have rejected it in the first place. > > Are you sure you did not apply any strange UML related patches > to the host kernel? Maybe those are buggy. The only extra patch applied on top of what is on the web page (as per Jeff's instructions) is the mconsole-exec patch, and AFAIK it wouldn't affect the code above. Alexander Nyberg is also experiencing crashes, aren't you? Just un-compressing portage (20MB .tar.bz2) on the root_fs image posted earlier caused a different kind of mis-behaviour, the guest lost network connectivity, cpu usage shot up on the host (load > 10 now), and I found this in the host log: kernel: segfault at 00000000df2948d0 rip 00000000601e5beb rsp00000000df2948d0 error 4 (same kernel as earlier crashes...) That's on a different box, running a different host kernel (FC3 2.6.9-?) The really weird thing is that the processes are still running, but ps -ef shows an empty string in place of the process name: (and the terminal which launched the instance got control back) I am now rebuilding a new kernel on another test box, let me know what to do to provide better debug information. # ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 13:27 ? 00:00:00 init [3] root 2 1 0 13:27 ? 00:00:00 [ksoftirqd/0] root 3 1 0 13:27 ? 00:00:00 [events/0] root 4 3 0 13:27 ? 00:00:00 [khelper] root 5 3 0 13:27 ? 00:00:00 [kacpid] root 27 3 0 13:27 ? 00:00:00 [kblockd/0] root 28 1 0 13:27 ? 00:00:00 [khubd] root 40 3 0 13:27 ? 00:00:00 [pdflush] root 41 3 0 13:27 ? 00:00:00 [pdflush] root 43 3 0 13:27 ? 00:00:00 [aio/0] root 42 1 0 13:27 ? 00:00:00 [kswapd0] root 115 1 0 13:27 ? 00:00:00 [kseriod] root 183 3 0 13:27 ? 00:00:00 [ata/0] root 185 1 0 13:27 ? 00:00:00 [scsi_eh_0] root 186 1 0 13:27 ? 00:00:00 [scsi_eh_1] root 202 1 0 13:27 ? 00:00:00 [kjournald] root 1025 1 0 13:27 ? 00:00:00 udevd root 1261 1 0 13:27 ? 00:00:00 [khpsbpkt] root 1290 1 0 13:27 ? 00:00:00 [knodemgrd_0] root 1453 1 0 13:27 ? 00:00:00 [kjournald] root 1454 1 0 13:27 ? 00:00:00 [kjournald] root 1693 1 0 13:28 ? 00:00:00 syslogd -m 0 root 1697 1 0 13:28 ? 00:00:00 klogd -x nobody 1737 1 0 13:28 ? 00:00:00 mDNSResponder root 1755 1 0 13:28 ? 00:00:00 /usr/sbin/acpid root 1770 1 0 13:28 ? 00:00:00 /usr/sbin/sshd root 1779 1 0 13:28 ? 00:00:00 gpm -m /dev/input/mice -t imps2 root 1809 1 0 13:28 ? 00:00:00 crond dbus 1833 1 0 13:28 ? 00:00:00 dbus-daemon-1 --system root 1842 1 0 13:28 ? 00:00:00 hald root 1849 1 0 13:28 ? 00:00:00 login -- root root 1850 1 0 13:28 tty2 00:00:00 /sbin/mingetty tty2 root 1851 1 0 13:28 tty3 00:00:00 /sbin/mingetty tty3 root 1852 1 0 13:28 tty4 00:00:00 /sbin/mingetty tty4 root 1853 1 0 13:28 tty5 00:00:00 /sbin/mingetty tty5 root 1854 1 0 13:28 tty6 00:00:00 /sbin/mingetty tty6 root 2270 1849 0 13:31 tty1 00:00:00 -bash root 2312 1770 0 13:31 ? 00:00:00 sshd: root@pts/0 root 2314 2312 0 13:32 pts/0 00:00:00 -bash root 2363 2314 19 13:36 pts/0 00:30:19 ./setiathome root 4346 1770 0 15:03 ? 00:00:00 sshd: root@pts/1 root 4350 4346 0 15:03 pts/1 00:00:00 -bash root 5291 4350 0 15:14 pts/1 00:00:00 tail -f /var/log/messages /var/log/secure root 6179 1 0 15:16 pts/0 00:00:35 root 7231 1 0 15:16 pts/0 00:00:35 root 7252 1 0 15:16 pts/0 00:00:35 root 7345 1 0 15:17 ? 00:00:00 /usr/sbin/dhcpd root 7352 1 0 15:17 pts/0 00:00:34 root 7485 1 0 15:17 pts/0 00:00:34 root 7509 1 0 15:17 pts/0 00:00:34 root 7520 1770 0 15:18 ? 00:00:00 sshd: root@pts/2 root 7522 7520 0 15:18 pts/2 00:00:00 -bash root 7561 7522 0 15:18 pts/2 00:00:00 ssh -v root@10.0.0.250 root 7563 1 1 15:18 pts/0 00:00:35 root 7571 1 1 15:18 pts/0 00:00:35 root 10302 1770 0 15:57 ? 