lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130311132717.GD29799@quack.suse.cz>
Date:	Mon, 11 Mar 2013 14:27:17 +0100
From:	Jan Kara <jack@...e.cz>
To:	Zheng Liu <gnehzuil.liu@...il.com>
Cc:	Jan Kara <jack@...e.cz>, linux-ext4@...r.kernel.org
Subject: Re: [BUG][data=journal] general protection fault is hitted when we
 run xfstests #074

On Fri 08-03-13 20:55:45, Zheng Liu wrote:
> On Thu, Mar 07, 2013 at 01:26:38PM +0100, Jan Kara wrote:
> > On Thu 07-03-13 20:20:19, Zheng Liu wrote:
> > > Hi all,
> > > 
> > > This bug can be hitted in 3.8 kernel, and it doesn't be fixed in dev
> > > branch.  When #074 runs in a ext4 file system with '-o data=journal', I
> > > will get a general protection fault in my sand box.  I need to run
> > > several times to hit this bug.
> > > 
> > > My sand box is a Dell Desktop with a Intel(R) Core(TM)2 Duo CPU E8400
> > > @ 3.00GHz, 4G memory, a 160G HDD and a Intel SSD.  The test runs against
> > > SSD.
> > > 
> > > The messages from dmesg:
> > > 
> > > wenqing: run xfstest 074
> > > kernel: EXT4-fs (sda1): mounted filesystem with journalled data mode.
> > > Opts: acl,user_xattr,data=journal
> > > kernel: EXT4-fs (sda1): mounted filesystem with journalled data mode.
> > > Opts: acl,user_xattr,data=journal
> > > kernel: EXT4-fs (sda1): mounted filesystem with journalled data mode.
> > > Opts: acl,user_xattr,data=journal
> > > kernel: EXT4-fs (sda1): mounted filesystem with journalled data mode.
> > > Opts: acl,user_xattr,data=journal
> > > kernel: general protection fault: 0000 [#1] SMP 
> > > kernel: Modules linked in: ext4 jbd2 crc16 cpufreq_ondemand ipv6
> > > dm_mirror dm_region_hash dm_log dm_mod parport_pc parport dcdbas
> > > acpi_cpufreq mperf sg button pcspkr serio_raw i2c_i801 i2c_core ehci_pci
> > > ehci_hcd e1000e ext3 jbd sd_mod ahci libahci libata scsi_mod uhci_hcd
> > > kernel: CPU 1 
> > > kernel: Pid: 2786, comm: flush-8:0 Not tainted 3.8.0 #1 Dell Inc.
> > > OptiPlex 780                 /0V4W66
> > > kernel: RIP: 0010:[<ffffffffa01da0a0>]  [<ffffffffa01da0a0>]
> > > jbd2_journal_dirty_metadata+0x147/0x211 [jbd2]
> > > kernel: RSP: 0000:ffff880107a93868  EFLAGS: 00010206
> > > kernel: RAX: 0000000000000000 RBX: ffff88010a674540 RCX: 5c5c5c5c5c5c5c5c
> > > kernel: RDX: 000000000034402d RSI: ffff88010a674540 RDI: ffff880105bd6ca0
> > > kernel: RBP: ffff880107a938b8 R08: 0000000000000000 R09: 0000000000000000
> > > kernel: R10: ffff880105bd6ca0 R11: 000000000000000c R12: ffff88008e4ee518
> > > kernel: R13: ffff8801114fb800 R14: ffff880105bd6ca0 R15: ffff88010a658c80
> > > kernel: FS:  0000000000000000(0000) GS:ffff880117c40000(0000)
> > > knlGS:0000000000000000
> > > kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> > > kernel: CR2: 00007f60256a5000 CR3: 0000000117834000 CR4: 00000000000407e0
> > > kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > > kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> > > kernel: Process flush-8:0 (pid: 2786, threadinfo ffff880107a92000, task
> > > ffff880112cde6b0)
> > > kernel: Stack:
