Bug 27002 - kernel bug when mounting xfs partition
Summary: kernel bug when mounting xfs partition
Status: RESOLVED OBSOLETE
Alias: None
Product: Memory Management
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 high
Assignee: Andrew Morton
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-18 07:02 UTC by amuro_msg
Modified: 2012-08-14 15:45 UTC (History)
4 users (show)

See Also:
Kernel Version: 2.6.35
Subsystem:
Regression: Yes
Bisected commit-id:


Attachments
Reverting (1.17 KB, patch)
2011-01-18 07:02 UTC, amuro_msg
Details | Diff

Description amuro_msg 2011-01-18 07:02:07 UTC
Created attachment 43952 [details]
Reverting

Bug while mounting an xfs partition.

kernel BUG at mm/vmalloc.c:927!
invalid opcode: 0000 [#1] PREEMPT SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:12.2/usb1/1-3/1-3.2/1-3.2:1.0/host7/target7:0:0/7:0:0:0/vendor
Modules linked in: xfs exportfs

That happens while i was trying to reproduce it on usb flash disk. I've formatted it with reiserfs and ext3. No problem. But that happen with xfs.
It's reproducible on vanilla kernel. But i lost the dmesg file and too lazy to reproduce it again. Sorry :(.

Attachment for the patch. Basically it only revert it back.

------------[ cut here ]------------
kernel BUG at mm/vmalloc.c:927!
invalid opcode: 0000 [#1] PREEMPT SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:12.2/usb1/1-3/1-3.2/1-3.2:1.0/host7/target7:0:0/7:0:0:0/vendor
Modules linked in: xfs exportfs