00:00:00 sshd: root@pts/3 root 10304 10302 0 15:57 pts/3 00:00:00 -bash root 10422 1 8 16:08 pts/0 00:00:38 root 10424 1 9 16:08 pts/0 00:00:42 root 10445 2314 0 16:16 pts/0 00:00:00 ps -ef ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 16:35 ` Antoine Martin @ 2005-05-08 15:15 ` Andi Kleen 2005-05-08 16:42 ` Jeff Dike 2005-05-08 17:38 ` Antoine Martin 2005-05-08 16:45 ` Jeff Dike 1 sibling, 2 replies; 19+ messages in thread From: Andi Kleen @ 2005-05-08 15:15 UTC (permalink / raw) To: Antoine Martin; +Cc: linux-kernel, jdike Antoine Martin <antoine@nagafix.co.uk> writes: >> (..) >> That is a wrmsr to 0x00000000c0000102 (KERNEL_GS_BASE), the code >> is trying to write 0x0000c8e816000002 into it. That is a non canonical >> address, which causes the GPF. >> >> The strange thing is that the kernel should have rejected it in >> the first place. The code to allow user space to set kernel gs >> checks for the address being > TASK_SIZE and TASK_SIZE is 0x800000000000. >> It should have rejected it in the first place. >> >> Are you sure you did not apply any strange UML related patches >> to the host kernel? Maybe those are buggy. > The only extra patch applied on top of what is on the web page (as per > Jeff's instructions) is the mconsole-exec patch, and AFAIK it wouldn't > affect the code above. > > Alexander Nyberg is also experiencing crashes, aren't you? Ok, the bug is found now. It is a kernel bug that it allows to set non canonical addresses in 64bit segment registers through ptrace. But even if I fixed that then it will not help you run UML, because UML needs to set correct addresses of course, not illegal ones. I will submit a patch later for the crash problem. -Andi ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 15:15 ` Andi Kleen @ 2005-05-08 16:42 ` Jeff Dike 2005-05-08 17:38 ` Antoine Martin 1 sibling, 0 replies; 19+ messages in thread From: Jeff Dike @ 2005-05-08 16:42 UTC (permalink / raw) To: Andi Kleen; +Cc: Antoine Martin, linux-kernel On Sun, May 08, 2005 at 05:15:36PM +0200, Andi Kleen wrote: > Antoine Martin <antoine@nagafix.co.uk> writes: > Ok, the bug is found now. It is a kernel bug that it allows to set > non canonical addresses in 64bit segment registers through ptrace. > > But even if I fixed that then it will not help you run UML, because > UML needs to set correct addresses of course, not illegal ones. True, but if the host stays up, and maybe printks something (or even returns -EIO), that would help track down the UML problem. Jeff ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 15:15 ` Andi Kleen 2005-05-08 16:42 ` Jeff Dike @ 2005-05-08 17:38 ` Antoine Martin 1 sibling, 0 replies; 19+ messages in thread From: Antoine Martin @ 2005-05-08 17:38 UTC (permalink / raw) To: Andi Kleen; +Cc: linux-kernel, jdike > Ok, the bug is found now. It is a kernel bug that it allows to set > non canonical addresses in 64bit segment registers through ptrace. Is this going to be part of 2.6.11.9 or just 2.6.12? I've got a good test environment now if you need testers. Antoine ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 16:35 ` Antoine Martin 2005-05-08 15:15 ` Andi Kleen @ 2005-05-08 16:45 ` Jeff Dike 2005-05-08 19:51 ` Antoine Martin 1 sibling, 1 reply; 19+ messages in thread From: Jeff Dike @ 2005-05-08 16:45 UTC (permalink / raw) To: Antoine Martin; +Cc: Andi Kleen, linux-kernel On Sun, May 08, 2005 at 05:35:02PM +0100, Antoine Martin wrote: > The only extra patch applied on top of what is on the web page (as per > Jeff's instructions) is the mconsole-exec