From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tomas Hruby Subject: Re: BUGs in mm/rmap.c Date: Thu, 17 Aug 2006 21:19:32 +0200 Message-ID: <20060817191932.GA10046@fspc268> References: <20060817021008.GD20340@fspc268> <20060817113826.GL4340@parisc-linux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-fsdevel@vger.kernel.org Return-path: Received: from smtp.etmail.cz ([160.218.43.220]:51601 "EHLO smtp.etmail.cz") by vger.kernel.org with ESMTP id S1751256AbWHQTTi (ORCPT ); Thu, 17 Aug 2006 15:19:38 -0400 To: Matthew Wilcox Content-Disposition: inline In-Reply-To: <20060817113826.GL4340@parisc-linux.org> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Thu, Aug 17, 2006 at 05:38:27AM -0600, Matthew Wilcox wrote: > On Thu, Aug 17, 2006 at 04:10:08AM +0200, Tomas Hruby wrote: > > Hello all, > > > > we are testing our fs project on a 2.6.17.4 kernel that is patched > > with > > http://marc.theaimsgroup.com/?l=linux-fsdeve,l&m=115080965116016&w=2 > > patch. We experienced BUGs in mm/rmap.c when creating many files in a > > Can you reproduce the problem with ext3 without this patch? I tried that today again and it crashed with a different error on both kernels, with and without that patch. Here are the logs : Patched : EXT3 FS on hda2, internal journal EXT3-fs: mounted filesystem with ordered data mode. slab: Internal list corruption detected in cache 'vm_area_struct'(39), slabp f5c92000(38). Hexdump: 000: 00 01 10 00 00 02 20 00 b8 00 00 00 b8 20 c9 f5 010: 26 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 020: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 030: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 040: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 050: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 060: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 070: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 080: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 090: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 0a0: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 0b0: fd ff ff ff fd ff ff ff ------------[ cut here ]------------ kernel BUG at mm/slab.c:2700! invalid opcode: 0000 [#1] PREEMPT DEBUG_PAGEALLOC Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rt2500 rtc unix CPU: 0 EIP: 0060:[] Not tainted VLI EFLAGS: 00010002 (2.6.17.4 #11) EIP is at check_slabp+0x84/0x95 eax: 00000001 ebx: 000000b8 ecx: c0379394 edx: 00000001 esi: f5c92000 edi: c18dc780 ebp: da403d78 esp: da403d68 ds: 007b es: 007b ss: 0068 Process bash (pid: 14252, threadinfo=da403000 task=f5f4aac0) Stack: c02b673f f5c92000 c18db838 c18dc780 da403da4 c0146124 00000026 00000010 00000009 f5c920b8 f553f0b4 c18cef7c c18dab3c c18dc780 f46f9f2c da403dd0 c0145e38 00000000 c18cef38 c18dc780 c18db85c 00000010 c18db838 c18cef38 Call Trace: [] show_stack_log_lvl+0x85/0x8f [] show_registers+0x14b/0x1bf [] die+0x165/0x266 [] do_trap+0x7a/0x98 [] do_invalid_op+0x8a/0x94 [] error_code+0x4f/0x54 [] free_block+0x6d/0x14c [] cache_flusharray+0xa8/0x10d [] kmem_cache_free+0x4b/0x5e [] remove_vma+0x45/0x4e [] exit_mmap+0xc1/0xe0 [] mmput+0x22/0x7c [] flush_old_exec+0x582/0x7b4 [] load_elf_binary+0x483/0x1403 [] search_binary_handler+0xb8/0x2b1 [] do_execve+0x135/0x1b6 [] sys_execve+0x2a/0x75 [] syscall_call+0x7/0xb Code: 58 0f b6 04 33 43 50 68 62 83 2c c0 e8 a9 08 fd ff 58 5a 8b 47 1c 8d 04 85 1c 00 00 00 39 c3 72 ce 68 3f 67 2b c0 e8 8f 08 fd ff <0f> 0b 8c 0a f9 82 2b c0 5b 8d 65 f4 5b 5e 5f c9 c3 55 89 e5 56 EIP: [] check_slabp+0x84/0x95 SS:ESP 0068:da403d68 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43 in_atomic():1, irqs_disabled():1 [] show_trace+0x13/0x15 [] dump_stack+0x18/0x1c [] __might_sleep+0x87/0x8f [] blocking_notifier_call_chain+0x13/0x42 [] profile_task_exit+0x12/0x17 [] do_exit+0x1b/0x76b [] die+0x23f/0x266 [] do_trap+0x7a/0x98 [] do_invalid_op+0x8a/0x94 [] error_code+0x4f/0x54 [] free_block+0x6d/0x14c [] cache_flusharray+0xa8/0x10d [] kmem_cache_free+0x4b/0x5e [] remove_vma+0x45/0x4e [] exit_mmap+0xc1/0xe0 [] mmput+0x22/0x7c [] flush_old_exec+0x582/0x7b4 [] load_elf_binary+0x483/0x1403 [] search_binary_handler+0xb8/0x2b1 [] do_execve+0x135/0x1b6 [] sys_execve+0x2a/0x75 [] syscall_call+0x7/0xb note: bash[14252] exited with preempt_count 1 BUG: spinlock cpu recursion on CPU#0, bash/14251 lock: c18db85c, .magic: dead4ead, .owner: bash/14252, .owner_cpu: 0 [] show_trace+0x13/0x15 [] dump_stack+0x18/0x1c [] spin_bug+0x7c/0xbc [] _raw_spin_lock+0x4d/0xe9 [] _spin_lock+0x16/0x1c [] cache_flusharray+0x40/0x10d [] kmem_cache_free+0x4b/0x5e [] remove_vma+0x45/0x4e [] exit_mmap+0xc1/0xe0 [] mmput+0x22/0x7c [] flush_old_exec+0x582/0x7b4 [] load_elf_binary+0x483/0x1403 [] search_binary_handler+0xb8/0x2b1 [] do_execve+0x135/0x1b6 [] sys_execve+0x2a/0x75 [] syscall_call+0x7/0xb BUG: spinlock lockup on CPU#0, bash/14251, c18db85c [] show_trace+0x13/0x15 [] dump_stack+0x18/0x1c [] _raw_spin_lock+0xc2/0xe9 [] _spin_lock+0x16/0x1c [] cache_flusharray+0x40/0x10d [] kmem_cache_free+0x4b/0x5e [] remove_vma+0x45/0x4e [] exit_mmap+0xc1/0xe0 [] mmput+0x22/0x7c [] flush_old_exec+0x582/0x7b4 [] load_elf_binary+0x483/0x1403 [] search_binary_handler+0xb8/0x2b1 [] do_execve+0x135/0x1b6 [] sys_execve+0x2a/0x75 [] syscall_call+0x7/0xb Without patch (I run 3 for loops, each with different file names in parallel). First one bash crashed because of a wrong pointer, one bash finished and the last one crashed on a BUG in slab too. netconsole: network logging started kjournald starting. Commit interval 5 seconds EXT3 FS on hda2, internal journal EXT3-fs: mounted filesystem with ordered data mode. BUG: unable to handle kernel paging request at virtual address 0000292e printing eip: c01c3163 *pde = 00000000 Oops: 0000 [#1] PREEMPT Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rtc unix CPU: 0 EIP: 0060:[] Not tainted VLI EFLAGS: 00010213 (2.6.17.4-vanilla #5) EIP is at _raw_spin_lock+0x8/0xd9 eax: 00000001 ebx: 0000292a ecx: f7448040 edx: e28ee000 esi: 0000292a edi: 0000292a ebp: 00000000 esp: e28eee80 ds: 007b es: 007b ss: 0068 Process bash (pid: 3909, threadinfo=e28ee000 task=f75d0ab0) Stack: 0000292a 0000292a f73c4954 00000000 c029e7f4 0000292a f73c4954 c013e9d6 000000d0 c0113b08 f73c4954 00000000 f73fb4a4 f7448040 c0113b37 f73c4954 f73c4954 f73fb4a4 00000058 e28eefbc bfb31cec 01200011 00000000 c1ac2030 Call Trace: _spin_lock+0x13/0x16 anon_vma_link+0x1f/0xa3 copy_process+0xa4a/0x11ae copy_process+0xa79/0x11ae do_fork+0x90/0x197 copy_to_user+0x52/0x6f sys_clone+0x24/0x28 syscall_call+0x7/0xb Code: ff ff ff ff c7 03 01 00 00 00 5b c3 8b 44 24 04 81 38 ed 1e af