[xfs-masters] Possible XFS bug on 2.6.11.5

[Sheshka Alexey <sheshka.a@xxxxxxxxxxxx>]

Hi!

I've got 100% reproduceble on my system (Toshiba A75) Oops on 2.6.11.5 
(2.6.11 with same options works fine)
Olso 2.6.11.5 works fine while xfs volumes are in RO mode.
-----------------------------------------------------------------------------------------------------------



------------------------------------------------------------------------------------------------------------
ksymoops 2.4.9 on i686 2.6.10-1-686-smp. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.6.11.5/ (specified)
-m /boot/System.map-2.6.11.5 (specified)

Error (regular_file): read_ksyms stat /proc/ksyms failed
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
Unable to handle kernel NULL pointer dereference at virtual address 00000a00
c023057a
*pde = 00000000
Oops: 0000 [#1]
CPU: 0
EIP: 0060:[<c023057a>] Not tainted VLI
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010292 (2.6.11.5)
eax: 00000006 ebx: c15fad80 ecx: 00000000 edx: c1386d20
esi: c15fad80 edi: 00000003 ebp: 000009b8 esp: dbce7d98
ds: 007b es: 007b ss: 0068
Stack: dbcc3c2c dbcc3c2c dbce7df8 dbce7e00 c023f0cc c15fadb8 dbcc3c2c 
dbbbc41c
00000009 dbce7df8 00000000 00000008 00000000 c014f3b6 dbcc3c2c dbcc3c4c
00000008 c1602080 db860170 00000000 db933334 c014f540 00000000 c15fad80
Call Trace:
[<c023f0cc>] xfs_dir_lookup_int+0x4c/0x130
[<c014f3b6>] do_anonymous_page+0x46/0x170
[<c014f540>] do_no_page+0x60/0x2e0
[<c022d41c>] xfs_log_force+0x5c/0x90
[<c0241329>] xfs_syncsub+0x49/0x310
[<c02409e5>] xfs_sync+0x25/0x30
[<c0254e33>] vfs_sync+0x43/0x50
[<c02546a3>] linvfs_sync_super+0x43/0x110
[<c01822fa>] sync_inodes_sb+0x8a/0xa0
[<c015fdff>] fsync_super+0x8f/0xa0
[<c0165929>] do_remount_sb+0x39/0xe0
[<c017baa2>] do_remount+0x92/0xd0
[<c017c477>] do_mount+0x197/0x1b0
[<c017c283>] copy_mount_options+0x63/0xc0
[<c017c82f>] sys_mount+0x9f/0x100
[<c01031f9>] sysenter_past_esp+0x52/0x75
Code: 31 d2 8d 44 08 ff f7 f3 0f af c3 89 47 74 eb 98 90 55 57 56 53 83 
ec 58 8b 5c 24 6c 8d 43 38 89 44 24 14 e8 49 f2 19 00 8b 6b 34 <80> 7d 
48 00 0f 88 d7 00 00 00 0f b7 45 48 66 83 f8 01 0f 84 fe


 >>EIP; c023057a <xlog_state_sync_all+1a/1f0> <=====

 >>ebx; c15fad80 <pg0+10c4d80/3fac8400>
 >>edx; c1386d20 <pg0+e50d20/3fac8400>
 >>esi; c15fad80 <pg0+10c4d80/3fac8400>
 >>esp; dbce7d98 <pg0+1b7b1d98/3fac8400>

Trace; c023f0cc <xfs_dir_lookup_int+4c/130>
Trace; c014f3b6 <do_anonymous_page+46/170>
Trace; c014f540 <do_no_page+60/2e0>
Trace; c022d41c <xfs_log_force+5c/90>
Trace; c0241329 <xfs_syncsub+49/310>
Trace; c02409e5 <xfs_sync+25/30>
Trace; c0254e33 <vfs_sync+43/50>
Trace; c02546a3 <linvfs_sync_super+43/110>
Trace; c01822fa <sync_inodes_sb+8a/a0>
Trace; c015fdff <fsync_super+8f/a0>
Trace; c0165929 <do_remount_sb+39/e0>
Trace; c017baa2 <do_remount+92/d0>
Trace; c017c477 <do_mount+197/1b0>
Trace; c017c283 <copy_mount_options+63/c0>
Trace; c017c82f <sys_mount+9f/100>
Trace; c01031f9 <sysenter_past_esp+52/75>

This architecture has variable length instructions, decoding before eip
is unreliable, take these instructions with a pinch of salt.

Code; c023054f <xlog_state_switch_iclogs+df/f0>
00000000 <_EIP>:
Code; c023054f <xlog_state_switch_iclogs+df/f0>
0: 31 d2 xor %edx,%edx
Code; c0230551 <xlog_state_switch_iclogs+e1/f0>
2: 8d 44 08 ff lea 0xffffffff(%eax,%ecx,1),%eax
Code; c0230555 <xlog_state_switch_iclogs+e5/f0>
6: f7 f3 div %ebx
Code; c0230557 <xlog_state_switch_iclogs+e7/f0>
8: 0f af c3 imul %ebx,%eax
Code; c023055a <xlog_state_switch_iclogs+ea/f0>
b: 89 47 74 mov %eax,0x74(%edi)
Code; c023055d <xlog_state_switch_iclogs+ed/f0>
e: eb 98 jmp ffffffa8 <_EIP+0xffffffa8>
Code; c023055f <xlog_state_switch_iclogs+ef/f0>
10: 90 nop
Code; c0230560 <xlog_state_sync_all+0/1f0>
11: 55 push %ebp
Code; c0230561 <xlog_state_sync_all+1/1f0>
12: 57 push %edi
Code; c0230562 <xlog_state_sync_all+2/1f0>
13: 56 push %esi
Code; c0230563 <xlog_state_sync_all+3/1f0>
14: 53 push %ebx
Code; c0230564 <xlog_state_sync_all+4/1f0>
15: 83 ec 58 sub $0x58,%esp
Code; c0230567 <xlog_state_sync_all+7/1f0>
18: 8b 5c 24 6c mov 0x6c(%esp),%ebx
Code; c023056b <xlog_state_sync_all+b/1f0>
1c: 8d 43 38 lea 0x38(%ebx),%eax
Code; c023056e <xlog_state_sync_all+e/1f0>
1f: 89 44 24 14 mov %eax,0x14(%esp)
Code; c0230572 <xlog_state_sync_all+12/1f0>
23: e8 49 f2 19 00 call 19f271 <_EIP+0x19f271>
Code; c0230577 <xlog_state_sync_all+17/1f0>
28: 8b 6b 34 mov 0x34(%ebx),%ebp

This decode from eip onwards should be reliable

Code; c023057a <xlog_state_sync_all+1a/1f0>
00000000 <_EIP>:
Code; c023057a <xlog_state_sync_all+1a/1f0> <=====
0: 80 7d 48 00 cmpb $0x0,0x48(%ebp) <=====
Code; c023057e <xlog_state_sync_all+1e/1f0>
4: 0f 88 d7 00 00 00 js e1 <_EIP+0xe1>
Code; c0230584 <xlog_state_sync_all+24/1f0>
a: 0f b7 45 48 movzwl 0x48(%ebp),%eax
Code; c0230588 <xlog_state_sync_all+28/1f0>
e: 66 83 f8 01 cmp $0x1,%ax
Code; c023058c <xlog_state_sync_all+2c/1f0>
12: 0f .byte 0xf
Code; c023058d <xlog_state_sync_all+2d/1f0>
13: 84 fe test %bh,%dh


1 error issued. Results may not be reliable.

-- 
С уважением,
Шешко Алексей | help@xxxxxxxxxxxx
----------------------------------------
"Экстмедиа", интернет-решения
http://www.extmedia.com
Минск, Клары Цеткин 18-114,
тел./факс 200-50-71