xfs
[Top] [All Lists]

Re: reproducible xfs/vmap oops

To: Christoph Hellwig <hch@xxxxxxxxxxxxx>, Nick Piggin <nickpiggin@xxxxxxxxxxxx>, xfs@xxxxxxxxxxx
Subject: Re: reproducible xfs/vmap oops
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Tue, 3 Feb 2009 16:47:11 -0500
In-reply-to: <20090203214245.GJ24173@disturbed>
References: <20090201081224.GA22398@xxxxxxxxxxxxx> <20090201161458.GA5930@xxxxxxxxxxxxx> <20090203155147.GB21278@xxxxxxxxxxxxx> <200902040303.13933.nickpiggin@xxxxxxxxxxxx> <20090203160515.GA30986@xxxxxxxxxxxxx> <20090203184409.GA22204@xxxxxxxxxxxxx> <20090203210423.GA26628@xxxxxxxxxxxxx> <20090203214245.GJ24173@disturbed>
User-agent: Mutt/1.5.18 (2008-05-17)
On Wed, Feb 04, 2009 at 08:42:45AM +1100, Dave Chinner wrote:
> On Tue, Feb 03, 2009 at 04:04:23PM -0500, Christoph Hellwig wrote:
> > [ 3138.799436] XFS mounting filesystem vde
> > [ 3138.813184] va->va_start = 4290777088, va->va_end = 4096
> > [ 3138.834754] tmp->va_start = 4195352576, tmp->va_end = 4196401152
> > [ 3138.846352] ------------[ cut here ]------------
> > [ 3138.850332] kernel BUG at mm/vmalloc.c:298!
> > [ 3138.850332] invalid opcode: 0000 [#1] SMP 
> > 
> > The first va_end looks suspicious to me..
> 
> That is on i386, Christoph? If so, I'd suspect a 32 bit overflow
> as 4290777088 = 0xFFC01000 and va_start/va_end are unsigned longs.
> If we tried to map exactly 4MB the with va_start at 0xFFC01000 we'd
> end up with va_end at 0x100001000 which would wrap to 0x1000 = 4096.

Yeah, this is 32-bit x86.  Exactly my thoughts, but just to make sure
the overflow is in vmap and not in XFS I'm running with your checking
patch included now.

<Prev in Thread] Current Thread [Next in Thread>