> > > kernel: ffff880105bd6ca0 0000000000001000 ffff880107a938a8 ffffffffa01da6de
> > > kernel: ffff8801114fb868 0000000000000000 00000000000003bf ffffffffa023f0e0
> > > kernel: ffff88010a674540 0000000000001000 ffff880107a938f8 ffffffffa022bb07
> > > kernel: Call Trace:
> > > kernel: [<ffffffffa01da6de>] ? jbd2_journal_get_write_access+0x36/0x40 [jbd2]
> > > kernel: [<ffffffffa022bb07>] __ext4_handle_dirty_metadata+0xd7/0xe6 [ext4]
> > > kernel: [<ffffffffa01ff4a5>] write_end_fn+0x37/0x3d [ext4]
> > > kernel: [<ffffffffa01ff167>] ext4_walk_page_buffers+0x65/0x9b [ext4]
> > > kernel: [<ffffffffa01ff46e>] ? ext4_nonda_switch+0xbd/0xbd [ext4]
> > > kernel: [<ffffffffa0203367>] __ext4_journalled_writepage+0x156/0x1ee [ext4]
> > > kernel: [<ffffffffa0203c10>] ext4_writepage+0x1b8/0x20d [ext4]
> > > kernel: [<ffffffff820b7ab4>] __writepage+0x17/0x30
> > > kernel: [<ffffffff820b8554>] write_cache_pages+0x276/0x37f
> > > kernel: [<ffffffff820b7a9d>] ? set_page_dirty+0x64/0x64
> > > kernel: [<ffffffff820b86a2>] generic_writepages+0x45/0x5c
> > > kernel: [<ffffffff820b86e0>] do_writepages+0x27/0x29
> > > kernel: [<ffffffff8210fc93>] __writeback_single_inode+0x48/0x119
> > > kernel: [<ffffffff82110e7c>] writeback_sb_inodes+0x1ec/0x2fd
> > > kernel: [<ffffffff82110fff>] __writeback_inodes_wb+0x72/0xb0
> > > kernel: [<ffffffff821111ee>] wb_writeback+0x13e/0x230
> > > kernel: [<ffffffff820b8dae>] ? global_dirty_limits+0x36/0x134
> > > kernel: [<ffffffff821114aa>] wb_do_writeback+0x1ca/0x1ea
> > > kernel: [<ffffffff8211158c>] bdi_writeback_thread+0xc2/0x1e2
> > > kernel: [<ffffffff821114ca>] ? wb_do_writeback+0x1ea/0x1ea
> > > kernel: [<ffffffff821114ca>] ? wb_do_writeback+0x1ea/0x1ea
> > > kernel: [<ffffffff8204eadf>] kthread+0xb5/0xbd
> > > kernel: [<ffffffff8204ea2a>] ? kthread_freezable_should_stop+0x65/0x65
> > > kernel: [<ffffffff8238689c>] ret_from_fork+0x7c/0xb0
> > > kernel: [<ffffffff8204ea2a>] ? kthread_freezable_should_stop+0x65/0x65
> > > kernel: Code: 08 49 8b 4c 24 28 4c 39 f9 0f 84 81 00 00 00 4d 8b 4d 58 31 c0
> > > 4c 39 c9 74 36 4d 85 c9 74 04 41 8b 41 08 45 31 c0 48 85 c9 74 04 <44> 8b 41
> > > 08 48 8b 53 18 49 8d b5 58 03 00 00 89 04 24 48 c7 c7 
> > > kernel: RIP  [<ffffffffa01da0a0>] jbd2_journal_dirty_metadata+0x147/0x211 [jbd2]
> > > kernel: RSP <ffff880107a93868>
> > > kernel: ---[ end trace d8e02cf12f9b2b79 ]---
> >   Hum, clearly we hit some poison value (RCX which was dereferenced was
> > 0x5c5c5c5c5c5c5c5c). Can you post full disassembly of
> > jbd2_journal_dirty_metadata()? I was trying to match decoded 'Code' section
> > with the C code but I failed...
> 
> Sorry for the delay.  Here is the result that I use 'objdump -r -S -l
> --disassemble fs/jbd2/jbd2.ko' to generate.  Hope it's useful for you.
> 
> Sorry I don't have time to look at it carefully.  Please let me know if
> you need some details.
  Thanks for the debug data. So we oops on dereferencing jh->b_transaction
because it is 0x5c5c5c5c5c5c5c5c which is JBD2_POISON_FREE. So clearly the
journal head we have has been freed. Not sure yet how that can happen
though.