de 74 0a ba ff dc 2b c0 e9 ba fd ff ff c3 55 57 56 53 8b 7c 24 14 <81> 7f 04 ad 4e ad de 74 0c ba ff dc 2b c0 89 f8 e8 6c fe ff ff EIP: [] _raw_spin_lock+0x8/0xd9 SS:ESP 0068:e28eee80 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43 in_atomic():1, irqs_disabled():0 blocking_notifier_call_chain+0x11/0x41 profile_task_exit+0x10/0x14 do_exit+0x1b/0x76b die+0x1a4/0x25f die+0x239/0x25f do_page_fault+0x45a/0x54a do_page_fault+0x0/0x54a error_code+0x4f/0x54 _raw_spin_lock+0x8/0xd9 _spin_lock+0x13/0x16 anon_vma_link+0x1f/0xa3 copy_process+0xa4a/0x11ae copy_process+0xa79/0x11ae do_fork+0x90/0x197 copy_to_user+0x52/0x6f sys_clone+0x24/0x28 syscall_call+0x7/0xb note: bash[3909] exited with preempt_count 1 BUG: scheduling while atomic: bash/0x00000001/3909 schedule+0x43/0x5aa syscall_call+0x7/0xb rwsem_down_read_failed+0x139/0x153 show_trace_log_lvl+0xad/0xd7 .text.lock.exit+0x7/0x66 do_exit+0x187/0x76b die+0x1a4/0x25f die+0x239/0x25f do_page_fault+0x45a/0x54a do_page_fault+0x0/0x54a error_code+0x4f/0x54 _raw_spin_lock+0x8/0xd9 _spin_lock+0x13/0x16 anon_vma_link+0x1f/0xa3 copy_process+0xa4a/0x11ae copy_process+0xa79/0x11ae do_fork+0x90/0x197 copy_to_user+0x52/0x6f sys_clone+0x24/0x28 syscall_call+0x7/0xb slab: double free detected in cache 'inode_cache', objp f6c19414 ------------[ cut here ]------------ kernel BUG at mm/slab.c:2455! invalid opcode: 0000 [#2] PREEMPT Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rtc unix CPU: 0 EIP: 0060:[] Not tainted VLI EFLAGS: 00010096 (2.6.17.4-vanilla #5) EIP is at free_block+0xcc/0x153 eax: 00000044 ebx: f6c19020 ecx: 00000000 edx: 00000001 esi: c18dbdb0 edi: c18dc320 ebp: f6c19044 esp: c1913eec ds: 007b es: 007b ss: 0068 Process events/0 (pid: 4, threadinfo=c1913000 task=c1912ab0) Stack: c02b5718 c02bb179 f6c19414 00000002 00000002 00000001 f6c19414 c18d78a8 c18d78a4 00000002 c18d7884 00000000 c014565b 00000000 00000000 c18dc320 c18dbdd4 00000000 c18dbdb0 c18dc320 00000000 c0146966 00000000 00000000 Call Trace: drain_array+0x8d/0xbc cache_reap+0x47/0x155 run_workqueue+0x78/0xb6 cache_reap+0x0/0x155 worker_thread+0x0/0x111 worker_thread+0xdf/0x111 default_wake_function+0x0/0x15 kthread+0x96/0xc3 kthread+0x0/0xc3 kernel_thread_helper+0x5/0xb Code: fd ff e8 29 ec fb ff 83 c4 10 8b 04 24 8d 6c 83 1c 8b 45 00 40 83 f8 fd 77 1c ff 74 24 0c ff 77 44 68 18 57 2b c0 e8 41 04 fd ff <0f> 0b 97 09 f3 52 2b c0 83 c4 0c 8b 43 14 89 da 89 45 00 8b 04 EIP: [] free_block+0xcc/0x153 SS:ESP 0068:c1913eec <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43 in_atomic():1, irqs_disabled():1 blocking_notifier_call_chain+0x11/0x41 profile_task_exit+0x10/0x14 do_exit+0x1b/0x76b die+0x1a4/0x25f die+0x239/0x25f do_invalid_op+0x0/0x9e do_invalid_op+0x92/0x9e free_block+0xcc/0x153 release_console_sem+0x19a/0x1a2 vprintk+0x2b9/0x2e7 _spin_unlock+0x10/0x25 error_code+0x4f/0x54 free_block+0xcc/0x153 drain_array+0x8d/0xbc cache_reap+0x47/0x155 run_workqueue+0x78/0xb6 cache_reap+0x0/0x155 worker_thread+0x0/0x111 worker_thread+0xdf/0x111 default_wake_function+0x0/0x15 kthread+0x96/0xc3 kthread+0x0/0xc3 kernel_thread_helper+0x5/0xb note: events/0[4] exited with preempt_count 1 BUG: events/0/4, lock held at task exit time! [c02f0f40] {cache_chain_mutex} .. held by: events/0: 4 [c1912ab0, 110] ... acquired at: cache_reap+0x11/0x155