reproducible xfs/vmap oops
Christoph Hellwig
hch at infradead.org
Tue Feb 3 15:47:11 CST 2009
On Wed, Feb 04, 2009 at 08:42:45AM +1100, Dave Chinner wrote:
> On Tue, Feb 03, 2009 at 04:04:23PM -0500, Christoph Hellwig wrote:
> > [ 3138.799436] XFS mounting filesystem vde
> > [ 3138.813184] va->va_start = 4290777088, va->va_end = 4096
> > [ 3138.834754] tmp->va_start = 4195352576, tmp->va_end = 4196401152
> > [ 3138.846352] ------------[ cut here ]------------
> > [ 3138.850332] kernel BUG at mm/vmalloc.c:298!
> > [ 3138.850332] invalid opcode: 0000 [#1] SMP
> >
> > The first va_end looks suspicious to me..
>
> That is on i386, Christoph? If so, I'd suspect a 32 bit overflow
> as 4290777088 = 0xFFC01000 and va_start/va_end are unsigned longs.
> If we tried to map exactly 4MB the with va_start at 0xFFC01000 we'd
> end up with va_end at 0x100001000 which would wrap to 0x1000 = 4096.
Yeah, this is 32-bit x86. Exactly my thoughts, but just to make sure
the overflow is in vmap and not in XFS I'm running with your checking
patch included now.
More information about the xfs
mailing list