From: Toralf F. <tor...@gm...> - 2013-10-02 18:30:52
|
Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) yields into this konsole message : * Starting local net.core.warnings = 0 [ ok ] BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. 2 subsequent made back traces made with $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt shows nearly a similar position around __get_user_pages() - both are attached. I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is expected or if it points to an issue. FWIW the last lines of trinity log were : [2031] [94] setsid() = 2031 [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) [2031] [103] sigpending(set=0x40025000) = 0 [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) [2031] [110] munlock(addr=0x40025000, len=34) = 0 [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) [2031] [117] inotify_init() = 654 [2031] [118] getgid() = 100 [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) [2031] [121] timerfd_create(clockid=0, flags=0) = 655 [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) [2031] [127] ssetmask(newmask=0x88000092) = 0 [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) [2031] [130] fchdir(fd=397) = -1 (Not a directory) [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Toralf F. <tor...@gm...> - 2013-10-02 18:31:35
|
(resend - now with attached files) Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) yields into this konsole message : * Starting local net.core.warnings = 0 [ ok ] BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. 2 subsequent made back traces made with $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt shows nearly a similar position around __get_user_pages() - both are attached. I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is expected or if it points to an issue. FWIW the last lines of trinity log were : [2031] [94] setsid() = 2031 [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) [2031] [103] sigpending(set=0x40025000) = 0 [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) [2031] [110] munlock(addr=0x40025000, len=34) = 0 [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) [2031] [117] inotify_init() = 654 [2031] [118] getgid() = 100 [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) [2031] [121] timerfd_create(clockid=0, flags=0) = 655 [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) [2031] [127] ssetmask(newmask=0x88000092) = 0 [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) [2031] [130] fchdir(fd=397) = -1 (Not a directory) [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Richard W. <ric...@gm...> - 2013-10-02 19:56:03
|
On Wed, Oct 2, 2013 at 8:30 PM, Toralf Förster <tor...@gm...> wrote: > Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time > within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) > yields into this konsole message : > > * Starting local > net.core.warnings = 0 [ ok ] > BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] > > > and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. > 2 subsequent made back traces made with > > $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt > > shows nearly a similar position around __get_user_pages() - both are attached. > > I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is > expected or if it points to an issue. > > > FWIW the last lines of trinity log were : > > > [2031] [94] setsid() = 2031 > [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) > [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 > [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) > [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) > [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) > [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) > [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 > [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) > [2031] [103] sigpending(set=0x40025000) = 0 > [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) > [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) > [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) > [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) > [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 > [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) > [2031] [110] munlock(addr=0x40025000, len=34) = 0 > [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) > [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) > [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) > [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) > [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) > [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) > [2031] [117] inotify_init() = 654 > [2031] [118] getgid() = 100 > [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) > [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) > [2031] [121] timerfd_create(clockid=0, flags=0) = 655 > [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) > [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) > [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) > [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) > [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) > [2031] [127] ssetmask(newmask=0x88000092) = 0 > [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) > [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) > [2031] [130] fchdir(fd=397) = -1 (Not a directory) > [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) > [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) > [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. Reading your gdb backtraces show that schedule_timeout() got called with a negative value. Looks like an integer overflow. The soft-lockup might also origin from that (very big integer which did not overflow jet) -- Thanks, //richard |
From: Toralf F. <tor...@gm...> - 2013-10-03 18:54:43
|
On 10/02/2013 09:55 PM, Richard Weinberger wrote: > On Wed, Oct 2, 2013 at 8:30 PM, Toralf Förster <tor...@gm...> wrote: >> Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time >> within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) >> yields into this konsole message : >> >> * Starting local >> net.core.warnings = 0 [ ok ] >> BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] >> >> >> and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. >> 2 subsequent made back traces made with >> >> $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt >> >> shows nearly a similar position around __get_user_pages() - both are attached. >> >> I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is >> expected or if it points to an issue. >> >> >> FWIW the last lines of trinity log were : >> >> >> [2031] [94] setsid() = 2031 >> [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) >> [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 >> [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) >> [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) >> [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) >> [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) >> [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 >> [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) >> [2031] [103] sigpending(set=0x40025000) = 0 >> [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) >> [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) >> [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) >> [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) >> [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 >> [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) >> [2031] [110] munlock(addr=0x40025000, len=34) = 0 >> [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) >> [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) >> [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) >> [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) >> [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) >> [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) >> [2031] [117] inotify_init() = 654 >> [2031] [118] getgid() = 100 >> [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) >> [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) >> [2031] [121] timerfd_create(clockid=0, flags=0) = 655 >> [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) >> [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) >> [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) >> [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) >> [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) >> [2031] [127] ssetmask(newmask=0x88000092) = 0 >> [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) >> [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) >> [2031] [130] fchdir(fd=397) = -1 (Not a directory) >> [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) >> [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) >> [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. > > Reading your gdb backtraces show that schedule_timeout() got called > with a negative value. > Looks like an integer overflow. > The soft-lockup might also origin from that (very big integer which > did not overflow jet) > If the culprit is solved by this patch I'd like to send it out. But I'm unsure whether it catches the culprit or if it just covers the root cause. ommit 7b367d5478dfcba1635e8cde3c663515fee129ec Author: Toralf Förster <tor...@gm...> Date: Thu Oct 3 20:46:38 2013 +0200 mm/page-writeback.c: avoid integer overflow in balance_dirty_pages() avoid crash of a 32 bit UML (found using fuzz tool trinity) Signed-off-by: Toralf Förster <tor...@gm...> diff --git a/mm/page-writeback.c b/mm/page-writeback.c index f5236f8..f5a3096 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1462,7 +1462,8 @@ static void balance_dirty_pages(struct address_space *mapping, pause = max_pause; goto pause; } - period = HZ * pages_dirtied / task_ratelimit; + period = ((long) HZ) * pages_dirtied / task_ratelimit; + pause = period; if (current->dirty_paused_when) pause -= now - current->dirty_paused_when; -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Richard W. <ri...@no...> - 2013-10-03 19:04:45
|
Am 03.10.2013 20:54, schrieb Toralf Förster: > On 10/02/2013 09:55 PM, Richard Weinberger wrote: >> On Wed, Oct 2, 2013 at 8:30 PM, Toralf Förster <tor...@gm...> wrote: >>> Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time >>> within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) >>> yields into this konsole message : >>> >>> * Starting local >>> net.core.warnings = 0 [ ok ] >>> BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] >>> >>> >>> and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. >>> 2 subsequent made back traces made with >>> >>> $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt >>> >>> shows nearly a similar position around __get_user_pages() - both are attached. >>> >>> I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is >>> expected or if it points to an issue. >>> >>> >>> FWIW the last lines of trinity log were : >>> >>> >>> [2031] [94] setsid() = 2031 >>> [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) >>> [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 >>> [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) >>> [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) >>> [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) >>> [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) >>> [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 >>> [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) >>> [2031] [103] sigpending(set=0x40025000) = 0 >>> [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) >>> [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) >>> [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) >>> [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) >>> [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 >>> [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) >>> [2031] [110] munlock(addr=0x40025000, len=34) = 0 >>> [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) >>> [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) >>> [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) >>> [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) >>> [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) >>> [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) >>> [2031] [117] inotify_init() = 654 >>> [2031] [118] getgid() = 100 >>> [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) >>> [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) >>> [2031] [121] timerfd_create(clockid=0, flags=0) = 655 >>> [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) >>> [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) >>> [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) >>> [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) >>> [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) >>> [2031] [127] ssetmask(newmask=0x88000092) = 0 >>> [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) >>> [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) >>> [2031] [130] fchdir(fd=397) = -1 (Not a directory) >>> [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) >>> [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) >>> [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. >> >> Reading your gdb backtraces show that schedule_timeout() got called >> with a negative value. >> Looks like an integer overflow. >> The soft-lockup might also origin from that (very big integer which >> did not overflow jet) >> > > If the culprit is solved by this patch I'd like to send it out. But I'm > unsure whether it catches the culprit or if it just covers the root cause. I fear your Patch will not fix the issue. Does the issue only trigger on 32bit UMLs? How long does it take till trinity hits it? Thanks, //richard |
From: Toralf F. <tor...@gm...> - 2013-10-03 19:16:29
|
On 10/03/2013 09:04 PM, Richard Weinberger wrote: > Am 03.10.2013 20:54, schrieb Toralf Förster: >> On 10/02/2013 09:55 PM, Richard Weinberger wrote: >>> On Wed, Oct 2, 2013 at 8:30 PM, Toralf Förster <tor...@gm...> wrote: >>>> Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time >>>> within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) >>>> yields into this konsole message : >>>> >>>> * Starting local >>>> net.core.warnings = 0 [ ok ] >>>> BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] >>>> >>>> >>>> and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. >>>> 2 subsequent made back traces made with >>>> >>>> $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt >>>> >>>> shows nearly a similar position around __get_user_pages() - both are attached. >>>> >>>> I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is >>>> expected or if it points to an issue. >>>> >>>> >>>> FWIW the last lines of trinity log were : >>>> >>>> >>>> [2031] [94] setsid() = 2031 >>>> [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) >>>> [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 >>>> [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) >>>> [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) >>>> [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) >>>> [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) >>>> [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 >>>> [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) >>>> [2031] [103] sigpending(set=0x40025000) = 0 >>>> [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) >>>> [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) >>>> [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) >>>> [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) >>>> [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 >>>> [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) >>>> [2031] [110] munlock(addr=0x40025000, len=34) = 0 >>>> [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) >>>> [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) >>>> [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) >>>> [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) >>>> [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) >>>> [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) >>>> [2031] [117] inotify_init() = 654 >>>> [2031] [118] getgid() = 100 >>>> [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) >>>> [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) >>>> [2031] [121] timerfd_create(clockid=0, flags=0) = 655 >>>> [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) >>>> [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) >>>> [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) >>>> [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) >>>> [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) >>>> [2031] [127] ssetmask(newmask=0x88000092) = 0 >>>> [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) >>>> [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) >>>> [2031] [130] fchdir(fd=397) = -1 (Not a directory) >>>> [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) >>>> [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) >>>> [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. >>> >>> Reading your gdb backtraces show that schedule_timeout() got called >>> with a negative value. >>> Looks like an integer overflow. >>> The soft-lockup might also origin from that (very big integer which >>> did not overflow jet) >>> >> >> If the culprit is solved by this patch I'd like to send it out. But I'm >> unsure whether it catches the culprit or if it just covers the root cause. > > I fear your Patch will not fix the issue. > > Does the issue only trigger on 32bit UMLs? No diea, I do only have a 32 bit system here (both host and client). > How long does it take till trinity hits it? a command like $> ssh tfoerste@trinity "rm -rf t3; mkdir t3; cd t3; trinity -C4" usually needs 10 till 15 min to trigger the issue. With just 1 trinity task (-C1) however it needs often a hour or more. > Thanks, > //richard > -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Richard W. <ri...@no...> - 2013-10-03 19:21:02
|
Am 03.10.2013 21:16, schrieb Toralf Förster: > On 10/03/2013 09:04 PM, Richard Weinberger wrote: >> Am 03.10.2013 20:54, schrieb Toralf Förster: >>> On 10/02/2013 09:55 PM, Richard Weinberger wrote: >>>> On Wed, Oct 2, 2013 at 8:30 PM, Toralf Förster <tor...@gm...> wrote: >>>>> Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time >>>>> within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) >>>>> yields into this konsole message : >>>>> >>>>> * Starting local >>>>> net.core.warnings = 0 [ ok ] >>>>> BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] >>>>> >>>>> >>>>> and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. >>>>> 2 subsequent made back traces made with >>>>> >>>>> $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt >>>>> >>>>> shows nearly a similar position around __get_user_pages() - both are attached. >>>>> >>>>> I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is >>>>> expected or if it points to an issue. >>>>> >>>>> >>>>> FWIW the last lines of trinity log were : >>>>> >>>>> >>>>> [2031] [94] setsid() = 2031 >>>>> [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) >>>>> [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 >>>>> [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) >>>>> [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) >>>>> [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) >>>>> [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) >>>>> [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 >>>>> [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) >>>>> [2031] [103] sigpending(set=0x40025000) = 0 >>>>> [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) >>>>> [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) >>>>> [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) >>>>> [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) >>>>> [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 >>>>> [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) >>>>> [2031] [110] munlock(addr=0x40025000, len=34) = 0 >>>>> [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) >>>>> [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) >>>>> [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) >>>>> [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) >>>>> [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) >>>>> [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) >>>>> [2031] [117] inotify_init() = 654 >>>>> [2031] [118] getgid() = 100 >>>>> [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) >>>>> [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) >>>>> [2031] [121] timerfd_create(clockid=0, flags=0) = 655 >>>>> [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) >>>>> [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) >>>>> [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) >>>>> [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) >>>>> [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) >>>>> [2031] [127] ssetmask(newmask=0x88000092) = 0 >>>>> [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) >>>>> [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) >>>>> [2031] [130] fchdir(fd=397) = -1 (Not a directory) >>>>> [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) >>>>> [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) >>>>> [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. >>>> >>>> Reading your gdb backtraces show that schedule_timeout() got called >>>> with a negative value. >>>> Looks like an integer overflow. >>>> The soft-lockup might also origin from that (very big integer which >>>> did not overflow jet) >>>> >>> >>> If the culprit is solved by this patch I'd like to send it out. But I'm >>> unsure whether it catches the culprit or if it just covers the root cause. >> >> I fear your Patch will not fix the issue. >> >> Does the issue only trigger on 32bit UMLs? > No diea, I do only have a 32 bit system here (both host and client). > >> How long does it take till trinity hits it? > a command like > > $> ssh tfoerste@trinity "rm -rf t3; mkdir t3; cd t3; trinity -C4" > > usually needs 10 till 15 min to trigger the issue. With just 1 trinity > task (-C1) however it needs often a hour or more. That's good. :-) You can place some printk()s into balance_dirty_pages() and observe the values of period, max_pause, min_pause, etc... Maybe this will give us a clue. So far the issue looks not really UML specific. But maybe it is more likely to happen on UML because of the slow page faults... Thanks, //richard |
From: Toralf F. <tor...@gm...> - 2013-10-03 19:33:31
|
On 10/03/2013 09:20 PM, Richard Weinberger wrote: > Am 03.10.2013 21:16, schrieb Toralf Förster: >> On 10/03/2013 09:04 PM, Richard Weinberger wrote: >>> Am 03.10.2013 20:54, schrieb Toralf Förster: >>>> On 10/02/2013 09:55 PM, Richard Weinberger wrote: >>>>> On Wed, Oct 2, 2013 at 8:30 PM, Toralf Förster <tor...@gm...> wrote: >>>>>> Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time >>>>>> within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) >>>>>> yields into this konsole message : >>>>>> >>>>>> * Starting local >>>>>> net.core.warnings = 0 [ ok ] >>>>>> BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] >>>>>> >>>>>> >>>>>> and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. >>>>>> 2 subsequent made back traces made with >>>>>> >>>>>> $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt >>>>>> >>>>>> shows nearly a similar position around __get_user_pages() - both are attached. >>>>>> >>>>>> I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is >>>>>> expected or if it points to an issue. >>>>>> >>>>>> >>>>>> FWIW the last lines of trinity log were : >>>>>> >>>>>> >>>>>> [2031] [94] setsid() = 2031 >>>>>> [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) >>>>>> [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 >>>>>> [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) >>>>>> [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) >>>>>> [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) >>>>>> [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) >>>>>> [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 >>>>>> [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) >>>>>> [2031] [103] sigpending(set=0x40025000) = 0 >>>>>> [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) >>>>>> [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) >>>>>> [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) >>>>>> [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) >>>>>> [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 >>>>>> [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) >>>>>> [2031] [110] munlock(addr=0x40025000, len=34) = 0 >>>>>> [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) >>>>>> [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) >>>>>> [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) >>>>>> [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) >>>>>> [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) >>>>>> [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) >>>>>> [2031] [117] inotify_init() = 654 >>>>>> [2031] [118] getgid() = 100 >>>>>> [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) >>>>>> [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) >>>>>> [2031] [121] timerfd_create(clockid=0, flags=0) = 655 >>>>>> [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) >>>>>> [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) >>>>>> [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) >>>>>> [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) >>>>>> [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) >>>>>> [2031] [127] ssetmask(newmask=0x88000092) = 0 >>>>>> [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) >>>>>> [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) >>>>>> [2031] [130] fchdir(fd=397) = -1 (Not a directory) >>>>>> [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) >>>>>> [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) >>>>>> [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. >>>>> >>>>> Reading your gdb backtraces show that schedule_timeout() got called >>>>> with a negative value. >>>>> Looks like an integer overflow. >>>>> The soft-lockup might also origin from that (very big integer which >>>>> did not overflow jet) >>>>> >>>> >>>> If the culprit is solved by this patch I'd like to send it out. But I'm >>>> unsure whether it catches the culprit or if it just covers the root cause. >>> >>> I fear your Patch will not fix the issue. >>> >>> Does the issue only trigger on 32bit UMLs? >> No diea, I do only have a 32 bit system here (both host and client). >> >>> How long does it take till trinity hits it? >> a command like >> >> $> ssh tfoerste@trinity "rm -rf t3; mkdir t3; cd t3; trinity -C4" >> >> usually needs 10 till 15 min to trigger the issue. With just 1 trinity >> task (-C1) however it needs often a hour or more. > > That's good. :-) > You can place some printk()s into balance_dirty_pages() and observe the values > of period, max_pause, min_pause, etc... > Maybe this will give us a clue. Will do it again. I did it before already but period was the only thing which becames otherwise negative - and because pages_dirtied was often in the range of 20 - 30 and perioad around -3000 I just wondered if HZ is casts as a short int in the calculation ? BTW printk doesn't showed anything in the syslog (ok, I used printk(KERN_ERR ...) BUG_ON however worked fine, but do not give any output ... > > So far the issue looks not really UML specific. > But maybe it is more likely to happen on UML because of the slow page faults... > > Thanks, > //richard > > -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Richard W. <ri...@no...> - 2013-10-04 05:53:08
|
Am 03.10.2013 21:33, schrieb Toralf Förster: > On 10/03/2013 09:20 PM, Richard Weinberger wrote: >> Am 03.10.2013 21:16, schrieb Toralf Förster: >>> On 10/03/2013 09:04 PM, Richard Weinberger wrote: >>>> Am 03.10.2013 20:54, schrieb Toralf Förster: >>>>> On 10/02/2013 09:55 PM, Richard Weinberger wrote: >>>>>> On Wed, Oct 2, 2013 at 8:30 PM, Toralf Förster <tor...@gm...> wrote: >>>>>>> Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time >>>>>>> within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) >>>>>>> yields into this konsole message : >>>>>>> >>>>>>> * Starting local >>>>>>> net.core.warnings = 0 [ ok ] >>>>>>> BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] >>>>>>> >>>>>>> >>>>>>> and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. >>>>>>> 2 subsequent made back traces made with >>>>>>> >>>>>>> $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt >>>>>>> >>>>>>> shows nearly a similar position around __get_user_pages() - both are attached. >>>>>>> >>>>>>> I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is >>>>>>> expected or if it points to an issue. >>>>>>> >>>>>>> >>>>>>> FWIW the last lines of trinity log were : >>>>>>> >>>>>>> >>>>>>> [2031] [94] setsid() = 2031 >>>>>>> [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) >>>>>>> [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 >>>>>>> [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) >>>>>>> [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) >>>>>>> [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) >>>>>>> [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) >>>>>>> [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 >>>>>>> [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) >>>>>>> [2031] [103] sigpending(set=0x40025000) = 0 >>>>>>> [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) >>>>>>> [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) >>>>>>> [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) >>>>>>> [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) >>>>>>> [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 >>>>>>> [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) >>>>>>> [2031] [110] munlock(addr=0x40025000, len=34) = 0 >>>>>>> [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) >>>>>>> [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) >>>>>>> [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) >>>>>>> [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) >>>>>>> [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) >>>>>>> [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) >>>>>>> [2031] [117] inotify_init() = 654 >>>>>>> [2031] [118] getgid() = 100 >>>>>>> [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) >>>>>>> [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) >>>>>>> [2031] [121] timerfd_create(clockid=0, flags=0) = 655 >>>>>>> [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) >>>>>>> [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) >>>>>>> [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) >>>>>>> [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) >>>>>>> [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) >>>>>>> [2031] [127] ssetmask(newmask=0x88000092) = 0 >>>>>>> [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) >>>>>>> [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) >>>>>>> [2031] [130] fchdir(fd=397) = -1 (Not a directory) >>>>>>> [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) >>>>>>> [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) >>>>>>> [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. >>>>>> >>>>>> Reading your gdb backtraces show that schedule_timeout() got called >>>>>> with a negative value. >>>>>> Looks like an integer overflow. >>>>>> The soft-lockup might also origin from that (very big integer which >>>>>> did not overflow jet) >>>>>> >>>>> >>>>> If the culprit is solved by this patch I'd like to send it out. But I'm >>>>> unsure whether it catches the culprit or if it just covers the root cause. >>>> >>>> I fear your Patch will not fix the issue. >>>> >>>> Does the issue only trigger on 32bit UMLs? >>> No diea, I do only have a 32 bit system here (both host and client). >>> >>>> How long does it take till trinity hits it? >>> a command like >>> >>> $> ssh tfoerste@trinity "rm -rf t3; mkdir t3; cd t3; trinity -C4" >>> >>> usually needs 10 till 15 min to trigger the issue. With just 1 trinity >>> task (-C1) however it needs often a hour or more. >> >> That's good. :-) >> You can place some printk()s into balance_dirty_pages() and observe the values >> of period, max_pause, min_pause, etc... >> Maybe this will give us a clue. > > Will do it again. I did it before already but period was the only thing > which becames otherwise negative - > and because pages_dirtied was often in the range of 20 - 30 and perioad > around -3000 Did you print it before or after if (current->dirty_paused_when) pause -= now - current->dirty_paused_when; I'm also wondering why if (pause < min_pause) { did not trigger or did it? > I just wondered if HZ is casts as a short int in the calculation ? > BTW printk doesn't showed anything in the syslog (ok, I used > printk(KERN_ERR ...) syslog or dmesg? Thanks, //richard |
From: Toralf F. <tor...@gm...> - 2013-10-06 14:17:58
|
On 10/04/2013 07:52 AM, Richard Weinberger wrote: > Am 03.10.2013 21:33, schrieb Toralf Förster: >> On 10/03/2013 09:20 PM, Richard Weinberger wrote: >>> Am 03.10.2013 21:16, schrieb Toralf Förster: >>>> On 10/03/2013 09:04 PM, Richard Weinberger wrote: >>>>> Am 03.10.2013 20:54, schrieb Toralf Förster: >>>>>> On 10/02/2013 09:55 PM, Richard Weinberger wrote: >>>>>>> On Wed, Oct 2, 2013 at 8:30 PM, Toralf Förster <tor...@gm...> wrote: >>>>>>>> Running trinity (1 process, no victim files, just "$>trinity -C1) for a longer time >>>>>>>> within a 32 bit user mode linux image with a recent git kernel (host: 3.11.3 guest 3.12-rc3-g...) >>>>>>>> yields into this konsole message : >>>>>>>> >>>>>>>> * Starting local >>>>>>>> net.core.warnings = 0 [ ok ] >>>>>>>> BUG: soft lockup - CPU#0 stuck for 23s! [trinity-child0:2031] >>>>>>>> >>>>>>>> >>>>>>>> and at the host t1 of the "linux"-processes eats all CPU cycles at 1 CPU core. >>>>>>>> 2 subsequent made back traces made with >>>>>>>> >>>>>>>> $> sudo gdb /home/tfoerste/devel/linux/linux 28144 -n -batch -ex bt >>>>>>>> >>>>>>>> shows nearly a similar position around __get_user_pages() - both are attached. >>>>>>>> >>>>>>>> I'm not surprised that trinity harms a systems - I'm just wondering whether this particular picture is >>>>>>>> expected or if it points to an issue. >>>>>>>> >>>>>>>> >>>>>>>> FWIW the last lines of trinity log were : >>>>>>>> >>>>>>>> >>>>>>>> [2031] [94] setsid() = 2031 >>>>>>>> [2031] [95] setresgid(rgid=0xffff33e3, egid=0xffffff93, sgid=0x22000040) = -1 (Operation not permitted) >>>>>>>> [2031] [96] vmsplice(fd=5, iov=0x85501e0, nr_segs=300, flags=9) = 0x3000 >>>>>>>> [2031] [97] setresuid(ruid=0x80549193, euid=0xc61041e0, suid=0xff19b6fa) = -1 (Operation not permitted) >>>>>>>> [2031] [98] setpriority(which=0xff010000, who=0xf3737373, niceval=0x8088960c) = -1 (Invalid argument) >>>>>>>> [2031] [99] socketcall(call=1, args=0x8550200) = -1 (Address family not supported by protocol) >>>>>>>> [2031] [100] access(filename="�", mode=2017) = -1 (Invalid argument) >>>>>>>> [2031] [101] getgroups(gidsetsize=0, grouplist=0x80d0000[page_rand]) = 3 >>>>>>>> [2031] [102] msync(start=0xc0100220, len=0, flags=3) = -1 (Invalid argument) >>>>>>>> [2031] [103] sigpending(set=0x40025000) = 0 >>>>>>>> [2031] [104] signalfd4(ufd=383, user_mask=1, sizemask=0xa4200000, flags=0x80800) = -1 (Invalid argument) >>>>>>>> [2031] [105] sendfile(out_fd=383, in_fd=382, offset=0, count=4096) = -1 (Invalid argument) >>>>>>>> [2031] [106] fanotify_mark(fanotify_fd=382, flags=5, mask=0x8000023, dfd=382, pathname="/proc/1092/task/1092/fdinfo/68") = -1 (Invalid argument) >>>>>>>> [2031] [107] wait4(upid=1, stat_addr=4, options=0xd761979b, ru=8) = -1 (Invalid argument) >>>>>>>> [2031] [108] sigpending(set=0x80ca000[page_zeros]) = 0 >>>>>>>> [2031] [109] setresuid(ruid=0xefffd6fc, euid=0x1bf4c92f, suid=0xffff2e33) = -1 (Operation not permitted) >>>>>>>> [2031] [110] munlock(addr=0x40025000, len=34) = 0 >>>>>>>> [2031] [111] timer_delete(timer_id=0xffffffdc) = -1 (Invalid argument) >>>>>>>> [2031] [112] sched_get_priority_max(policy=0x10000040) = -1 (Invalid argument) >>>>>>>> [2031] [113] syslog(type=0xc1000000, buf=1, len=0x82a5) = -1 (Operation not permitted) >>>>>>>> [2031] [114] setpriority(which=0xc4c806c6, who=0xffffff01, niceval=0xffff0682) = -1 (Invalid argument) >>>>>>>> [2031] [115] getgroups16(gidsetsize=0xfffe, grouplist=1) = -1 (Bad address) >>>>>>>> [2031] [116] rename(oldname=4, newname=8) = -1 (Bad address) >>>>>>>> [2031] [117] inotify_init() = 654 >>>>>>>> [2031] [118] getgid() = 100 >>>>>>>> [2031] [119] fstatat64(dfd=382, filename="/sys/devices/virtual/net/sit0/duplex", statbuf=0, flag=0xb545d727) = -1 (Invalid argument) >>>>>>>> [2031] [120] unlinkat(dfd=382, pathname="/proc/sys/net/ipv4/neigh/default/retrans_time", flag=0xc00ef76) = -1 (Invalid argument) >>>>>>>> [2031] [121] timerfd_create(clockid=0, flags=0) = 655 >>>>>>>> [2031] [122] munlock(addr=4, len=0x3fff) = -1 (Cannot allocate memory) >>>>>>>> [2031] [123] fremovexattr(fd=382, name=0) = -1 (Bad address) >>>>>>>> [2031] [124] sched_get_priority_min(policy=0xff58bfef) = -1 (Invalid argument) >>>>>>>> [2031] [125] mq_timedreceive(mqdes=397, u_msg_ptr=4, msg_len=5245, u_msg_prio=0xc0100220, u_abs_timeout=0xc0100220) = -1 (Bad address) >>>>>>>> [2031] [126] chdir(filename="/proc/116/net/ptype") = -1 (Not a directory) >>>>>>>> [2031] [127] ssetmask(newmask=0x88000092) = 0 >>>>>>>> [2031] [128] statfs(pathname="/proc/6/mounts", buf=0) = -1 (Bad address) >>>>>>>> [2031] [129] fchown16(fd=397, user=104, group=0x94100000) = -1 (Operation not permitted) >>>>>>>> [2031] [130] fchdir(fd=397) = -1 (Not a directory) >>>>>>>> [2031] [131] mkdir(pathname="/proc/1092/task/1092/fdinfo/316", mode=525) = -1 (File exists) >>>>>>>> [2031] [132] fsetxattr(fd=386, name=0x856f158, value=0x8571160, size=0, flags=0) = -1 (Numerical result out of range) >>>>>>>> [2031] [133] io_setup(nr_events=4095, ctxp=0x40266000) ^CKilled by signal 2. >>>>>>> >>>>>>> Reading your gdb backtraces show that schedule_timeout() got called >>>>>>> with a negative value. >>>>>>> Looks like an integer overflow. >>>>>>> The soft-lockup might also origin from that (very big integer which >>>>>>> did not overflow jet) >>>>>>> >>>>>> >>>>>> If the culprit is solved by this patch I'd like to send it out. But I'm >>>>>> unsure whether it catches the culprit or if it just covers the root cause. >>>>> >>>>> I fear your Patch will not fix the issue. >>>>> >>>>> Does the issue only trigger on 32bit UMLs? >>>> No diea, I do only have a 32 bit system here (both host and client). >>>> >>>>> How long does it take till trinity hits it? >>>> a command like >>>> >>>> $> ssh tfoerste@trinity "rm -rf t3; mkdir t3; cd t3; trinity -C4" >>>> >>>> usually needs 10 till 15 min to trigger the issue. With just 1 trinity >>>> task (-C1) however it needs often a hour or more. >>> >>> That's good. :-) >>> You can place some printk()s into balance_dirty_pages() and observe the values >>> of period, max_pause, min_pause, etc... >>> Maybe this will give us a clue. >> >> Will do it again. I did it before already but period was the only thing >> which becames otherwise negative - >> and because pages_dirtied was often in the range of 20 - 30 and perioad >> around -3000 > > Did you print it before or after > if (current->dirty_paused_when) > pause -= now - current->dirty_paused_when; > > I'm also wondering why > if (pause < min_pause) { > did not trigger or did it? > >> I just wondered if HZ is casts as a short int in the calculation ? >> BTW printk doesn't showed anything in the syslog (ok, I used >> printk(KERN_ERR ...) > > syslog or dmesg? > > Thanks, > //richard > back from going a mushroom foray - I nearly surrounded all "pause=" statements with BUG_ON and downgrades trinity (b/c their latest enhancements made trinity too weak) The UML stopped here : ... if (unlikely(task_ratelimit == 0)) { period = max_pause; pause = max_pause; BUG_ON(pause < 0); goto pause; } BUG_ON(pages_dirtied < 0); BUG_ON(task_ratelimit < 0); period = HZ * pages_dirtied / task_ratelimit; BUG_ON(period < 0); <----------------------here pause = period; BUG_ON(pause < 0); if (current->dirty_paused_when) pause -= now - current->dirty_paused_when; BUG_ON(pause < 0); ... The back trace is : tfoerste@n22 ~/devel/trinity $ gdb --core=/mnt/ramdisk/core /home/tfoerste/devel/linux/linux -batch -ex bt[New LWP 2522] Core was generated by `/home/tfoerste/devel/linux/linux earlyprintk ubda=/home/tfoerste/virtual/uml/tr'. Program terminated with signal 6, Aborted. #0 0xb777a424 in __kernel_vsyscall () #0 0xb777a424 in __kernel_vsyscall () #1 0x083b33b5 in kill () #2 0x0807190d in uml_abort () at arch/um/os-Linux/util.c:93 #3 0x08071c45 in os_dump_core () at arch/um/os-Linux/util.c:148 #4 0x08061417 in panic_exit (self=0x85b9558 <panic_exit_notifier>, unused1=0, unused2=0x85ef720 <buf.16084>) at arch/um/kernel/um_arch.c:240 #5 0x0809a7d8 in notifier_call_chain (nl=0x0, val=0, v=0x85ef720 <buf.16084>, nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93 #6 0x0809a923 in __atomic_notifier_call_chain (nr_calls=<optimized out>, nr_to_call=<optimized out>, v=<optimized out>, val=<optimized out>, nh=<optimized out>) at kernel/notifier.c:182 #7 atomic_notifier_call_chain (nh=0x85ef704 <panic_notifier_list>, val=0, v=0x85ef720 <buf.16084>) at kernel/notifier.c:191 #8 0x08410d1c in panic (fmt=0x0) at kernel/panic.c:130 #9 0x08411c64 in balance_dirty_pages (pages_dirtied=9, mapping=<optimized out>) at mm/page-writeback.c:1471 #10 0x080d1ce4 in balance_dirty_pages_ratelimited (mapping=0x6) at mm/page-writeback.c:1663 #11 0x080e2d0c in __do_fault (mm=0x4870da00, vma=0x487484c8, address=1095131136, pmd=0x0, pgoff=0, flags=1212323992, orig_pte=<incomplete type>) at mm/memory.c:3452 #12 0x080e5286 in do_nonlinear_fault (orig_pte=..., flags=<optimized out>, pmd=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>, page_table=<optimized out>) at mm/memory.c:3518 #13 handle_pte_fault (flags=<optimized out>, pmd=<optimized out>, pte=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>) at mm/memory.c:3717 #14 __handle_mm_fault (flags=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>) at mm/memory.c:3845 #15 handle_mm_fault (mm=0x4870da00, vma=0x487484c8, address=1095131136, flags=1) at mm/memory.c:3868 #16 0x080e5a07 in __get_user_pages (tsk=0x47d5a400, mm=0x4870da00, start=1095131136, nr_pages=1025, gup_flags=519, pages=0x47c50000, vmas=0x0, nonblocking=0x0) at mm/memory.c:1822 #17 0x080e5cc3 in get_user_pages (tsk=0x0, mm=0x0, start=0, nr_pages=0, write=1, force=0, pages=0x47fafb98, vmas=0x6) at mm/memory.c:2019 #18 0x08140d0e in aio_setup_ring (ctx=<optimized out>) at fs/aio.c:340 #19 ioctx_alloc (nr_events=<optimized out>) at fs/aio.c:605 #20 SYSC_io_setup (ctxp=<optimized out>, nr_events=<optimized out>) at fs/aio.c:1122 #21 SyS_io_setup (nr_events=65535, ctxp=135045120) at fs/aio.c:1105 #22 0x080619c2 in handle_syscall (r=0x47d5a5d4) at arch/um/kernel/skas/syscall.c:35 #23 0x08073f2d in handle_trap (local_using_sysemu=<optimized out>, regs=<optimized out>, pid=<optimized out>) at arch/um/os-Linux/skas/process.c:198 #24 userspace (regs=0x47d5a5d4) at arch/um/os-Linux/skas/process.c:431 #25 0x0805e6ac in fork_handler () at arch/um/kernel/process.c:160 #26 0x00000000 in ?? () I'll try again to see if printk's will help - how do I force a sync after a printk ? -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Geert U. <ge...@li...> - 2013-10-06 18:38:27
|
On Sun, Oct 6, 2013 at 4:17 PM, Toralf Förster <tor...@gm...> wrote: > The UML stopped here : > ... > if (unlikely(task_ratelimit == 0)) { > period = max_pause; > pause = max_pause; > BUG_ON(pause < 0); > goto pause; > } > BUG_ON(pages_dirtied < 0); > BUG_ON(task_ratelimit < 0); > period = HZ * pages_dirtied / task_ratelimit; > BUG_ON(period < 0); <----------------------here So pages_dirtied becomes that big compared to task_ratelimit (both are "unsigned long"), that period (which is "long", just like "pause") overflows into a negative number. This is indeed much more likely to happen on 32-bit. > The back trace is : > #9 0x08411c64 in balance_dirty_pages (pages_dirtied=9, mapping=<optimized out>) at mm/page-writeback.c:1471 But here pages_dirtied is only 9?? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@li... In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds |
From: Toralf F. <tor...@gm...> - 2013-10-06 20:08:39
|
On 10/06/2013 08:38 PM, Geert Uytterhoeven wrote: > On Sun, Oct 6, 2013 at 4:17 PM, Toralf Förster <tor...@gm...> wrote: >> The UML stopped here : >> ... >> if (unlikely(task_ratelimit == 0)) { >> period = max_pause; >> pause = max_pause; >> BUG_ON(pause < 0); >> goto pause; >> } >> BUG_ON(pages_dirtied < 0); >> BUG_ON(task_ratelimit < 0); >> period = HZ * pages_dirtied / task_ratelimit; >> BUG_ON(period < 0); <----------------------here > > So pages_dirtied becomes that big compared to task_ratelimit (both are > "unsigned long"), that period (which is "long", just like "pause") overflows > into a negative number. > > This is indeed much more likely to happen on 32-bit. > >> The back trace is : > >> #9 0x08411c64 in balance_dirty_pages (pages_dirtied=9, mapping=<optimized out>) at mm/page-writeback.c:1471 > > But here pages_dirtied is only 9?? > > Gr{oetje,eeting}s, > > Geert > > -- > Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@li... > > In personal conversations with technical people, I call myself a hacker. But > when I'm talking to journalists I just say "programmer" or something like that. > -- Linus Torvalds > Well, this points to an overflow or ? : tfoerste@n22 ~/devel/linux $ nl -ba mm/page-writeback.c | grep -A 5 -B 5 1468 1463 BUG_ON(pause < 0); 1464 goto pause; 1465 } 1466 period = HZ * pages_dirtied / task_ratelimit; 1467 pause = period; 1468 BUG_ON(pause < 0 && pages_dirtied > 0 && task_ratelimit > 0); 1469 if (current->dirty_paused_when) 1470 pause -= now - current->dirty_paused_when; 1471 /* 1472 * For less than 1s think time (ext3/4 may block the dirtier 1473 * for up to 800ms from time to time on 1-HDD; so does xfs, and the back trace is : tfoerste@n22 ~/devel/linux $ gdb --core=/mnt/ramdisk/core /home/tfoerste/devel/linux/linux -batch -ex bt [New LWP 13163] Core was generated by `/home/tfoerste/devel/linux/linux earlyprintk ubda=/home/tfoerste/virtual/uml/tr'. Program terminated with signal 6, Aborted. #0 0xb77d2424 in __kernel_vsyscall () #0 0xb77d2424 in __kernel_vsyscall () #1 0x083b33b5 in kill () #2 0x0807190d in uml_abort () at arch/um/os-Linux/util.c:93 #3 0x08071c45 in os_dump_core () at arch/um/os-Linux/util.c:148 #4 0x08061417 in panic_exit (self=0x85b9558 <panic_exit_notifier>, unused1=0, unused2=0x85ef720 <buf.16084>) at arch/um/kernel/um_arch.c:240 #5 0x0809a7d8 in notifier_call_chain (nl=0x0, val=0, v=0x85ef720 <buf.16084>, nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93 #6 0x0809a923 in __atomic_notifier_call_chain (nr_calls=<optimized out>, nr_to_call=<optimized out>, v=<optimized out>, val=<optimized out>, nh=<optimized out>) at kernel/notifier.c:182 #7 atomic_notifier_call_chain (nh=0x85ef704 <panic_notifier_list>, val=0, v=0x85ef720 <buf.16084>) at kernel/notifier.c:191 #8 0x08410d1c in panic (fmt=0x0) at kernel/panic.c:130 #9 0x08411c6c in balance_dirty_pages (pages_dirtied=0, mapping=<optimized out>) at mm/page-writeback.c:1468 #10 0x080d1ce4 in balance_dirty_pages_ratelimited (mapping=0x6) at mm/page-writeback.c:1657 #11 0x080e2d0c in __do_fault (mm=0x47b09600, vma=0x48bc9e58, address=1082572800, pmd=0x0, pgoff=0, flags=1167616488, orig_pte=<incomplete type>) at mm/memory.c:3452 #12 0x080e5286 in do_nonlinear_fault (orig_pte=..., flags=<optimized out>, pmd=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>, page_table=<optimized out>) at mm/memory.c:3518 #13 handle_pte_fault (flags=<optimized out>, pmd=<optimized out>, pte=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>) at mm/memory.c:3717 #14 __handle_mm_fault (flags=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>) at mm/memory.c:3845 #15 handle_mm_fault (mm=0x47b09600, vma=0x48bc9e58, address=1082572800, flags=1) at mm/memory.c:3868 #16 0x080e5a07 in __get_user_pages (tsk=0x47a3ea00, mm=0x47b09600, start=1082572800, nr_pages=962, gup_flags=519, pages=0x47b96120, vmas=0x0, nonblocking=0x0) at mm/memory.c:1822 #17 0x080e5cc3 in get_user_pages (tsk=0x0, mm=0x0, start=0, nr_pages=0, write=1, force=0, pages=0x4789fb9c, vmas=0x6) at mm/memory.c:2019 #18 0x08140d0e in aio_setup_ring (ctx=<optimized out>) at fs/aio.c:340 #19 ioctx_alloc (nr_events=<optimized out>) at fs/aio.c:605 #20 SYSC_io_setup (ctxp=<optimized out>, nr_events=<optimized out>) at fs/aio.c:1122 #21 SyS_io_setup (nr_events=-2147422135, ctxp=135045120) at fs/aio.c:1105 #22 0x080619c2 in handle_syscall (r=0x47a3ebd4) at arch/um/kernel/skas/syscall.c:35 #23 0x08073f2d in handle_trap (local_using_sysemu=<optimized out>, regs=<optimized out>, pid=<optimized out>) at arch/um/os-Linux/skas/process.c:198 #24 userspace (regs=0x47a3ebd4) at arch/um/os-Linux/skas/process.c:431 #25 0x0805e6ac in fork_handler () at arch/um/kernel/process.c:160 #26 0x5a5a5a5a in ?? () -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Geert U. <ge...@li...> - 2013-10-06 20:26:52
|
On Sun, Oct 6, 2013 at 10:08 PM, Toralf Förster <tor...@gm...> wrote: > On 10/06/2013 08:38 PM, Geert Uytterhoeven wrote: >> On Sun, Oct 6, 2013 at 4:17 PM, Toralf Förster <tor...@gm...> wrote: >>> The UML stopped here : >>> ... >>> if (unlikely(task_ratelimit == 0)) { >>> period = max_pause; >>> pause = max_pause; >>> BUG_ON(pause < 0); >>> goto pause; >>> } >>> BUG_ON(pages_dirtied < 0); >>> BUG_ON(task_ratelimit < 0); >>> period = HZ * pages_dirtied / task_ratelimit; >>> BUG_ON(period < 0); <----------------------here >> >> So pages_dirtied becomes that big compared to task_ratelimit (both are >> "unsigned long"), that period (which is "long", just like "pause") overflows >> into a negative number. >> >> This is indeed much more likely to happen on 32-bit. >> >>> The back trace is : >> >>> #9 0x08411c64 in balance_dirty_pages (pages_dirtied=9, mapping=<optimized out>) at mm/page-writeback.c:1471 >> >> But here pages_dirtied is only 9?? > Well, this points to an overflow or ? : Negative indicates an overflow, but pages_dirtied doesn't. > tfoerste@n22 ~/devel/linux $ nl -ba mm/page-writeback.c | grep -A 5 -B 5 1468 > 1463 BUG_ON(pause < 0); > 1464 goto pause; > 1465 } > 1466 period = HZ * pages_dirtied / task_ratelimit; > 1467 pause = period; > 1468 BUG_ON(pause < 0 && pages_dirtied > 0 && task_ratelimit > 0); > 1469 if (current->dirty_paused_when) > 1470 pause -= now - current->dirty_paused_when; > 1471 /* > 1472 * For less than 1s think time (ext3/4 may block the dirtier > 1473 * for up to 800ms from time to time on 1-HDD; so does xfs, > > > and the back trace is : > > #9 0x08411c6c in balance_dirty_pages (pages_dirtied=0, mapping=<optimized out>) at mm/page-writeback.c:1468 Hmm, now pages_dirtied is zero, according to the backtrace, but the BUG_ON() asserts its strict positive?!? Can you please try the following instead of the BUG_ON(): if (pause < 0) { printk("pages_dirtied = %lu\n", pages_dirtied); printk("task_ratelimit = %lu\n", task_ratelimit); printk("pause = %ld\n", pause); } Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@li... In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds |
From: Toralf F. <tor...@gm...> - 2013-10-06 21:01:18
|
On 10/06/2013 10:26 PM, Geert Uytterhoeven wrote: > On Sun, Oct 6, 2013 at 10:08 PM, Toralf Förster <tor...@gm...> wrote: >> On 10/06/2013 08:38 PM, Geert Uytterhoeven wrote: >>> On Sun, Oct 6, 2013 at 4:17 PM, Toralf Förster <tor...@gm...> wrote: >>>> The UML stopped here : >>>> ... >>>> if (unlikely(task_ratelimit == 0)) { >>>> period = max_pause; >>>> pause = max_pause; >>>> BUG_ON(pause < 0); >>>> goto pause; >>>> } >>>> BUG_ON(pages_dirtied < 0); >>>> BUG_ON(task_ratelimit < 0); >>>> period = HZ * pages_dirtied / task_ratelimit; >>>> BUG_ON(period < 0); <----------------------here >>> >>> So pages_dirtied becomes that big compared to task_ratelimit (both are >>> "unsigned long"), that period (which is "long", just like "pause") overflows >>> into a negative number. >>> >>> This is indeed much more likely to happen on 32-bit. >>> >>>> The back trace is : >>> >>>> #9 0x08411c64 in balance_dirty_pages (pages_dirtied=9, mapping=<optimized out>) at mm/page-writeback.c:1471 >>> >>> But here pages_dirtied is only 9?? > >> Well, this points to an overflow or ? : > > Negative indicates an overflow, but pages_dirtied doesn't. > >> tfoerste@n22 ~/devel/linux $ nl -ba mm/page-writeback.c | grep -A 5 -B 5 1468 >> 1463 BUG_ON(pause < 0); >> 1464 goto pause; >> 1465 } >> 1466 period = HZ * pages_dirtied / task_ratelimit; >> 1467 pause = period; >> 1468 BUG_ON(pause < 0 && pages_dirtied > 0 && task_ratelimit > 0); >> 1469 if (current->dirty_paused_when) >> 1470 pause -= now - current->dirty_paused_when; >> 1471 /* >> 1472 * For less than 1s think time (ext3/4 may block the dirtier >> 1473 * for up to 800ms from time to time on 1-HDD; so does xfs, >> >> >> and the back trace is : >> >> #9 0x08411c6c in balance_dirty_pages (pages_dirtied=0, mapping=<optimized out>) at mm/page-writeback.c:1468 > > Hmm, now pages_dirtied is zero, according to the backtrace, but the BUG_ON() > asserts its strict positive?!? > > Can you please try the following instead of the BUG_ON(): > > if (pause < 0) { > printk("pages_dirtied = %lu\n", pages_dirtied); > printk("task_ratelimit = %lu\n", task_ratelimit); > printk("pause = %ld\n", pause); > } > > Gr{oetje,eeting}s, > > Geert I tried it in different ways already - I'm completely unsuccessful in getting any printk output. As soon as the issue happens I do have a BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] at stderr of the UML and then no further input is accepted. With uml_mconsole I'm however able to run very basic commands like a crash dump, sysrq ond so on. > > -- > Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@li... > > In personal conversations with technical people, I call myself a hacker. But > when I'm talking to journalists I just say "programmer" or something like that. > -- Linus Torvalds > -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Geert U. <ge...@li...> - 2013-10-08 20:07:46
|
On Sun, Oct 6, 2013 at 11:01 PM, Toralf Förster <tor...@gm...> wrote: >> Hmm, now pages_dirtied is zero, according to the backtrace, but the BUG_ON() >> asserts its strict positive?!? >> >> Can you please try the following instead of the BUG_ON(): >> >> if (pause < 0) { >> printk("pages_dirtied = %lu\n", pages_dirtied); >> printk("task_ratelimit = %lu\n", task_ratelimit); >> printk("pause = %ld\n", pause); >> } >> >> Gr{oetje,eeting}s, >> >> Geert > I tried it in different ways already - I'm completely unsuccessful in getting any printk output. > As soon as the issue happens I do have a > > BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] > > at stderr of the UML and then no further input is accepted. With uml_mconsole I'm however able > to run very basic commands like a crash dump, sysrq ond so on. You may get an idea of the magnitude of pages_dirtied by using a chain of BUG_ON()s, like: BUG_ON(pages_dirtied > 2000000000); BUG_ON(pages_dirtied > 1000000000); BUG_ON(pages_dirtied > 100000000); BUG_ON(pages_dirtied > 10000000); BUG_ON(pages_dirtied > 1000000); Probably 1 million is already too much for normal operation? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@li... In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds |
From: Toralf F. <tor...@gm...> - 2013-10-11 14:13:06
|
On 10/11/2013 10:57 AM, Fengguang Wu wrote: > On Fri, Oct 11, 2013 at 10:42:19AM +0200, Toralf Förster wrote: >> yeah, now the picture becomes more clear >> ... >> net.core.warnings = 0 [ ok ] >> ick: pause : -717 >> ick : min_pause : -177 >> ick : max_pause : -717 >> ick: pages_dirtied : 14 >> ick: task_ratelimit: 0 > > Great and thanks! So it's the max pause calculation went wrong. > Would help you try the below patch? > Definitely. I'm running now the test case since 6 hours w/o any issues. before that usually after 15 - 30 min the bug occurred. >>From 5420b9bbe42dd0a366d7615e9f3d3724cee725c4 Mon Sep 17 00:00:00 2001 > From: Fengguang Wu <fen...@in...> > Date: Fri, 11 Oct 2013 16:53:26 +0800 > Subject: [PATCH] fix bdi max pause calculation > > Signed-off-by: Fengguang Wu <fen...@in...> > --- > mm/page-writeback.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/mm/page-writeback.c b/mm/page-writeback.c > index 3f0c895..241a746 100644 > --- a/mm/page-writeback.c > +++ b/mm/page-writeback.c > @@ -1104,11 +1104,11 @@ static unsigned long dirty_poll_interval(unsigned long dirty, > return 1; > } > > -static long bdi_max_pause(struct backing_dev_info *bdi, > - unsigned long bdi_dirty) > +static unsigned long bdi_max_pause(struct backing_dev_info *bdi, > + unsigned long bdi_dirty) > { > - long bw = bdi->avg_write_bandwidth; > - long t; > + unsigned long bw = bdi->avg_write_bandwidth; > + unsigned long t; > > /* > * Limit pause time for small memory systems. If sleeping for too long > @@ -1120,7 +1120,7 @@ static long bdi_max_pause(struct backing_dev_info *bdi, > t = bdi_dirty / (1 + bw / roundup_pow_of_two(1 + HZ / 8)); > t++; > > - return min_t(long, t, MAX_PAUSE); > + return min_t(unsigned long, t, MAX_PAUSE); > } > > static long bdi_min_pause(struct backing_dev_info *bdi, > -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Fengguang Wu <fen...@in...> - 2013-10-12 00:44:08
|
Toralf runs trinity on UML/i386. After some time it hangs and the last message line is BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] It's found that pages_dirtied becomes very large. More than 1000000000 pages in this case: period = HZ * pages_dirtied / task_ratelimit; BUG_ON(pages_dirtied > 2000000000); BUG_ON(pages_dirtied > 1000000000); <--------- UML debug printf shows that we got negative pause here: ick: pause : -984 ick: pages_dirtied : 0 ick: task_ratelimit: 0 pause: + if (pause < 0) { + extern int printf(char *, ...); + printf("ick : pause : %li\n", pause); + printf("ick: pages_dirtied : %lu\n", pages_dirtied); + printf("ick: task_ratelimit: %lu\n", task_ratelimit); + BUG_ON(1); + } trace_balance_dirty_pages(bdi, Since pause is bounded by [min_pause, max_pause] where min_pause is also bounded by max_pause. It's suspected and demonstrated that the max_pause calculation goes wrong: ick: pause : -717 ick: min_pause : -177 ick: max_pause : -717 ick: pages_dirtied : 14 ick: task_ratelimit: 0 The problem lies in the two "long = unsigned long" assignments in bdi_max_pause() which might go negative if the highest bit is 1, and the min_t(long, ...) check failed to protect it falling under 0. Fix all of them by using "unsigned long" throughout the function. Reported-by: Toralf Förster <tor...@gm...> Tested-by: Toralf Förster <tor...@gm...> Signed-off-by: Fengguang Wu <fen...@in...> --- mm/page-writeback.c | 10 +++++----- mm/readahead.c | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 3f0c895..241a746 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1104,11 +1104,11 @@ static unsigned long dirty_poll_interval(unsigned long dirty, return 1; } -static long bdi_max_pause(struct backing_dev_info *bdi, - unsigned long bdi_dirty) +static unsigned long bdi_max_pause(struct backing_dev_info *bdi, + unsigned long bdi_dirty) { - long bw = bdi->avg_write_bandwidth; - long t; + unsigned long bw = bdi->avg_write_bandwidth; + unsigned long t; /* * Limit pause time for small memory systems. If sleeping for too long @@ -1120,7 +1120,7 @@ static long bdi_max_pause(struct backing_dev_info *bdi, t = bdi_dirty / (1 + bw / roundup_pow_of_two(1 + HZ / 8)); t++; - return min_t(long, t, MAX_PAUSE); + return min_t(unsigned long, t, MAX_PAUSE); } static long bdi_min_pause(struct backing_dev_info *bdi, |
From: Toralf F. <tor...@gm...> - 2013-10-09 17:26:15
|
On 10/08/2013 10:07 PM, Geert Uytterhoeven wrote: > On Sun, Oct 6, 2013 at 11:01 PM, Toralf Förster <tor...@gm...> wrote: >>> Hmm, now pages_dirtied is zero, according to the backtrace, but the BUG_ON() >>> asserts its strict positive?!? >>> >>> Can you please try the following instead of the BUG_ON(): >>> >>> if (pause < 0) { >>> printk("pages_dirtied = %lu\n", pages_dirtied); >>> printk("task_ratelimit = %lu\n", task_ratelimit); >>> printk("pause = %ld\n", pause); >>> } >>> >>> Gr{oetje,eeting}s, >>> >>> Geert >> I tried it in different ways already - I'm completely unsuccessful in getting any printk output. >> As soon as the issue happens I do have a >> >> BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] >> >> at stderr of the UML and then no further input is accepted. With uml_mconsole I'm however able >> to run very basic commands like a crash dump, sysrq ond so on. > > You may get an idea of the magnitude of pages_dirtied by using a chain of > BUG_ON()s, like: > > BUG_ON(pages_dirtied > 2000000000); > BUG_ON(pages_dirtied > 1000000000); > BUG_ON(pages_dirtied > 100000000); > BUG_ON(pages_dirtied > 10000000); > BUG_ON(pages_dirtied > 1000000); > > Probably 1 million is already too much for normal operation? > period = HZ * pages_dirtied / task_ratelimit; BUG_ON(pages_dirtied > 2000000000); BUG_ON(pages_dirtied > 1000000000); <-------------- this is line 1467 the back trace is : tfoerste@n22 ~/devel/linux $ gdb --core=/mnt/ramdisk/core /home/tfoerste/devel/linux/linux -batch -ex bt [New LWP 6911] Core was generated by `/home/tfoerste/devel/linux/linux earlyprintk ubda=/home/tfoerste/virtual/uml/tr'. Program terminated with signal 6, Aborted. #0 0xb77a7424 in __kernel_vsyscall () #0 0xb77a7424 in __kernel_vsyscall () #1 0x083bdf35 in kill () #2 0x0807296d in uml_abort () at arch/um/os-Linux/util.c:93 #3 0x08072ca5 in os_dump_core () at arch/um/os-Linux/util.c:148 #4 0x080623c4 in panic_exit (self=0x85c1558 <panic_exit_notifier>, unused1=0, unused2=0x85f76e0 <buf.16221>) at arch/um/kernel/um_arch.c:240 #5 0x0809ba86 in notifier_call_chain (nl=0x0, val=0, v=0x85f76e0 <buf.16221>, nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93 #6 0x0809bba1 in __atomic_notifier_call_chain (nh=0x85f76c4 <panic_notifier_list>, val=0, v=0x85f76e0 <buf.16221>, nr_to_call=0, nr_calls=0x0) at kernel/notifier.c:182 #7 0x0809bbdf in atomic_notifier_call_chain (nh=0x0, val=0, v=0x0) at kernel/notifier.c:191 #8 0x0841b5bc in panic (fmt=0x0) at kernel/panic.c:130 #9 0x0841c470 in balance_dirty_pages (pages_dirtied=23, mapping=<optimized out>) at mm/page-writeback.c:1467 #10 0x080d3595 in balance_dirty_pages_ratelimited (mapping=0x6) at mm/page-writeback.c:1661 #11 0x080e4a3f in __do_fault (mm=0x45ba3600, vma=0x48777b90, address=1084678144, pmd=0x0, pgoff=0, flags=0, orig_pte=<incomplete type>) at mm/memory.c:3452 #12 0x080e6e0f in do_linear_fault (orig_pte=..., flags=<optimized out>, pmd=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>, page_table=<optimized out>) at mm/memory.c:3486 #13 handle_pte_fault (flags=<optimized out>, pmd=<optimized out>, pte=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>) at mm/memory.c:3710 #14 __handle_mm_fault (flags=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>) at mm/memory.c:3845 #15 handle_mm_fault (mm=0x45ba3600, vma=0x487034c8, address=1084678144, flags=1) at mm/memory.c:3868 #16 0x080e7817 in __get_user_pages (tsk=0x48705800, mm=0x45ba3600, start=1084678144, nr_pages=1025, gup_flags=519, pages=0x48558000, vmas=0x0, nonblocking=0x0) at mm/memory.c:1822 #17 0x080e7ae3 in get_user_pages (tsk=0x0, mm=0x0, start=0, nr_pages=0, write=1, force=0, pages=0x48777b90, vmas=0x6) at mm/memory.c:2019 #18 0x08143dc6 in aio_setup_ring (ctx=<optimized out>) at fs/aio.c:340 #19 ioctx_alloc (nr_events=<optimized out>) at fs/aio.c:605 #20 SYSC_io_setup (ctxp=<optimized out>, nr_events=<optimized out>) at fs/aio.c:1122 #21 SyS_io_setup (nr_events=65535, ctxp=135081984) at fs/aio.c:1105 #22 0x08062984 in handle_syscall (r=0x487059d4) at arch/um/kernel/skas/syscall.c:35 #23 0x08074fb5 in handle_trap (local_using_sysemu=<optimized out>, regs=<optimized out>, pid=<optimized out>) at arch/um/os-Linux/skas/process.c:198 #24 userspace (regs=0x487059d4) at arch/um/os-Linux/skas/process.c:431 #25 0x0805f750 in fork_handler () at arch/um/kernel/process.c:160 #26 0x00000000 in ?? () > Gr{oetje,eeting}s, > > Geert > > -- > Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@li... > > In personal conversations with technical people, I call myself a hacker. But > when I'm talking to journalists I just say "programmer" or something like that. > -- Linus Torvalds > -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Richard W. <ri...@no...> - 2013-10-09 18:44:04
|
CC'ing mm folks. Please see below. Am 09.10.2013 19:26, schrieb Toralf Förster: > On 10/08/2013 10:07 PM, Geert Uytterhoeven wrote: >> On Sun, Oct 6, 2013 at 11:01 PM, Toralf Förster <tor...@gm...> wrote: >>>> Hmm, now pages_dirtied is zero, according to the backtrace, but the BUG_ON() >>>> asserts its strict positive?!? >>>> >>>> Can you please try the following instead of the BUG_ON(): >>>> >>>> if (pause < 0) { >>>> printk("pages_dirtied = %lu\n", pages_dirtied); >>>> printk("task_ratelimit = %lu\n", task_ratelimit); >>>> printk("pause = %ld\n", pause); >>>> } >>>> >>>> Gr{oetje,eeting}s, >>>> >>>> Geert >>> I tried it in different ways already - I'm completely unsuccessful in getting any printk output. >>> As soon as the issue happens I do have a >>> >>> BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] >>> >>> at stderr of the UML and then no further input is accepted. With uml_mconsole I'm however able >>> to run very basic commands like a crash dump, sysrq ond so on. >> >> You may get an idea of the magnitude of pages_dirtied by using a chain of >> BUG_ON()s, like: >> >> BUG_ON(pages_dirtied > 2000000000); >> BUG_ON(pages_dirtied > 1000000000); >> BUG_ON(pages_dirtied > 100000000); >> BUG_ON(pages_dirtied > 10000000); >> BUG_ON(pages_dirtied > 1000000); >> >> Probably 1 million is already too much for normal operation? >> > period = HZ * pages_dirtied / task_ratelimit; > BUG_ON(pages_dirtied > 2000000000); > BUG_ON(pages_dirtied > 1000000000); <-------------- this is line 1467 Summary for mm people: Toralf runs trinty on UML/i386. After some time pages_dirtied becomes very large. More than 1000000000 pages in this case. Thus, period = HZ * pages_dirtied / task_ratelimit overflows and period/pause becomes extremely large. It looks like io_schedule_timeout() get's called with a very large timeout. I don't know why "if (unlikely(pause > max_pause)) {" does not help. Any ideas? Thanks, //richard > the back trace is : > > tfoerste@n22 ~/devel/linux $ gdb --core=/mnt/ramdisk/core /home/tfoerste/devel/linux/linux -batch -ex bt > [New LWP 6911] > Core was generated by `/home/tfoerste/devel/linux/linux earlyprintk ubda=/home/tfoerste/virtual/uml/tr'. > Program terminated with signal 6, Aborted. > #0 0xb77a7424 in __kernel_vsyscall () > #0 0xb77a7424 in __kernel_vsyscall () > #1 0x083bdf35 in kill () > #2 0x0807296d in uml_abort () at arch/um/os-Linux/util.c:93 > #3 0x08072ca5 in os_dump_core () at arch/um/os-Linux/util.c:148 > #4 0x080623c4 in panic_exit (self=0x85c1558 <panic_exit_notifier>, unused1=0, unused2=0x85f76e0 <buf.16221>) at arch/um/kernel/um_arch.c:240 > #5 0x0809ba86 in notifier_call_chain (nl=0x0, val=0, v=0x85f76e0 <buf.16221>, nr_to_call=-2, nr_calls=0x0) at kernel/notifier.c:93 > #6 0x0809bba1 in __atomic_notifier_call_chain (nh=0x85f76c4 <panic_notifier_list>, val=0, v=0x85f76e0 <buf.16221>, nr_to_call=0, nr_calls=0x0) at kernel/notifier.c:182 > #7 0x0809bbdf in atomic_notifier_call_chain (nh=0x0, val=0, v=0x0) at kernel/notifier.c:191 > #8 0x0841b5bc in panic (fmt=0x0) at kernel/panic.c:130 > #9 0x0841c470 in balance_dirty_pages (pages_dirtied=23, mapping=<optimized out>) at mm/page-writeback.c:1467 > #10 0x080d3595 in balance_dirty_pages_ratelimited (mapping=0x6) at mm/page-writeback.c:1661 > #11 0x080e4a3f in __do_fault (mm=0x45ba3600, vma=0x48777b90, address=1084678144, pmd=0x0, pgoff=0, flags=0, orig_pte=<incomplete type>) at mm/memory.c:3452 > #12 0x080e6e0f in do_linear_fault (orig_pte=..., flags=<optimized out>, pmd=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>, page_table=<optimized out>) at mm/memory.c:3486 > #13 handle_pte_fault (flags=<optimized out>, pmd=<optimized out>, pte=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>) at mm/memory.c:3710 > #14 __handle_mm_fault (flags=<optimized out>, address=<optimized out>, vma=<optimized out>, mm=<optimized out>) at mm/memory.c:3845 > #15 handle_mm_fault (mm=0x45ba3600, vma=0x487034c8, address=1084678144, flags=1) at mm/memory.c:3868 > #16 0x080e7817 in __get_user_pages (tsk=0x48705800, mm=0x45ba3600, start=1084678144, nr_pages=1025, gup_flags=519, pages=0x48558000, vmas=0x0, nonblocking=0x0) at mm/memory.c:1822 > #17 0x080e7ae3 in get_user_pages (tsk=0x0, mm=0x0, start=0, nr_pages=0, write=1, force=0, pages=0x48777b90, vmas=0x6) at mm/memory.c:2019 > #18 0x08143dc6 in aio_setup_ring (ctx=<optimized out>) at fs/aio.c:340 > #19 ioctx_alloc (nr_events=<optimized out>) at fs/aio.c:605 > #20 SYSC_io_setup (ctxp=<optimized out>, nr_events=<optimized out>) at fs/aio.c:1122 > #21 SyS_io_setup (nr_events=65535, ctxp=135081984) at fs/aio.c:1105 > #22 0x08062984 in handle_syscall (r=0x487059d4) at arch/um/kernel/skas/syscall.c:35 > #23 0x08074fb5 in handle_trap (local_using_sysemu=<optimized out>, regs=<optimized out>, pid=<optimized out>) at arch/um/os-Linux/skas/process.c:198 > #24 userspace (regs=0x487059d4) at arch/um/os-Linux/skas/process.c:431 > #25 0x0805f750 in fork_handler () at arch/um/kernel/process.c:160 > #26 0x00000000 in ?? () > > > >> Gr{oetje,eeting}s, >> >> Geert >> >> -- >> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@li... >> >> In personal conversations with technical people, I call myself a hacker. But >> when I'm talking to journalists I just say "programmer" or something like that. >> -- Linus Torvalds >> > > |
From: Fengguang Wu <fen...@in...> - 2013-10-12 04:45:32
|
Toralf runs trinity on UML/i386. After some time it hangs and the last message line is BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] It's found that pages_dirtied becomes very large. More than 1000000000 pages in this case: period = HZ * pages_dirtied / task_ratelimit; BUG_ON(pages_dirtied > 2000000000); BUG_ON(pages_dirtied > 1000000000); <--------- UML debug printf shows that we got negative pause here: ick: pause : -984 ick: pages_dirtied : 0 ick: task_ratelimit: 0 pause: + if (pause < 0) { + extern int printf(char *, ...); + printf("ick : pause : %li\n", pause); + printf("ick: pages_dirtied : %lu\n", pages_dirtied); + printf("ick: task_ratelimit: %lu\n", task_ratelimit); + BUG_ON(1); + } trace_balance_dirty_pages(bdi, Since pause is bounded by [min_pause, max_pause] where min_pause is also bounded by max_pause. It's suspected and demonstrated that the max_pause calculation goes wrong: ick: pause : -717 ick: min_pause : -177 ick: max_pause : -717 ick: pages_dirtied : 14 ick: task_ratelimit: 0 The problem lies in the two "long = unsigned long" assignments in bdi_max_pause() which might go negative if the highest bit is 1, and the min_t(long, ...) check failed to protect it falling under 0. Fix all of them by using "unsigned long" throughout the function. Reported-by: Toralf Förster <tor...@gm...> Tested-by: Toralf Förster <tor...@gm...> Cc: <st...@vg...> Cc: Jan Kara <ja...@su...> Cc: Richard Weinberger <ri...@no...> Cc: Geert Uytterhoeven <ge...@li...> Signed-off-by: Fengguang Wu <fen...@in...> --- mm/page-writeback.c | 10 +++++----- mm/readahead.c | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) Changes since v1: Add CC list. diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 3f0c895..241a746 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1104,11 +1104,11 @@ static unsigned long dirty_poll_interval(unsigned long dirty, return 1; } -static long bdi_max_pause(struct backing_dev_info *bdi, - unsigned long bdi_dirty) +static unsigned long bdi_max_pause(struct backing_dev_info *bdi, + unsigned long bdi_dirty) { - long bw = bdi->avg_write_bandwidth; - long t; + unsigned long bw = bdi->avg_write_bandwidth; + unsigned long t; /* * Limit pause time for small memory systems. If sleeping for too long @@ -1120,7 +1120,7 @@ static long bdi_max_pause(struct backing_dev_info *bdi, t = bdi_dirty / (1 + bw / roundup_pow_of_two(1 + HZ / 8)); t++; - return min_t(long, t, MAX_PAUSE); + return min_t(unsigned long, t, MAX_PAUSE); } static long bdi_min_pause(struct backing_dev_info *bdi, |
From: Jan K. <ja...@su...> - 2013-10-14 12:34:35
|
On Sat 12-10-13 12:45:17, Wu Fengguang wrote: > Toralf runs trinity on UML/i386. > After some time it hangs and the last message line is > > BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] > > It's found that pages_dirtied becomes very large. > More than 1000000000 pages in this case: > > period = HZ * pages_dirtied / task_ratelimit; > BUG_ON(pages_dirtied > 2000000000); > BUG_ON(pages_dirtied > 1000000000); <--------- > > UML debug printf shows that we got negative pause here: > > ick: pause : -984 > ick: pages_dirtied : 0 > ick: task_ratelimit: 0 > > pause: > + if (pause < 0) { > + extern int printf(char *, ...); > + printf("ick : pause : %li\n", pause); > + printf("ick: pages_dirtied : %lu\n", pages_dirtied); > + printf("ick: task_ratelimit: %lu\n", task_ratelimit); > + BUG_ON(1); > + } > trace_balance_dirty_pages(bdi, > > Since pause is bounded by [min_pause, max_pause] where min_pause is also > bounded by max_pause. It's suspected and demonstrated that the max_pause > calculation goes wrong: > > ick: pause : -717 > ick: min_pause : -177 > ick: max_pause : -717 > ick: pages_dirtied : 14 > ick: task_ratelimit: 0 > > The problem lies in the two "long = unsigned long" assignments in > bdi_max_pause() which might go negative if the highest bit is 1, and > the min_t(long, ...) check failed to protect it falling under 0. Fix > all of them by using "unsigned long" throughout the function. > > Reported-by: Toralf Förster <tor...@gm...> > Tested-by: Toralf Förster <tor...@gm...> > Cc: <st...@vg...> > Cc: Jan Kara <ja...@su...> > Cc: Richard Weinberger <ri...@no...> > Cc: Geert Uytterhoeven <ge...@li...> > Signed-off-by: Fengguang Wu <fen...@in...> The patch looks good. You can add: Reviewed-by: Jan Kara <ja...@su...> Honza > --- > mm/page-writeback.c | 10 +++++----- > mm/readahead.c | 2 +- > 2 files changed, 6 insertions(+), 6 deletions(-) > > Changes since v1: Add CC list. > > diff --git a/mm/page-writeback.c b/mm/page-writeback.c > index 3f0c895..241a746 100644 > --- a/mm/page-writeback.c > +++ b/mm/page-writeback.c > @@ -1104,11 +1104,11 @@ static unsigned long dirty_poll_interval(unsigned long dirty, > return 1; > } > > -static long bdi_max_pause(struct backing_dev_info *bdi, > - unsigned long bdi_dirty) > +static unsigned long bdi_max_pause(struct backing_dev_info *bdi, > + unsigned long bdi_dirty) > { > - long bw = bdi->avg_write_bandwidth; > - long t; > + unsigned long bw = bdi->avg_write_bandwidth; > + unsigned long t; > > /* > * Limit pause time for small memory systems. If sleeping for too long > @@ -1120,7 +1120,7 @@ static long bdi_max_pause(struct backing_dev_info *bdi, > t = bdi_dirty / (1 + bw / roundup_pow_of_two(1 + HZ / 8)); > t++; > > - return min_t(long, t, MAX_PAUSE); > + return min_t(unsigned long, t, MAX_PAUSE); > } > > static long bdi_min_pause(struct backing_dev_info *bdi, -- Jan Kara <ja...@su...> SUSE Labs, CR |
From: Toralf F. <tor...@gm...> - 2013-10-11 08:42:32
|
yeah, now the picture becomes more clear ... net.core.warnings = 0 [ ok ] ick: pause : -717 ick : min_pause : -177 ick : max_pause : -717 ick: pages_dirtied : 14 ick: task_ratelimit: 0 On 10/11/2013 03:16 AM, Fengguang Wu wrote: > On Thu, Oct 10, 2013 at 06:49:30PM +0200, Toralf Förster wrote: >> On 10/10/2013 12:33 AM, Richard Weinberger wrote: >>> Am 09.10.2013 23:47, schrieb Jan Kara: >>>> On Wed 09-10-13 20:43:50, Richard Weinberger wrote: >>>>> CC'ing mm folks. >>>>> Please see below. >>>> Added Fenguang to CC since he is the author of this code. >>> >>> Thx, get_maintainer.pl didn't list him. >>> >>>>> Am 09.10.2013 19:26, schrieb Toralf Förster: >>>>>> On 10/08/2013 10:07 PM, Geert Uytterhoeven wrote: >>>>>>> On Sun, Oct 6, 2013 at 11:01 PM, Toralf Förster <tor...@gm...> wrote: >>>>>>>>> Hmm, now pages_dirtied is zero, according to the backtrace, but the BUG_ON() >>>>>>>>> asserts its strict positive?!? >>>>>>>>> >>>>>>>>> Can you please try the following instead of the BUG_ON(): >>>>>>>>> >>>>>>>>> if (pause < 0) { >>>>>>>>> printk("pages_dirtied = %lu\n", pages_dirtied); >>>>>>>>> printk("task_ratelimit = %lu\n", task_ratelimit); >>>>>>>>> printk("pause = %ld\n", pause); >>>>>>>>> } >>>>>>>>> >>>>>>>>> Gr{oetje,eeting}s, >>>>>>>>> >>>>>>>>> Geert >>>>>>>> I tried it in different ways already - I'm completely unsuccessful in getting any printk output. >>>>>>>> As soon as the issue happens I do have a >>>>>>>> >>>>>>>> BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] >>>>>>>> >>>>>>>> at stderr of the UML and then no further input is accepted. With uml_mconsole I'm however able >>>>>>>> to run very basic commands like a crash dump, sysrq ond so on. >>>>>>> >>>>>>> You may get an idea of the magnitude of pages_dirtied by using a chain of >>>>>>> BUG_ON()s, like: >>>>>>> >>>>>>> BUG_ON(pages_dirtied > 2000000000); >>>>>>> BUG_ON(pages_dirtied > 1000000000); >>>>>>> BUG_ON(pages_dirtied > 100000000); >>>>>>> BUG_ON(pages_dirtied > 10000000); >>>>>>> BUG_ON(pages_dirtied > 1000000); >>>>>>> >>>>>>> Probably 1 million is already too much for normal operation? >>>>>>> >>>>>> period = HZ * pages_dirtied / task_ratelimit; >>>>>> BUG_ON(pages_dirtied > 2000000000); >>>>>> BUG_ON(pages_dirtied > 1000000000); <-------------- this is line 1467 >>>>> >>>>> Summary for mm people: >>>>> >>>>> Toralf runs trinty on UML/i386. >>>>> After some time pages_dirtied becomes very large. >>>>> More than 1000000000 pages in this case. >>>> Huh, this is really strange. pages_dirtied is passed into >>>> balance_dirty_pages() from current->nr_dirtied. So I wonder how a value >>>> over 10^9 can get there. After all that is over 4TB so I somewhat doubt the >>>> task was ever able to dirty that much during its lifetime (but correct me >>>> if I'm wrong here, with UML and memory backed disks it is not totally >>>> impossible)... I went through the logic of handling ->nr_dirtied but >>>> I didn't find any obvious problem there. Hum, maybe one thing - what >>>> 'task_ratelimit' values do you see in balance_dirty_pages? If that one was >>>> huge, we could possibly accumulate huge current->nr_dirtied. >>> >>> Toralf, you can try a snipplet like this one to get the values printed out: >>> diff --git a/mm/page-writeback.c b/mm/page-writeback.c >>> index f5236f8..a80e520 100644 >>> --- a/mm/page-writeback.c >>> +++ b/mm/page-writeback.c >>> @@ -1463,6 +1463,12 @@ static void balance_dirty_pages(struct address_space *mapping, >>> goto pause; >>> } >>> period = HZ * pages_dirtied / task_ratelimit; >>> + >>> + { >>> + extern int printf(char *, ...); >>> + printf("---> task_ratelimit: %lu\n", task_ratelimit); >>> + } >>> + >>> pause = period; >>> if (current->dirty_paused_when) >>> pause -= now - current->dirty_paused_when; >>> >>> >>> Yes, printf(), not printk(). >>> Using this hack we print directly to host's stdout. :) >>> >> *head smack* ofc - works fine. >> So given this diff : >> >> iff --git a/mm/page-writeback.c b/mm/page-writeback.c >> index f5236f8..5a2c337 100644 >> --- a/mm/page-writeback.c >> +++ b/mm/page-writeback.c >> @@ -1464,6 +1464,13 @@ static void balance_dirty_pages(struct address_space *mapping, >> } >> period = HZ * pages_dirtied / task_ratelimit; >> pause = period; >> + if (pause < 0) { >> + extern int printf(char *, ...); >> + printf("overflow : pause : %li\n", pause); >> + printf("overflow : pages_dirtied : %lu\n", pages_dirtied); >> + printf("overflow : task_ratelimit: %lu\n", task_ratelimit); >> + BUG_ON(1); >> + } >> if (current->dirty_paused_when) >> pause -= now - current->dirty_paused_when; >> /* >> @@ -1503,6 +1510,13 @@ static void balance_dirty_pages(struct address_space *mapping, >> } >> >> pause: >> + if (pause < 0) { > > Oops, we got > > ick : pause : -984 > > here! Since pause is bounded by [min_pause, max_pause], it means > something goes wrong with the bounds. Would you help print min_pause > and max_pause as well? > > It seems there are "long <=> unsigned long" conversion problems in > bdi_max_pause(), which might make max_pause a negative number. And the > min_pause calculation is based on max_pause to some degree.. > > Thanks, > Fengguang > >> + extern int printf(char *, ...); >> + printf("ick : pause : %li\n", pause); >> + printf("ick: pages_dirtied : %lu\n", pages_dirtied); >> + printf("ick: task_ratelimit: %lu\n", task_ratelimit); >> + BUG_ON(1); >> + } >> trace_balance_dirty_pages(bdi, >> dirty_thresh, >> background_thresh, >> >> >> I got this : >> >> >> >> >> * Starting local >> net.core.warnings = 0 [ ok ] >> ick : pause : -984 >> ick: pages_dirtied : 0 >> ick: task_ratelimit: 0 >> Kernel panic - not syncing: BUG! >> CPU: 0 PID: 1434 Comm: trinity-child2 Not tainted 3.12.0-rc4-00029-g0e7a3ed-dirty #12 >> 47397c84 47397cb0 0841b5a0 084c30e8 085f76e0 084b4745 47397cbc 00000000 >> fffffc28 01fff278 085cb4a0 47397d2c 0841c5a0 084b4745 084c5398 000005ee >> 08432cf0 43e47600 471757f8 47397cf0 ffffff0c 47397cdc 5256d8b9 3417ec18 47397c5c: [<08060b2c>] show_stack+0x7c/0xd0 >> 47397c7c: [<0841e34d>] dump_stack+0x26/0x28 >> 47397c8c: [<0841b5a0>] panic+0x7a/0x180 >> 47397cb4: [<0841c5a0>] balance_dirty_pages.isra.32+0x4e3/0x5ad >> 47397d30: [<080d3595>] balance_dirty_pages_ratelimited+0xf5/0x100 >> 47397d44: [<080e4a3f>] __do_fault+0x3cf/0x440 >> 47397d9c: [<080e6e0f>] handle_mm_fault+0xef/0x7c0 >> 47397dec: [<080e7817>] __get_user_pages+0x227/0x420 >> 47397e24: [<080e7ae3>] get_user_pages+0x63/0x70 >> 47397e4c: [<08143dc6>] SyS_io_setup+0x3c6/0x760 >> 47397eb0: [<08062984>] handle_syscall+0x64/0x80 >> 47397ef0: [<08074fb5>] userspace+0x475/0x5f0 >> 47397fec: [<0805f750>] fork_handler+0x60/0x70 >> 47397ffc: [<00000000>] 0x0 >> >> >> EIP: 0073:[<40001282>] CPU: 0 Not tainted ESP: 007b:bfb348f8 EFLAGS: 00000246 >> Not tainted >> EAX: ffffffda EBX: 00001000 ECX: 080d0000 EDX: 80000048 >> ESI: 80fbff1f EDI: ffe02f77 EBP: 90f6e2a3 DS: 007b ES: 007b >> 47397c0c: [<0807947f>] show_regs+0x10f/0x120 >> 47397c28: [<080623a9>] panic_exit+0x29/0x50 >> 47397c38: [<0809ba86>] notifier_call_chain+0x36/0x60 >> 47397c60: [<0809bba1>] __atomic_notifier_call_chain+0x21/0x30 >> 47397c70: [<0809bbdf>] atomic_notifier_call_chain+0x2f/0x40 >> 47397c8c: [<0841b5bc>] panic+0x96/0x180 >> 47397cb4: [<0841c5a0>] balance_dirty_pages.isra.32+0x4e3/0x5ad >> 47397d30: [<080d3595>] balance_dirty_pages_ratelimited+0xf5/0x100 >> 47397d44: [<080e4a3f>] __do_fault+0x3cf/0x440 >> 47397d9c: [<080e6e0f>] handle_mm_fault+0xef/0x7c0 >> 47397dec: [<080e7817>] __get_user_pages+0x227/0x420 >> 47397e24: [<080e7ae3>] get_user_pages+0x63/0x70 >> 47397e4c: [<08143dc6>] SyS_io_setup+0x3c6/0x760 >> 47397eb0: [<08062984>] handle_syscall+0x64/0x80 >> 47397ef0: [<08074fb5>] userspace+0x475/0x5f0 >> 47397fec: [<0805f750>] fork_handler+0x60/0x70 >> 47397ffc: [<00000000>] 0x0 >> >> /home/tfoerste/workspace/bin/start_uml.sh: line 115: 18718 Aborted (core dumped) $LINUX earlyprintk ubda=$ROOTFS ubdb=$SWAP eth0=$NET mem=$MEM $TTY umid=uml_$NAME rootfstype=ext4 "$ARGS" >> >> >> >From what I see there are 2 different types of issues - and this is an example of the other of both >> >>> Thanks, >>> //richard >>> >> >> >> -- >> MfG/Sincerely >> Toralf Förster >> pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 > -- MfG/Sincerely Toralf Förster pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3 |
From: Fengguang Wu <fen...@in...> - 2013-10-11 08:57:32
|
On Fri, Oct 11, 2013 at 10:42:19AM +0200, Toralf Förster wrote: > yeah, now the picture becomes more clear > ... > net.core.warnings = 0 [ ok ] > ick: pause : -717 > ick : min_pause : -177 > ick : max_pause : -717 > ick: pages_dirtied : 14 > ick: task_ratelimit: 0 Great and thanks! So it's the max pause calculation went wrong. Would help you try the below patch? >From 5420b9bbe42dd0a366d7615e9f3d3724cee725c4 Mon Sep 17 00:00:00 2001 From: Fengguang Wu <fen...@in...> Date: Fri, 11 Oct 2013 16:53:26 +0800 Subject: [PATCH] fix bdi max pause calculation Signed-off-by: Fengguang Wu <fen...@in...> --- mm/page-writeback.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 3f0c895..241a746 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -1104,11 +1104,11 @@ static unsigned long dirty_poll_interval(unsigned long dirty, return 1; } -static long bdi_max_pause(struct backing_dev_info *bdi, - unsigned long bdi_dirty) +static unsigned long bdi_max_pause(struct backing_dev_info *bdi, + unsigned long bdi_dirty) { - long bw = bdi->avg_write_bandwidth; - long t; + unsigned long bw = bdi->avg_write_bandwidth; + unsigned long t; /* * Limit pause time for small memory systems. If sleeping for too long @@ -1120,7 +1120,7 @@ static long bdi_max_pause(struct backing_dev_info *bdi, t = bdi_dirty / (1 + bw / roundup_pow_of_two(1 + HZ / 8)); t++; - return min_t(long, t, MAX_PAUSE); + return min_t(unsigned long, t, MAX_PAUSE); } static long bdi_min_pause(struct backing_dev_info *bdi, -- 1.7.10.4 |
From: Fengguang Wu <fen...@in...> - 2013-10-11 09:06:00
|
On Fri, Oct 11, 2013 at 04:57:01PM +0800, Fengguang Wu wrote: > On Fri, Oct 11, 2013 at 10:42:19AM +0200, Toralf Förster wrote: > > yeah, now the picture becomes more clear > > ... > > net.core.warnings = 0 [ ok ] > > ick: pause : -717 > > ick : min_pause : -177 > > ick : max_pause : -717 > > ick: pages_dirtied : 14 > > ick: task_ratelimit: 0 > > Great and thanks! So it's the max pause calculation went wrong. However I still suspect this is not the main reason for the soft lockup. Because schedule_timeout() will directly return on negative timeout. So yes, we have encountered some negative pauses, however we still need to fix the huge dirtied pages problem which should be more fundamental. Thanks, Fengguang |
From: Geert U. <ge...@li...> - 2013-10-10 06:52:40
|
On Thu, Oct 10, 2013 at 4:46 AM, Fengguang Wu <fen...@in...> wrote: > On Wed, Oct 09, 2013 at 11:47:33PM +0200, Jan Kara wrote: >> On Wed 09-10-13 20:43:50, Richard Weinberger wrote: >> > Am 09.10.2013 19:26, schrieb Toralf Förster: >> > > On 10/08/2013 10:07 PM, Geert Uytterhoeven wrote: >> > >> On Sun, Oct 6, 2013 at 11:01 PM, Toralf Förster <tor...@gm...> wrote: >> > >>>> Hmm, now pages_dirtied is zero, according to the backtrace, but the BUG_ON() >> > >>>> asserts its strict positive?!? >> > >>>> >> > >>>> Can you please try the following instead of the BUG_ON(): >> > >>>> >> > >>>> if (pause < 0) { >> > >>>> printk("pages_dirtied = %lu\n", pages_dirtied); >> > >>>> printk("task_ratelimit = %lu\n", task_ratelimit); >> > >>>> printk("pause = %ld\n", pause); >> > >>> I tried it in different ways already - I'm completely unsuccessful in getting any printk output. >> > >>> As soon as the issue happens I do have a >> > >>> >> > >>> BUG: soft lockup - CPU#0 stuck for 22s! [trinity-child0:1521] >> > >>> >> > >>> at stderr of the UML and then no further input is accepted. With uml_mconsole I'm however able >> > >>> to run very basic commands like a crash dump, sysrq ond so on. >> > >> >> > >> You may get an idea of the magnitude of pages_dirtied by using a chain of >> > >> BUG_ON()s, like: >> > >> >> > >> BUG_ON(pages_dirtied > 2000000000); >> > >> BUG_ON(pages_dirtied > 1000000000); >> > >> BUG_ON(pages_dirtied > 100000000); >> > >> BUG_ON(pages_dirtied > 10000000); >> > >> BUG_ON(pages_dirtied > 1000000); >> > >> >> > >> Probably 1 million is already too much for normal operation? >> > >> >> > > period = HZ * pages_dirtied / task_ratelimit; >> > > BUG_ON(pages_dirtied > 2000000000); >> > > BUG_ON(pages_dirtied > 1000000000); <-------------- this is line 1467 >> > >> > Summary for mm people: >> > >> > Toralf runs trinty on UML/i386. >> > After some time pages_dirtied becomes very large. >> > More than 1000000000 pages in this case. >> Huh, this is really strange. pages_dirtied is passed into >> balance_dirty_pages() from current->nr_dirtied. So I wonder how a value >> over 10^9 can get there. > > I noticed aio_setup_ring() in the call trace and find it recently > added a SetPageDirty() call in a loop by commit 36bc08cc01 ("fs/aio: > Add support to aio ring pages migration"). So added CC to its authors. > >> After all that is over 4TB so I somewhat doubt the >> task was ever able to dirty that much during its lifetime (but correct me >> if I'm wrong here, with UML and memory backed disks it is not totally >> impossible)... I went through the logic of handling ->nr_dirtied but >> I didn't find any obvious problem there. Hum, maybe one thing - what >> 'task_ratelimit' values do you see in balance_dirty_pages? If that one was >> huge, we could possibly accumulate huge current->nr_dirtied. >> >> > Thus, period = HZ * pages_dirtied / task_ratelimit overflows >> > and period/pause becomes extremely large. period/pause are signed long, so they become negative instead of extremely large when overflowing. >> > It looks like io_schedule_timeout() get's called with a very large timeout. >> > I don't know why "if (unlikely(pause > max_pause)) {" does not help. Because pause is now negative. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@li... In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds |