Oops when read/write or mount/unmount continuously ~ 600.000 times

From: Hong Tran Duc
Date: Sun Aug 03 2008 - 08:50:37 EST

Next message: Matthew Wilcox: "Re: [PATCH] Introduce down_try() so we can move away from down_trylock()"
Previous message: John Stoffel: "Re: [PATCH] Export shmem_file_setup and shmem_getpage for DRM-GEM"
Next in thread: Matthew Wilcox: "Re: Oops when read/write or mount/unmount continuously ~ 600.000 times"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I’m using kernel 2.4.20 with fully preemptive enable (patch & set the CONFIG option). My CPU is PowerPC 750FX, HDD 80GB, RAM 512,

I got many Oops when try to mount/unmount or read/write on ATA HDD continuously about 600.000 times (in several hours). Oops often occurred when CPU trap SIGSEGV or SIGILL, sometime on page management module, sometimes on scheduler, block I/O manipulation, filesystem.

The most frequently happened on:
Block I/O : make_request, generic_make_request, submit_bh, bdfind, bmap, __wait_on_buffer ..
Filesystem: journal_commit_transaction, kill_super, invalidate_inode, invalidate_list ..

The reasons is almost linked list on those function was broken. Ex: linkedlist->next linkedlist->prev = NULL or set to invalid address.
In the situation SIGILL, the instruction pointer (NIP) is same as the return address register (LR).

The newest Oops, I got on function __wait_on_buffer(). The main sequences of __wait_on_buffer() are:
1. put_bh -> atomic_inc(bh->b_count);
2. add wait queue
3. loop: do some thing task manipulation, call *schedule()*
4. remove wait queue
5. get_bh -> atomic_dec(bh->b_count); *<- Got Oops here, SEGV because bh->b_count = R25 = 0x02 *

After analysis assembly code (I upload on pastebin bellow) at this point, I found that:
* At the point (1) -> address of bh->b_count stored in register r25.
* The point from (2) ->(4) all of affect to register 25 will be restored from stack (r25 act as non violent register in gcc ABI).
* An step 5, *r25 = 0x02 ??? I don’t know why r25 is changed ? May be stack on somewhere was corrupted ?*

This Oops is very difficult to replicate (about 2 hours run stress test program). I try to increase/reduce the HZ 10 times, but the frequency of bug is no change. And, I tried on ext2/ext3, it’s same result.

I’m really confusing now, I don’t know where the real problem is, and what is effected with the frequency of Oops, how to debug and figure this bug ?

I post my situation to this ML and hope to get some advice from you,

Some Oops, I uploaded on pastebin here:
http://vnoss.net/p/5783
http://vnoss.net/p/5785

Sources and assembly of __wait_on_buffer()
http://vnoss.net/p/5784

Thanks for your help,

--
nm.

GPG Key ID: 0xDD253B25
Fingerprint: 2B17 D64A 9561 A443 2ABC 1302 4641 D0B7 DD25 3B25

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Matthew Wilcox: "Re: [PATCH] Introduce down_try() so we can move away from down_trylock()"
Previous message: John Stoffel: "Re: [PATCH] Export shmem_file_setup and shmem_getpage for DRM-GEM"
Next in thread: Matthew Wilcox: "Re: Oops when read/write or mount/unmount continuously ~ 600.000 times"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]