Pid: 1023, comm: umount Not tainted 2.6.35.8-ck #1 M4A88TD-V EVO/USB3/System Product Name
EIP: 0060:[<c1086cd8>] EFLAGS: 00010286 CPU: 0
EIP is at vm_unmap_ram+0x108/0x140
EAX: fffffff0 EBX: 00000003 ECX: f694a40c EDX: 00000000
ESI: f694a3c0 EDI: f9649000 EBP: f76520c0 ESP: f6bb3ec4
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process umount (pid: 1023, ti=f6bb2000 task=f69191e0 task.ti=f6bb2000)
Stack:
 d0eb9c00 00000001 f69191e0 f95a51c9 f694a0c0 00000001 f958bd1b f698cc00
<0> f681d600 f69191e0 f75d09d8 f9596a18 f6bb3ef0 f698cc00 00000000 00000000
<0> f698cc00 f95ac5e7 c10a51bd f681d66c 00000001 00000001 f6bb3f1c f6bb3f1c
Call Trace:
 [<f95a51c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f958bd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9596a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f95ac5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a51bd>] ? invalidate_inodes+0xfd/0x120
 [<c1094373>] ? generic_shutdown_super+0x43/0xc0
 [<c1094412>] ? kill_block_super+0x22/0x40
 [<c1093675>] ? deactivate_locked_super+0x35/0x50
 [<c10a84aa>] ? sys_umount+0x6a/0x370
 [<c10a87c7>] ? sys_oldumount+0x17/0x20
 [<c13a10e1>] ? syscall_call+0x7/0xb
Code: 46 10 74 0f 89 f0 5b 5e 5f e9 75 a0 31 00 90 8d 74 26 00 8b 4e 0c 85 c9 75 3e 89 f0 e8 62 a0 31 00 89 f0 5b 5e 5f e9 28 e8 ff ff <0f> 0b eb fe 0f 0b eb fe 0f 0b eb fe e8 67 ea ff ff 85 c0 74 1c 
EIP: [<c1086cd8>] vm_unmap_ram+0x108/0x140 SS:ESP 0068:f6bb3ec4
---[ end trace 3c5c6c34fd7bd232 ]---
------------[ cut here ]------------
WARNING: at kernel/exit.c:896 do_exit+0x6a9/0x6d0()
Hardware name: System Product Name
Modules linked in: xfs exportfs
Pid: 1023, comm: umount Tainted: G      D     2.6.35.8-ck #1
Call Trace:
 [<c102bdb8>] ? warn_slowpath_common+0x78/0xb0
 [<c102f5a9>] ? do_exit+0x6a9/0x6d0
 [<c102f5a9>] ? do_exit+0x6a9/0x6d0
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c102be0b>] ? warn_slowpath_null+0x1b/0x20
 [<c102f5a9>] ? do_exit+0x6a9/0x6d0
 [<c13a14ce>] ? apic_timer_interrupt+0x2a/0x30
 [<c102cbd7>] ? kmsg_dump+0x67/0x110
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c139e307>] ? printk+0x17/0x1a
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1005d06>] ? oops_end+0x66/0x90
 [<c10035ff>] ? do_invalid_op+0x7f/0x90
 [<c1086cd8>] ? vm_unmap_ram+0x108/0x140
 [<c139f3d5>] ? schedule_timeout+0x145/0x190
 [<c1026388>] ? try_preempt+0x1a8/0x1c0
 [<c13a16ca>] ? error_code+0x66/0x6c
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1086cd8>] ? vm_unmap_ram+0x108/0x140
 [<f95a51c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f958bd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9596a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f95ac5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a51bd>] ? invalidate_inodes+0xfd/0x120
 [<c1094373>] ? generic_shutdown_super+0x43/0xc0
 [<c1094412>] ? kill_block_super+0x22/0x40
 [<c1093675>] ? deactivate_locked_super+0x35/0x50
 [<c10a84aa>] ? sys_umount+0x6a/0x370
 [<c10a87c7>] ? sys_oldumount+0x17/0x20
 [<c13a10e1>] ? syscall_call+0x7/0xb
---[ end trace 3c5c6c34fd7bd233 ]---
note: umount[1023] exited with preempt_count 1
BUG: scheduling while atomic: umount/1023/0x10000002
Modules linked in: xfs exportfs
Pid: 1023, comm: umount Tainted: G      D W   2.6.35.8-ck #1
Call Trace:
 [<c139ef4f>] ? schedule+0x88f/0xa10
 [<c118a638>] ? format_decode+0x2d8/0x370
 [<c10230a9>] ? flush_tlb_others_ipi+0xc9/0xe0
 [<c1028e8f>] ? __cond_resched+0x1f/0x30
 [<c139f195>] ? _cond_resched+0x25/0x30
 [<c107e0df>] ? unmap_vmas+0x6df/0x850
 [<c118b552>] ? vsnprintf+0x2e2/0x420
 [<c1080275>] ? exit_mmap+0xb5/0x160
 [<c1029dfe>] ? mmput+0x1e/0xa0
 [<c102d942>] ? exit_mm+0xd2/0x100
 [<c1044812>] ? hrtimer_try_to_cancel+0x32/0x70
 [<c1057652>] ? acct_collect+0x82/0x160
 [<c102f55c>] ? do_exit+0x65c/0x6d0
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1005d06>] ? oops_end+0x66/0x90
 [<c10035ff>] ? do_invalid_op+0x7f/0x90
 [<c1086cd8>] ? vm_unmap_ram+0x108/0x140
 [<c139f3d5>] ? schedule_timeout+0x145/0x190
 [<c1026388>] ? try_preempt+0x1a8/0x1c0
 [<c13a16ca>] ? error_code+0x66/0x6c
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1086cd8>] ? vm_unmap_ram+0x108/0x140
 [<f95a51c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f958bd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9596a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f95ac5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a51bd>] ? invalidate_inodes+0xfd/0x120
 [<c1094373>] ? generic_shutdown_super+0x43/0xc0
 [<c1094412>] ? kill_block_super+0x22/0x40
 [<c1093675>] ? deactivate_locked_super+0x35/0x50
 [<c10a84aa>] ? sys_umount+0x6a/0x370
 [<c10a87c7>] ? sys_oldumount+0x17/0x20
 [<c13a10e1>] ? syscall_call+0x7/0xb
Comment 1 amuro_msg 2011-01-18 08:52:17 UTC
I found the dmesg from vanilla kernel.

Here it is :

SGI XFS with security attributes, no debug enabled
XFS: unknown mount option [gid].
XFS mounting filesystem sdc1
Ending clean XFS mount for filesystem: sdc1
------------[ cut here ]------------
kernel BUG at mm/vmalloc.c:927!
invalid opcode: 0000 [#1] PREEMPT SMP 
last sysfs file: /sys/devices/system/cpu/cpu5/cpufreq/scaling_governor
Modules linked in: xfs exportfs r8169 mii snd_seq_midi snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep hwmon_vid

Pid: 1462, comm: umount Not tainted 2.6.35.7 #1 M4A88TD-V EVO/USB3/System Product Name
EIP: 0060:[<c108d950>] EFLAGS: 00010286 CPU: 0
EIP is at vm_unmap_ram+0x100/0x150
EAX: fffffff0 EBX: 00000003 ECX: f6daf244 EDX: fffffff0
ESI: f6daf200 EDI: 00000000 EBP: f6f65880 ESP: ec8b1ec8
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process umount (pid: 1462, ti=ec8b0000 task=f69ab1b0 task.ti=ec8b0000)
Stack:
 f6daf800 f66d9740 00000003 f98caf49 f6daf800 f6daf800 f98b299b f6f67800
<0> f6f67800 00000000 f6e49b40 f98bc368 ec8b1ef4 f6f80800 00000000 00000000
<0> f6f80800 f98d2367 f6f8086c c10ac605 00000001 00000000 ec8b1f20 ec8b1f20
Call Trace:
 [<f98caf49>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f98b299b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f98bc368>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f98d2367>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10ac605>] ? invalidate_inodes+0xa5/0x130
 [<c109b443>] ? generic_shutdown_super+0x43/0xc0
 [<c109b4e2>] ? kill_block_super+0x22/0x40
 [<c109a705>] ? deactivate_locked_super+0x35/0x50
 [<c10af99c>] ? sys_umount+0x6c/0x320
 [<c10afc67>] ? sys_oldumount+0x17/0x20
 [<c1368dc1>] ? syscall_call+0x7/0xb
Code: 00 00 89 46 10 74 0c 89 f0 5b 5e 5f e9 ba b0 2d 00 66 90 8b 46 0c 85 c0 75 55 89 f0 e8 aa b0 2d 00 89 f0 5b 5e 5f e9 90 e7 ff ff <0f> 0b eb fe 8d 74 26 00 0f 0b eb fe 8d 74 26 00 0f 0b eb fe 8d 
EIP: [<c108d950>] vm_unmap_ram+0x100/0x150 SS:ESP 0068:ec8b1ec8
---[ end trace d8863adef5012df7 ]---
------------[ cut here ]------------
WARNING: at kernel/exit.c:896 do_exit+0x711/0x720()
Hardware name: System Product Name
Modules linked in: xfs exportfs r8169 mii snd_seq_midi snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep hwmon_vid
Pid: 1462, comm: umount Tainted: G      D     2.6.35.7 #1
Call Trace:
 [<c10350d1>] ? do_exit+0x711/0x720
 [<c10350d1>] ? do_exit+0x711/0x720
 [<c10317ee>] ? warn_slowpath_common+0x7e/0xe0
 [<c10350d1>] ? do_exit+0x711/0x720
 [<c103186b>] ? warn_slowpath_null+0x1b/0x20
 [<c10350d1>] ? do_exit+0x711/0x720
 [<c13691ae>] ? apic_timer_interrupt+0x2a/0x30
 [<c10326a9>] ? kmsg_dump+0x69/0x110
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1005d99>] ? oops_end+0x89/0x90
 [<c10035ff>] ? do_invalid_op+0x7f/0x90
 [<c108d950>] ? vm_unmap_ram+0x100/0x150
 [<c1029325>] ? enqueue_task_fair+0x165/0x1c0
 [<c1366fed>] ? schedule_timeout+0x15d/0x1c0
 [<c102c0c1>] ? enqueue_task+0x41/0x60
 [<c10184bf>] ? native_smp_send_reschedule+0x2f/0x40
 [<c10263d0>] ? resched_task+0x60/0x70
 [<c13693aa>] ? error_code+0x66/0x6c
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c108d950>] ? vm_unmap_ram+0x100/0x150
 [<f98caf49>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f98b299b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f98bc368>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f98d2367>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10ac605>] ? invalidate_inodes+0xa5/0x130
 [<c109b443>] ? generic_shutdown_super+0x43/0xc0
 [<c109b4e2>] ? kill_block_super+0x22/0x40
 [<c109a705>] ? deactivate_locked_super+0x35/0x50
 [<c10af99c>] ? sys_umount+0x6c/0x320
 [<c10afc67>] ? sys_oldumount+0x17/0x20
 [<c1368dc1>] ? syscall_call+0x7/0xb
---[ end trace d8863adef5012df8 ]---
note: umount[1462] exited with preempt_count 1
Comment 2 Dave Chinner 2011-01-18 21:41:57 UTC
(In reply to comment #0)
> Bug while mounting an xfs partition.
.....
> That happens while i was trying to reproduce it on usb flash disk.

Reproduce what, exactly?

> I've
> formatted it with reiserfs and ext3. No problem. But that happen with xfs.
> It's reproducible on vanilla kernel. But i lost the dmesg file and too lazy
> to
> reproduce it again. Sorry :(.

Can you describe your test case a litle more clearly? The oops has occurred during unmount, not mount, so that doesn't match with whatyou've described you are doing. A step-by-step description would really help us try to reproduce the problem (and hence be able to track it down and fix it).
Comment 3 amuro_msg 2011-01-25 15:44:48 UTC
Yes, you're right. It happens on unmounting operation.

Here's how i reproduce it. On vanilla 2.6.35.10

- compile it with the following config. 
  http://pastebin.com/YuYAtSvw. Ignore the BFS. This is vanilla.
- format a usb flash disk as xfs. mkfs -f /dev/flash_disk.
- mount it as read-write (mount -w), then copy a text file. No problem.
  OR
  mount it as read-only (mount -r). No problem.
- unmount it. Segmentation fault. here's the error :

XFS: unknown mount option [gid].
XFS: unknown mount option [gid].
XFS mounting filesystem sdc1
Ending clean XFS mount for filesystem: sdc1
------------[ cut here ]------------
kernel BUG at mm/vmalloc.c:936!
invalid opcode: 0000 [#1] PREEMPT SMP 
last sysfs file: /sys/devices/pci0000:00/0000:00:12.2/usb1/1-3/1-3.2/1-3.2:1.0/host6/target6:0:0/6:0:0:0/vendor
Modules linked in: xfs exportfs snd_seq_midi snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep

Pid: 1059, comm: umount Not tainted 2.6.35.10 #1 M4A88TD-V EVO/USB3/System Product Name
EIP: 0060:[<c108b178>] EFLAGS: 00010286 CPU: 2
EIP is at vm_unmap_ram+0x108/0x140
EAX: fffffff0 EBX: 00000003 ECX: f6c5b1c4 EDX: 00000000
ESI: f6c5b180 EDI: f98bb000 EBP: f65c6bc0 ESP: f6ed9ec4
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process umount (pid: 1059, ti=f6ed8000 task=f6a087f0 task.ti=f6ed8000)
Stack:
 f6b8d5c0 00000003 f6c5b480 f97571c9 f6c5b480 00000003 f973dd1b f6fecc00
<0> f7637600 f6a087f0 f741d958 f9748a18 f6ed9ef0 f6fecc00 00000000 00000000
<0> f6fecc00 f975e5e7 c10a971d f763766c 00000001 00000001 f6ed9f1c f6ed9f1c
Call Trace:
 [<f97571c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f973dd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9748a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f975e5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a971d>] ? invalidate_inodes+0xfd/0x120
 [<c1098813>] ? generic_shutdown_super+0x43/0xc0
 [<c10988b2>] ? kill_block_super+0x22/0x40
 [<c1097b15>] ? deactivate_locked_super+0x35/0x50
 [<c10aca0a>] ? sys_umount+0x6a/0x370
 [<c10acd27>] ? sys_oldumount+0x17/0x20
 [<c135e231>] ? syscall_call+0x7/0xb
Code: 46 10 74 0f 89 f0 5b 5e 5f e9 25 2d 2d 00 90 8d 74 26 00 8b 4e 0c 85 c9 75 3e 89 f0 e8 12 2d 2d 00 89 f0 5b 5e 5f e9 28 e8 ff ff <0f> 0b eb fe 0f 0b eb fe 0f 0b eb fe e8 67 ea ff ff 85 c0 74 1c 
EIP: [<c108b178>] vm_unmap_ram+0x108/0x140 SS:ESP 0068:f6ed9ec4
---[ end trace ab0eadcecf2ad707 ]---
------------[ cut here ]------------
WARNING: at kernel/exit.c:896 do_exit+0x6b9/0x6e0()
Hardware name: System Product Name
Modules linked in: xfs exportfs snd_seq_midi snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep
Pid: 1059, comm: umount Tainted: G      D     2.6.35.10 #1
Call Trace:
 [<c1030178>] ? warn_slowpath_common+0x78/0xb0
 [<c1033979>] ? do_exit+0x6b9/0x6e0
 [<c1033979>] ? do_exit+0x6b9/0x6e0
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c10301cb>] ? warn_slowpath_null+0x1b/0x20
 [<c1033979>] ? do_exit+0x6b9/0x6e0
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1030f97>] ? kmsg_dump+0x67/0x110
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c135b833>] ? printk+0x17/0x1a
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1005d06>] ? oops_end+0x66/0x90
 [<c10035ff>] ? do_invalid_op+0x7f/0x90
 [<c108b178>] ? vm_unmap_ram+0x108/0x140
 [<c135c525>] ? schedule_timeout+0x145/0x190
 [<c135e81a>] ? error_code+0x66/0x6c
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c108b178>] ? vm_unmap_ram+0x108/0x140
 [<f97571c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f973dd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9748a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f975e5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a971d>] ? invalidate_inodes+0xfd/0x120
 [<c1098813>] ? generic_shutdown_super+0x43/0xc0
 [<c10988b2>] ? kill_block_super+0x22/0x40
 [<c1097b15>] ? deactivate_locked_super+0x35/0x50
 [<c10aca0a>] ? sys_umount+0x6a/0x370
 [<c10acd27>] ? sys_oldumount+0x17/0x20
 [<c135e231>] ? syscall_call+0x7/0xb
---[ end trace ab0eadcecf2ad708 ]---
note: umount[1059] exited with preempt_count 1
BUG: scheduling while atomic: umount/1059/0x10000002
Modules linked in: xfs exportfs snd_seq_midi snd_seq_midi_event snd_seq snd_pcm_oss snd_mixer_oss snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep
Pid: 1059, comm: umount Tainted: G      D W   2.6.35.10 #1
Call Trace:
 [<c135c035>] ? schedule+0x445/0x600
 [<c135c2cd>] ? _cond_resched+0x2d/0x50
 [<c108255f>] ? unmap_vmas+0x6df/0x850
 [<c118fba2>] ? vsnprintf+0x2e2/0x420
 [<c10846f5>] ? exit_mmap+0xb5/0x160
 [<c102e1ae>] ? mmput+0x1e/0xa0
 [<c1031d02>] ? exit_mm+0xd2/0x100
 [<c1048bf2>] ? hrtimer_try_to_cancel+0x32/0x70
 [<c105b992>] ? acct_collect+0x82/0x160
 [<c103392c>] ? do_exit+0x66c/0x6e0
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1005d06>] ? oops_end+0x66/0x90
 [<c10035ff>] ? do_invalid_op+0x7f/0x90
 [<c108b178>] ? vm_unmap_ram+0x108/0x140
 [<c135c525>] ? schedule_timeout+0x145/0x190
 [<c135e81a>] ? error_code+0x66/0x6c
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c108b178>] ? vm_unmap_ram+0x108/0x140
 [<f97571c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f973dd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9748a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f975e5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a971d>] ? invalidate_inodes+0xfd/0x120
 [<c1098813>] ? generic_shutdown_super+0x43/0xc0
 [<c10988b2>] ? kill_block_super+0x22/0x40
 [<c1097b15>] ? deactivate_locked_super+0x35/0x50
 [<c10aca0a>] ? sys_umount+0x6a/0x370
 [<c10acd27>] ? sys_oldumount+0x17/0x20
 [<c135e231>] ? syscall_call+0x7/0xb
Comment 4 Dave Chinner 2011-01-27 01:03:33 UTC
(In reply to comment #3)
> Yes, you're right. It happens on unmounting operation.
> 
> Here's how i reproduce it. On vanilla 2.6.35.10
> 
> - compile it with the following config. 
>   http://pastebin.com/YuYAtSvw. Ignore the BFS. This is vanilla.
> - format a usb flash disk as xfs. mkfs -f /dev/flash_disk.
> - mount it as read-write (mount -w), then copy a text file. No problem.
>   OR
>   mount it as read-only (mount -r). No problem.
> - unmount it. Segmentation fault. here's the error :
> 
> XFS: unknown mount option [gid].
> XFS: unknown mount option [gid].
> XFS mounting filesystem sdc1
> Ending clean XFS mount for filesystem: sdc1
> ------------[ cut here ]------------
> kernel BUG at mm/vmalloc.c:936!

Can you post the code around this function and line in your source tree so we can see exactly what bug condition is triggering. (please include line numbers)

FWIW, does the bug occur on more recent kernels?

Cheers,

Dave.
Comment 5 amuro_msg 2011-01-29 16:40:31 UTC
So i've reproduced it on kernel 2.6.36.3 and 2.6.37. Both are vanilla.
Using the above config (http://pastebin.com/YuYAtSvw).

Both dmesg reporting the same problem.
2.6.36.3
http://pastebin.com/HFihfCCP

2.6.37
http://pastebin.com/wVHY2vJp

As far i can understand it occurs inside static void vb_free(const void *addr, unsigned long size).

And i think it occurs inside fs/xfs/linux-2.6/xfs_buf.c file.
where vunmap() replace with vm_unmap_ram() and vmap() to vm_map_ram().

Here's the patch (same patch as above) To revert it.
http://pastebin.com/akVNGray

Thanks :).
Comment 6 Dave Chinner 2011-01-29 23:15:13 UTC
(In reply to comment #5)
> So i've reproduced it on kernel 2.6.36.3 and 2.6.37. Both are vanilla.
> Using the above config (http://pastebin.com/YuYAtSvw).
> 
> Both dmesg reporting the same problem.
> 2.6.36.3
> http://pastebin.com/HFihfCCP
> 
> 2.6.37
> http://pastebin.com/wVHY2vJp

You are hitting this:

       BUG_ON(bitmap_allocate_region(vb->dirty_map, offset >> PAGE_SHIFT, order));

Which indicates this is most likely a bug in the vmalloc code, not a bug in the XFS code. I'd reassign the bug to the VM component, but it looks like I can only reassign it to another filesystem (stupid!). So, you'd probably do best to report the 2.6.37 version of this problem to linux-mm@kvack.org and linux-kernel@vger.kernel.org with a pointer to this bugzilla...

Cheers,

Dave.
Comment 7 amuro_msg 2011-01-31 08:15:10 UTC
I am curious, how do you know i hit that BUG_ON.

And if i may ask, before i send e-mail, are you sure this is VM component problem ?
since :
- regressing with that patch fix the problem.
- this problem not occuring on other filesystem i tested, which is ext3, and reiserfs.

Thanks Dave :).
Comment 8 Dave Chinner 2011-01-31 10:24:55 UTC
(In reply to comment #7)
> I am curious, how do you know i hit that BUG_ON.

Because the dmesg output from 2.6.37 you posted has this:

kernel BUG at mm/vmalloc.c:947

As the first line, and I posted line 947 of mm/vmalloc.c from a 2.6.37 kernel. ;)

> And if i may ask, before i send e-mail, are you sure this is VM component
> problem ?
> since :
> - regressing with that patch fix the problem.

Sure - you stopped XFS from using the path in the VM that is falling over.

> - this problem not occuring on other filesystem i tested, which is ext3, and
> reiserfs.

Neither of which use the vm_map_ram() interface, so won't be exercising the problematic code path in the VM....

Cheers,

Dave.
Comment 9 amuro_msg 2011-02-11 06:23:43 UTC
unfortunately, i cannot send e-mail to that addresses. the url to this thread makes the e-mail marked as spam. :(
Comment 10 Dave Chinner 2011-02-14 22:10:05 UTC
(In reply to comment #9)
> unfortunately, i cannot send e-mail to that addresses. the url to this thread
> makes the e-mail marked as spam. :(

bugzilla URLs are posted to those lists all the time, so I don't think that's the reason your email got rejected as spam. Perhaps trying again would be a good idea.
Comment 11 amuro_msg 2011-02-15 16:23:44 UTC
(In reply to comment #10)
> (In reply to comment #9)
> > unfortunately, i cannot send e-mail to that addresses. the url to this
> thread
> > makes the e-mail marked as spam. :(
> 
> bugzilla URLs are posted to those lists all the time, so I don't think that's
> the reason your email got rejected as spam. Perhaps trying again would be a
> good idea.

I've tried twice. No luck.
Here's my message :

kernel oops while unmounting xfs.

here's the link on bugzilla :
bugzilla . kernel . org / show_bug.cgi?id=27002

thanks :)

And here's the error :
<linux-kernel@vger.kernel.org>:
209.132.180.67 failed after I sent the message.
Remote host said: 550 5.7.1 Content-Policy reject msg: The message contains HTML subpart, therefore we consider it SPAM or Outlook Virus.  TEXT/PLAIN is accepted.! BF:<U 0.529618>; S1755568Ab1BKLFW
Comment 12 Dave Chinner 2011-02-15 22:26:50 UTC
(In reply to comment #11)
> (In reply to comment #10)
> > (In reply to comment #9)
> > > unfortunately, i cannot send e-mail to that addresses. the url to this
> thread
> > > makes the e-mail marked as spam. :(
> > 
> > bugzilla URLs are posted to those lists all the time, so I don't think
> that's
> > the reason your email got rejected as spam. Perhaps trying again would be a
> > good idea.
> 
> I've tried twice. No luck.
> Here's my message :
> 
> kernel oops while unmounting xfs.
> 
> here's the link on bugzilla :
> bugzilla . kernel . org / show_bug.cgi?id=27002
> 
> thanks :)
> 
> And here's the error :
> <linux-kernel@vger.kernel.org>:
> 209.132.180.67 failed after I sent the message.
> Remote host said: 550 5.7.1 Content-Policy reject msg: The message contains
> HTML subpart, therefore we consider it SPAM or Outlook Virus.  TEXT/PLAIN is
> accepted.! BF:<U 0.529618>; S1755568Ab1BKLFW

It tells you what the problem is: Turn off html mail encoding and send it as plain text! Also, you might want to change the subject to "kernel oops in vmalloc code' to get the attention of the VM people, otherwise they will ignore it.
Comment 13 Stratos Psomadakis 2011-05-02 12:28:54 UTC
Can you try a 2.6.39-rc kernel? There's a patch included, probably related to your bug [1].

[1] http://www.spinics.net/lists/xfs/msg03913.html
Comment 14 amuro_msg 2011-05-05 22:51:00 UTC
--- On Mon, 5/2/11, bugzilla-daemon@bugzilla.kernel.org <bugzilla-daemon@bugzilla.kernel.org> wrote:

> From: bugzilla-daemon@bugzilla.kernel.org
> <bugzilla-daemon@bugzilla.kernel.org>
> Subject: [Bug 27002] kernel bug when mounting xfs partition
> To: amuro_msg@yahoo.com
> Date: Monday, May 2, 2011, 5:28 AM
> https://bugzilla.kernel.org/show_bug.cgi?id=27002
> 
> 
> Stratos Psomadakis <psomas@ece.ntua.gr>
> changed:
> 
>            What 
>   |Removed           
>          |Added
> ----------------------------------------------------------------------------
>              
>    CC|         
>                
>   |psomas@ece.ntua.gr
> 
> 
> 
> 
> --- Comment #13 from Stratos Psomadakis <psomas@ece.ntua.gr> 
> 2011-05-02 12:28:54 ---
> Can you try a 2.6.39-rc kernel? There's a patch included,
> probably related to
> your bug [1].
> 
> [1] http://www.spinics.net/lists/xfs/msg03913.html
> 
> -- 
> Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You reported the bug.
> 

Alright, i'll try it today or tomorrow. I'll notify you the results.
Thanks :)

Note You need to log in before you can comment on or make changes to this bug.