From: Tomas Hruby <thruby@gmail.com>
To: Matthew Wilcox <matthew@wil.cx>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: BUGs in mm/rmap.c
Date: Thu, 17 Aug 2006 21:19:32 +0200 [thread overview]
Message-ID: <20060817191932.GA10046@fspc268> (raw)
In-Reply-To: <20060817113826.GL4340@parisc-linux.org>
On Thu, Aug 17, 2006 at 05:38:27AM -0600, Matthew Wilcox wrote:
> On Thu, Aug 17, 2006 at 04:10:08AM +0200, Tomas Hruby wrote:
> > Hello all,
> >
> > we are testing our fs project on a 2.6.17.4 kernel that is patched
> > with
> > http://marc.theaimsgroup.com/?l=linux-fsdeve,l&m=115080965116016&w=2
> > patch. We experienced BUGs in mm/rmap.c when creating many files in a
>
> Can you reproduce the problem with ext3 without this patch?
I tried that today again and it crashed with a different error on both
kernels, with and without that patch. Here are the logs :
Patched :
EXT3 FS on hda2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
slab: Internal list corruption detected in cache 'vm_area_struct'(39), slabp f5c92000(38). Hexdump:
000: 00 01 10 00 00 02 20 00 b8 00 00 00 b8 20 c9 f5
010: 26 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff
020: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
030: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
040: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
050: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
060: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
070: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
080: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
090: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
0a0: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff
0b0: fd ff ff ff fd ff ff ff
------------[ cut here ]------------
kernel BUG at mm/slab.c:2700!
invalid opcode: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rt2500 rtc unix
CPU: 0
EIP: 0060:[<c0145500>] Not tainted VLI
EFLAGS: 00010002 (2.6.17.4 #11)
EIP is at check_slabp+0x84/0x95
eax: 00000001 ebx: 000000b8 ecx: c0379394 edx: 00000001
esi: f5c92000 edi: c18dc780 ebp: da403d78 esp: da403d68
ds: 007b es: 007b ss: 0068
Process bash (pid: 14252, threadinfo=da403000 task=f5f4aac0)
Stack: c02b673f f5c92000 c18db838 c18dc780 da403da4 c0146124 00000026 00000010
00000009 f5c920b8 f553f0b4 c18cef7c c18dab3c c18dc780 f46f9f2c da403dd0
c0145e38 00000000 c18cef38 c18dc780 c18db85c 00000010 c18db838 c18cef38
Call Trace:
[<c0103c7f>] show_stack_log_lvl+0x85/0x8f
[<c0103e09>] show_registers+0x14b/0x1bf
[<c0103fe2>] die+0x165/0x266
[<c010415d>] do_trap+0x7a/0x98
[<c01048a4>] do_invalid_op+0x8a/0x94
[<c010379f>] error_code+0x4f/0x54
[<c0146124>] free_block+0x6d/0x14c
[<c0145e38>] cache_flusharray+0xa8/0x10d
[<c0145f7f>] kmem_cache_free+0x4b/0x5e
[<c013bf98>] remove_vma+0x45/0x4e
[<c013c062>] exit_mmap+0xc1/0xe0
[<c0113397>] mmput+0x22/0x7c
[<c0153227>] flush_old_exec+0x582/0x7b4
[<c016f3fa>] load_elf_binary+0x483/0x1403
[<c01526fb>] search_binary_handler+0xb8/0x2b1
[<c0153f60>] do_execve+0x135/0x1b6
[<c01017cd>] sys_execve+0x2a/0x75
[<c0102d0b>] syscall_call+0x7/0xb
Code: 58 0f b6 04 33 43 50 68 62 83 2c c0 e8 a9 08 fd ff 58 5a 8b 47 1c 8d 04 85 1c 00 00 00 39 c3 72 ce 68 3f 67 2b c0 e8 8f 08 fd ff <0f> 0b 8c 0a f9 82 2b c0 5b 8d 65 f4 5b 5e 5f c9 c3 55 89 e5 56
EIP: [<c0145500>] check_slabp+0x84/0x95 SS:ESP 0068:da403d68
<3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():1
[<c0103cbc>] show_trace+0x13/0x15
[<c01041bc>] dump_stack+0x18/0x1c
[<c0111950>] __might_sleep+0x87/0x8f
[<c0120016>] blocking_notifier_call_chain+0x13/0x42
[<c011654e>] profile_task_exit+0x12/0x17
[<c0117adc>] do_exit+0x1b/0x76b
[<c01040bc>] die+0x23f/0x266
[<c010415d>] do_trap+0x7a/0x98
[<c01048a4>] do_invalid_op+0x8a/0x94
[<c010379f>] error_code+0x4f/0x54
[<c0146124>] free_block+0x6d/0x14c
[<c0145e38>] cache_flusharray+0xa8/0x10d
[<c0145f7f>] kmem_cache_free+0x4b/0x5e
[<c013bf98>] remove_vma+0x45/0x4e
[<c013c062>] exit_mmap+0xc1/0xe0
[<c0113397>] mmput+0x22/0x7c
[<c0153227>] flush_old_exec+0x582/0x7b4
[<c016f3fa>] load_elf_binary+0x483/0x1403
[<c01526fb>] search_binary_handler+0xb8/0x2b1
[<c0153f60>] do_execve+0x135/0x1b6
[<c01017cd>] sys_execve+0x2a/0x75
[<c0102d0b>] syscall_call+0x7/0xb
note: bash[14252] exited with preempt_count 1
BUG: spinlock cpu recursion on CPU#0, bash/14251
lock: c18db85c, .magic: dead4ead, .owner: bash/14252, .owner_cpu: 0
[<c0103cbc>] show_trace+0x13/0x15
[<c01041bc>] dump_stack+0x18/0x1c
[<c01c4a1a>] spin_bug+0x7c/0xbc
[<c01c4b72>] _raw_spin_lock+0x4d/0xe9
[<c02a1f34>] _spin_lock+0x16/0x1c
[<c0145dd0>] cache_flusharray+0x40/0x10d
[<c0145f7f>] kmem_cache_free+0x4b/0x5e
[<c013bf98>] remove_vma+0x45/0x4e
[<c013c062>] exit_mmap+0xc1/0xe0
[<c0113397>] mmput+0x22/0x7c
[<c0153227>] flush_old_exec+0x582/0x7b4
[<c016f3fa>] load_elf_binary+0x483/0x1403
[<c01526fb>] search_binary_handler+0xb8/0x2b1
[<c0153f60>] do_execve+0x135/0x1b6
[<c01017cd>] sys_execve+0x2a/0x75
[<c0102d0b>] syscall_call+0x7/0xb
BUG: spinlock lockup on CPU#0, bash/14251, c18db85c
[<c0103cbc>] show_trace+0x13/0x15
[<c01041bc>] dump_stack+0x18/0x1c
[<c01c4be7>] _raw_spin_lock+0xc2/0xe9
[<c02a1f34>] _spin_lock+0x16/0x1c
[<c0145dd0>] cache_flusharray+0x40/0x10d
[<c0145f7f>] kmem_cache_free+0x4b/0x5e
[<c013bf98>] remove_vma+0x45/0x4e
[<c013c062>] exit_mmap+0xc1/0xe0
[<c0113397>] mmput+0x22/0x7c
[<c0153227>] flush_old_exec+0x582/0x7b4
[<c016f3fa>] load_elf_binary+0x483/0x1403
[<c01526fb>] search_binary_handler+0xb8/0x2b1
[<c0153f60>] do_execve+0x135/0x1b6
[<c01017cd>] sys_execve+0x2a/0x75
[<c0102d0b>] syscall_call+0x7/0xb
Without patch (I run 3 for loops, each with different file names in
parallel). First one bash crashed because of a wrong pointer, one
bash finished and the last one crashed on a BUG in slab too.
netconsole: network logging started
kjournald starting. Commit interval 5 seconds
EXT3 FS on hda2, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
BUG: unable to handle kernel paging request at virtual address 0000292e
printing eip:
c01c3163
*pde = 00000000
Oops: 0000 [#1]
PREEMPT
Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rtc unix
CPU: 0
EIP: 0060:[<c01c3163>] Not tainted VLI
EFLAGS: 00010213 (2.6.17.4-vanilla #5)
EIP is at _raw_spin_lock+0x8/0xd9
eax: 00000001 ebx: 0000292a ecx: f7448040 edx: e28ee000
esi: 0000292a edi: 0000292a ebp: 00000000 esp: e28eee80
ds: 007b es: 007b ss: 0068
Process bash (pid: 3909, threadinfo=e28ee000 task=f75d0ab0)
Stack: 0000292a 0000292a f73c4954 00000000 c029e7f4 0000292a f73c4954 c013e9d6
000000d0 c0113b08 f73c4954 00000000 f73fb4a4 f7448040 c0113b37 f73c4954
f73c4954 f73fb4a4 00000058 e28eefbc bfb31cec 01200011 00000000 c1ac2030
Call Trace:
<c029e7f4> _spin_lock+0x13/0x16 <c013e9d6> anon_vma_link+0x1f/0xa3
<c0113b08> copy_process+0xa4a/0x11ae <c0113b37> copy_process+0xa79/0x11ae
<c011448a> do_fork+0x90/0x197 <c01c27c7> copy_to_user+0x52/0x6f
<c01012d8> sys_clone+0x24/0x28 <c0102c8f> syscall_call+0x7/0xb
Code: ff ff ff ff c7 03 01 00 00 00 5b c3 8b 44 24 04 81 38 ed 1e af de 74 0a ba ff dc 2b c0 e9 ba fd ff ff c3 55 57 56 53 8b 7c 24 14 <81> 7f 04 ad 4e ad de 74 0c ba ff dc 2b c0 89 f8 e8 6c fe ff ff
EIP: [<c01c3163>] _raw_spin_lock+0x8/0xd9 SS:ESP 0068:e28eee80
<3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():0
<c011f9ec> blocking_notifier_call_chain+0x11/0x41 <c011611a> profile_task_exit+0x10/0x14
<c0117652> do_exit+0x1b/0x76b <c0103f6d> die+0x1a4/0x25f
<c0104002> die+0x239/0x25f <c01103fc> do_page_fault+0x45a/0x54a
<c010ffa2> do_page_fault+0x0/0x54a <c0103723> error_code+0x4f/0x54
<c01c3163> _raw_spin_lock+0x8/0xd9 <c029e7f4> _spin_lock+0x13/0x16
<c013e9d6> anon_vma_link+0x1f/0xa3 <c0113b08> copy_process+0xa4a/0x11ae
<c0113b37> copy_process+0xa79/0x11ae <c011448a> do_fork+0x90/0x197
<c01c27c7> copy_to_user+0x52/0x6f <c01012d8> sys_clone+0x24/0x28
<c0102c8f> syscall_call+0x7/0xb
note: bash[3909] exited with preempt_count 1
BUG: scheduling while atomic: bash/0x00000001/3909
<c029c831> schedule+0x43/0x5aa <c0102c8f> syscall_call+0x7/0xb
<c029e4cf> rwsem_down_read_failed+0x139/0x153 <c0103b6c> show_trace_log_lvl+0xad/0xd7
<c0118199> .text.lock.exit+0x7/0x66 <c01177be> do_exit+0x187/0x76b
<c0103f6d> die+0x1a4/0x25f <c0104002> die+0x239/0x25f
<c01103fc> do_page_fault+0x45a/0x54a <c010ffa2> do_page_fault+0x0/0x54a
<c0103723> error_code+0x4f/0x54 <c01c3163> _raw_spin_lock+0x8/0xd9
<c029e7f4> _spin_lock+0x13/0x16 <c013e9d6> anon_vma_link+0x1f/0xa3
<c0113b08> copy_process+0xa4a/0x11ae <c0113b37> copy_process+0xa79/0x11ae
<c011448a> do_fork+0x90/0x197 <c01c27c7> copy_to_user+0x52/0x6f
<c01012d8> sys_clone+0x24/0x28 <c0102c8f> syscall_call+0x7/0xb
slab: double free detected in cache 'inode_cache', objp f6c19414
------------[ cut here ]------------
kernel BUG at mm/slab.c:2455!
