From: Ingo Molnar <mingo@elte.hu>
To: Jens Axboe <jens.axboe@oracle.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [bug] block subsystem related crash with latest -git
Date: Wed, 17 Oct 2007 19:11:49 +0200 [thread overview]
Message-ID: <20071017171149.GA26139@elte.hu> (raw)
In-Reply-To: <20071017165949.GF15552@kernel.dk>
* Jens Axboe <jens.axboe@oracle.com> wrote:
> > and the oopsing instruction is that load of "sg->page" in the assembly
> > code:
> >
> > mov 0x10(%esi),%eax # %eax = sg->page
> > lea 0x10(%esi),%edx # %edx = sg+1;
> > test $0x1,%al # if (unlikely(sg_is_chain()))
> > jne +76
> >
> > Jens?
>
> Yep, that's what I came up with as well - I asked Ingo for a dump in
> private, but ended up just using ksymoops to decode the line.
>
> The way blk_rq_map_sg() operates is that it ends up doing a
>
> next_sg = sg_next(sg);
>
> even though sg may be the last entry. Perhaps this is crapping out,
> although if sg is a valid address, then sg + 1 should be as well.
> next_sg may end up being crap, in fact it will, but we'll never use
> that unless there are more entries to fill. And if there is, then both
> sg and next_sg were valid.
find below the disassembled code. Here's the faulting source line
according to gdb:
(gdb) list *0x78406669
0x78406669 is in blk_rq_map_sg (include/linux/scatterlist.h:48).
43 */
44 static inline struct scatterlist *sg_next(struct scatterlist *sg)
45 {
46 sg++;
47
48 if (unlikely(sg_is_chain(sg)))
49 sg = sg_chain_ptr(sg);
50
51 return sg;
52 }
(gdb) list *0x78406673
0x78406673 is in blk_rq_map_sg (block/ll_rw_blk.c:1355).
1350 } else {
1351 new_segment:
1352 sg = next_sg;
1353 next_sg = sg_next(sg);
1354
1355 sg->page = bvec->bv_page;
1356 sg->length = nbytes;
1357 sg->offset = bvec->bv_offset;
1358 nsegs++;
1359 }
(gdb)
the compiler is gcc-4.2.2. (vanilla, built from sources)
Ingo
784065b0 <blk_rq_map_sg>:
784065b0: 55 push %ebp
784065b1: 57 push %edi
784065b2: 56 push %esi
784065b3: 53 push %ebx
784065b4: 83 ec 28 sub $0x28,%esp
784065b7: 89 44 24 04 mov %eax,0x4(%esp)
784065bb: 8b 98 08 01 00 00 mov 0x108(%eax),%ebx
784065c1: 83 e3 01 and $0x1,%ebx
784065c4: 89 5c 24 18 mov %ebx,0x18(%esp)
784065c8: 8b 52 3c mov 0x3c(%edx),%edx
784065cb: c7 44 24 14 00 00 00 movl $0x0,0x14(%esp)
784065d2: 00
784065d3: 85 d2 test %edx,%edx
784065d5: 89 54 24 20 mov %edx,0x20(%esp)
784065d9: 0f 84 fc 00 00 00 je 784066db <blk_rq_map_sg+0x12b>
784065df: 89 ce mov %ecx,%esi
784065e1: 31 d2 xor %edx,%edx
784065e3: 89 4c 24 10 mov %ecx,0x10(%esp)
784065e7: 8b 44 24 20 mov 0x20(%esp),%eax
784065eb: 0f b7 58 1a movzwl 0x1a(%eax),%ebx
784065ef: 8b 48 30 mov 0x30(%eax),%ecx
784065f2: 89 5c 24 1c mov %ebx,0x1c(%esp)
784065f6: 0f b7 40 18 movzwl 0x18(%eax),%eax
784065fa: 39 d8 cmp %ebx,%eax
784065fc: 0f 8e c6 00 00 00 jle 784066c8 <blk_rq_map_sg+0x118>
78406602: 8d 04 5b lea (%ebx,%ebx,2),%eax
78406605: 8d 1c 81 lea (%ecx,%eax,4),%ebx
78406608: 0f b6 44 24 18 movzbl 0x18(%esp),%eax
7840660d: 88 44 24 27 mov %al,0x27(%esp)
78406611: e9 8b 00 00 00 jmp 784066a1 <blk_rq_map_sg+0xf1>
78406616: 8b 4c 24 10 mov 0x10(%esp),%ecx
7840661a: 8b 41 0c mov 0xc(%ecx),%eax
7840661d: 8b 4c 24 04 mov 0x4(%esp),%ecx
78406621: 01 e8 add %ebp,%eax
78406623: 89 44 24 08 mov %eax,0x8(%esp)
78406627: 3b 81 6c 01 00 00 cmp 0x16c(%ecx),%eax
7840662d: 0f 87 80 00 00 00 ja 784066b3 <blk_rq_map_sg+0x103>
78406633: a1 18 ec d7 78 mov 0x78d7ec18,%eax
78406638: 8b 0a mov (%edx),%ecx
7840663a: 29 c1 sub %eax,%ecx
7840663c: c1 f9 05 sar $0x5,%ecx
7840663f: c1 e1 0c shl $0xc,%ecx
78406642: 03 4a 08 add 0x8(%edx),%ecx
78406645: 8b 52 04 mov 0x4(%edx),%edx
78406648: 01 ca add %ecx,%edx
7840664a: 89 54 24 0c mov %edx,0xc(%esp)
7840664e: 8b 3b mov (%ebx),%edi
78406650: 89 fa mov %edi,%edx
78406652: 29 c2 sub %eax,%edx
78406654: 89 d0 mov %edx,%eax
78406656: c1 f8 05 sar $0x5,%eax
78406659: c1 e0 0c shl $0xc,%eax
7840665c: 03 43 08 add 0x8(%ebx),%eax
7840665f: 39 44 24 0c cmp %eax,0xc(%esp)
78406663: 0f 84 7e 00 00 00 je 784066e7 <blk_rq_map_sg+0x137>
78406669: 8b 46 10 mov 0x10(%esi),%eax
7840666c: 8d 56 10 lea 0x10(%esi),%edx
7840666f: a8 01 test $0x1,%al
78406671: 75 4c jne 784066bf <blk_rq_map_sg+0x10f>
78406673: 89 3e mov %edi,(%esi)
78406675: 89 6e 0c mov %ebp,0xc(%esi)
78406678: 8b 43 08 mov 0x8(%ebx),%eax
7840667b: 89 46 04 mov %eax,0x4(%esi)
7840667e: 83 44 24 14 01 addl $0x1,0x14(%esp)
78406683: 89 74 24 10 mov %esi,0x10(%esp)
78406687: 89 d6 mov %edx,%esi
78406689: 8b 54 24 20 mov 0x20(%esp),%edx
7840668d: 83 44 24 1c 01 addl $0x1,0x1c(%esp)
78406692: 0f b7 42 18 movzwl 0x18(%edx),%eax
78406696: 3b 44 24 1c cmp 0x1c(%esp),%eax
7840669a: 7e 2a jle 784066c6 <blk_rq_map_sg+0x116>
7840669c: 89 da mov %ebx,%edx
7840669e: 83 c3 0c add $0xc,%ebx
784066a1: 85 d2 test %edx,%edx
784066a3: 8b 6b 04 mov 0x4(%ebx),%ebp
784066a6: 74 0b je 784066b3 <blk_rq_map_sg+0x103>
784066a8: 80 7c 24 27 00 cmpb $0x0,0x27(%esp)
784066ad: 0f 85 63 ff ff ff jne 78406616 <blk_rq_map_sg+0x66>
784066b3: 8b 46 10 mov 0x10(%esi),%eax
784066b6: 8d 56 10 lea 0x10(%esi),%edx
784066b9: 8b 3b mov (%ebx),%edi
784066bb: a8 01 test $0x1,%al
784066bd: 74 b4 je 78406673 <blk_rq_map_sg+0xc3>
784066bf: 89 c2 mov %eax,%edx
784066c1: 83 e2 fe and $0xfffffffe,%edx
784066c4: eb ad jmp 78406673 <blk_rq_map_sg+0xc3>
784066c6: 89 da mov %ebx,%edx
784066c8: 8b 4c 24 20 mov 0x20(%esp),%ecx
784066cc: 8b 49 08 mov 0x8(%ecx),%ecx
784066cf: 85 c9 test %ecx,%ecx
784066d1: 89 4c 24 20 mov %ecx,0x20(%esp)
784066d5: 0f 85 0c ff ff ff jne 784065e7 <blk_rq_map_sg+0x37>
784066db: 8b 44 24 14 mov 0x14(%esp),%eax
784066df: 83 c4 28 add $0x28,%esp
784066e2: 5b pop %ebx
784066e3: 5e pop %esi
784066e4: 5f pop %edi
784066e5: 5d pop %ebp
784066e6: c3 ret
784066e7: 8b 44 24 04 mov 0x4(%esp),%eax
