login
Login
/
Register
Search
Search this site:
Forums
News
Blogs
Features
Site
Home
»
Mailing list archives
»
linux-kernel
»
2008
»
May
»
13
Re: [PATCH] SLUB: clear c->freelist in __slab_alloc()/load_freelist:/SlabDebug path
view
thread
Previous message: [
thread
] [
date
] [
author
]
Next message: [
thread
] [
date
] [
author
]
[view in full thread]
From: Benny Halevy
Subject:
Re: [PATCH] SLUB: clear c->freelist in __slab_alloc()/load_freelist:/SlabDebug path
Date: Tuesday, May 13, 2008 - 12:34 pm
On May. 13, 2008, 11:40 -0700, "Pekka Enberg" <penberg@cs.helsinki.fi> wrote:
quoted text
> Hi Benny, > > On Mon, May 12, 2008 at 11:32 PM, Benny Halevy <bhalevy@panasas.com> wrote: >> In the __slab_alloc()/load_freelist:/SlabDebug(c->page) path we only >> use the object at the head of c->page->freelist >> and the tail goes back to c->page->freelist. >> We then set c->node = -1 to force __slab_alloc in next allocation. >> c->freelist therefore needs to be cleared as it is invalid at this point. > > But for debug pages, we never load c->page->freelist to c->freelist so > it should always be NULL.
Hmm, I see. Then it might have got corrupted... I'll keep looking for the root cause. Benny
quoted text
> >> Signed-off-by: Benny Halevy <bhalevy@panasas.com> >> --- >> mm/slub.c | 1 + >> 1 files changed, 1 insertions(+), 0 deletions(-) >> >> Hit while running cthon04 test from an IBM AIX client >> against my nfs41 tree. >> >> Stack trace excerpt: >> >> May 12 11:18:19 client kernel: general protection fault: 0000 [2] SMP >> May 12 11:18:19 client kernel: CPU 3 >> May 12 11:18:19 client kernel: Modules linked in: panfs(P) nfsd auth_rpcgss exportfs autofs4 hidp nfs lockd nfs_acl fuse rfcomm l2cap bluetooth sunrpc nf_conntrack_netbios_ns nf_conntrack_ipv4 ipt_REJECT iptable_filter ip_tables nf_conntrack_ipv6 xt_state nf_conntrack xt_tcpudp ip6t_ipv6header ip6t_REJECT ip6table_filter ip6_tables x_tables ipv6 dm_multipath video output sbs sbshc battery ac e1000e i5000_edac iTCO_wdt iTCO_vendor_support i2c_i801 edac_core button sr_mod pcspkr i2c_core sg cdrom floppy dm_snapshot dm_zero dm_mirror dm_mod ata_piix libata shpchp pci_hotplug mptsas mptscsih mptbase scsi_transport_sas sd_mod scsi_mod ext3 jbd mbcache ehci_hcd ohci_hcd uhci_hcd [last unloaded: microcode] >> May 12 11:18:19 client kernel: Pid: 2815, comm: nfsd Tainted: P D 2.6.25-nfs41 #2 >> May 12 11:18:19 client kernel: RIP: 0010:[<ffffffff8108c0c8>] [<ffffffff8108c0c8>] kmem_cache_alloc+0x3d/0x65 >> May 12 11:18:19 client kernel: RSP: 0018:ffff8104212c3de0 EFLAGS: 00010006 >> May 12 11:18:19 client kernel: RAX: 0000000000000000 RBX: 0000000000000246 RCX: ffffffff883546df >> May 12 11:18:19 client kernel: RDX: 3200100010100000 RSI: 00000000000080d0 RDI: ffffffff813eadb8 >> May 12 11:18:19 client kernel: RBP: ffff810001029e60 R08: 0000000000000000 R09: ffff8103f118d130 >> May 12 11:18:19 client kernel: R10: ffff81041b076018 R11: ffffffff8826c313 R12: 00000000000080d0 >> May 12 11:18:19 client kernel: R13: ffff8104211aa000 R14: ffff81041b076000 R15: ffff8104239c8000 >> May 12 11:18:19 client kernel: FS: 00007f08fb8626f0(0000) GS:ffff81042fc02e80(0000) knlGS:0000000000000000 >> May 12 11:18:19 client kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b >> May 12 11:18:19 client kernel: CR2: 00007fdaf41cf030 CR3: 0000000420827000 CR4: 00000000000006e0 >> May 12 11:18:19 client kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 >> May 12 11:18:19 client kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 >> May 12 11:18:19 client kernel: Process nfsd (pid: 2815, threadinfo ffff8104212c2000, task ffff81042381c940) >> May 12 11:18:19 client kernel: Stack: ffff8104211ab000 ffff8103f118d000 0000000022270000 ffffffff883546df >> May 12 11:18:19 client kernel: ffffffff88373cb8 0000000000000000 ffff8103f118d130 ffff8104239c8000 >> May 12 11:18:19 client kernel: ffffffff88373cb8 000000000000001c ffff81041b076018 ffff81041b076000 >> May 12 11:18:19 client kernel: Call Trace: >> May 12 11:18:19 client kernel: [<ffffffff883546df>] ? :nfsd:nfsd4_proc_compound+0xa9/0x3f6 >> May 12 11:18:19 client kernel: [<ffffffff88346245>] ? :nfsd:nfsd_dispatch+0xde/0x1b6 >> May 12 11:18:19 client kernel: [<ffffffff88268bb7>] ? :sunrpc:svc_process_common+0x2e8/0x5a9 >> May 12 11:18:19 client kernel: [<ffffffff8834667c>] ? :nfsd:nfsd+0x0/0x2b4 >> May 12 11:18:19 client kernel: [<ffffffff88269d16>] ? :sunrpc:svc_process+0x127/0x13d >> May 12 11:18:19 client kernel: [<ffffffff88346819>] ? :nfsd:nfsd+0x19d/0x2b4May 12 11:18:19 client kernel: [<ffffffff8100cac8>] ? child_rip+0xa/0x12 >> May 12 11:18:19 client kernel: [<ffffffff8834667c>] ? :nfsd:nfsd+0x0/0x2b4 >> May 12 11:18:19 client last message repeated 2 times >> May 12 11:18:19 client kernel: [<ffffffff8100cabe>] ? child_rip+0x0/0x12 >> May 12 11:18:19 client kernel: >> May 12 11:18:19 client kernel: >> May 12 11:18:19 client kernel: Code: 25 24 00 00 00 48 98 48 8b ac c7 d8 02 00 00 48 8b 55 00 48 85 d2 75 10 83 ca ff 49 89 e8 e8 7e f8 ff ff 48 89 c2 eb 0b 8b 45 14 <48> 8b 04 c2 48 89 45 00 53 9d 66 45 85 e4 79 10 48 85 d2 74 0b >> May 12 11:18:19 client kernel: RIP [<ffffffff8108c0c8>] kmem_cache_alloc+0x3d/0x65 >> May 12 11:18:19 client kernel: RSP <ffff8104212c3de0> >> May 12 11:18:19 client kernel: ---[ end trace 9b6f5806f68a2b8c ]--- >> >> $ grep SL.B .config >> CONFIG_SLUB_DEBUG=y >> # CONFIG_SLAB is not set >> CONFIG_SLUB=y >> # CONFIG_SLOB is not set >> CONFIG_SLABINFO=y >> # CONFIG_SLUB_DEBUG_ON is not set >> # CONFIG_SLUB_STATS is not set >> >> diff --git a/mm/slub.c b/mm/slub.c >> index a505a82..0d1d820 100644 >> --- a/mm/slub.c >> +++ b/mm/slub.c >> @@ -1606,6 +1606,7 @@ debug: >> if (!alloc_debug_processing(s, c->page, object, addr)) >> goto another_slab; >> >> + c->freelist = NULL; >> c->page->inuse++; >> c->page->freelist = object[c->offset]; >> c->node = -1; > > Looking at this, we're oopsing at: > > 0: 48 8b 04 c2 mov (%rdx,%rax,8),%rax > > where rdx is c->freelist and rax c->offset. The the value for > c->freelist ("3200100010100000") doesn't make much sense. Furthermore, > we never if this really were a bug in __slab_alloc() shouldn't we be > hitting it more often? > > How did you make SLUB hit the debug path since you have > CONFIG_SLUB_DEBUG_ON disabled? > > Pekka
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to
majordomo@vger.kernel.org
More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at
http://www.tux.org/lkml/
Previous message: [
thread
] [
date
] [
author
]
Next message: [
thread
] [
date
] [
author
]
Messages in current thread:
[PATCH] SLUB: clear c->freelist in __slab_alloc()/load_fre ...
, Benny Halevy
, (Mon May 12, 1:32 pm)
Re: [PATCH] SLUB: clear c->freelist in __slab_alloc()/load ...
, Pekka Enberg
, (Mon May 12, 11:14 pm)
Re: [PATCH] SLUB: clear c->freelist in __slab_alloc()/load ...
, Pekka Enberg
, (Tue May 13, 11:40 am)
Re: [PATCH] SLUB: clear c->freelist in __slab_alloc()/load ...
, Benny Halevy
, (Tue May 13, 12:34 pm)
Re: [PATCH] SLUB: clear c->freelist in __slab_alloc()/load ...
, Christoph Lameter
, (Wed May 14, 10:44 am)
Re: [PATCH] SLUB: clear c->freelist in __slab_alloc()/load ...
, Benny Halevy
, (Wed May 14, 10:54 am)
Re: [PATCH] SLUB: clear c->freelist in __slab_alloc()/load ...
, Christoph Lameter
, (Wed May 14, 10:58 am)
Navigation
Create content
Mailing list archives
Recent posts
Popular discussions
linux-kernel
:
David Howells
[PATCH] KEYS: Use the variable 'key' in keyctl_describe_key()
Greg Kroah-Hartman
[PATCH 17/36] sysdev: detect multiple driver registrations
Sam Ravnborg
Re: [PATCH] kbuild: fix make V=1
Nick Piggin
Re: [PATCH 0/24] make atomic_read() behave consistently across all architectures
Sergey Dolgov
ata_piix, laptop cdrom, ICH7: EH, limiting speed to PIO
git
:
Pat Thoyts
[PATCH] git-gui: use themed tk widgets with Tk 8.5
Stephen R. van den Berg
Re: [RFC] origin link for cherry-pick and revert
Johannes Schindelin
Re: [PATCH 2/2] git-svn: support fetch with autocrlf on
Junio C Hamano
Re: [PATCH 6/6] Teach core object handling functions about gitlinks
Michael S. Tsirkin
git-kill: rewrite history removing a commit
linux-netdev
:
Jan Engelhardt
[PATCH 1/3] net: tcp: make hybla selectable as default congestion module
Jarek Poplawski
Re: [PATCH] flush_work_sync vs. flush_scheduled_work Re: [PATCH] PHYLIB: IRQ event...
Lennert Buytenhek
Re: Distributed Switch Architecture(DSA)
Daniel Schaffrath
Re: tcp bw in 2.6
Matt Mackall
Re: [regression] nf_iterate(), BUG: unable to handle kernel NULL pointer dereference
git-commits-head
:
Linux Kernel Mailing List
ipv6: fix an oops when force unload ipv6 module
Linux Kernel Mailing List
tracing: protect reader of cmdline output
Linux Kernel Mailing List
kconfig: recalc symbol value before showing search results
Linux Kernel Mailing List
KVM: VMX: Clear CR4.VMXE in hardware_disable
Linux Kernel Mailing List
USB: set correct configuration in probe of ti_usb_3410_5052
openbsd-misc
:
Claudio Jeker
Re: Vlan Tag on Vlan Tag (l2tunneling)
Josh Grosse
ssh/sshd challenge-response seems to have stopped working in -current
Tomas Bodzar
bsd: uvm_mapent_alloc: out of static map entries
Community First Financial
Teacher A+ Loan
Pieter Verberne
File collision while using pkg_add
Colocation donated by:
Syndicate