15872 – segfault when mounting an XFS partition

Bug 15872 - segfault when mounting an XFS partition

Summary: segfault when mounting an XFS partition

Status:	RESOLVED INVALID

Alias:	None

Product:	File System
Classification:	Unclassified
Component:	XFS (show other bugs)
Hardware:	All Linux

Importance:	P1 high
Assignee:	Christoph Hellwig

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-04-28 12:51 UTC by Jonathan 'Sky' Squirawski
Modified:	2010-05-19 18:40 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	2.6.33.3
Subsystem:
Regression:	Yes
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Jonathan 'Sky' Squirawski 2010-04-28 12:51:32 UTC

Since my kernel have been upgraded from 2.6.33.2 to 2.6.33.3 I can't mount my XFS partition.

Here the backtrace:

usb 3-1: new high speed USB device using ehci_hcd and address 4
Initializing USB Mass Storage driver...
scsi20 : usb-storage 3-1:1.0
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
scsi 20:0:0:0: Direct-Access     SAMSUNG  HM080HI               PQ: 0 ANSI: 2
sd 20:0:0:0: Attached scsi generic sg4 type 0
sd 20:0:0:0: [sdc] 156301488 512-byte logical blocks: (80.0 GB/74.5 GiB)
sd 20:0:0:0: [sdc] Write Protect is off
sd 20:0:0:0: [sdc] Mode Sense: 38 00 00 00
sd 20:0:0:0: [sdc] Assuming drive cache: write through
sd 20:0:0:0: [sdc] Assuming drive cache: write through
 sdc: sdc1 sdc2
sd 20:0:0:0: [sdc] Assuming drive cache: write through
sd 20:0:0:0: [sdc] Attached SCSI disk
tun: Universal TUN/TAP device driver, 1.6
tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
tap0: no IPv6 routers present
SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled
SGI XFS Quota Management subsystem
BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
IP: [<ffffffff810dd993>] filemap_write_and_wait+0x13/0x50
PGD 119d23067 PUD 12390d067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/0000:01:00.0/boot_vga
CPU 2
Pid: 2890, comm: mount Tainted: P           2.6.33-ARCH #1 P55A-UD3R/P55A-UD3R
RIP: 0010:[<ffffffff810dd993>]  [<ffffffff810dd993>] filemap_write_and_wait+0x13/0x50
RSP: 0018:ffff8801237b3b98  EFLAGS: 00010246
RAX: ffff880129070150 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 00000000000001ff RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff8801237b3ba8 R08: 0000000000000000 R09: ffff880123534f00
R10: 0000000000000080 R11: 2222222222222222 R12: 0000000000000200
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000800
FS:  00007f9232dde740(0000) GS:ffff880005480000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000048 CR3: 00000001290c3000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process mount (pid: 2890, threadinfo ffff8801237b2000, task ffff8801235cc020)
Stack:
 ffff880129071330 0000000000000200 ffff8801237b3bb8 ffffffff81151a1f
<0> ffff8801237b3bc8 ffffffff81151a4e ffff8801237b3bf8 ffffffff8115254f
<0> ffff8801237b3c38 0000000000000200 00000000000002d0 ffff880123534f00
Call Trace:
 [<ffffffff81151a1f>] __sync_blockdev+0x1f/0x40
 [<ffffffff81151a4e>] sync_blockdev+0xe/0x10
 [<ffffffff8115254f>] set_blocksize+0x6f/0xa0
 [<ffffffffa0ebd3c1>] xfs_setsize_buftarg_flags+0x51/0xf0 [xfs]
 [<ffffffffa0ebabab>] ? kmem_alloc+0x6b/0x120 [xfs]
 [<ffffffffa0ebd498>] xfs_setsize_buftarg_early+0x38/0x40 [xfs]
 [<ffffffffa0ec0141>] xfs_alloc_buftarg+0x41/0xa0 [xfs]
 [<ffffffffa0ec6bc6>] xfs_open_devices+0x86/0x1a0 [xfs]
 [<ffffffff81152598>] ? sb_set_blocksize+0x18/0x60
 [<ffffffffa0ec8385>] xfs_fs_fill_super+0x175/0x3e0 [xfs]
 [<ffffffff811253d4>] get_sb_bdev+0x194/0x1d0
 [<ffffffffa0ec8210>] ? xfs_fs_fill_super+0x0/0x3e0 [xfs]
 [<ffffffffa0ec5f83>] xfs_fs_get_sb+0x13/0x20 [xfs]
 [<ffffffff81124e56>] vfs_kern_mount+0x76/0x1a0
 [<ffffffff81124fed>] do_kern_mount+0x4d/0x130
 [<ffffffff8113f506>] do_mount+0x266/0x880
 [<ffffffff810f22df>] ? strndup_user+0x5f/0xb0
 [<ffffffff8113fbab>] sys_mount+0x8b/0xe0
 [<ffffffff81009fc2>] system_call_fastpath+0x16/0x1b
Code: ff ff ff ff ff ff ff 7f 31 f6 48 89 e5 e8 46 f8 ff ff c9 c3 0f 1f 40 00 55 48 89 e5 48 83 ec 10 48 89 1c 24 4c 89 64 24 08 31 db <48> 83 7f 48 00 49 89 fc 75 13 89 d8 4c 8b 64 24 08 48 8b 1c 24
RIP  [<ffffffff810dd993>] filemap_write_and_wait+0x13/0x50
 RSP <ffff8801237b3b98>
CR2: 0000000000000048
---[ end trace 2283b9cb3afc6eda ]---

Comment 1 Dave Chinner 2010-04-28 23:21:48 UTC

I can't say I've seen anything like this, nor can I see a potential cause looking at the changes between .33.2 and .33.3. Can you reproduce it without the module that causes the kernel taint? If you can, can you run a bisect between the two releases to find the commit that causes the problem?

Comment 2 Jonathan 'Sky' Squirawski 2010-04-29 09:52:13 UTC

In fact, it seems that my distribution (archlinux) has compiled the kernel .33.3 with gcc 4.5... I guess it wasn't a good idea...

A look at http://bugs.archlinux.org/ shows how it wasn't a good idea :p

So I think it's not a kernel bug.

Note You need to log in before you can comment on or make changes to this bug.