Bug 485066

Summary: GPF: ext3 related maybe
Product: [Fedora] Fedora Reporter: Juta Sirakas <mm391459>
Component: kernelAssignee: Eric Sandeen <esandeen>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: 10CC: kernel-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-12-18 07:53:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Juta Sirakas 2009-02-11 13:51:22 UTC
Description of problem:
ACPI: EC: missing confirmations, switch off interrupt mode.
general protection fault: 0000 [1] SMP 
CPU 1 
Modules linked in: aes_x86_64 aes_generic nls_utf8 hfsplus fuse coretemp btusb bluetooth cpufreq_ondemand acpi_cpufreq freq_table dm_multipath uinput snd_hda_intel snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq firewire_ohci snd_seq_device arc4 ecb firewire_core crc_itu_t snd_pcm_oss snd_mixer_oss snd_pcm crypto_blkcipher uvcvideo compat_ioctl32 videodev v4l1_compat iTCO_wdt iTCO_vendor_support snd_timer i2c_i801 isight_firmware snd_page_alloc sky2 appletouch ath9k mac80211 snd_hwdep cfg80211 joydev snd soundcore pcspkr video output battery ac applesmc hwmon input_polldev ata_generic pata_acpi radeon drm i2c_algo_bit i2c_core [last unloaded: scsi_wait_scan]
Pid: 238, comm: kswapd0 Not tainted #1
RIP: 0010:[<ffffffff8110f6ff>]  [<ffffffff8110f6ff>] ext3_discard_reservation+0x27/0x8b
RSP: 0000:ffff88007c985ca0  EFLAGS: 00010206
RAX: ffff88007b8c6c00 RBX: 08f063ea6766c022 RCX: 0000000000000002
RDX: ffffffff810d292a RSI: 0000000000000008 RDI: ffff88000008f0c8
RBP: ffff88007c985cc0 R08: 0000000000000000 R09: ffff88000008f9c8
R10: 0000000000000002 R11: ffff88007c985ca0 R12: ffff88000008f0c8
R13: ffff88007b8e8000 R14: ffff88007c985d50 R15: ffffffff817ccce0
FS:  0000000000000000(0000) GS:ffff88007ec04880(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 00000000cfa73000 CR3: 00000000568c7000 CR4: 00000000000006a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process kswapd0 (pid: 238, threadinfo ffff88007c984000, task ffff88007d144530)
Stack:  ffff88007c985d50 ffff88000008f0c8 08f063ea6766c022 000000000000003d
 ffff88007c985ce0 ffffffff8111a6eb ffff88000008f0c8 ffff88000008f0c8
 ffff88007c985d00 ffffffff810d33cc ffff88000008f9d8 ffff88000008f0d8
Call Trace:
 [<ffffffff8111a6eb>] ext3_clear_inode+0x62/0x7c
 [<ffffffff810d33cc>] clear_inode+0xa3/0xfc
 [<ffffffff810d34c4>] dispose_list+0x50/0x107
 [<ffffffff810d3754>] shrink_icache_memory+0x1d9/0x20f
 [<ffffffff81099f26>] shrink_slab+0xe3/0x158
 [<ffffffff8109a684>] kswapd+0x441/0x596
 [<ffffffff81098fde>] ? isolate_pages_global+0x0/0x34
 [<ffffffff81055475>] ? autoremove_wake_function+0x0/0x38
 [<ffffffff8109a243>] ? kswapd+0x0/0x596
 [<ffffffff8105512f>] kthread+0x49/0x76
 [<ffffffff810116e9>] child_rip+0xa/0x11
 [<ffffffff81010a07>] ? restore_args+0x0/0x30
 [<ffffffff810550e6>] ? kthread+0x0/0x76
 [<ffffffff810116df>] ? child_rip+0x0/0x11

Code: 41 5f c9 c3 55 48 89 e5 41 55 41 54 49 89 fc 53 48 83 ec 08 48 8b 5f 90 48 8b 87 f8 00 00 00 48 85 db 4c 8b a8 a0 02 00 00 74 5c <48> 83 7b 28 00 74 55 49 8d bd 80 41 00 00 e8 07 3a 22 00 48 83 
RIP  [<ffffffff8110f6ff>] ext3_discard_reservation+0x27/0x8b
 RSP <ffff88007c985ca0>
---[ end trace 6ba48844cae5f51d ]---

Version-Release number of selected component (if applicable):

How reproducible:
Cannot reproduce, happened twice.

Comment 1 Chuck Ebbert 2009-02-20 07:57:03 UTC
cmpq   $0x0,0x28(%rbx)

%rbx contains garbage, should contain the address of the ext3 inode's i_block_alloc_info

void ext3_discard_reservation(struct inode *inode)
<------>struct ext3_inode_info *ei = EXT3_I(inode);
<------>struct ext3_block_alloc_info *block_i = ei->i_block_alloc_info;
<------>struct ext3_reserve_window_node *rsv;
<------>spinlock_t *rsv_lock = &EXT3_SB(inode->i_sb)->s_rsv_window_lock;

<------>if (!block_i)                     <== block_i is in %rbx

<------>rsv = &block_i->rsv_window_node;
<------>if (!rsv_is_empty(&rsv->rsv_window)) {        <=== 460

Comment 2 Eric Sandeen 2009-02-20 21:15:07 UTC
Offhand seems like this must be memory corruption of some sort, i_block_alloc_info is only assigned NULL or the results of kmalloc:

0 fs/ext3/balloc.c ext3_init_block_alloc_info  287 ei->i_block_alloc_info = block_i;
1 fs/ext3/ialloc.c ext3_new_inode              583 ei->i_block_alloc_info = NULL;
2 fs/ext3/inode.c  ext3_read_inode            2673 ei->i_block_alloc_info = NULL;
3 fs/ext3/super.c  ext3_alloc_inode            459 ei->i_block_alloc_info = NULL;
4 fs/ext3/super.c  ext3_clear_inode            518 EXT3_I(inode)->i_block_alloc_info = NULL;

where the first line above is set from ext3_init_block_alloc_info():

        block_i = kmalloc(sizeof(*block_i), GFP_NOFS);
        ei->i_block_alloc_info = block_i;

Running kernel-debug may catch this sooner or with more information...

Comment 3 Bug Zapper 2009-11-18 09:28:37 UTC
This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 

Comment 4 Bug Zapper 2009-12-18 07:53:34 UTC
Fedora 10 changed to end-of-life (EOL) status on 2009-12-17. Fedora 10 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.