Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932288Ab2E3IZW (ORCPT <rfc822;w@1wt.eu>);
	Wed, 30 May 2012 04:25:22 -0400
Received: from fold.natur.cuni.cz ([195.113.57.32]:47779 "HELO
	fold.natur.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with SMTP id S1751217Ab2E3IZT (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 30 May 2012 04:25:19 -0400
Message-ID: <4FC5D96B.8040708@fold.natur.cuni.cz>
Date: Wed, 30 May 2012 10:25:15 +0200
From: Martin Mokrejs <mmokrejs@fold.natur.cuni.cz>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120517 Firefox/12.0 SeaMonkey/2.9.1
MIME-Version: 1.0
To: Konstantin Khlebnikov <khlebnikov@openvz.org>
CC: Andrew Morton <akpm@linux-foundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "markus@trippelsdorf.de" <markus@trippelsdorf.de>,
        "hughd@google.com" <hughd@google.com>,
        "kamezawa.hiroyu@jp.fujitsu.com" <kamezawa.hiroyu@jp.fujitsu.com>,
        "oleg@redhat.com" <oleg@redhat.com>, Michal Hocko <mhocko@suse.cz>,
        "linux-mm@kvack.org" <linux-mm@kvack.org>
Subject: Re: 3.4-rc7: BUG: Bad rss-counter state mm:ffff88040b56f800 idx:1
 val:-59
References: <4FBC1618.5010408@fold.natur.cuni.cz> <20120522162835.c193c8e0.akpm@linux-foundation.org> <4FBC7EAE.4040805@openvz.org>
In-Reply-To: <4FBC7EAE.4040805@openvz.org>
X-Enigmail-Version: 1.5pre
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 6417
Lines: 166



Konstantin Khlebnikov wrote:
> Andrew Morton wrote:
>> On Wed, 23 May 2012 00:41:28 +0200
>> Martin Mokrejs<mmokrejs@fold.natur.cuni.cz>  wrote:
>>
>>> Hi Andrew,
>>>    while shutting down my laptop (Dell Vostro 3550 with 16GB RAM, core i7) with 3.4-rc7 I got:
>>>
>>> May 23 00:07:54 vostro kernel: [352687.968267] BUG: Bad rss-counter state mm:ffff88040b56f800 idx:1 val:-59
>>> May 23 00:07:54 vostro kernel: [352687.968312] BUG: Bad rss-counter state mm:ffff88040b56f800 idx:2 val:59
>>> May 23 00:07:55 vostro acpid: exiting
>>> May 23 00:07:55 vostro syslog-ng[2838]: syslog-ng shutting down; version='3.3.4'
>>>
>>>    I found by Google the below thread and thought that maybe it is related?
>>> http://comments.gmane.org/gmane.linux.kernel.mm/76459
>>>
>>> ...
>>>
>>
>>
>> Well hopefully the below will fix this?
>>
>> I notice that I don't have this tagged for -stable backporting.  That
>> seems wrong.  Konstantin, do we know for how long this bug has been in
>> there?
> 
> It there for years, by itself it is mostly harmless.
> This warning was added in c3f0327f8e9d7a503f0d64573c311eddd61f197d
> so only v3.4 has this, I thought this fix will be there before release.
> 
>>
>>
>>
>> From: Konstantin Khlebnikov<khlebnikov@openvz.org>
>> Subject: mm: correctly synchronize rss-counters at exit/exec
>>
>> mm->rss_stat counters have per-task delta: task->rss_stat.  Before
>> changing task->mm pointer the kernel must flush this delta with
>> sync_mm_rss().
>>
>> do_exit() already calls sync_mm_rss() to flush the rss-counters before
>> committing the rss statistics into task->signal->maxrss, taskstats, audit
>> and other stuff.  Unfortunately the kernel does this before calling
>> mm_release(), which can call put_user() for processing
>> task->clear_child_tid.  So at this point we can trigger page-faults and
>> task->rss_stat becomes non-zero again.  As a result mm->rss_stat becomes
>> inconsistent and check_mm() will print something like this:
>>
>> | BUG: Bad rss-counter state mm:ffff88020813c380 idx:1 val:-1
>> | BUG: Bad rss-counter state mm:ffff88020813c380 idx:2 val:1
>>
>> This patch moves sync_mm_rss() into mm_release(), and moves mm_release()
>> out of do_exit() and calls it earlier.  After mm_release() there should be
>> no pagefaults.
>>
>> [akpm@linux-foundation.org: tweak comment]
>> Signed-off-by: Konstantin Khlebnikov<khlebnikov@openvz.org>
>> Reported-by: Markus Trippelsdorf<markus@trippelsdorf.de>
>> Cc: Hugh Dickins<hughd@google.com>
>> Cc: KAMEZAWA Hiroyuki<kamezawa.hiroyu@jp.fujitsu.com>
>> Cc: Oleg Nesterov<oleg@redhat.com>
>> Signed-off-by: Andrew Morton<akpm@linux-foundation.org>
>> ---
>>
>>   fs/exec.c     |    1 -
>>   kernel/exit.c |   13 ++++++++-----
>>   kernel/fork.c |    8 ++++++++
>>   3 files changed, 16 insertions(+), 6 deletions(-)
>>
>> diff -puN fs/exec.c~mm-correctly-synchronize-rss-counters-at-exit-exec fs/exec.c
>> --- a/fs/exec.c~mm-correctly-synchronize-rss-counters-at-exit-exec
>> +++ a/fs/exec.c
>> @@ -823,7 +823,6 @@ static int exec_mmap(struct mm_struct *m
>>       /* Notify parent that we're no longer interested in the old VM */
>>       tsk = current;
>>       old_mm = current->mm;
>> -    sync_mm_rss(old_mm);
>>       mm_release(tsk, old_mm);
>>
>>       if (old_mm) {
>> diff -puN kernel/exit.c~mm-correctly-synchronize-rss-counters-at-exit-exec kernel/exit.c
>> --- a/kernel/exit.c~mm-correctly-synchronize-rss-counters-at-exit-exec
>> +++ a/kernel/exit.c
>> @@ -423,6 +423,7 @@ void daemonize(const char *name, ...)
>>        * user space pages.  We don't need them, and if we didn't close them
>>        * they would be locked into memory.
>>        */
>> +    mm_release(current, current->mm);
>>       exit_mm(current);
>>       /*
>>        * We don't want to get frozen, in case system-wide hibernation
>> @@ -640,7 +641,6 @@ static void exit_mm(struct task_struct *
>>       struct mm_struct *mm = tsk->mm;
>>       struct core_state *core_state;
>>
>> -    mm_release(tsk, mm);
>>       if (!mm)
>>           return;
>>       /*
>> @@ -959,9 +959,13 @@ void do_exit(long code)
>>                   preempt_count());
>>
>>       acct_update_integrals(tsk);
>> -    /* sync mm's RSS info before statistics gathering */
>> -    if (tsk->mm)
>> -        sync_mm_rss(tsk->mm);
>> +
>> +    /* Set exit_code before complete_vfork_done() in mm_release() */
>> +    tsk->exit_code = code;
>> +
>> +    /* Release mm and sync mm's RSS info before statistics gathering */
>> +    mm_release(tsk, tsk->mm);
>> +
>>       group_dead = atomic_dec_and_test(&tsk->signal->live);
>>       if (group_dead) {
>>           hrtimer_cancel(&tsk->signal->real_timer);
>> @@ -974,7 +978,6 @@ void do_exit(long code)
>>           tty_audit_exit();
>>       audit_free(tsk);
>>
>> -    tsk->exit_code = code;
>>       taskstats_exit(tsk, group_dead);
>>
>>       exit_mm(tsk);
>> diff -puN kernel/fork.c~mm-correctly-synchronize-rss-counters-at-exit-exec kernel/fork.c
>> --- a/kernel/fork.c~mm-correctly-synchronize-rss-counters-at-exit-exec
>> +++ a/kernel/fork.c
>> @@ -809,6 +809,14 @@ void mm_release(struct task_struct *tsk,
>>           }
>>           tsk->clear_child_tid = NULL;
>>       }
>> +
>> +    /*
>> +     * Final rss-counter synchronization. After this point there must be
>> +     * no pagefaults into this mm from the current context.  Otherwise
>> +     * mm->rss_stat will be inconsistent.
>> +     */
>> +    if (mm)
>> +        sync_mm_rss(mm);
>>   }
>>
>>   /*
>> _
>>

I made my system to allocate some 3 millions of blocks in swap according to vmstat(1)
and rebooted.  It took about 6 minutes to the system to kill 7 gimp images 2.2GB
(16000x8000px, at 1200dpi each and a python session having some huge lists in memory.
I have 16GB of RAM. There were no errors/warnings or Oopses logged in /var/log/messages
so I conclude this patch from Konstantin Khlebnikov works for me on 3.4-rc7.

May 30 09:57:57 vostro syslog-ng[2534]: syslog-ng shutting down; version='3.3.4'
May 30 10:06:31 vostro syslog-ng[2519]: syslog-ng starting up; version='3.3.4'

Tested-by: Martin Mokrejs <mmokrejs@fold.natur.cuni.cz>

--

Will try the other patch from Oleg Nesterov now.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/