On Thu, Aug 17, 2006 at 05:38:27AM -0600, Matthew Wilcox wrote: > On Thu, Aug 17, 2006 at 04:10:08AM +0200, Tomas Hruby wrote: > > Hello all, > > > > we are testing our fs project on a 2.6.17.4 kernel that is patched > > with > > http://marc.theaimsgroup.com/?l=linux-fsdeve,l&m=115080965116016&w=2 > > patch. We experienced BUGs in mm/rmap.c when creating many files in a > > Can you reproduce the problem with ext3 without this patch? I tried that today again and it crashed with a different error on both kernels, with and without that patch. Here are the logs : Patched : EXT3 FS on hda2, internal journal EXT3-fs: mounted filesystem with ordered data mode. slab: Internal list corruption detected in cache 'vm_area_struct'(39), slabp f5c92000(38). Hexdump: 000: 00 01 10 00 00 02 20 00 b8 00 00 00 b8 20 c9 f5 010: 26 00 00 00 00 00 00 00 00 00 00 00 fe ff ff ff 020: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 030: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 040: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 050: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 060: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 070: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 080: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 090: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 0a0: fd ff ff ff fd ff ff ff fd ff ff ff fd ff ff ff 0b0: fd ff ff ff fd ff ff ff ------------[ cut here ]------------ kernel BUG at mm/slab.c:2700! invalid opcode: 0000 [#1] PREEMPT DEBUG_PAGEALLOC Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rt2500 rtc unix CPU: 0 EIP: 0060:[<c0145500>] Not tainted VLI EFLAGS: 00010002 (2.6.17.4 #11) EIP is at check_slabp+0x84/0x95 eax: 00000001 ebx: 000000b8 ecx: c0379394 edx: 00000001 esi: f5c92000 edi: c18dc780 ebp: da403d78 esp: da403d68 ds: 007b es: 007b ss: 0068 Process bash (pid: 14252, threadinfo=da403000 task=f5f4aac0) Stack: c02b673f f5c92000 c18db838 c18dc780 da403da4 c0146124 00000026 00000010 00000009 f5c920b8 f553f0b4 c18cef7c c18dab3c c18dc780 f46f9f2c da403dd0 c0145e38 00000000 c18cef38 c18dc780 c18db85c 00000010 c18db838 c18cef38 Call Trace: [<c0103c7f>] show_stack_log_lvl+0x85/0x8f [<c0103e09>] show_registers+0x14b/0x1bf [<c0103fe2>] die+0x165/0x266 [<c010415d>] do_trap+0x7a/0x98 [<c01048a4>] do_invalid_op+0x8a/0x94 [<c010379f>] error_code+0x4f/0x54 [<c0146124>] free_block+0x6d/0x14c [<c0145e38>] cache_flusharray+0xa8/0x10d [<c0145f7f>] kmem_cache_free+0x4b/0x5e [<c013bf98>] remove_vma+0x45/0x4e [<c013c062>] exit_mmap+0xc1/0xe0 [<c0113397>] mmput+0x22/0x7c [<c0153227>] flush_old_exec+0x582/0x7b4 [<c016f3fa>] load_elf_binary+0x483/0x1403 [<c01526fb>] search_binary_handler+0xb8/0x2b1 [<c0153f60>] do_execve+0x135/0x1b6 [<c01017cd>] sys_execve+0x2a/0x75 [<c0102d0b>] syscall_call+0x7/0xb Code: 58 0f b6 04 33 43 50 68 62 83 2c c0 e8 a9 08 fd ff 58 5a 8b 47 1c 8d 04 85 1c 00 00 00 39 c3 72 ce 68 3f 67 2b c0 e8 8f 08 fd ff <0f> 0b 8c 0a f9 82 2b c0 5b 8d 65 f4 5b 5e 5f c9 c3 55 89 e5 56 EIP: [<c0145500>] check_slabp+0x84/0x95 SS:ESP 0068:da403d68 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43 in_atomic():1, irqs_disabled():1 [<c0103cbc>] show_trace+0x13/0x15 [<c01041bc>] dump_stack+0x18/0x1c [<c0111950>] __might_sleep+0x87/0x8f [<c0120016>] blocking_notifier_call_chain+0x13/0x42 [<c011654e>] profile_task_exit+0x12/0x17 [<c0117adc>] do_exit+0x1b/0x76b [<c01040bc>] die+0x23f/0x266 [<c010415d>] do_trap+0x7a/0x98 [<c01048a4>] do_invalid_op+0x8a/0x94 [<c010379f>] error_code+0x4f/0x54 [<c0146124>] free_block+0x6d/0x14c [<c0145e38>] cache_flusharray+0xa8/0x10d [<c0145f7f>] kmem_cache_free+0x4b/0x5e [<c013bf98>] remove_vma+0x45/0x4e [<c013c062>] exit_mmap+0xc1/0xe0 [<c0113397>] mmput+0x22/0x7c [<c0153227>] flush_old_exec+0x582/0x7b4 [<c016f3fa>] load_elf_binary+0x483/0x1403 [<c01526fb>] search_binary_handler+0xb8/0x2b1 [<c0153f60>] do_execve+0x135/0x1b6 [<c01017cd>] sys_execve+0x2a/0x75 [<c0102d0b>] syscall_call+0x7/0xb note: bash[14252] exited with preempt_count 1 BUG: spinlock cpu recursion on CPU#0, bash/14251 lock: c18db85c, .magic: dead4ead, .owner: bash/14252, .owner_cpu: 0 [<c0103cbc>] show_trace+0x13/0x15 [<c01041bc>] dump_stack+0x18/0x1c [<c01c4a1a>] spin_bug+0x7c/0xbc [<c01c4b72>] _raw_spin_lock+0x4d/0xe9 [<c02a1f34>] _spin_lock+0x16/0x1c [<c0145dd0>] cache_flusharray+0x40/0x10d [<c0145f7f>] kmem_cache_free+0x4b/0x5e [<c013bf98>] remove_vma+0x45/0x4e [<c013c062>] exit_mmap+0xc1/0xe0 [<c0113397>] mmput+0x22/0x7c [<c0153227>] flush_old_exec+0x582/0x7b4 [<c016f3fa>] load_elf_binary+0x483/0x1403 [<c01526fb>] search_binary_handler+0xb8/0x2b1 [<c0153f60>] do_execve+0x135/0x1b6 [<c01017cd>] sys_execve+0x2a/0x75 [<c0102d0b>] syscall_call+0x7/0xb BUG: spinlock lockup on CPU#0, bash/14251, c18db85c [<c0103cbc>] show_trace+0x13/0x15 [<c01041bc>] dump_stack+0x18/0x1c [<c01c4be7>] _raw_spin_lock+0xc2/0xe9 [<c02a1f34>] _spin_lock+0x16/0x1c [<c0145dd0>] cache_flusharray+0x40/0x10d [<c0145f7f>] kmem_cache_free+0x4b/0x5e [<c013bf98>] remove_vma+0x45/0x4e [<c013c062>] exit_mmap+0xc1/0xe0 [<c0113397>] mmput+0x22/0x7c [<c0153227>] flush_old_exec+0x582/0x7b4 [<c016f3fa>] load_elf_binary+0x483/0x1403 [<c01526fb>] search_binary_handler+0xb8/0x2b1 [<c0153f60>] do_execve+0x135/0x1b6 [<c01017cd>] sys_execve+0x2a/0x75 [<c0102d0b>] syscall_call+0x7/0xb Without patch (I run 3 for loops, each with different file names in parallel). First one bash crashed because of a wrong pointer, one bash finished and the last one crashed on a BUG in slab too. netconsole: network logging started kjournald starting. Commit interval 5 seconds EXT3 FS on hda2, internal journal EXT3-fs: mounted filesystem with ordered data mode. BUG: unable to handle kernel paging request at virtual address 0000292e printing eip: c01c3163 *pde = 00000000 Oops: 0000 [#1] PREEMPT Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rtc unix CPU: 0 EIP: 0060:[<c01c3163>] Not tainted VLI EFLAGS: 00010213 (2.6.17.4-vanilla #5) EIP is at _raw_spin_lock+0x8/0xd9 eax: 00000001 ebx: 0000292a ecx: f7448040 edx: e28ee000 esi: 0000292a edi: 0000292a ebp: 00000000 esp: e28eee80 ds: 007b es: 007b ss: 0068 Process bash (pid: 3909, threadinfo=e28ee000 task=f75d0ab0) Stack: 0000292a 0000292a f73c4954 00000000 c029e7f4 0000292a f73c4954 c013e9d6 000000d0 c0113b08 f73c4954 00000000 f73fb4a4 f7448040 c0113b37 f73c4954 f73c4954 f73fb4a4 00000058 e28eefbc bfb31cec 01200011 00000000 c1ac2030 Call Trace: <c029e7f4> _spin_lock+0x13/0x16 <c013e9d6> anon_vma_link+0x1f/0xa3 <c0113b08> copy_process+0xa4a/0x11ae <c0113b37> copy_process+0xa79/0x11ae <c011448a> do_fork+0x90/0x197 <c01c27c7> copy_to_user+0x52/0x6f <c01012d8> sys_clone+0x24/0x28 <c0102c8f> syscall_call+0x7/0xb Code: ff ff ff ff c7 03 01 00 00 00 5b c3 8b 44 24 04 81 38 ed 1e af de 74 0a ba ff dc 2b c0 e9 ba fd ff ff c3 55 57 56 53 8b 7c 24 14 <81> 7f 04 ad 4e ad de 74 0c ba ff dc 2b c0 89 f8 e8 6c fe ff ff EIP: [<c01c3163>] _raw_spin_lock+0x8/0xd9 SS:ESP 0068:e28eee80 <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43 in_atomic():1, irqs_disabled():0 <c011f9ec> blocking_notifier_call_chain+0x11/0x41 <c011611a> profile_task_exit+0x10/0x14 <c0117652> do_exit+0x1b/0x76b <c0103f6d> die+0x1a4/0x25f <c0104002> die+0x239/0x25f <c01103fc> do_page_fault+0x45a/0x54a <c010ffa2> do_page_fault+0x0/0x54a <c0103723> error_code+0x4f/0x54 <c01c3163> _raw_spin_lock+0x8/0xd9 <c029e7f4> _spin_lock+0x13/0x16 <c013e9d6> anon_vma_link+0x1f/0xa3 <c0113b08> copy_process+0xa4a/0x11ae <c0113b37> copy_process+0xa79/0x11ae <c011448a> do_fork+0x90/0x197 <c01c27c7> copy_to_user+0x52/0x6f <c01012d8> sys_clone+0x24/0x28 <c0102c8f> syscall_call+0x7/0xb note: bash[3909] exited with preempt_count 1 BUG: scheduling while atomic: bash/0x00000001/3909 <c029c831> schedule+0x43/0x5aa <c0102c8f> syscall_call+0x7/0xb <c029e4cf> rwsem_down_read_failed+0x139/0x153 <c0103b6c> show_trace_log_lvl+0xad/0xd7 <c0118199> .text.lock.exit+0x7/0x66 <c01177be> do_exit+0x187/0x76b <c0103f6d> die+0x1a4/0x25f <c0104002> die+0x239/0x25f <c01103fc> do_page_fault+0x45a/0x54a <c010ffa2> do_page_fault+0x0/0x54a <c0103723> error_code+0x4f/0x54 <c01c3163> _raw_spin_lock+0x8/0xd9 <c029e7f4> _spin_lock+0x13/0x16 <c013e9d6> anon_vma_link+0x1f/0xa3 <c0113b08> copy_process+0xa4a/0x11ae <c0113b37> copy_process+0xa79/0x11ae <c011448a> do_fork+0x90/0x197 <c01c27c7> copy_to_user+0x52/0x6f <c01012d8> sys_clone+0x24/0x28 <c0102c8f> syscall_call+0x7/0xb slab: double free detected in cache 'inode_cache', objp f6c19414 ------------[ cut here ]------------ kernel BUG at mm/slab.c:2455! invalid opcode: 0000 [#2] PREEMPT Modules linked in: netconsole snd_mixer_oss 8139cp snd_via82xx snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd_page_alloc snd_mpu401_uart snd_rawmidi snd_seq_device snd soundcore ehci_hcd usbcore 8139too mii fan thermal processor rtc unix CPU: 0 EIP: 0060:[<c0145547>] Not tainted VLI EFLAGS: 00010096 (2.6.17.4-vanilla #5) EIP is at free_block+0xcc/0x153 eax: 00000044 ebx: f6c19020 ecx: 00000000 edx: 00000001 esi: c18dbdb0 edi: c18dc320 ebp: f6c19044 esp: c1913eec ds: 007b es: 007b ss: 0068 Process events/0 (pid: 4, threadinfo=c1913000 task=c1912ab0) Stack: c02b5718 c02bb179 f6c19414 00000002 00000002 00000001 f6c19414 c18d78a8 c18d78a4 00000002 c18d7884 00000000 c014565b 00000000 00000000 c18dc320 c18dbdd4 00000000 c18dbdb0 c18dc320 00000000 c0146966 00000000 00000000 Call Trace: <c014565b> drain_array+0x8d/0xbc <c0146966> cache_reap+0x47/0x155 <c0121fc7> run_workqueue+0x78/0xb6 <c014691f> cache_reap+0x0/0x155 <c012240f> worker_thread+0x0/0x111 <c01224ee> worker_thread+0xdf/0x111 <c0111762> default_wake_function+0x0/0x15 <c0124976> kthread+0x96/0xc3 <c01248e0> kthread+0x0/0xc3 <c0101005> kernel_thread_helper+0x5/0xb Code: fd ff e8 29 ec fb ff 83 c4 10 8b 04 24 8d 6c 83 1c 8b 45 00 40 83 f8 fd 77 1c ff 74 24 0c ff 77 44 68 18 57 2b c0 e8 41 04 fd ff <0f> 0b 97 09 f3 52 2b c0 83 c4 0c 8b 43 14 89 da 89 45 00 8b 04 EIP: [<c0145547>] free_block+0xcc/0x153 SS:ESP 0068:c1913eec <3>BUG: sleeping function called from invalid context at include/linux/rwsem.h:43 in_atomic():1, irqs_disabled():1 <c011f9ec> blocking_notifier_call_chain+0x11/0x41 <c011611a> profile_task_exit+0x10/0x14 <c0117652> do_exit+0x1b/0x76b <c0103f6d> die+0x1a4/0x25f <c0104002> die+0x239/0x25f <c01047a6> do_invalid_op+0x0/0x9e <c0104838> do_invalid_op+0x92/0x9e <c0145547> free_block+0xcc/0x153 <c011538a> release_console_sem+0x19a/0x1a2 <c011595a> vprintk+0x2b9/0x2e7 <c029e982> _spin_unlock+0x10/0x25 <c0103723> error_code+0x4f/0x54 <c0145547> free_block+0xcc/0x153 <c014565b> drain_array+0x8d/0xbc <c0146966> cache_reap+0x47/0x155 <c0121fc7> run_workqueue+0x78/0xb6 <c014691f> cache_reap+0x0/0x155 <c012240f> worker_thread+0x0/0x111 <c01224ee> worker_thread+0xdf/0x111 <c0111762> default_wake_function+0x0/0x15 <c0124976> kthread+0x96/0xc3 <c01248e0> kthread+0x0/0xc3 <c0101005> kernel_thread_helper+0x5/0xb note: events/0[4] exited with preempt_count 1 BUG: events/0/4, lock held at task exit time! [c02f0f40] {cache_chain_mutex} .. held by: events/0: 4 [c1912ab0, 110] ... acquired at: cache_reap+0x11/0x155 - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