patch, and AFAIK it wouldn't > affect the code above. mconsole-exec, if it's the patch I'm thinking of, is a patch to the UML kernel, not to the host. > The really weird thing is that the processes are still running, but ps > -ef shows an empty string in place of the process name: > (and the terminal which launched the instance got control back) > I am now rebuilding a new kernel on another test box, let me know what > to do to provide better debug information. It's not unusual for UML processes to have strange names (including empty ones) on the host. Jeff ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 16:45 ` Jeff Dike @ 2005-05-08 19:51 ` Antoine Martin 0 siblings, 0 replies; 19+ messages in thread From: Antoine Martin @ 2005-05-08 19:51 UTC (permalink / raw) To: Jeff Dike; +Cc: Andi Kleen, linux-kernel On Sun, 2005-05-08 at 12:45 -0400, Jeff Dike wrote: > On Sun, May 08, 2005 at 05:35:02PM +0100, Antoine Martin wrote: > > The only extra patch applied on top of what is on the web page (as per > > Jeff's instructions) is the mconsole-exec patch, and AFAIK it wouldn't > > affect the code above. > > mconsole-exec, if it's the patch I'm thinking of, is a patch to the UML > kernel, not to the host. Yep, that's the one, I thought the question was about the guest. The host is running 2.6.11.8 - no extra patches at all. > > The really weird thing is that the processes are still running, but ps > > -ef shows an empty string in place of the process name: > > (and the terminal which launched the instance got control back) > > I am now rebuilding a new kernel on another test box, let me know what > > to do to provide better debug information. > > It's not unusual for UML processes to have strange names (including empty > ones) on the host. Strange thing is, they had names up to the point where I got the segfault. Antoine ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops 2005-05-08 14:12 ` Andi Kleen 2005-05-08 16:35 ` Antoine Martin @ 2005-05-08 16:38 ` Jeff Dike 1 sibling, 0 replies; 19+ messages in thread From: Jeff Dike @ 2005-05-08 16:38 UTC (permalink / raw) To: Andi Kleen; +Cc: Antoine Martin, linux-kernel > Are you sure you did not apply any strange UML related patches > to the host kernel? Maybe those are buggy. No, stock x86_64 kernel is horribly unstable running UML. I haven't seen anything but output-free hangs, so I haven't had much information to contribute. Antoine is actually getting capturable oopses. I've tried every recent FC3 kernel, plus stock 2.6.10, and none of them survive very long with UML running. Haven't tried stock 2.6.11 or anything later yet. Jeff ^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2005-05-10 10:02 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20050504191828.620C812EE7@sc8-sf-spam2.sourceforge.net>
[not found] ` <1115248927.12088.52.camel@cobra>
[not found] ` <1115392141.12197.3.camel@cobra>
2005-05-07 16:31 ` 2.6.11.8 + UML/x86_64 (2.6.12-rc3+) = oops Antoine Martin
2005-05-07 15:57 ` Alexander Nyberg
2005-05-07 18:03 ` Jeff Dike
2005-05-08 0:18 ` Al Viro
2005-05-08 6:10 ` Al Viro
2005-05-09 21:07 ` Al Viro
2005-05-10 2:26 ` Al Viro
2005-05-10 3:50 ` Jeff Dike
2005-05-10 10:02 ` Al Viro
2005-05-08 16:28 ` Jeff Dike
2005-05-07 18:06 ` Antoine Martin
2005-05-08 14:12 ` Andi Kleen
2005-05-08 16:35 ` Antoine Martin
2005-05-08 15:15 ` Andi Kleen
2005-05-08 16:42 ` Jeff Dike
2005-05-08 17:38 ` Antoine Martin
2005-05-08 16:45 ` Jeff Dike
2005-05-08 19:51 ` Antoine Martin
2005-05-08 16:38 ` Jeff Dike
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox