> Hi,
>
> I accidentally oomed my box running Christopher Rolands shmtst, and
> it started swap looping. I've seen this same looping before, and
> the only thing going on is alternations of A and B transcribed from
> console.
>
> A B
> ------------------------------------------------------------------
> swap_out+0x5f try_to_swap_out+0x13
> do_try_to_free_pages+0x89 swap_out_vma+0x129
> try_to_free_pages+0x30 swap_out_mm+0x64
> __alloc_pages_wrap+41e do_try_to_free_pages+0x89
> read_swap_cache_async+0x71 try_to_free_pages+0x30
> swapin_readahead+0x8d __alloc_pages_wrap+0x41e
> do_swap_page+0x2b read_swap_cache_async+0x71
> handle_mm_fault+0x189 swapin_readahead+0x8d
> error_code+0x2d do_swap_page+0x2b
> setup_frame+0xd3 handle_mm_fault+0x203
> handle_signal+0x76 do_page_fault+0x189
> do_signal+0x246 error_code+0x2d
> signal_return setup_frame+0xd3
> handle_signal+0x76
> do_signal+0x246
> signal_return
>
Part 2 (final chapter probably)
What the machine is trying to do while this is happening, is to
kill init. It tries for a very long time, and finally succeeds.
All stop. Oom was initiated by normal (but unlimited) user. I
recompiled with -g, and looked around.
(gdb) list *setup_frame+0xd3
0xc0108f53 is in setup_frame (/usr/local/src/tmp/linux-2.3.45.ikd/include/asm/uaccess.h:562).
557 return n;
558 }
559
560 static inline unsigned long
561 __constant_copy_to_user_nocheck(void *to, const void *from, unsigned long n)
562 {
563 __constant_copy_user(to,from,n);
564 return n;
565 }
566
(gdb) list *setup_frame+0xd0
0xc0108f50 is in setup_frame (signal.c:423).
418 && sig < 32
419 ? current->exec_domain->signal_invmap[sig]
420 : sig),
421 &frame->sig);
422
423 err |= setup_sigcontext(&frame->sc, &frame->fpstate, regs, set->sig[0]);
424
425 if (_NSIG_WORDS > 1) {
426 err |= __copy_to_user(frame->extramask, &set->sig[1],
427 sizeof(frame->extramask));
frame = get_sigframe(ka, regs, sizeof(*frame));
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
c0108efe: 8b 55 fc mov 0xfffffffc(%ebp),%edx >>XX<<
static inline struct task_struct * get_current(void)
{
struct task_struct *current;
__asm__("andl %%esp,%0; ":"=r" (current) : "0" (~8191UL));
c0108f01: 21 e1 and %esp,%ecx
c0108f03: 81 c2 dc 00 00 00 add $0xdc,%edx
c0108f09: 19 c0 sbb %eax,%eax
c0108f0b: 39 51 0c cmp %edx,0xc(%ecx)
c0108f0e: 83 d8 00 sbb $0x0,%eax
c0108f11: 85 c0 test %eax,%eax
c0108f13: 0f 85 ff 00 00 00 jne c0109018 <setup_frame+0x198>
goto give_sigsegv;
err |= __put_user((current->exec_domain
c0108f19: 31 db xor %ebx,%ebx
&& current->exec_domain->signal_invmap
&& sig < 32
? current->exec_domain->signal_invmap[sig]
: sig),
&frame->sig);
c0108f1b: 8b 41 10 mov 0x10(%ecx),%eax
c0108f1e: 8b 55 08 mov 0x8(%ebp),%edx
c0108f21: 85 c0 test %eax,%eax
c0108f23: 74 0f je c0108f34 <setup_frame+0xb4>
c0108f25: 8b 40 10 mov 0x10(%eax),%eax
c0108f28: 85 c0 test %eax,%eax
c0108f2a: 74 08 je c0108f34 <setup_frame+0xb4>
c0108f2c: 83 fa 1f cmp $0x1f,%edx
c0108f2f: 7f 03 jg c0108f34 <setup_frame+0xb4>
c0108f31: 8b 14 90 mov (%eax,%edx,4),%edx
c0108f34: 8b 4d fc mov 0xfffffffc(%ebp),%ecx
c0108f37: 89 51 04 mov %edx,0x4(%ecx)
err |= setup_sigcontext(&frame->sc, &frame->fpstate, regs, set->sig[0]);
c0108f3a: 8b 06 mov (%esi),%eax
c0108f3c: 50 push %eax
}
static inline unsigned long
__constant_copy_to_user_nocheck(void *to, const void *from, unsigned long n)
{
c0108f3d: 83 c6 04 add $0x4,%esi
c0108f40: 8b 45 14 mov 0x14(%ebp),%eax
c0108f43: 50 push %eax
c0108f44: 89 c8 mov %ecx,%eax
c0108f46: 83 c0 60 add $0x60,%eax
c0108f49: 50 push %eax
c0108f4a: 83 c0 a8 add $0xffffffa8,%eax
c0108f4d: 50 push %eax
c0108f4e: e8 f5 fd ff ff call c0108d48 <setup_sigcontext>
}
static inline unsigned long
__constant_copy_to_user_nocheck(void *to, const void *from, unsigned long n)
{
c0108f53: 8b 7d fc mov 0xfffffffc(%ebp),%edi >>YY<<
c0108f56: 09 c3 or %eax,%ebx
}
Does this mean page_fault because ebp changed since access_ok() was
called.. ie race? Or am I reading badly?
-Mike
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/