From: Andrew Morton <akpm@linux-foundation.org>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: axboe@kernel.dk, linux-kernel@vger.kernel.org
Subject: Re: 2.6.25-$sha1: RIP call_for_each_cic+0x25/0x50
Date: Mon, 28 Apr 2008 05:01:45 -0700 [thread overview]
Message-ID: <20080428050145.af036c4f.akpm@linux-foundation.org> (raw)
In-Reply-To: <20080427225553.GA4848@martell.zuzino.mipt.ru>
On Mon, 28 Apr 2008 02:55:53 +0400 Alexey Dobriyan <adobriyan@gmail.com> wrote:
> This happened while ~90 cross-compile jobs were running in parallel on
> ext2/noatime partition (slowly -- much debugging was on)
>
>
> general protection fault: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC
> CPU 0
> Modules linked in: ext2 nf_conntrack_irc ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables x_tables usblp uhci_hcd ehci_hcd usbcore sr_mod cdrom
> Pid: 16483, comm: as Not tainted 2.6.25-c3bf9bc243092c53946fd6d8ebd6dc2f4e572d48 #1
> RIP: 0010:[<ffffffff80307525>] [<ffffffff80307525>] call_for_each_cic+0x25/0x50
> RSP: 0018:ffff810170811e58 EFLAGS: 00010202
> RAX: 6b6b6b6b6b6b6b6b RBX: 6b6b6b6b6b6b6b6b RCX: 0000000000000000
> RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff81010ff92000
> RBP: ffff810170811e78 R08: 0000000000000001 R09: 0000000000000000
> R10: 0000000000000000 R11: ffff8100010069d8 R12: ffff810138ada300
> R13: ffffffff803075b0 R14: ffff81017fcd2000 R15: ffff81010ff92168
> FS: 00002ac3462426f0(0000) GS:ffffffff805d0000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00002ab602550000 CR3: 000000013609d000 CR4: 0000000000000660
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process as (pid: 16483, threadinfo ffff810170810000, task ffff81010ff92000)
> Stack: ffff810170811e88 ffff810138ada300 0000000000000010 ffff81010ff92100
> ffff810170811e88 ffffffff80307580 ffff810170811ea8 ffffffff80302a55
> ffff81010ff92100 ffff810138ada300 ffff810170811ec8 ffffffff80302b1f
> Call Trace:
> [<ffffffff80307580>] cfq_free_io_context+0x10/0x20
> [<ffffffff80302a55>] put_io_context+0x85/0x90
> [<ffffffff80302b1f>] exit_io_context+0x8f/0xb0
> [<ffffffff80235d19>] do_exit+0x549/0x780
> [<ffffffff80235f8e>] do_group_exit+0x3e/0xb0
> [<ffffffff80236012>] sys_exit_group+0x12/0x20
> [<ffffffff8020b6db>] system_call_after_swapgs+0x7b/0x80
>
>
> Code: 84 00 00 00 00 00 55 48 89 e5 41 55 49 89 f5 41 54 49 89 fc 53 48 83 ec 08 e8 18 e1 f5 ff 49 8b 44 24 68 48 85 c0 74 1e 48 89 c3 <48> 8b 03 48 8d 73 88 4c 89 e7 0f 18 08 41 ff d5 48 8b 03 48 85
> RIP [<ffffffff80307525>] call_for_each_cic+0x25/0x50
> RSP <ffff810170811e58>
> ---[ end trace ca143223eefdc828 ]---
> Fixing recursive fault but reboot is needed!
>
>
> ffffffff80307500 <call_for_each_cic>:
> ffffffff80307500: 55 push %rbp
> ffffffff80307501: 48 89 e5 mov %rsp,%rbp
> ffffffff80307504: 41 55 push %r13
> ffffffff80307506: 49 89 f5 mov %rsi,%r13
> ffffffff80307509: 41 54 push %r12
> ffffffff8030750b: 49 89 fc mov %rdi,%r12
> ffffffff8030750e: 53 push %rbx
> ffffffff8030750f: 48 83 ec 08 sub $0x8,%rsp
> ffffffff80307513: e8 18 e1 f5 ff callq ffffffff80265630 <__rcu_read_lock>
> ffffffff80307518: 49 8b 44 24 68 mov 0x68(%r12),%rax
> ffffffff8030751d: 48 85 c0 test %rax,%rax
> ffffffff80307520: 74 1e je ffffffff80307540 <call_for_each_cic+0x40>
> ffffffff80307522: 48 89 c3 mov %rax,%rbx
> ffffffff80307525: 48 8b 03 mov (%rbx),%rax
use-after-free.
