From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.8) Gecko/20071004 Iceweasel/2.0.0.8 (Debian-2.0.0.6+2.0.0.8-0etch1) Description of problem: I have two domains with RHEL 5.1 running under Xen. Dom0 is Debian Lenny with Xen 3.1.0. Each domain have two disks and one shared disk emulating a storage. I have RHCS working and the shared device mounted with GFS2. Each domain crashed if program calls rename() system call. Test C program: #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <stdlib.h> #include <unistd.h> #define PATHSIZE 256 int main(void){ int fd; int i, j; char src[PATHSIZE]; char dst[PATHSIZE]; for(i = 0; i < 10000; i++){ for(j = 10001; j < 20000; j++){ snprintf(src, PATHSIZE, "/var/cyrus/tmp/%d", i); snprintf(dst, PATHSIZE, "/var/cyrus/tmp/%d", j); fd = creat(src, S_IRUSR | S_IWUSR); if(fd < 0){ perror("create error"); exit(-1); } if(rename(src, dst) < 0){ perror("rename error"); exit(-1); } close(fd); } } return 0; } Version-Release number of selected component (if applicable): 2.6.18-53.el5xen How reproducible: Always Steps to Reproduce: 1. Run gfs2-rename-bug program. 2. 3. Actual Results: Kernel Panic: original: gfs2_rename+0x1a9/0x610 [gfs2] new: gfs2_inplace_reserve_i+0x205/0x5d0 [gfs2] ----------- [cut here ] --------- [please bite here ] --------- Kernel BUG at ...build/BUILD/gfs2-kmod-1.52/_kmod_build_xen/glock.c:1131 invalid opcode: 0000 [1] SMP last sysfs file: /kernel/dlm/cyrus/control CPU 0 Modules linked in: ipv6 lock_dlm(U) gfs2(U) dlm configfs xennet nls_utf8 dm_mirror dm_multipath dm_mod parport_pc lp parport pcspkr 3w_9xxx sd_mod scsi_mod xenblk ext3 jbd ehci_hcd ohci_hcd uhci_hcd Pid: 2536, comm: gfs2-rename-bug Not tainted 2.6.18-53.el5xen #1 RIP: e030:[<ffffffff881a21ba>] [<ffffffff881a21ba>] :gfs2:gfs2_glock_nq+0x111/0x1d4 RSP: e02b:ffff88001a95fa98 EFLAGS: 00010286 RAX: 0000000000000020 RBX: ffff88001a95fcb0 RCX: ffff88001a8e4cd8 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffff880007ad5eb0 R08: 00000000ffffffff R09: 0000000000000020 R10: 0000000000000000 R11: 0000000000000000 R12: ffff88001a8e4cd8 R13: ffff88001a8e4cd8 R14: 0000000000000000 R15: ffff88001c9f3000 FS: 00002aaaaaac7210(0000) GS:ffffffff80599000(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 Process gfs2-rename-bug (pid: 2536, threadinfo ffff88001a95e000, task ffff8800107a9100) Stack: ffff88001a95fb10 0000000000030099 ffff88001aa73b80 ffff880007ad5eb0 ffff88001c9f3000 ffff880007ad5a60 ffff880007ad5d60 ffffffff881b32f2 ffff88001a95fb68 000002d01a95fb68 Call Trace: [<ffffffff881b32f2>] :gfs2:gfs2_inplace_reserve_i+0x20d/0x5d0 [<ffffffff8819bd0d>] :gfs2:gfs2_dirent_find_space+0x0/0x4e [<ffffffff8819bd0d>] :gfs2:gfs2_dirent_find_space+0x0/0x4e [<ffffffff8819ac66>] :gfs2:gfs2_dirent_search+0xc1/0x167 [<ffffffff881ad85e>] :gfs2:gfs2_rename+0x3b5/0x610 [<ffffffff881ad5a5>] :gfs2:gfs2_rename+0xfc/0x610 [<ffffffff881ad5e7>] :gfs2:gfs2_rename+0x13e/0x610 [<ffffffff881ad611>] :gfs2:gfs2_rename+0x168/0x610 [<ffffffff881ad652>] :gfs2:gfs2_rename+0x1a9/0x610 [<ffffffff881a23bb>] :gfs2:gfs2_holder_uninit+0xd/0x1f [<ffffffff881ae4ee>] :gfs2:gfs2_permission+0xae/0xd4 [<ffffffff802c2f9b>] __kmalloc+0x8f/0x9f [<ffffffff8022a45d>] vfs_rename+0x2db/0x458 [<ffffffff80236b1b>] sys_renameat+0x180/0x1eb [<ffffffff8021dddd>] __dentry_open+0x101/0x1dc [<ffffffff8022715b>] do_filp_open+0x2a/0x38 [<ffffffff802a8199>] audit_syscall_entry+0x14d/0x180 [<ffffffff8025d2f1>] tracesys+0xa7/0xb2 Code: 0f 0b 68 88 8b 1b 88 c2 6b 04 8b 75 18 49 8b 44 24 78 49 8d RIP [<ffffffff881a21ba>] :gfs2:gfs2_glock_nq+0x111/0x1d4 RSP <ffff88001a95fa98> <0>Kernel panic - not syncing: Fatal exception Expected Results: Additional info:
/var/cyrus is the mount point of the GFS2 device.
Xen config node 1: name = 'rh-cluster1' memory = 512 bootloader = '/usr/bin/pygrub' vcpu = 1 vif = [ 'bridge = xenbr0,mac=00:16:3e:5a:a1:5b' ] disk = [ 'file:/mnt/rh-disks/rh-cluster1.disk,xvda,w', 'file:/mnt/rh-disks/rh-shared.disk,xvdb,w!', 'file:/mnt/rh-cds/rhel-5-server-x86_64-dvd.iso,xvdc,r' ] Xen config node 2: name = 'rh-cluster2' memory = 512 bootloader = '/usr/bin/pygrub' vcpu = 1 vif = [ 'bridge = xenbr0,mac=00:16:3e:5a:a1:5a' ] disk = [ 'file:/mnt/rh-disks/rh-cluster2.disk,xvda,w', 'file:/mnt/rh-disks/rh-shared.disk,xvdb,w!', 'file:/mnt/rh-cds/rhel-5-server-x86_64-dvd.iso,xvdc,r' ]
This is a dup of bug #404711. There is a patch queued for RHEL 5.2. It triggers when the rename requires deleting a target entry and it also requires allocating extra space in the target directory and both allocations are from the same resource group. Without all three of those items, then the bug doesn't trigger. *** This bug has been marked as a duplicate of 404711 ***