[Crash-utility] kmem -[sS] segfault on 2.6.25.17
Mike Snitzer
snitzer at gmail.com
Thu Oct 16 19:21:20 UTC 2008
On Thu, Oct 16, 2008 at 2:22 PM, Dave Anderson <anderson at redhat.com> wrote:
>
> ----- "Mike Snitzer" <snitzer at gmail.com> wrote:
>
>> On Thu, Oct 16, 2008 at 1:16 PM, Dave Anderson <anderson at redhat.com>
>> wrote:
>> >
>> > ----- "Dave Anderson" <anderson at redhat.com> wrote:
>> >> Ok, then I can't see off-hand why it would segfault. Prior to
>> this
>> >> routine running, si->cpudata[0...i] all get allocated buffers
>> equal
>> >> to the size that's being BZERO'd.
>> >>
>> >> Is si->cpudata[i] NULL or something?
>>
>> (gdb) p si->cpudata
>> $1 = {0xa56400, 0xa56800, 0xa56c00, 0xa57000, 0x0 <repeats 252
>> times>}
>> (gdb) p si->cpudata[0]
>> $4 = (ulong *) 0xa56400
>
> OK, so if "i" is 0 at the time, then I don't understand how the
> BZERO/memset can segfault while zero'ing out memory starting at
> address 0xa56400?
>
> BZERO(si->cpudata[i], sizeof(ulong) * vt->kmem_max_limit);
>
> Even if it over-ran the 0x400 bytes that's been allocated to
> si->cpuinfo[0], it would still harmlessly run into the buffer
> that was allocated for si->cpuinfo[1]. What's the bad address
> it's faulting on?
Frame 0 of crash's core shows:
(gdb) bt
#0 0x0000003b708773e0 in memset () from /lib64/libc.so.6
I'm not sure how to get the faulting address though? Is it just
0x0000003b708773e0?
> And for sanity's sake, what is the crash utility's vm_table.kmem_max_limit
> equal to, and what architecture are you running on?
Architecture is x86_64.
kmem_max_limit=128, sizeof(ulong)=8; so the memset() should in fact be
zero'ing all 1024 (0x400) bytes that were allocated.
>> > Also, can you confirm that you are always using the exact vmlinux
>> > that is associated with each vmcore/live-system? I mean you're
>> > not using a System.map command line argument, right?
>>
>> Yes, I'm using the exact vmlinux. Not using any arguments for live
>> crash; I am for the vmcore runs but that seems needed given crash's
>> [mapfile] [namelist] [dumpfile] argument parsing.
>>
>> I use a redhat-style kernel rpm build process (with a more advanced
>> kernel .spec file); so I have debuginfo packages to match all my
>> kernels.
>
> OK cool -- so you know what you're doing. ;-)
So the thing is; now when I run live crash on the 2.6.25.17 devel
kernel I no longer git a segfault!? It still isn't happy but its at
least not segfaulting.. very odd.
I've not rebooted the system at all either... now when I run 'kmem -s'
in live crash I see:
CACHE NAME OBJSIZE ALLOCATED TOTAL SLABS SSIZE
...
kmem: nfs_direct_cache: full list: slab: ffff810073503000 bad inuse counter: 5
kmem: nfs_direct_cache: full list: slab: ffff810073503000 bad inuse counter: 5
kmem: nfs_direct_cache: partial list: bad slab pointer: 88
kmem: nfs_direct_cache: full list: bad slab pointer: 98
kmem: nfs_direct_cache: free list: bad slab pointer: a8
kmem: nfs_direct_cache: partial list: bad slab pointer: 9f911029d74e35b
kmem: nfs_direct_cache: full list: bad slab pointer: 6b6b6b6b6b6b6b6b
kmem: nfs_direct_cache: free list: bad slab pointer: 6b6b6b6b6b6b6b6b
kmem: nfs_direct_cache: partial list: bad slab pointer: 100000001
kmem: nfs_direct_cache: full list: bad slab pointer: 100000011
kmem: nfs_direct_cache: free list: bad slab pointer: 100000021
ffff810073501600 nfs_direct_cache 192 2 40 2 4k
...
kmem: nfs_write_data: partial list: bad slab pointer: 65676e61725f32
kmem: nfs_write_data: full list: bad slab pointer: 65676e61725f42
kmem: nfs_write_data: free list: bad slab pointer: 65676e61725f52
kmem: nfs_write_data: partial list: bad slab pointer: 74736f705f73666e
kmem: nfs_write_data: full list: bad slab pointer: 74736f705f73667e
kmem: nfs_write_data: free list: bad slab pointer: 74736f705f73668e
ffff81007350a5c0 nfs_write_data 760 36 40 8 4k
...
etc.
But if I run crash against the vmcore I do get the segfault...
> BTW, if need be, would you be able to make the vmlinux/vmcore pair
> available for download somewhere? (You can contact me off-list with
> the particulars...)
I can work to make that happen if needed...
Mike
More information about the Crash-utility
mailing list