Re: [BUG] soft lockup detected with ipcs

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Andrew Morton <akpm@linux-foundation.org>
To: Jiri Olsa <olsajiri@gmail.com>
Cc: Jiri Kosina <jkosina@suse.cz>,
	linux-kernel@vger.kernel.org,
	Nadia Derbey <Nadia.Derbey@bull.net>,
	peifferp@gmail.com
Subject: Re: [BUG] soft lockup detected with ipcs
Date: Sun, 2 Mar 2008 12:02:36 -0800	[thread overview]
Message-ID: <20080302120236.61e0ec74.akpm@linux-foundation.org> (raw)
In-Reply-To: <47CAE7D5.5040907@gmail.com>

On Sun, 02 Mar 2008 18:45:57 +0100 Jiri Olsa <olsajiri@gmail.com> wrote:

> Jiri Kosina wrote:
> > On Fri, 29 Feb 2008, Jiri Olsa wrote:
> > 
> >> when I run 'ipcs' my system freeze up immediatelly. I was able to get 
> >> kernel BUG message once, I think it is not printed out all the time it 
> >> freeze.
> >> I tried on 2.6.24, 2.6.20 and 2.6.18.
> >> I attached screenshot from 2.6.18 freeze and config.
> > 
> > Could you please turn all the lock debugging options in your .config on 
> > (most importantly CONFIG_PROVE_LOCKING, and all the other lock debugging 
> > options might come handy too) and try again, to see if we get any debug 
> > error messages? I'd guess that someone is holding mqueue_inode_info->lock 
> > for too long or there is some AB-BA deadlock on it, which lockdep and 
> > friends might be able to diagnose.
> > 
> 
> I got more logs via netconsole, first I ran ipcs it segfaulted next run
> the system freezed.
> I attached also the current config.

oh goody.

> [  144.699366] BUG: unable to handle kernel paging request at virtual address 6b6b6c2b
> [  144.699391] printing eip: c0137b44 *pde = 00000000 
> [  144.699412] Oops: 0002 [#1] 
> [  144.699424] Modules linked in: netconsole i915 drm configfs snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm ipw2200 snd_timer snd snd_page_alloc e1000
> [  144.699507] 
> [  144.699515] Pid: 5656, comm: ipcs Not tainted (2.6.24.3-dirty #17)
> [  144.699526] EIP: 0060:[<c0137b44>] EFLAGS: 00010002 CPU: 0
> [  144.699539] EIP is at __lock_acquire+0x319/0xc20
> [  144.699547] EAX: 00000002 EBX: 00000246 ECX: def4dbf4 EDX: 00000002
> [  144.699561] ESI: 6b6b6b6b EDI: 00000000 EBP: d8d37e7c ESP: d8d37e20
> [  144.699569]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
> [  144.699576] Process ipcs (pid: 5656, ti=d8d36000 task=df098230 task.ti=d8d36000)
> [  144.699583] Stack: d8d37e84 c0138404 00000000 d8d37e44 00000351 00000000 00000002 00000000 
> [  144.699642]        00000000 def4dbf4 00000000 df098230 00000001 df098230 00000000 dec11330 
> [  144.699703]        dec11320 d8d37e70 00000351 00000000 00000246 00000000 00000000 d8d37ea4 
> [  144.699767] Call Trace:
> [  144.699777]  [<c0105c7b>] show_trace_log_lvl+0x1a/0x2f
> [  144.699793]  [<c0105d2d>] show_stack_log_lvl+0x9d/0xa5
> [  144.699813]  [<c0105de2>] show_registers+0xad/0x17c
> [  144.699826]  [<c0105fa8>] die+0xf7/0x1c8
> [  144.699838]  [<c0115781>] do_page_fault+0x464/0x54b
> [  144.699866]  [<c037cc2a>] error_code+0x6a/0x70
> [  144.699886]  [<c01384c3>] lock_acquire+0x78/0x91
> [  144.699899]  [<c037c5f5>] _spin_lock+0x2e/0x58
> [  144.699911]  [<c01e2e8a>] sys_shmctl+0x6f8/0x776
> [  144.699930]  [<c0108b0f>] sys_ipc+0x19f/0x1b5
> [  144.699943]  [<c0104cfa>] sysenter_past_esp+0x5f/0xa5
> [  144.699955]  =======================
> [  144.699961] Code: 00 85 c0 0f 84 1d 09 00 00 83 3d 40 44 7b c0 00 0f 85 10 09 00 00 c7 44 24 0c c8 5d 38 c0 c7 44 24 08 26 03 00 00 e9 8b 07 00 00 <ff> 86 c0 00 00 00 8b 45 d0 8b 80 54 06 00 00 83 f8 1d 89 45 cc 

Looks like you got a use-after free when lockdep was playing with a
spinlock which is taken in sys_shmctl() or one of its inlined callees.

Does setting CONFIG_LOCKDEP=n prevent this from happening?

next prev parent reply	other threads:[~2008-03-02 20:03 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-29 10:46 Jiri Olsa
2008-02-29 10:57 ` Andrew Morton
2008-02-29 11:01   ` Jiri Olsa
2008-02-29 11:29     ` Andrew Morton
2008-02-29 11:35       ` Jiri Olsa
2008-02-29 11:43 ` Jiri Kosina
2008-03-02 17:45   ` Jiri Olsa
2008-03-02 20:02     ` Andrew Morton [this message]
2008-03-02 21:23       ` Jiri Kosina
2008-03-02 21:26         ` Jiri Kosina
2008-03-03 12:00           ` Jiri Olsa
2008-03-03 12:06             ` Jiri Kosina
2008-03-03 12:19               ` Jiri Olsa
2008-03-03 12:28                 ` Jiri Kosina
2008-03-03 12:38                   ` Jiri Olsa
2008-03-03 14:04                     ` Jiri Olsa
2008-03-03 14:45                       ` Jiri Kosina
2008-03-04  9:56                         ` Jiri Olsa
2008-03-04 12:57                           ` Jiri Olsa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080302120236.61e0ec74.akpm@linux-foundation.org \
    --to=akpm@linux-foundation.org \
    --cc=Nadia.Derbey@bull.net \
    --cc=jkosina@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=olsajiri@gmail.com \
    --cc=peifferp@gmail.com \
    --subject='Re: [BUG] soft lockup detected with ipcs' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).