Thanks for the quick reply!
Interesting. I don't seem to be able to reproduce this on a -rc6
kernel, and I don't recall seeing it happen in any interim kernels
either. You may want to patch up to the latest kernel and see if the
problem goes away.
I just compiled 3.0-rc6 (with cifs as a module instead) and I can still
reproduce it. Once the copy operation sat there for about five seconds
before the oops, but all the other times it has oopsed immediately. I
am however getting the oops in a different function with -rc6, but still
via CIFS. Apart from CIFS I only have local and NFS mounts and they all
seem to work fine.
It looks like it hit a NULL pointer reference down in the bowels of the
generic inode dirtying code. I sort of doubt this is a bug in cifs
per-se, but it's hard to know without more detail.
It may be helpful to follow the directions here and see if you can get
a listing of where it oopsed:
Here is the new oops, followed by the gdb output:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffff8112d3ae>] __mark_inode_dirty+0x16e/0x250
PGD 126cd4067 PUD 11e26a067 PMD 0
Oops: 0002 [#1] PREEMPT SMP
CPU 0
Modules linked in: cifs coretemp ipt_MASQUERADE iptable_nat nf_nat
xt_tcpudp xt_comment nf_conntrack_ipv4 nf_defrag_ipv4 xt_state
iptable_filter iptable_mangle xt_DSCP xt_dscp xt_string xt_owner
xt_NFQUEUE xt_multiport xt_mark xt_iprange xt_hashlimit xt_conntrack
xt_connmark ip_tables x_tables ext4 mbcache jbd2 crc16 nf_conntrack_ftp
nf_conntrack snd_hda_codec_analog snd_hda_intel snd_hda_codec tg3
firewire_ohci tpm_tis ppdev tpm firewire_core tpm_bios i2c_i801
parport_pc iTCO_wdt libphy snd_hwdep parport crc_itu_t
Pid: 2851, comm: cp Tainted: G W 3.0.0-rc6 #2 Dell Inc.
Precision WorkStation T3400 /0TP412
RIP: 0010:[<ffffffff8112d3ae>] [<ffffffff8112d3ae>]
__mark_inode_dirty+0x16e/0x250
RSP: 0018:ffff88011e10bc28 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff880124b86850 RCX: ffff88011a16cb38
RDX: ffff88011a16cb38 RSI: 0000000000000000 RDI: ffffffff817e8300
RBP: ffff88011a16cad0 R08: 0000000000000000 R09: 0000000000000004
R10: 00000000ffffffff R11: 0000000000000000 R12: ffff88011a16caf0
R13: ffff880124b869a8 R14: 0000000000000000 R15: ffff880124b86800
FS: 00007f4415492700(0000) GS:ffff88012bc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000008 CR3: 0000000114178000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process cp (pid: 2851, threadinfo ffff88011e10a000, task ffff8801140d2720)
Stack:
0000000000000000 ffff8801259cd0c0 ffff88011e10bd08 ffff880124266280
ffff88011a16cad0 ffffffffa01ff5ea ffff88011e10bcf6 ffff88011b06a700
0000003914052dc0 ffff88011e10bd08 000000000000a068 0000000000000000
Call Trace:
[<ffffffffa01ff5ea>] ? cifs_setattr+0x51a/0x780 [cifs]
[<ffffffff81121783>] ? notify_change+0x113/0x300
[<ffffffff81106de7>] ? do_truncate+0x57/0x80
[<ffffffff81114f7f>] ? do_last+0x59f/0x780
[<ffffffff81290d5f>] ? __percpu_counter_add+0x6f/0xc0
[<ffffffff81116ca9>] ? path_openat+0xd9/0x410
[<ffffffff8159018f>] ? _raw_spin_lock_irqsave+0x1f/0x50
[<ffffffff8111711c>] ? do_filp_open+0x4c/0xc0
[<ffffffff810368a9>] ? get_parent_ip+0x9/0x20
[<ffffffff81593297>] ? sub_preempt_count+0x87/0xc0
[<ffffffff8158fe80>] ? _raw_spin_unlock+0x10/0x40
[<ffffffff81122792>] ? alloc_fd+0x122/0x150
[<ffffffff81105cc9>] ? do_sys_open+0x169/0x200
[<ffffffff81596afb>] ? system_call_fastpath+0x16/0x1b
Code: 8b 05 f7 78 73 00 48 8b 55 68 48 89 45 50 48 8d 4d 68 48 8b 45 70
48 c7 c7 00 83 7e 81 48 89 42 08 48 89 10 48 8b 83 58 01 00 00
89 48 08 48 89 45 68 4c 89 6d 70 48 89 8b 58 01 00 00 e8 aa
RIP [<ffffffff8112d3ae>] __mark_inode_dirty+0x16e/0x250
RSP <ffff88011e10bc28>
CR2: 0000000000000008
---[ end trace e10f67c8a11411b7 ]---
note: cp[2851] exited with preempt_count 1
(gdb) list *(cifs_setattr+0x51a)
0x1a61a is in cifs_setattr (fs/cifs/inode.c:2096).
2091 of the fs types (eg ext3, fat) do not have fine enough
2092 time granularity to match protocol, and we do not have a
2093 a way (yet) to query the server fs's time granularity
(and
2094 whether it rounds times down).
2095 */
2096 if (attrs->ia_valid & (ATTR_MTIME | ATTR_CTIME))
2097 cifsInode->time = 0;
2098 out:
2099 kfree(args);
2100 kfree(full_path);
The previous source line to 2096 (ignoring comments) is a call to
mark_inode_dirty().
(gdb) list *(__mark_inode_dirty+0x16e)
0xffffffff8112d3ae is in __mark_inode_dirty (include/linux/list.h:41).
36 #ifndef CONFIG_DEBUG_LIST
37 static inline void __list_add(struct list_head *new,
38 struct list_head *prev,
39 struct list_head *next)
40 {
41 next->prev = new;
42 new->next = next;
43 new->prev = prev;
44 prev->next = new;
45 }
Not sure that this is really that helpful, but happy to test further...
Cheers,
Adam.
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html