								Honza

> 0000000000000f59 <jbd2_journal_dirty_metadata>:
> jbd2_journal_dirty_metadata():
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1101
>  * data present for that commit).  In that case, we don't relink the
>  * buffer: that only gets done when the old transaction finally
>  * completes its commit.
>  */
> int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh)
> {
>      f59:	55                   	push   %rbp
>      f5a:	48 89 e5             	mov    %rsp,%rbp
>      f5d:	41 57                	push   %r15
>      f5f:	41 56                	push   %r14
>      f61:	41 55                	push   %r13
>      f63:	41 54                	push   %r12
>      f65:	53                   	push   %rbx
>      f66:	48 83 ec 28          	sub    $0x28,%rsp
>      f6a:	e8 00 00 00 00       	callq  f6f <jbd2_journal_dirty_metadata+0x16>
> 			f6b: R_X86_64_PC32	mcount-0x4
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1107
> 	transaction_t *transaction = handle->h_transaction;
> 	journal_t *journal = transaction->t_journal;
> 	struct journal_head *jh = bh2jh(bh);
> 	int ret = 0;
> 
> 	jbd_debug(5, "journal_head %p\n", jh);
>      f6f:	80 3d 00 00 00 00 04 	cmpb   $0x4,0x0(%rip)        # f76 <jbd2_journal_dirty_metadata+0x1d>
> 			f71: R_X86_64_PC32	jbd2_journal_enable_debug-0x5
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1102
>  * buffer: that only gets done when the old transaction finally
>  * completes its commit.
>  */
> int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh)
> {
> 	transaction_t *transaction = handle->h_transaction;
>      f76:	4c 8b 3f             	mov    (%rdi),%r15
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1101
>  * data present for that commit).  In that case, we don't relink the
>  * buffer: that only gets done when the old transaction finally
>  * completes its commit.
>  */
> int jbd2_journal_dirty_metadata(handle_t *handle, struct buffer_head *bh)
> {
>      f79:	49 89 fe             	mov    %rdi,%r14
>      f7c:	48 89 f3             	mov    %rsi,%rbx
> bh2jh():
> /home/wenqing/projects/linux/include/linux/jbd_common.h:37
>      f7f:	4c 8b 66 40          	mov    0x40(%rsi),%r12
> jbd2_journal_dirty_metadata():
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1103
> 	transaction_t *transaction = handle->h_transaction;
> 	journal_t *journal = transaction->t_journal;
>      f83:	4d 8b 2f             	mov    (%r15),%r13
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1107
> 	struct journal_head *jh = bh2jh(bh);
> 	int ret = 0;
> 
> 	jbd_debug(5, "journal_head %p\n", jh);
>      f86:	76 32                	jbe    fba <jbd2_journal_dirty_metadata+0x61>
>      f88:	48 c7 c6 00 00 00 00 	mov    $0x0,%rsi
> 			f8b: R_X86_64_32S	.rodata.str1.1
>      f8f:	48 c7 c7 00 00 00 00 	mov    $0x0,%rdi
> 			f92: R_X86_64_32S	.rodata.str1.1+0x16
>      f96:	48 c7 c1 00 00 00 00 	mov    $0x0,%rcx
> 			f99: R_X86_64_32S	.rodata+0xc0
>      f9d:	ba 53 04 00 00       	mov    $0x453,%edx
>      fa2:	31 c0                	xor    %eax,%eax
>      fa4:	e8 00 00 00 00       	callq  fa9 <jbd2_journal_dirty_metadata+0x50>
> 			fa5: R_X86_64_PC32	printk-0x4
>      fa9:	4c 89 e6             	mov    %r12,%rsi
>      fac:	48 c7 c7 00 00 00 00 	mov    $0x0,%rdi
> 			faf: R_X86_64_32S	.rodata.str1.1+0x178
>      fb3:	31 c0                	xor    %eax,%eax
>      fb5:	e8 00 00 00 00       	callq  fba <jbd2_journal_dirty_metadata+0x61>
> 			fb6: R_X86_64_PC32	printk-0x4
> is_handle_aborted():
> /home/wenqing/projects/linux/include/linux/jbd2.h:1246
> 	return journal->j_flags & JBD2_ABORT;
> }
> 
> static inline int is_handle_aborted(handle_t *handle)
> {
> 	if (handle->h_aborted)
>      fba:	41 f6 46 14 04       	testb  $0x4,0x14(%r14)
>      fbf:	0f 85 94 01 00 00    	jne    1159 <jbd2_journal_dirty_metadata+0x200>
> /home/wenqing/projects/linux/include/linux/jbd2.h:1248
> 		return 1;
> 	return is_journal_aborted(handle->h_transaction->t_journal);
>      fc5:	49 8b 06             	mov    (%r14),%rax
> is_journal_aborted():
> /home/wenqing/projects/linux/include/linux/jbd2.h:1241
>  * transactions.
>  */
> 
> static inline int is_journal_aborted(journal_t *journal)
> {
> 	return journal->j_flags & JBD2_ABORT;
>      fc8:	48 8b 00             	mov    (%rax),%rax
> jbd2_journal_dirty_metadata():
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1109
> 	JBUFFER_TRACE(jh, "entry");
> 	if (is_handle_aborted(handle))
>      fcb:	f6 00 02             	testb  $0x2,(%rax)
>      fce:	0f 85 85 01 00 00    	jne    1159 <jbd2_journal_dirty_metadata+0x200>
> constant_test_bit():
> /home/wenqing/projects/linux/arch/x86/include/asm/bitops.h:321
> }
> 
> static __always_inline int constant_test_bit(unsigned int nr, const volatile unsigned long *addr)
> {
> 	return ((1UL << (nr % BITS_PER_LONG)) &
> 		(addr[nr / BITS_PER_LONG])) != 0;
>      fd4:	48 8b 13             	mov    (%rbx),%rdx
> jbd2_journal_dirty_metadata():
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1111
> 		goto out;
> 	if (!buffer_jbd(bh)) {
>      fd7:	b8 8b ff ff ff       	mov    $0xffffff8b,%eax
>      fdc:	80 e6 40             	and    $0x40,%dh
>      fdf:	0f 84 5b 01 00 00    	je     1140 <jbd2_journal_dirty_metadata+0x1e7>
>      fe5:	eb 0c                	jmp    ff3 <jbd2_journal_dirty_metadata+0x9a>
> rep_nop():
> /home/wenqing/projects/linux/arch/x86/include/asm/processor.h:660
>      fe7:	f3 90                	pause  
> constant_test_bit():
> /home/wenqing/projects/linux/arch/x86/include/asm/bitops.h:321
>      fe9:	48 8b 03             	mov    (%rbx),%rax
> bit_spin_lock():
> /home/wenqing/projects/linux/include/linux/bit_spinlock.h:30
> 		preempt_enable();
> 		do {
> 			cpu_relax();
> 		} while (test_bit(bitnum, addr));
>      fec:	a9 00 00 10 00       	test   $0x100000,%eax
>      ff1:	75 f4                	jne    fe7 <jbd2_journal_dirty_metadata+0x8e>
> test_and_set_bit():
> /home/wenqing/projects/linux/arch/x86/include/asm/bitops.h:201
>  */
> static inline int test_and_set_bit(int nr, volatile unsigned long *addr)
> {
> 	int oldbit;
> 
> 	asm volatile(LOCK_PREFIX "bts %2,%1\n\t"
>      ff3:	f0 0f ba 2b 14       	lock btsl $0x14,(%rbx)
>      ff8:	19 c0                	sbb    %eax,%eax
> bit_spin_lock():
> /home/wenqing/projects/linux/include/linux/bit_spinlock.h:26
> 	 * busywait with less bus contention for a good time to
> 	 * attempt to acquire the lock bit.
> 	 */
> 	preempt_disable();
> #if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)
> 	while (unlikely(test_and_set_bit_lock(bitnum, addr))) {
>      ffa:	85 c0                	test   %eax,%eax
>      ffc:	75 e9                	jne    fe7 <jbd2_journal_dirty_metadata+0x8e>
> jbd2_journal_dirty_metadata():
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1118
> 		goto out;
> 	}
> 
> 	jbd_lock_bh_state(bh);
> 
> 	if (jh->b_modified == 0) {
>      ffe:	41 83 7c 24 10 00    	cmpl   $0x0,0x10(%r12)
>     1004:	75 1b                	jne    1021 <jbd2_journal_dirty_metadata+0xc8>
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1124
> 		/*
> 		 * This buffer's got modified and becoming part
> 		 * of the transaction. This needs to be done
> 		 * once a transaction -bzzz
> 		 */
> 		jh->b_modified = 1;
>     1006:	41 c7 44 24 10 01 00 	movl   $0x1,0x10(%r12)
>     100d:	00 00 
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1125
> 		J_ASSERT_JH(jh, handle->h_buffer_credits > 0);
>     100f:	41 8b 46 08          	mov    0x8(%r14),%eax
>     1013:	85 c0                	test   %eax,%eax
>     1015:	7f 04                	jg     101b <jbd2_journal_dirty_metadata+0xc2>
>     1017:	0f 0b                	ud2a   
>     1019:	eb fe                	jmp    1019 <jbd2_journal_dirty_metadata+0xc0>
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1126
> 		handle->h_buffer_credits--;
>     101b:	ff c8                	dec    %eax
>     101d:	41 89 46 08          	mov    %eax,0x8(%r14)
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1136
> 	 * on the running transaction's metadata list there is nothing to do.
> 	 * Nobody can take it off again because there is a handle open.
> 	 * I _think_ we're OK here with SMP barriers - a mistaken decision will
> 	 * result in this test being false, so we go in and take the locks.
> 	 */
> 	if (jh->b_transaction == transaction && jh->b_jlist == BJ_Metadata) {
>     1021:	49 8b 4c 24 28       	mov    0x28(%r12),%rcx
>     1026:	4c 39 f9             	cmp    %r15,%rcx
>     1029:	75 46                	jne    1071 <jbd2_journal_dirty_metadata+0x118>
>     102b:	41 83 7c 24 0c 01    	cmpl   $0x1,0xc(%r12)
>     1031:	75 3e                	jne    1071 <jbd2_journal_dirty_metadata+0x118>
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1138
> 		JBUFFER_TRACE(jh, "fastpath");
> 		if (unlikely(jh->b_transaction !=
>     1033:	4d 8b 4d 50          	mov    0x50(%r13),%r9
>     1037:	31 c0                	xor    %eax,%eax
>     1039:	4d 39 cf             	cmp    %r9,%r15
>     103c:	0f 84 f5 00 00 00    	je     1137 <jbd2_journal_dirty_metadata+0x1de>
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1140
> 			     journal->j_running_transaction)) {
> 			printk(KERN_EMERG "JBD: %s: "
>     1042:	4d 85 c9             	test   %r9,%r9
>     1045:	74 04                	je     104b <jbd2_journal_dirty_metadata+0xf2>
>     1047:	41 8b 41 08          	mov    0x8(%r9),%eax
>     104b:	45 31 c0             	xor    %r8d,%r8d
>     104e:	48 85 c9             	test   %rcx,%rcx
>     1051:	74 04                	je     1057 <jbd2_journal_dirty_metadata+0xfe>
>     1053:	44 8b 41 08          	mov    0x8(%rcx),%r8d
>     1057:	48 8b 53 18          	mov    0x18(%rbx),%rdx
>     105b:	49 8d b5 58 03 00 00 	lea    0x358(%r13),%rsi
>     1062:	89 04 24             	mov    %eax,(%rsp)
>     1065:	48 c7 c7 00 00 00 00 	mov    $0x0,%rdi
> 			1068: R_X86_64_32S	.rodata.str1.1+0x189
>     106c:	e9 86 00 00 00       	jmpq   10f7 <jbd2_journal_dirty_metadata+0x19e>
> set_bit():
> /home/wenqing/projects/linux/arch/x86/include/asm/bitops.h:65
>  */
> static __always_inline void
> set_bit(unsigned int nr, volatile unsigned long *addr)
> {
> 	if (IS_IMMEDIATE(nr)) {
> 		asm volatile(LOCK_PREFIX "orb %1,%0"
>     1071:	f0 80 4b 02 08       	lock orb $0x8,0x2(%rbx)
> jbd2_journal_dirty_metadata():
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1163
> 	 * Metadata already on the current transaction list doesn't
> 	 * need to be filed.  Metadata on another transaction's list must
> 	 * be committing, and will be refiled once the commit completes:
> 	 * leave it alone for now.
> 	 */
> 	if (jh->b_transaction != transaction) {
>     1076:	49 8b 4c 24 28       	mov    0x28(%r12),%rcx
>     107b:	4c 39 f9             	cmp    %r15,%rcx
>     107e:	0f 84 81 00 00 00    	je     1105 <jbd2_journal_dirty_metadata+0x1ac>
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1165
> 		JBUFFER_TRACE(jh, "already on other transaction");
> 		if (unlikely(jh->b_transaction !=
>     1084:	4d 8b 4d 58          	mov    0x58(%r13),%r9
>     1088:	31 c0                	xor    %eax,%eax
>     108a:	4c 39 c9             	cmp    %r9,%rcx
>     108d:	74 36                	je     10c5 <jbd2_journal_dirty_metadata+0x16c>
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1167
> 			     journal->j_committing_transaction)) {
> 			printk(KERN_EMERG "JBD: %s: "
>     108f:	4d 85 c9             	test   %r9,%r9
>     1092:	74 04                	je     1098 <jbd2_journal_dirty_metadata+0x13f>
>     1094:	41 8b 41 08          	mov    0x8(%r9),%eax
>     1098:	45 31 c0             	xor    %r8d,%r8d
>     109b:	48 85 c9             	test   %rcx,%rcx
>     109e:	74 04                	je     10a4 <jbd2_journal_dirty_metadata+0x14b>
>     10a0:	44 8b 41 08          	mov    0x8(%rcx),%r8d
>     10a4:	48 8b 53 18          	mov    0x18(%rbx),%rdx
>     10a8:	49 8d b5 58 03 00 00 	lea    0x358(%r13),%rsi
>     10af:	89 04 24             	mov    %eax,(%rsp)
>     10b2:	48 c7 c7 00 00 00 00 	mov    $0x0,%rdi
> 			10b5: R_X86_64_32S	.rodata.str1.1+0x1e0
>     10b9:	31 c0                	xor    %eax,%eax
>     10bb:	e8 00 00 00 00       	callq  10c0 <jbd2_journal_dirty_metadata+0x167>
> 			10bc: R_X86_64_PC32	printk-0x4
>     10c0:	b8 ea ff ff ff       	mov    $0xffffffea,%eax
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1179
> 			       journal->j_committing_transaction,
> 			       journal->j_committing_transaction ?
> 			       journal->j_committing_transaction->t_tid : 0);
> 			ret = -EINVAL;
> 		}
> 		if (unlikely(jh->b_next_transaction != transaction)) {
>     10c5:	49 8b 4c 24 30       	mov    0x30(%r12),%rcx
>     10ca:	4c 39 f9             	cmp    %r15,%rcx
>     10cd:	74 68                	je     1137 <jbd2_journal_dirty_metadata+0x1de>
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1180
> 			printk(KERN_EMERG "JBD: %s: "
>     10cf:	45 31 c0             	xor    %r8d,%r8d
>     10d2:	48 85 c9             	test   %rcx,%rcx
>     10d5:	41 8b 47 08          	mov    0x8(%r15),%eax
>     10d9:	74 04                	je     10df <jbd2_journal_dirty_metadata+0x186>
>     10db:	44 8b 41 08          	mov    0x8(%rcx),%r8d
>     10df:	48 8b 53 18          	mov    0x18(%rbx),%rdx
>     10e3:	49 8d b5 58 03 00 00 	lea    0x358(%r13),%rsi
>     10ea:	89 04 24             	mov    %eax,(%rsp)
>     10ed:	4d 89 f9             	mov    %r15,%r9
>     10f0:	48 c7 c7 00 00 00 00 	mov    $0x0,%rdi
> 			10f3: R_X86_64_32S	.rodata.str1.1+0x23a
>     10f7:	31 c0                	xor    %eax,%eax
>     10f9:	e8 00 00 00 00       	callq  10fe <jbd2_journal_dirty_metadata+0x1a5>
> 			10fa: R_X86_64_PC32	printk-0x4
>     10fe:	b8 ea ff ff ff       	mov    $0xffffffea,%eax
>     1103:	eb 32                	jmp    1137 <jbd2_journal_dirty_metadata+0x1de>
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1197
> 		 * transaction's data buffer, ever. */
> 		goto out_unlock_bh;
> 	}
> 
> 	/* That test should have eliminated the following case: */
> 	J_ASSERT_JH(jh, jh->b_frozen_data == NULL);
>     1105:	49 83 7c 24 18 00    	cmpq   $0x0,0x18(%r12)
>     110b:	74 04                	je     1111 <jbd2_journal_dirty_metadata+0x1b8>
>     110d:	0f 0b                	ud2a   
>     110f:	eb fe                	jmp    110f <jbd2_journal_dirty_metadata+0x1b6>
> spin_lock():
> /home/wenqing/projects/linux/include/linux/spinlock.h:285
>     1111:	49 8d bd 9c 03 00 00 	lea    0x39c(%r13),%rdi
>     1118:	e8 00 00 00 00       	callq  111d <jbd2_journal_dirty_metadata+0x1c4>
> 			1119: R_X86_64_PC32	_raw_spin_lock-0x4
> jbd2_journal_dirty_metadata():
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1201
> 
> 	JBUFFER_TRACE(jh, "file as BJ_Metadata");
> 	spin_lock(&journal->j_list_lock);
> 	__jbd2_journal_file_buffer(jh, handle->h_transaction, BJ_Metadata);
>     111d:	49 8b 36             	mov    (%r14),%rsi
>     1120:	ba 01 00 00 00       	mov    $0x1,%edx
>     1125:	4c 89 e7             	mov    %r12,%rdi
>     1128:	e8 00 00 00 00       	callq  112d <jbd2_journal_dirty_metadata+0x1d4>
> 			1129: R_X86_64_PC32	__jbd2_journal_file_buffer-0x4
> __ticket_spin_unlock():
> /home/wenqing/projects/linux/arch/x86/include/asm/spinlock.h:81
>     112d:	41 80 85 9c 03 00 00 	addb   $0x1,0x39c(%r13)
>     1134:	01 
>     1135:	31 c0                	xor    %eax,%eax
> clear_bit():
> /home/wenqing/projects/linux/arch/x86/include/asm/bitops.h:103
>  */
> static __always_inline void
> clear_bit(int nr, volatile unsigned long *addr)
> {
> 	if (IS_IMMEDIATE(nr)) {
> 		asm volatile(LOCK_PREFIX "andb %1,%0"
>     1137:	f0 80 63 02 ef       	lock andb $0xef,0x2(%rbx)
> jbd2_journal_dirty_metadata():
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1207
> 	spin_unlock(&journal->j_list_lock);
> out_unlock_bh:
> 	jbd_unlock_bh_state(bh);
> out:
> 	JBUFFER_TRACE(jh, "exit");
> 	WARN_ON(ret);	/* All errors are bugs, so dump the stack */
>     113c:	85 c0                	test   %eax,%eax
>     113e:	74 1b                	je     115b <jbd2_journal_dirty_metadata+0x202>
>     1140:	be b7 04 00 00       	mov    $0x4b7,%esi
>     1145:	48 c7 c7 00 00 00 00 	mov    $0x0,%rdi
> 			1148: R_X86_64_32S	.rodata.str1.1
>     114c:	89 45 c8             	mov    %eax,-0x38(%rbp)
>     114f:	e8 00 00 00 00       	callq  1154 <jbd2_journal_dirty_metadata+0x1fb>
> 			1150: R_X86_64_PC32	warn_slowpath_null-0x4
>     1154:	8b 45 c8             	mov    -0x38(%rbp),%eax
>     1157:	eb 02                	jmp    115b <jbd2_journal_dirty_metadata+0x202>
>     1159:	31 c0                	xor    %eax,%eax
> /home/wenqing/projects/linux/fs/jbd2/transaction.c:1209
> 	return ret;
> }
>     115b:	48 83 c4 28          	add    $0x28,%rsp
>     115f:	5b                   	pop    %rbx
>     1160:	41 5c                	pop    %r12
>     1162:	41 5d                	pop    %r13
>     1164:	41 5e                	pop    %r14
>     1166:	41 5f                	pop    %r15
>     1168:	c9                   	leaveq 
>     1169:	c3                   	retq   
-- 
Jan Kara <jack@...e.cz>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists