reproducible xfs/vmap oops
Christoph Hellwig
hch at infradead.org
Tue Feb 3 16:08:09 CST 2009
On Tue, Feb 03, 2009 at 04:47:11PM -0500, Christoph Hellwig wrote:
> On Wed, Feb 04, 2009 at 08:42:45AM +1100, Dave Chinner wrote:
> > On Tue, Feb 03, 2009 at 04:04:23PM -0500, Christoph Hellwig wrote:
> > > [ 3138.799436] XFS mounting filesystem vde
> > > [ 3138.813184] va->va_start = 4290777088, va->va_end = 4096
> > > [ 3138.834754] tmp->va_start = 4195352576, tmp->va_end = 4196401152
> > > [ 3138.846352] ------------[ cut here ]------------
> > > [ 3138.850332] kernel BUG at mm/vmalloc.c:298!
> > > [ 3138.850332] invalid opcode: 0000 [#1] SMP
> > >
> > > The first va_end looks suspicious to me..
> >
> > That is on i386, Christoph? If so, I'd suspect a 32 bit overflow
> > as 4290777088 = 0xFFC01000 and va_start/va_end are unsigned longs.
> > If we tried to map exactly 4MB the with va_start at 0xFFC01000 we'd
> > end up with va_end at 0x100001000 which would wrap to 0x1000 = 4096.
>
> Yeah, this is 32-bit x86. Exactly my thoughts, but just to make sure
> the overflow is in vmap and not in XFS I'm running with your checking
> patch included now.
Nope, your check doesn't trigger. Looks like it's indeed in vmap.
More information about the xfs
mailing list