Bug 410981 - GFS2 kernel panic on rename()
GFS2 kernel panic on rename()
Status: CLOSED DUPLICATE of bug 404711
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.1
x86_64 Linux
low Severity high
: ---
: ---
Assigned To: Steve Whitehouse
GFS Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-04 14:51 EST by Diego Woitasen
Modified: 2009-05-27 23:39 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-04 15:56:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Diego Woitasen 2007-12-04 14:51:04 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.8) Gecko/20071004 Iceweasel/2.0.0.8 (Debian-2.0.0.6+2.0.0.8-0etch1)

Description of problem:
I have two domains with RHEL 5.1 running under Xen. Dom0 is Debian Lenny with Xen 3.1.0. Each domain have two disks and one shared disk emulating a storage. I have RHCS working and the shared device mounted with GFS2.

Each domain crashed if program calls rename() system call. Test C program:

#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <unistd.h>

#define PATHSIZE 256

int main(void){

        int fd;
        int i, j;
        char src[PATHSIZE];
        char dst[PATHSIZE];

        for(i = 0; i < 10000; i++){
                for(j = 10001; j < 20000; j++){
                        snprintf(src, PATHSIZE, "/var/cyrus/tmp/%d", i);
                        snprintf(dst, PATHSIZE, "/var/cyrus/tmp/%d", j);
                        fd = creat(src, S_IRUSR | S_IWUSR);
                        if(fd < 0){
                                perror("create error");
                                exit(-1);
                        }
                        if(rename(src, dst) < 0){
                                perror("rename error");
                                exit(-1);
                        }
                        close(fd);
                }
        }

        return 0;

}




Version-Release number of selected component (if applicable):
2.6.18-53.el5xen

How reproducible:
Always


Steps to Reproduce:
1. Run gfs2-rename-bug program.
2.
3.

Actual Results:
Kernel Panic:
 original: gfs2_rename+0x1a9/0x610 [gfs2]
new: gfs2_inplace_reserve_i+0x205/0x5d0 [gfs2]
----------- [cut here ] --------- [please bite here ] ---------
Kernel BUG at ...build/BUILD/gfs2-kmod-1.52/_kmod_build_xen/glock.c:1131
invalid opcode: 0000 [1] SMP
last sysfs file: /kernel/dlm/cyrus/control
CPU 0
Modules linked in: ipv6 lock_dlm(U) gfs2(U) dlm configfs xennet nls_utf8 dm_mirror dm_multipath dm_mod parport_pc lp parport pcspkr 3w_9xxx sd_mod scsi_mod xenblk ext3 jbd ehci_hcd ohci_hcd uhci_hcd
Pid: 2536, comm: gfs2-rename-bug Not tainted 2.6.18-53.el5xen #1
RIP: e030:[<ffffffff881a21ba>]  [<ffffffff881a21ba>] :gfs2:gfs2_glock_nq+0x111/0x1d4
RSP: e02b:ffff88001a95fa98  EFLAGS: 00010286
RAX: 0000000000000020 RBX: ffff88001a95fcb0 RCX: ffff88001a8e4cd8
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff880007ad5eb0 R08: 00000000ffffffff R09: 0000000000000020
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88001a8e4cd8
R13: ffff88001a8e4cd8 R14: 0000000000000000 R15: ffff88001c9f3000
FS:  00002aaaaaac7210(0000) GS:ffffffff80599000(0000) knlGS:0000000000000000
CS:  e033 DS: 0000 ES: 0000
Process gfs2-rename-bug (pid: 2536, threadinfo ffff88001a95e000, task ffff8800107a9100)
Stack:  ffff88001a95fb10  0000000000030099  ffff88001aa73b80  ffff880007ad5eb0
 ffff88001c9f3000  ffff880007ad5a60  ffff880007ad5d60  ffffffff881b32f2
 ffff88001a95fb68  000002d01a95fb68
Call Trace:
 [<ffffffff881b32f2>] :gfs2:gfs2_inplace_reserve_i+0x20d/0x5d0
 [<ffffffff8819bd0d>] :gfs2:gfs2_dirent_find_space+0x0/0x4e
 [<ffffffff8819bd0d>] :gfs2:gfs2_dirent_find_space+0x0/0x4e
 [<ffffffff8819ac66>] :gfs2:gfs2_dirent_search+0xc1/0x167
 [<ffffffff881ad85e>] :gfs2:gfs2_rename+0x3b5/0x610
 [<ffffffff881ad5a5>] :gfs2:gfs2_rename+0xfc/0x610
 [<ffffffff881ad5e7>] :gfs2:gfs2_rename+0x13e/0x610
 [<ffffffff881ad611>] :gfs2:gfs2_rename+0x168/0x610
 [<ffffffff881ad652>] :gfs2:gfs2_rename+0x1a9/0x610
 [<ffffffff881a23bb>] :gfs2:gfs2_holder_uninit+0xd/0x1f
 [<ffffffff881ae4ee>] :gfs2:gfs2_permission+0xae/0xd4
 [<ffffffff802c2f9b>] __kmalloc+0x8f/0x9f
 [<ffffffff8022a45d>] vfs_rename+0x2db/0x458
 [<ffffffff80236b1b>] sys_renameat+0x180/0x1eb
 [<ffffffff8021dddd>] __dentry_open+0x101/0x1dc
 [<ffffffff8022715b>] do_filp_open+0x2a/0x38
 [<ffffffff802a8199>] audit_syscall_entry+0x14d/0x180
 [<ffffffff8025d2f1>] tracesys+0xa7/0xb2


Code: 0f 0b 68 88 8b 1b 88 c2 6b 04 8b 75 18 49 8b 44 24 78 49 8d
RIP  [<ffffffff881a21ba>] :gfs2:gfs2_glock_nq+0x111/0x1d4
 RSP <ffff88001a95fa98>
 <0>Kernel panic - not syncing: Fatal exception


Expected Results:


Additional info:
Comment 1 Diego Woitasen 2007-12-04 14:52:34 EST
/var/cyrus is the mount point of the GFS2 device.
Comment 2 Diego Woitasen 2007-12-04 15:04:22 EST
Xen config node 1:
name = 'rh-cluster1'
memory = 512
bootloader = '/usr/bin/pygrub'
vcpu = 1
vif = [ 'bridge = xenbr0,mac=00:16:3e:5a:a1:5b' ]
disk = [ 
        'file:/mnt/rh-disks/rh-cluster1.disk,xvda,w',
        'file:/mnt/rh-disks/rh-shared.disk,xvdb,w!',
        'file:/mnt/rh-cds/rhel-5-server-x86_64-dvd.iso,xvdc,r' ]

Xen config node 2:
name = 'rh-cluster2'
memory = 512
bootloader = '/usr/bin/pygrub'
vcpu = 1
vif = [ 'bridge = xenbr0,mac=00:16:3e:5a:a1:5a' ]
disk = [ 
        'file:/mnt/rh-disks/rh-cluster2.disk,xvda,w',
        'file:/mnt/rh-disks/rh-shared.disk,xvdb,w!',
        'file:/mnt/rh-cds/rhel-5-server-x86_64-dvd.iso,xvdc,r' ]

Comment 3 Steve Whitehouse 2007-12-04 15:56:51 EST
This is a dup of bug #404711. There is a patch queued for RHEL 5.2. It triggers
when the rename requires deleting a target entry and it also requires allocating
extra space in the target directory and both allocations are from the same
resource group. Without all three of those items, then the bug doesn't trigger.


*** This bug has been marked as a duplicate of 404711 ***

Note You need to log in before you can comment on or make changes to this bug.