784066eb: 8b 54 24 0c mov 0xc(%esp),%edx
784066ef: 8b 80 70 01 00 00 mov 0x170(%eax),%eax
784066f5: 89 04 24 mov %eax,(%esp)
784066f8: 09 c1 or %eax,%ecx
784066fa: 8d 44 2a ff lea 0xffffffff(%edx,%ebp,1),%eax
784066fe: 0b 04 24 or (%esp),%eax
78406701: 39 c1 cmp %eax,%ecx
78406703: 0f 85 60 ff ff ff jne 78406669 <blk_rq_map_sg+0xb9>
78406709: 8b 44 24 08 mov 0x8(%esp),%eax
7840670d: 8b 4c 24 10 mov 0x10(%esp),%ecx
78406711: 89 41 0c mov %eax,0xc(%ecx)
78406714: e9 70 ff ff ff jmp 78406689 <blk_rq_map_sg+0xd9>
78406719: 8d b4 26 00 00 00 00 lea 0x0(%esi),%esi
prev parent reply other threads:[~2007-10-17 17:12 UTC|newest]
Thread overview: 151+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-17 15:46 [bug] block subsystem related crash with latest -git Ingo Molnar
2007-10-17 15:50 ` Ingo Molnar
2007-10-17 16:32 ` Jens Axboe
2007-10-17 16:50 ` Linus Torvalds
2007-10-17 16:59 ` Jens Axboe
2007-10-17 17:08 ` Jens Axboe
2007-10-17 17:21 ` Jens Axboe
2007-10-17 17:29 ` Jens Axboe
2007-10-17 17:34 ` Ingo Molnar
2007-10-17 17:36 ` Jens Axboe
2007-10-17 17:45 ` [bug] ata " Ingo Molnar
2007-10-17 17:53 ` Jens Axboe
2007-10-17 17:55 ` Jens Axboe
2007-10-17 17:58 ` Ingo Molnar
2007-10-17 18:37 ` Jens Axboe
2007-10-17 19:04 ` Ingo Molnar
2007-10-17 19:08 ` Jens Axboe
2007-10-17 19:14 ` Ingo Molnar
2007-10-17 19:17 ` Ingo Molnar
2007-10-17 19:25 ` Jens Axboe
2007-10-17 19:25 ` Jens Axboe
2007-10-17 19:09 ` Ingo Molnar
2007-10-17 19:28 ` Linus Torvalds
2007-10-17 19:35 ` Jens Axboe
2007-10-17 19:45 ` Linus Torvalds
2007-10-17 19:56 ` Jens Axboe
2007-10-17 20:06 ` Jens Axboe
2007-10-17 20:24 ` Linus Torvalds
2007-10-17 20:31 ` Jens Axboe
2007-10-17 21:11 ` Linus Torvalds
2007-10-17 23:00 ` FUJITA Tomonori
2007-10-18 1:07 ` Linus Torvalds
2007-10-18 1:14 ` Jeff Garzik
2007-10-18 1:19 ` David Miller
2007-10-18 1:36 ` Linus Torvalds
2007-10-18 1:49 ` David Miller
2007-10-18 3:44 ` Mark Lord
2007-10-18 4:01 ` Linus Torvalds
2007-10-18 4:05 ` Mark Lord
2007-10-18 4:14 ` Jeff Garzik
2007-10-18 4:18 ` Mark Lord
2007-10-18 4:31 ` Jeff Garzik
2007-10-18 4:41 ` Mark Lord
2007-10-18 4:53 ` Linus Torvalds
2007-10-18 7:05 ` Jens Axboe
2007-10-18 13:13 ` Mark Lord
2007-10-18 13:23 ` Jens Axboe
2007-10-18 13:32 ` Mark Lord
2007-10-18 13:34 ` Jens Axboe
2007-10-18 13:59 ` Mark Lord
2007-10-18 14:04 ` Jens Axboe
2007-10-18 4:45 ` Linus Torvalds
2007-10-18 4:54 ` Mark Lord
2007-10-18 5:09 ` Mark Lord
2007-10-18 4:20 ` Linus Torvalds
2007-10-18 5:25 ` Mark Lord
2007-10-18 5:34 ` Mark Lord
2007-10-18 5:45 ` Jeff Garzik
2007-10-18 7:09 ` Jens Axboe
2007-10-18 7:30 ` Jeff Garzik
2007-10-18 8:21 ` Jens Axboe
2007-10-18 11:55 ` David Miller
2007-10-18 11:57 ` Jens Axboe
2007-10-18 12:05 ` David Miller
2007-10-18 12:09 ` Jens Axboe
2007-10-18 12:15 ` Jens Axboe
2007-10-18 12:36 ` David Miller
2007-10-18 12:39 ` Jens Axboe
2007-10-18 12:58 ` Benny Halevy
2007-10-18 13:56 ` Jens Axboe
2007-10-18 14:05 ` Jens Axboe
2007-10-18 14:16 ` Benny Halevy
2007-10-18 14:38 ` Jens Axboe
2007-10-18 14:58 ` Olof Johansson
2007-10-18 15:25 ` Jens Axboe
2007-10-18 12:58 ` Jens Axboe
2007-10-18 13:32 ` Jens Axboe
2007-10-18 13:49 ` Benny Halevy
2007-10-18 13:55 ` Jens Axboe
2007-10-18 13:51 ` Mark Lord
2007-10-18 13:58 ` Jens Axboe
2007-10-18 14:03 ` Mark Lord
2007-10-18 14:10 ` Mark Lord
2007-10-18 14:13 ` Mark Lord
2007-10-18 14:14 ` Jens Axboe
2007-10-18 16:55 ` Linus Torvalds
2007-10-18 17:01 ` Jens Axboe
2007-10-18 17:10 ` Jens Axboe
2007-10-18 17:10 ` Arjan van de Ven
2007-10-18 17:14 ` Jens Axboe
2007-10-19 8:59 ` FUJITA Tomonori
2007-10-18 19:20 ` Jeff Garzik
2007-10-17 20:51 ` Ingo Molnar
2007-10-17 19:49 ` Jens Axboe
2007-10-17 20:05 ` Ingo Molnar
2007-10-17 20:10 ` Linus Torvalds
2007-10-18 7:07 ` Ingo Molnar
2007-10-18 7:10 ` Jens Axboe
2007-10-18 8:22 ` Jeff Garzik
2007-10-18 8:32 ` Jens Axboe
2007-10-18 8:38 ` Jeff Garzik
2007-10-18 8:51 ` Jeff Garzik
2007-10-18 9:01 ` Jeff Garzik
[not found] ` <bd58e4af0710180210tcc0d31ep9d05a0f2e9d6df29@mail.gmail.com>
2007-10-18 9:14 ` Jeff Garzik
2007-10-18 9:17 ` Jens Axboe
2007-10-18 9:32 ` Jeff Garzik
2007-10-18 9:41 ` Jens Axboe
2007-10-18 10:04 ` Jeff Garzik
2007-10-18 10:10 ` Jens Axboe
2007-10-18 10:13 ` Ingo Molnar
2007-10-18 10:16 ` Jens Axboe
2007-10-18 10:17 ` Jens Axboe
2007-10-18 10:49 ` Ingo Molnar
2007-10-18 10:50 ` Jeff Garzik
2007-10-18 10:56 ` Jens Axboe
2007-10-18 10:42 ` [PATCH] " Jeff Garzik
2007-10-18 10:54 ` Ingo Molnar
2007-10-18 11:02 ` Jeff Garzik
2007-10-18 11:40 ` Ingo Molnar
2007-10-18 14:52 ` Olof Johansson
2007-10-20 11:55 ` Torsten Kaiser
2007-10-18 11:03 ` Ingo Molnar
2007-10-18 11:05 ` Jens Axboe
2007-10-17 19:42 ` Linus Torvalds
2007-10-17 19:55 ` Jens Axboe
2007-10-17 18:08 ` Linus Torvalds
2007-10-17 18:13 ` Ingo Molnar
2007-10-17 17:56 ` [bug] block " Linus Torvalds
2007-10-17 18:02 ` Jens Axboe
2007-10-17 18:13 ` Linus Torvalds
2007-10-17 18:20 ` Jens Axboe
2007-10-17 18:58 ` Linus Torvalds
2007-10-17 19:03 ` Jens Axboe
2007-10-17 19:15 ` Linus Torvalds
2007-10-17 18:02 ` Ingo Molnar
2007-10-17 18:14 ` Linus Torvalds
2007-10-17 20:15 ` Luca Tettamanti
2007-10-17 17:30 ` Ingo Molnar
2007-10-17 17:31 ` Jens Axboe
2007-10-17 17:28 ` Ingo Molnar
2007-10-17 17:52 ` Linus Torvalds
2007-10-17 18:00 ` Jens Axboe
2007-10-17 18:18 ` Linus Torvalds
2007-10-17 18:22 ` Jens Axboe
2007-10-18 10:52 ` Benny Halevy
2007-10-18 10:55 ` Jens Axboe
2007-10-18 12:03 ` David Miller
2007-10-18 12:28 ` Jens Axboe
2007-10-17 18:22 ` Linus Torvalds
2007-10-17 18:40 ` Jens Axboe
2007-10-17 17:11 ` Ingo Molnar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071017171149.GA26139@elte.hu \
--to=mingo@elte.hu \
--cc=akpm@linux-foundation.org \
--cc=jens.axboe@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.