> ffffffff80307528: 48 8d 73 88 lea -0x78(%rbx),%rsi
> ffffffff8030752c: 4c 89 e7 mov %r12,%rdi
> ffffffff8030752f: 0f 18 08 prefetcht0 (%rax)
> ffffffff80307532: 41 ff d5 callq *%r13
> ffffffff80307535: 48 8b 03 mov (%rbx),%rax
> ffffffff80307538: 48 85 c0 test %rax,%rax
> ffffffff8030753b: 48 89 c3 mov %rax,%rbx
> ffffffff8030753e: 75 e5 jne ffffffff80307525 <call_for_each_cic+0x25>
> ffffffff80307540: e8 2b e0 f5 ff callq ffffffff80265570 <__rcu_read_unlock>
> ffffffff80307545: 48 83 c4 08 add $0x8,%rsp
> ffffffff80307549: 5b pop %rbx
> ffffffff8030754a: 41 5c pop %r12
> ffffffff8030754c: 41 5d pop %r13
> ffffffff8030754e: c9 leaveq
> ffffffff8030754f: c3 retq
cfq-iosched.c hasn't been altered (yet) so it might not be a regression.
next prev parent reply other threads:[~2008-04-28 12:02 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-27 22:55 2.6.25-$sha1: RIP call_for_each_cic+0x25/0x50 Alexey Dobriyan
2008-04-28 12:01 ` Andrew Morton [this message]
2008-04-28 12:04 ` Jens Axboe
2008-04-28 19:55 ` Alexey Dobriyan
2008-04-29 6:21 ` Alexey Dobriyan
2008-04-29 9:06 ` Jens Axboe
2008-04-30 22:12 ` Alexey Dobriyan
2008-05-04 19:08 ` Jens Axboe
2008-05-04 20:15 ` Alexey Dobriyan
2008-05-04 19:25 ` Jens Axboe
2008-05-04 21:17 ` Alexey Dobriyan
2008-05-10 10:37 ` 2.6.25-$sha1: RIP __call_for_each_cic+0x20/0x50 Alexey Dobriyan
2008-05-27 5:27 ` 2.6.26-rc4: " Alexey Dobriyan
2008-05-27 13:35 ` Jens Axboe
2008-05-27 15:18 ` Paul E. McKenney
2008-05-28 10:07 ` Jens Axboe
2008-05-28 10:30 ` Paul E. McKenney
2008-05-28 12:44 ` Jens Axboe
2008-05-28 13:20 ` Paul E. McKenney
2008-05-29 4:38 ` Paul E. McKenney
2008-05-29 6:26 ` Jens Axboe
2008-05-29 6:42 ` Jens Axboe
2008-05-29 9:17 ` Paul E. McKenney
2008-05-29 10:13 ` Jens Axboe
2008-05-29 11:25 ` Paul E. McKenney
2008-05-29 11:44 ` Jens Axboe
2008-05-29 12:11 ` Paul E. McKenney
2008-05-29 12:13 ` Jens Axboe
2008-05-30 11:04 ` Paul E. McKenney
2008-05-30 13:16 ` Paul E. McKenney
2008-05-30 18:34 ` Alexey Dobriyan
2008-06-04 3:31 ` Paul E. McKenney
2008-06-04 18:32 ` Linus Torvalds
2008-06-05 4:23 ` Paul E. McKenney
2008-06-06 14:49 ` Paul E. McKenney
2008-05-28 11:52 ` Fabio Checconi
2008-05-28 11:58 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080428050145.af036c4f.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=adobriyan@gmail.com \
--cc=axboe@kernel.dk \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox