Re: oops in close when exiting fsx

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Steve French <smfrench@austin.rr.com>
To: Chuck Ebbert <76306.1226@compuserve.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: oops in close when exiting fsx
Date: Sun, 13 Aug 2006 13:43:51 -0500	[thread overview]
Message-ID: <44DF72E7.8070603@austin.rr.com> (raw)
In-Reply-To: <200608130455_MC3-1-C7EE-44C7@compuserve.com>

Chuck Ebbert wrote:
> In-Reply-To: <44DE2EA6.4060809@austin.rr.com>
>
> On Sat, 12 Aug 2006 14:40:22 -0500, Steve French wrote:
>
>   
>> ctl-c exiting fsx after a few hours with 2.6.18-rc4 got the following 
>> oops - anyone recognize it?
>> Although I didn't see cifs symbols on the call stack it is running on a 
>> cifs mount, but it is not
>> one I have seen before.
>>     
>
>   
>> EIP is at __down+0x56/0xc5
>>     
>
>   1a:   8d 43 08                  lea    0x8(%ebx),%eax  <= addr of sema wait queue list_head
>   1d:   8b 48 04                  mov    0x4(%eax),%ecx  <= list->prev
>   20:   8d 54 24 2c               lea    0x2c(%esp),%edx
>   24:   89 50 04                  mov    %edx,0x4(%eax)
>   27:   89 44 24 2c               mov    %eax,0x2c(%esp)
>    0:   89 11                     mov    %edx,(%ecx)   <===== list->prev->next = new
>
> The semaphore's wait queue head is corrupted: 'prev' is 0.
>
>   
>>  [<c1038908>] mempool_free+0x43/0x46
>>  [<c1013678>] default_wake_function+0x0/0xc
>>  [<c132ed37>] __down_failed+0x7/0xc
>>  [<fa2da685>] .text.lock.file+0x87/0x9a [cifs]      <=====
>>  [<c104e807>] __fput+0xab/0x148
>>  [<c104c453>] filp_close+0x4e/0x54
>>  [<c101773a>] put_files_struct+0x64/0xa6
>>  [<c1018581>] do_exit+0x1c7/0x675
>>  [<c10052b0>] do_syscall_trace+0x12b/0x172
>>  [<c1018a8b>] sys_exit_group+0x0/0xd
>>  [<c1002abf>] syscall_call+0x7/0xb
>>     
>
> It came from a lock section in the cifs code.  If you disassemble
> .text.lock.file in cifs.o, at offset 0x87 (or shortly after) you
> will see a jump back to the code that's trying to get the semaphore.
>
>   


Thanks - This is a part of new cifs code recently added to handle posix 
locks (it has not pushed to mainline yet) better

                down(&pSMBFile->lock_sem);
                list_for_each_entry_safe(li, tmp, &pSMBFile->llist, llist) {
                        list_del(&li->llist);
                        kfree(li);
                }
                up(&pSMBFile->lock_sem);


My guess is that there is a path in which the lock_sem is not 
initialized - will trace that.

next prev parent reply	other threads:[~2006-08-13 18:43 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-08-13  8:53 oops in close when exiting fsx Chuck Ebbert
2006-08-13 18:43 ` Steve French [this message]
  -- strict thread matches above, loose matches on Subject: below --
2006-08-12 19:40 Steve French
2006-08-13  1:09 ` Andrew Morton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44DF72E7.8070603@austin.rr.com \
    --to=smfrench@austin.rr.com \
    --cc=76306.1226@compuserve.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox