[Bug 27002] kernel bug when mounting xfs partition

[bugzilla-daemon@xxxxxxxxxxxxxxxxxxx]

https://bugzilla.kernel.org/show_bug.cgi?id=27002





--- Comment #3 from amuro_msg@xxxxxxxxx  2011-01-25 15:44:48 ---
Yes, you're right. It happens on unmounting operation.

Here's how i reproduce it. On vanilla 2.6.35.10

- compile it with the following config. 
  http://pastebin.com/YuYAtSvw. Ignore the BFS. This is vanilla.
- format a usb flash disk as xfs. mkfs -f /dev/flash_disk.
- mount it as read-write (mount -w), then copy a text file. No problem.
  OR
  mount it as read-only (mount -r). No problem.
- unmount it. Segmentation fault. here's the error :

XFS: unknown mount option [gid].
XFS: unknown mount option [gid].
XFS mounting filesystem sdc1
Ending clean XFS mount for filesystem: sdc1
------------[ cut here ]------------
kernel BUG at mm/vmalloc.c:936!
invalid opcode: 0000 [#1] PREEMPT SMP 
last sysfs file:
/sys/devices/pci0000:00/0000:00:12.2/usb1/1-3/1-3.2/1-3.2:1.0/host6/target6:0:0/6:0:0:0/vendor
Modules linked in: xfs exportfs snd_seq_midi snd_seq_midi_event snd_seq
snd_pcm_oss snd_mixer_oss snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus
snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep

Pid: 1059, comm: umount Not tainted 2.6.35.10 #1 M4A88TD-V EVO/USB3/System
Product Name
EIP: 0060:[<c108b178>] EFLAGS: 00010286 CPU: 2
EIP is at vm_unmap_ram+0x108/0x140
EAX: fffffff0 EBX: 00000003 ECX: f6c5b1c4 EDX: 00000000
ESI: f6c5b180 EDI: f98bb000 EBP: f65c6bc0 ESP: f6ed9ec4
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process umount (pid: 1059, ti=f6ed8000 task=f6a087f0 task.ti=f6ed8000)
Stack:
 f6b8d5c0 00000003 f6c5b480 f97571c9 f6c5b480 00000003 f973dd1b f6fecc00
<0> f7637600 f6a087f0 f741d958 f9748a18 f6ed9ef0 f6fecc00 00000000 00000000
<0> f6fecc00 f975e5e7 c10a971d f763766c 00000001 00000001 f6ed9f1c f6ed9f1c
Call Trace:
 [<f97571c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f973dd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9748a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f975e5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a971d>] ? invalidate_inodes+0xfd/0x120
 [<c1098813>] ? generic_shutdown_super+0x43/0xc0
 [<c10988b2>] ? kill_block_super+0x22/0x40
 [<c1097b15>] ? deactivate_locked_super+0x35/0x50
 [<c10aca0a>] ? sys_umount+0x6a/0x370
 [<c10acd27>] ? sys_oldumount+0x17/0x20
 [<c135e231>] ? syscall_call+0x7/0xb
Code: 46 10 74 0f 89 f0 5b 5e 5f e9 25 2d 2d 00 90 8d 74 26 00 8b 4e 0c 85 c9
75 3e 89 f0 e8 12 2d 2d 00 89 f0 5b 5e 5f e9 28 e8 ff ff <0f> 0b eb fe 0f 0b eb
fe 0f 0b eb fe e8 67 ea ff ff 85 c0 74 1c 
EIP: [<c108b178>] vm_unmap_ram+0x108/0x140 SS:ESP 0068:f6ed9ec4
---[ end trace ab0eadcecf2ad707 ]---
------------[ cut here ]------------
WARNING: at kernel/exit.c:896 do_exit+0x6b9/0x6e0()
Hardware name: System Product Name
Modules linked in: xfs exportfs snd_seq_midi snd_seq_midi_event snd_seq
snd_pcm_oss snd_mixer_oss snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus
snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep
Pid: 1059, comm: umount Tainted: G      D     2.6.35.10 #1
Call Trace:
 [<c1030178>] ? warn_slowpath_common+0x78/0xb0
 [<c1033979>] ? do_exit+0x6b9/0x6e0
 [<c1033979>] ? do_exit+0x6b9/0x6e0
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c10301cb>] ? warn_slowpath_null+0x1b/0x20
 [<c1033979>] ? do_exit+0x6b9/0x6e0
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1030f97>] ? kmsg_dump+0x67/0x110
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c135b833>] ? printk+0x17/0x1a
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1005d06>] ? oops_end+0x66/0x90
 [<c10035ff>] ? do_invalid_op+0x7f/0x90
 [<c108b178>] ? vm_unmap_ram+0x108/0x140
 [<c135c525>] ? schedule_timeout+0x145/0x190
 [<c135e81a>] ? error_code+0x66/0x6c
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c108b178>] ? vm_unmap_ram+0x108/0x140
 [<f97571c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f973dd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9748a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f975e5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a971d>] ? invalidate_inodes+0xfd/0x120
 [<c1098813>] ? generic_shutdown_super+0x43/0xc0
 [<c10988b2>] ? kill_block_super+0x22/0x40
 [<c1097b15>] ? deactivate_locked_super+0x35/0x50
 [<c10aca0a>] ? sys_umount+0x6a/0x370
 [<c10acd27>] ? sys_oldumount+0x17/0x20
 [<c135e231>] ? syscall_call+0x7/0xb
---[ end trace ab0eadcecf2ad708 ]---
note: umount[1059] exited with preempt_count 1
BUG: scheduling while atomic: umount/1059/0x10000002
Modules linked in: xfs exportfs snd_seq_midi snd_seq_midi_event snd_seq
snd_pcm_oss snd_mixer_oss snd_emu10k1 snd_rawmidi snd_ac97_codec ac97_bus
snd_pcm snd_seq_device snd_timer snd_page_alloc snd_util_mem snd_hwdep
Pid: 1059, comm: umount Tainted: G      D W   2.6.35.10 #1
Call Trace:
 [<c135c035>] ? schedule+0x445/0x600
 [<c135c2cd>] ? _cond_resched+0x2d/0x50
 [<c108255f>] ? unmap_vmas+0x6df/0x850
 [<c118fba2>] ? vsnprintf+0x2e2/0x420
 [<c10846f5>] ? exit_mmap+0xb5/0x160
 [<c102e1ae>] ? mmput+0x1e/0xa0
 [<c1031d02>] ? exit_mm+0xd2/0x100
 [<c1048bf2>] ? hrtimer_try_to_cancel+0x32/0x70
 [<c105b992>] ? acct_collect+0x82/0x160
 [<c103392c>] ? do_exit+0x66c/0x6e0
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c1005d06>] ? oops_end+0x66/0x90
 [<c10035ff>] ? do_invalid_op+0x7f/0x90
 [<c108b178>] ? vm_unmap_ram+0x108/0x140
 [<c135c525>] ? schedule_timeout+0x145/0x190
 [<c135e81a>] ? error_code+0x66/0x6c
 [<c1003580>] ? do_invalid_op+0x0/0x90
 [<c108b178>] ? vm_unmap_ram+0x108/0x140
 [<f97571c9>] ? xfs_buf_free+0x69/0x70 [xfs]
 [<f973dd1b>] ? xlog_dealloc_log+0x2b/0x60 [xfs]
 [<f9748a18>] ? xfs_unmountfs+0xd8/0x110 [xfs]
 [<f975e5e7>] ? xfs_fs_put_super+0xe7/0x140 [xfs]
 [<c10a971d>] ? invalidate_inodes+0xfd/0x120
 [<c1098813>] ? generic_shutdown_super+0x43/0xc0
 [<c10988b2>] ? kill_block_super+0x22/0x40
 [<c1097b15>] ? deactivate_locked_super+0x35/0x50
 [<c10aca0a>] ? sys_umount+0x6a/0x370
 [<c10acd27>] ? sys_oldumount+0x17/0x20
 [<c135e231>] ? syscall_call+0x7/0xb

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.