lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <19f34abd0807180129k5d7e64a0nd86bbd6333df72d2@mail.gmail.com>
Date:	Fri, 18 Jul 2008 10:29:15 +0200
From:	"Vegard Nossum" <vegard.nossum@...il.com>
To:	"Dave Kleikamp" <shaggy@...ux.vnet.ibm.com>
Cc:	jfs-discussion@...ts.sourceforge.net,
	"Johannes Weiner" <hannes@...urebad.de>,
	linux-kernel@...r.kernel.org
Subject: Re: latest -git: BUG at fs/jfs/namei.c:512 assert(ip->i_nlink)

On Fri, Jul 18, 2008 at 10:10 AM, Vegard Nossum <vegard.nossum@...il.com> wrote:
> On Fri, Jul 18, 2008 at 1:09 AM, Dave Kleikamp
> <shaggy@...ux.vnet.ibm.com> wrote:
>> On Thu, 2008-07-17 at 20:35 +0200, Vegard Nossum wrote:
>>> Hi,
>>>
>>> I got this on latest -git with an intentionally corrupted filesystem image:
>>>
>>> BUG at fs/jfs/namei.c:512 assert(ip->i_nlink)
>>
>> This assert shouldn't be here.  It would be better to handle this with
>> jfs_error(), which will mark the superblock dirty, and take appropriate
>> action.
>>
>>> Full log at http://folk.uio.no/vegardno/linux/log-1216318656.txt, but
>>> I think the preceding messages are just left-overs from previous
>>> mount/remount attempts. I can test patches.
>>
>> How about this one?  So far, compile tested only.
>>
>> JFS: The kernel shouldn't trap when deleting a file with nlink == 0.
>>
>> Signed-off-by: Dave Kleikamp <shaggy@...ux.vnet.ibm.com>
>
> Thanks!
>
> But whether it truly helped or not, I don't know. I got something different now:
>
> jfs_unlink: dtDelete returned -116
> jfs_unlink: dtDelete returned -116
> ------------[ cut here ]------------
> kernel BUG at fs/inode.c:262!

Running the test for some more on a freshly booted system also gives
me this after a while (I don't know if it's related, but it might give
some additional clues?):

BUG: unable to handle kernel paging request at c08845af
IP: [<c02f9122>] release_metapage+0x32/0x1c0
*pde = 37ab2163 *pte = 00884161
Oops: 0003 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Pid: 387, comm: jfsCommit Not tainted (2.6.26-03415-gdf3030b #45)
EIP: 0060:[<c02f9122>] EFLAGS: 00010202 CPU: 1
EIP is at release_metapage+0x32/0x1c0
EAX: 00000246 EBX: f470e5d8 ECX: f7a2afd0 EDX: 00000000
ESI: c08845af EDI: 00000000 EBP: f735fd98 ESP: f735fd7c
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process jfsCommit (pid: 387, ti=f735e000 task=f7a2afd0 task.ti=f735e000)
Stack: c015b6e9 00000001 00000286 00000246 00000002 00000000 00000000 f735fed0
       c02e4202 00000020 f7a2afd0 c015addb 00000000 f470e9a4 f735fe34 00000000
       00000000 f470e85c c015addb 00000000 00000000 f470e5d8 f470e6d8 00000002
Call Trace:
 [<c015b6e9>] ? __lock_acquire+0x2c9/0x1110
 [<c02e4202>] ? xtTruncate+0xd42/0x1060
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c074a496>] ? _read_unlock_irq+0x36/0x60
 [<c01799b8>] ? find_get_pages+0x68/0x80
 [<c0182842>] ? pagevec_lookup+0x22/0x30
 [<c0183a59>] ? truncate_inode_pages_range+0x189/0x360
 [<c0159173>] ? lock_release_holdtime+0x83/0x120
 [<c02e1038>] ? jfs_free_zero_link+0x98/0x1b0
 [<c01590cd>] ? put_lock_stats+0xd/0x30
 [<c02de2fd>] ? jfs_delete_inode+0xdd/0x130
 [<c02de220>] ? jfs_delete_inode+0x0/0x130
 [<c01b9ba1>] ? generic_delete_inode+0x81/0x120
 [<c01b9d67>] ? generic_drop_inode+0x127/0x180
 [<c01b8be7>] ? iput+0x47/0x50
 [<c02fd5b5>] ? txUpdateMap+0x1d5/0x2a0
 [<c0159173>] ? lock_release_holdtime+0x83/0x120
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c02ffff1>] ? jfs_lazycommit+0xd1/0x2e0
 [<c012e940>] ? default_wake_function+0x0/0x10
 [<c02fff20>] ? jfs_lazycommit+0x0/0x2e0
 [<c014b02c>] ? kthread+0x3c/0x70
 [<c014aff0>] ? kthread+0x0/0x70
 [<c0104ddb>] ? kernel_thread_helper+0x7/0x1c
 =======================
Code: c3 83 ec 10 8b 70 50 83 3d 40 d8 8f c0 03 0f 8f 85 01 00 00 85
f6 0f 84 75 01 00 00 ba a9 00 00 00 b8 91 05 84 c0 e8 ee 52 e3 ff <f0>
0f ba 2e 00 19 c0 85 c0 75 7b 8d 7b 14 f0 80 63 14 fe b9 01
EIP: [<c02f9122>] release_metapage+0x32/0x1c0 SS:ESP 0068:f735fd7c
Kernel panic - not syncing: Fatal exception
------------[ cut here ]------------
WARNING: at kernel/smp.c:288 smp_call_function_mask+0x154/0x160()
Pid: 387, comm: jfsCommit Tainted: G      D   2.6.26-03415-gdf3030b #45
 [<c0135b6f>] warn_on_slowpath+0x4f/0xa0
 [<c015906b>] ? trace_hardirqs_off+0xb/0x10
 [<c0176a12>] ? __rcu_read_unlock+0xb2/0xc0
 [<c015078c>] ? __atomic_notifier_call_chain+0x3c/0x50
 [<c074a6d7>] ? _spin_unlock+0x27/0x50
 [<c0493660>] ? vt_console_print+0x230/0x320
 [<c015906b>] ? trace_hardirqs_off+0xb/0x10
 [<c074a673>] ? _spin_unlock_irqrestore+0x43/0x80
 [<c0136489>] ? release_console_sem+0x1e9/0x200
 [<c0161ea4>] smp_call_function_mask+0x154/0x160
 [<c0118510>] ? stop_this_cpu+0x0/0x50
 [<c010567f>] ? show_registers+0x7f/0x240
 [<c0118510>] ? stop_this_cpu+0x0/0x50
 [<c0161ee0>] smp_call_function+0x30/0x60
 [<c01184ae>] native_smp_send_stop+0x1e/0x80
 [<c0105e40>] ? die+0x110/0x180
 [<c012028d>] ? do_page_fault+0x14d/0x880
 [<c015906b>] ? trace_hardirqs_off+0xb/0x10
 [<c015ab70>] ? mark_held_locks+0x40/0x80
 [<c015ad76>] ? trace_hardirqs_on_caller+0x116/0x170
 [<c015906b>] ? trace_hardirqs_off+0xb/0x10
 [<c010a4e2>] ? native_sched_clock+0xb2/0xe0
 [<c015908e>] ? get_lock_stats+0x1e/0x50
 [<c01590cd>] ? put_lock_stats+0xd/0x30
 [<c0159173>] ? lock_release_holdtime+0x83/0x120
 [<c014f916>] ? up_read+0x16/0x30
 [<c02ef124>] ? dbFree+0x194/0x270
 [<c0120140>] ? do_page_fault+0x0/0x880
 [<c074b0d2>] ? error_code+0x72/0x78
 [<c02f00d8>] ? dbSync+0x68/0x140
 [<c02f9122>] ? release_metapage+0x32/0x1c0
 [<c015b6e9>] ? __lock_acquire+0x2c9/0x1110
 [<c02e4202>] ? xtTruncate+0xd42/0x1060
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c074a496>] ? _read_unlock_irq+0x36/0x60
 [<c01799b8>] ? find_get_pages+0x68/0x80
 [<c0182842>] ? pagevec_lookup+0x22/0x30
 [<c0183a59>] ? truncate_inode_pages_range+0x189/0x360
 [<c0159173>] ? lock_release_holdtime+0x83/0x120
 [<c02e1038>] ? jfs_free_zero_link+0x98/0x1b0
 [<c01590cd>] ? put_lock_stats+0xd/0x30
 [<c02de2fd>] ? jfs_delete_inode+0xdd/0x130
 [<c02de220>] ? jfs_delete_inode+0x0/0x130
 [<c01b9ba1>] ? generic_delete_inode+0x81/0x120
 [<c01b9d67>] ? generic_drop_inode+0x127/0x180
 [<c01b8be7>] ? iput+0x47/0x50
 [<c02fd5b5>] ? txUpdateMap+0x1d5/0x2a0
 [<c0159173>] ? lock_release_holdtime+0x83/0x120
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c02ffff1>] ? jfs_lazycommit+0xd1/0x2e0
 [<c012e940>] ? default_wake_function+0x0/0x10
 [<c02fff20>] ? jfs_lazycommit+0x0/0x2e0
 [<c014b02c>] ? kthread+0x3c/0x70
 [<c014aff0>] ? kthread+0x0/0x70
 [<c0104ddb>] ? kernel_thread_helper+0x7/0x1c
 =======================
---[ end trace 3a81a57639faabca ]---
------------[ cut here ]------------
WARNING: at kernel/smp.c:214 smp_call_function_single+0x11f/0x130()
Pid: 387, comm: jfsCommit Tainted: G      D W 2.6.26-03415-gdf3030b #45
 [<c0135b6f>] warn_on_slowpath+0x4f/0xa0
 [<c015906b>] ? trace_hardirqs_off+0xb/0x10
 [<c0176a12>] ? __rcu_read_unlock+0xb2/0xc0
 [<c015078c>] ? __atomic_notifier_call_chain+0x3c/0x50
 [<c074a6d7>] ? _spin_unlock+0x27/0x50
 [<c0493660>] ? vt_console_print+0x230/0x320
 [<c0161d3f>] smp_call_function_single+0x11f/0x130
 [<c0118510>] ? stop_this_cpu+0x0/0x50
 [<c074a673>] ? _spin_unlock_irqrestore+0x43/0x80
 [<c0161e6e>] smp_call_function_mask+0x11e/0x160
 [<c0118510>] ? stop_this_cpu+0x0/0x50
 [<c010567f>] ? show_registers+0x7f/0x240
 [<c0118510>] ? stop_this_cpu+0x0/0x50
 [<c0161ee0>] smp_call_function+0x30/0x60
 [<c01184ae>] native_smp_send_stop+0x1e/0x80
 [<c0105e40>] ? die+0x110/0x180
 [<c012028d>] ? do_page_fault+0x14d/0x880
 [<c015906b>] ? trace_hardirqs_off+0xb/0x10
 [<c015ab70>] ? mark_held_locks+0x40/0x80
 [<c015ad76>] ? trace_hardirqs_on_caller+0x116/0x170
 [<c015906b>] ? trace_hardirqs_off+0xb/0x10
 [<c010a4e2>] ? native_sched_clock+0xb2/0xe0
 [<c015908e>] ? get_lock_stats+0x1e/0x50
 [<c01590cd>] ? put_lock_stats+0xd/0x30
 [<c0159173>] ? lock_release_holdtime+0x83/0x120
 [<c014f916>] ? up_read+0x16/0x30
 [<c02ef124>] ? dbFree+0x194/0x270
 [<c0120140>] ? do_page_fault+0x0/0x880
 [<c074b0d2>] ? error_code+0x72/0x78
 [<c02f00d8>] ? dbSync+0x68/0x140
 [<c02f9122>] ? release_metapage+0x32/0x1c0
 [<c015b6e9>] ? __lock_acquire+0x2c9/0x1110
 [<c02e4202>] ? xtTruncate+0xd42/0x1060
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c074a496>] ? _read_unlock_irq+0x36/0x60
 [<c01799b8>] ? find_get_pages+0x68/0x80
 [<c0182842>] ? pagevec_lookup+0x22/0x30
 [<c0183a59>] ? truncate_inode_pages_range+0x189/0x360
 [<c0159173>] ? lock_release_holdtime+0x83/0x120
 [<c02e1038>] ? jfs_free_zero_link+0x98/0x1b0
 [<c01590cd>] ? put_lock_stats+0xd/0x30
 [<c02de2fd>] ? jfs_delete_inode+0xdd/0x130
 [<c02de220>] ? jfs_delete_inode+0x0/0x130
 [<c01b9ba1>] ? generic_delete_inode+0x81/0x120
 [<c01b9d67>] ? generic_drop_inode+0x127/0x180
 [<c01b8be7>] ? iput+0x47/0x50
 [<c02fd5b5>] ? txUpdateMap+0x1d5/0x2a0
 [<c0159173>] ? lock_release_holdtime+0x83/0x120
 [<c015addb>] ? trace_hardirqs_on+0xb/0x10
 [<c02ffff1>] ? jfs_lazycommit+0xd1/0x2e0
 [<c012e940>] ? default_wake_function+0x0/0x10
 [<c02fff20>] ? jfs_lazycommit+0x0/0x2e0
 [<c014b02c>] ? kthread+0x3c/0x70
 [<c014aff0>] ? kthread+0x0/0x70
 [<c0104ddb>] ? kernel_thread_helper+0x7/0x1c
 =======================
---[ end trace 3a81a57639faabca ]---

The page fault had this address:

$ addr2line -e vmlinux -i c02f9122
include/asm/bitops.h:186
include/linux/page-flags.h:151
include/linux/pagemap.h:170
fs/jfs/jfs_metapage.c:741

The current tree is 33af79d12e0fa25545d49e86afc67ea8ad5f2f40 + your
previous patch.

Thanks,


Vegard

-- 
"The animistic metaphor of the bug that maliciously sneaked in while
the programmer was not looking is intellectually dishonest as it
disguises that the error is the programmer's own creation."
	-- E. W. Dijkstra, EWD1036
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