invalid opcode: 0000 [#2]
PREEMPT
Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rtc unix
CPU: 0
EIP: 0060:[<c0145547>] Not tainted VLI
EFLAGS: 00010096 (2.6.17.4-vanilla #5)
EIP is at free_block+0xcc/0x153
eax: 00000044 ebx: f6c19020 ecx: 00000000 edx: 00000001
esi: c18dbdb0 edi: c18dc320 ebp: f6c19044 esp: c1913eec
ds: 007b es: 007b ss: 0068
Process events/0 (pid: 4, threadinfo=c1913000 task=c1912ab0)
Stack: c02b5718 c02bb179 f6c19414 00000002 00000002 00000001 f6c19414 c18d78a8
c18d78a4 00000002 c18d7884 00000000 c014565b 00000000 00000000 c18dc320
c18dbdd4 00000000 c18dbdb0 c18dc320 00000000 c0146966 00000000 00000000
Call Trace:
<c014565b> drain_array+0x8d/0xbc <c0146966> cache_reap+0x47/0x155
<c0121fc7> run_workqueue+0x78/0xb6 <c014691f> cache_reap+0x0/0x155
<c012240f> worker_thread+0x0/0x111 <c01224ee> worker_thread+0xdf/0x111
<c0111762> default_wake_function+0x0/0x15 <c0124976> kthread+0x96/0xc3
<c01248e0> kthread+0x0/0xc3 <c0101005> kernel_thread_helper+0x5/0xb
Code: fd ff e8 29 ec fb ff 83 c4 10 8b 04 24 8d 6c 83 1c 8b 45 00 40 83 f8 fd 77 1c ff 74 24 0c ff 77 44 68 18 57 2b c0 e8 41 04 fd ff <0f> 0b 97 09 f3 52 2b c0 83 c4 0c 8b 43 14 89 da 89 45 00 8b 04
EIP: [<c0145547>] free_block+0xcc/0x153 SS:ESP 0068:c1913eec
<3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43
in_atomic():1, irqs_disabled():1
<c011f9ec> blocking_notifier_call_chain+0x11/0x41 <c011611a> profile_task_exit+0x10/0x14
<c0117652> do_exit+0x1b/0x76b <c0103f6d> die+0x1a4/0x25f
<c0104002> die+0x239/0x25f <c01047a6> do_invalid_op+0x0/0x9e
<c0104838> do_invalid_op+0x92/0x9e <c0145547> free_block+0xcc/0x153
<c011538a> release_console_sem+0x19a/0x1a2 <c011595a> vprintk+0x2b9/0x2e7
<c029e982> _spin_unlock+0x10/0x25 <c0103723> error_code+0x4f/0x54
<c0145547> free_block+0xcc/0x153 <c014565b> drain_array+0x8d/0xbc
<c0146966> cache_reap+0x47/0x155 <c0121fc7> run_workqueue+0x78/0xb6
<c014691f> cache_reap+0x0/0x155 <c012240f> worker_thread+0x0/0x111
<c01224ee> worker_thread+0xdf/0x111 <c0111762> default_wake_function+0x0/0x15
<c0124976> kthread+0x96/0xc3 <c01248e0> kthread+0x0/0xc3
<c0101005> kernel_thread_helper+0x5/0xb
note: events/0[4] exited with preempt_count 1
BUG: events/0/4, lock held at task exit time!
[c02f0f40] {cache_chain_mutex}
.. held by: events/0: 4 [c1912ab0, 110]
... acquired at: cache_reap+0x11/0x155
next prev parent reply other threads:[~2006-08-17 19:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-17 2:10 BUGs in mm/rmap.c Tomas Hruby
2006-08-17 11:38 ` Matthew Wilcox
2006-08-17 19:19 ` Tomas Hruby [this message]
2006-08-17 19:42 ` Matthew Wilcox
2006-08-19 12:32 ` Tomas Hruby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060817191932.GA10046@fspc268 \
--to=thruby@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=matthew@wil.cx \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.