Re: 2.2.0 proc stuck in __down (D state)

Peter Steiner (p.steiner@t-online.de)
Wed, 27 Jan 1999 20:10:41 +0100

>I did a 'make MAKE="make -j5" boot' (I have 1 cpu) while watching with
>vmstat and top. Much swapping and eventually the make failed (!) for some
>reason I can't discover (subsequent make dep clean boot worked, and I have
>yet to discover any missing files). Meanwhile the top froze in the D
>state; alt-sysrq-t sez:

Today I had two "Oops" with top and a third top froze in the "D" state
(WCHAN=down_failed). This happend while stress testing Linux 2.2.0
(compiling the kernel using 'make MAKE="make -j 10" zImage').

>-----------------------------------------------------------------------------

Unable to handle kernel paging request at virtual address 28242085
current->tss.cr3 = 00742000, Xr3 = 00742000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c013f5ba>]
EFLAGS: 00010246
>>EIP: c013f5ba <get_stat+22e/278>

eax: 28242029 ebx: c237c000 ecx: bab8add3 edx: 00000000
esi: 00000000 edi: 00000000 ebp: 49504d4f esp: c20c9e8c
ds: 0018 es: 0018 ss: 0018
Process top (pid: 2423, process nr: 177, stackpage=c20c9000)
Stack: 00000000 00000000 4c464628 28242029 28242029 46505043 4c46444c 00296363
4b4e494c 2400432e 58584328 d5ebee04 bab8add3 00000000 2d202953 28242029
00000000 00000000 5f544547 00000000 00000000 00000000 45282420 242c3a2c
Call Trace: [<c013fe4b>] [<c013ff45>] [<c01229d6>] [<c0123046>] [<c01088f4>]

c013fddc t get_process_array
c013fe64 t array_read
c0122990 T filp_open
c0122f88 T sys_read
c01088c0 T system_call

Code: 8b 40 5c 50 0f be 84 24 a0 00 00 00 50 8d 83 c2 01 00 00 50

0xc013f5b3 <get_stat+551>: movl 0x60(%ebx),%eax
0xc013f5b6 <get_stat+554>: pushl %eax
0xc013f5b7 <get_stat+555>: movl 0x74(%ebx),%eax ebx=0xC237C000
0xc013f5ba <get_stat+558>: movl 0x5c(%eax),%eax <-- eax=0x28242029

0xc013f5bd <get_stat+561>: pushl %eax
0xc013f5be <get_stat+562>: movsbl 0xa0(%esp,1),%eax
0xc013f5c6 <get_stat+570>: pushl %eax
0xc013f5c7 <get_stat+571>: leal 0x1c2(%ebx),%eax
0xc013f5cd <get_stat+577>: pushl %eax

fs/proc/array.c:

res = sprintf(buffer,"%d (%s) %c %d %d %d %d %d %lu %lu \
%lu %lu %lu %lu %lu %ld %ld %ld %ld %ld %ld %lu %lu %ld %lu %lu %lu %lu %lu \
%lu %lu %lu %lu %lu %lu %lu %lu %d\n",
pid,
tsk->comm,
state,
tsk->p_pptr->pid, /* <-- p_pptr=0x28242029 */
tsk->pgrp,
tsk->session,

>-----------------------------------------------------------------------------

Unable to handle kernel NULL pointer dereference at virtual address 00000008
current->tss.cr3 = 00375000, Xr3 = 00375000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c011ece3>]
EFLAGS: 00010086
>>EIP: c011ece3 <kmem_cache_free+37/170>

eax: c15f633c ebx: c009e6e0 ecx: 00000000 edx: c2139000
esi: c15f62c0 edi: 00000286 ebp: 00000000 esp: c0377ed0
ds: 0018 es: 0018 ss: 0018
Process top (pid: 359, process nr: 49, stackpage=c0377000)
Stack: c15f62c0 00000000 00000300 c15f633c 00000000 c01116c8 c009e6e0 c15f62c0
c15f62c0 c15f62c0 c15f62c0 00000000 c013ecc9 c15f62c0 c013f83f c15f62c0
000008e1 c2a32000 c01cbf98 000000ff 00000000 00000000 00000000 00000000
Call Trace: [<c01116c8>] [<c013ecc9>] [<c013f83f>] [<c013fe57>] [<c013ff45>]
[<c01229d6>] [<c0123046>] [<c01088f4>]

c0111698 T mmput
c013ecb0 t release_mm
c013f748 t get_statm
c013fddc t get_process_array
c013fe64 t array_read
c0122990 T filp_open
c0122f88 T sys_read
c01088c0 T system_call

Code: 8b 69 08 81 fd 2b 2f c3 a5 0f 85 e6 00 00 00 8b 69 0c 85 ed

0xc011ecb3 <kmem_cache_free+7>: movl 0x20(%esp,1),%ebx
0xc011ecb7 <kmem_cache_free+11>: movl 0x24(%esp,1),%esi
0xc011ecbb <kmem_cache_free+15>: testl %ebx,%ebx
0xc011ecbd <kmem_cache_free+17>: je 0xc011ee10 <kmem_cache_free+356>
0xc011ecc3 <kmem_cache_free+23>: testl %esi,%esi
0xc011ecc5 <kmem_cache_free+25>: je 0xc011ee10 <kmem_cache_free+356>

0xc011eccb <kmem_cache_free+31>: pushf
0xc011eccc <kmem_cache_free+32>: popl %edi
0xc011eccd <kmem_cache_free+33>: cli
0xc011ecce <kmem_cache_free+34>: testb $0x2,0x6(%ebx)
0xc011ecd2 <kmem_cache_free+38>: jne 0xc011ed94 <kmem_cache_free+232>

0xc011ecd8 <kmem_cache_free+44>: movl %esi,%eax esi=0xC15f62C0
0xc011ecda <kmem_cache_free+46>: addl 0x8(%ebx),%eax
0xc011ecdd <kmem_cache_free+49>: movl %eax,0x14(%esp,1)

0xc011ece1 <kmem_cache_free+53>: movl (%eax),%ecx eax=0xC15f633C
0xc011ece3 <kmem_cache_free+55>: movl 0x8(%ecx),%ebp <-- ecx=0
0xc011ece6 <kmem_cache_free+58>: cmpl SLAB_MAGIC_ALLOC,%ebp
0xc011ecec <kmem_cache_free+64>: jne 0xc011edd8 <kmem_cache_free+300>

./mm/slab.c:

static inline void
__kmem_cache_free(kmem_cache_t *cachep, const void *objp)
{
kmem_slab_t *slabp;
kmem_bufctl_t *bufp;
unsigned long save_flags;

/* Basic sanity checks. */
if (!cachep || !objp)
goto null_addr;

spin_lock_irqsave(&cachep->c_spinlock, save_flags);

if (SLAB_BUFCTL(cachep->c_flags))
goto bufctl;
bufp = (kmem_bufctl_t *)(objp+cachep->c_offset);

/* Get slab for the object. */
slabp = bufp->buf_slabp; /* slabp = NULL */

check_magic:
if (slabp->s_magic != SLAB_MAGIC_ALLOC) /* <-- */
goto bad_slab;

-- 
   _   x    ___
  / \_/_\_ /,--'  p.steiner@t-online.de (Peter Steiner)
  \/>'~~~~//
    \_____/   signature V0.2 alpha


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/