linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Oleg Drokin <green@linuxhacker.ru>
Cc: "<linux-kernel@vger.kernel.org> Mailing List"
	<linux-kernel@vger.kernel.org>,
	"<linux-fsdevel@vger.kernel.org>" <linux-fsdevel@vger.kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: Dcache oops
Date: Fri, 3 Jun 2016 21:07:59 +0100	[thread overview]
Message-ID: <20160603200759.GS14480@ZenIV.linux.org.uk> (raw)
In-Reply-To: <4285E00F-7228-485C-AD32-97552ED746F2@linuxhacker.ru>

On Fri, Jun 03, 2016 at 02:35:41PM -0400, Oleg Drokin wrote:

> >> [ 2642.364383] BUG: unable to handle kernel paging request at ffff880113f82000
> >> [ 2642.365014] IP: [<ffffffff817f87d4>] bad_gs+0xd1d/0x1ba9
> > 
> > *ow*
> > Could you dump your vmlinux (and System.map) somewhere on anonftp?
> > This 'bad_gs' is there simply because it's one of the few labels in
> > .fixup - to say anything useful we'll need to find out where we'd
> > really come from.
> 
> I see.
> vmlinux with debug symbols: http://knox.linuxhacker.ru/tmp/dcache/vmlinux.gz
> System.map: http://knox.linuxhacker.ru/tmp/dcache/System.map.gz

OK...
ffffffff817f87cd:       48 8d 0a                lea    (%rdx),%rcx
ffffffff817f87d0:       48 83 e1 f8             and    $0xfffffffffffffff8,%rcx
ffffffff817f87d4:       4c 8b 01                mov    (%rcx),%r8
ffffffff817f87d7:       8d 0a                   lea    (%rdx),%ecx
ffffffff817f87d9:       83 e1 07                and    $0x7,%ecx
ffffffff817f87dc:       c1 e1 03                shl    $0x3,%ecx
ffffffff817f87df:       49 d3 e8                shr    %cl,%r8
ffffffff817f87e2:       e9 9b b3 a4 ff          jmpq   ffffffff81243b82 <__d_lookup+0x132>

Aha...  It's load_unaligned_zeropad() from dentry_string_cmp(), hitting
a genuinely unmapped address.  That sends it into fixup, where it tries to
load an aligned word containing the address in question, in hope that
fault was on attempt to cross into the next page.  No such luck, address
was aligned in the first place (it's in %rdx - 0xffff880113f82000), so
we still oops.

The unexpected part is that unmapped address did *NOT* come from a dentry;
it's .name of qstr we were looking for.  And your call chain was
__d_lookup() <- d_lookup() <- lookup_open(), so in lookup_open() it was
nd->last.name...

Can the same thing be reproduced (with NFS fix) on v4.6, ede4090, 7f427d3,
4e8440b?

  reply	other threads:[~2016-06-03 20:08 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-02 22:46 NFS/d_splice_alias breakage Oleg Drokin
2016-06-02 23:59 ` [PATCH] Allow d_splice_alias to accept hashed dentries green
2016-06-03  0:25   ` Oleg Drokin
2016-06-03  0:44 ` NFS/d_splice_alias breakage Trond Myklebust
2016-06-03  0:54   ` Oleg Drokin
2016-06-03  3:26     ` Al Viro
2016-06-03  3:38       ` Al Viro
2016-06-03  3:28   ` Al Viro
2016-06-03  3:37 ` Al Viro
2016-06-03  3:43   ` Oleg Drokin
2016-06-03  4:26     ` Al Viro
2016-06-03  4:42       ` Al Viro
2016-06-03  4:53         ` Al Viro
2016-06-03  4:58       ` Oleg Drokin
2016-06-03  5:56         ` Al Viro
2016-06-06 23:36           ` Oleg Drokin
2016-06-10  1:33             ` Oleg Drokin
2016-06-10 16:49               ` Oleg Drokin
2016-06-20 13:25           ` Oleg Drokin
2016-06-20 14:08             ` Al Viro
2016-06-20 14:54               ` Trond Myklebust
2016-06-20 15:28                 ` Al Viro
2016-06-20 15:43               ` Anna Schumaker
2016-06-20 15:45                 ` Oleg Drokin
2016-06-20 15:47                 ` Trond Myklebust
2016-06-03 16:38       ` Dcache oops Oleg Drokin
2016-06-03 18:22         ` Al Viro
2016-06-03 18:35           ` Oleg Drokin
2016-06-03 20:07             ` Al Viro [this message]
2016-06-03 21:17               ` Oleg Drokin
2016-06-03 21:46                 ` Al Viro
2016-06-03 22:17                   ` Al Viro
2016-06-03 21:18               ` Linus Torvalds
2016-06-03 21:26                 ` Al Viro
2016-06-03 22:00                   ` Linus Torvalds
2016-06-03 22:23                     ` Al Viro
2016-06-03 22:29                       ` Al Viro
2016-06-03 22:36                       ` Linus Torvalds
2016-06-03 22:42                         ` Oleg Drokin
2016-06-03 22:43                         ` Al Viro
2016-06-03 22:37                       ` Al Viro
2016-06-03 22:49                         ` Oleg Drokin
2016-06-03 23:58                         ` Oleg Drokin
2016-06-04  0:56                           ` Al Viro
2016-06-04 12:25                             ` Jeff Layton
2016-06-04 16:12                             ` Oleg Drokin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160603200759.GS14480@ZenIV.linux.org.uk \
    --to=viro@zeniv.linux.org.uk \
    --cc=green@linuxhacker.ru \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).