[2.6.7-mm4: OOPS] kernel BUG at mm/mmap.c:1793
From: E. Gryaznova (grev_at_namesys.com)
Date: 06/30/04
- Previous message: Bill Rugolsky Jr.: "Re: libata: 2.6.7-bk6,12 hang with ata_piix in combined mode; -bk5 ok"
- Next in thread: Andrew Morton: "Re: [2.6.7-mm4: OOPS] kernel BUG at mm/mmap.c:1793"
- Reply: Andrew Morton: "Re: [2.6.7-mm4: OOPS] kernel BUG at mm/mmap.c:1793"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 30 Jun 2004 19:55:58 +0400 To: linux-kernel@vger.kernel.org
Hello,
this is reproducible for me problem:
This wilson mmap test (attached) causes the kernel BUG at mm/mmap.c:1793
immediately after running.
kernel : 2.6.7-mm4 (no extra patches)
test : wison-mmap-test -s 1000
tested filesystem : ext2
RAM : 256Mb
machine :
# car /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 6
model : 6
model name : AMD Athlon(tm) MP Processor 1700+
stepping : 2
cpu MHz : 1460.204
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 mmx fxsr sse syscall mp mmxext 3dnowext 3dnow
bogomips : 2883.58
processor : 1
vendor_id : AuthenticAMD
cpu family : 6
model : 6
model name : AMD Athlon(tm) Processor
stepping : 2
cpu MHz : 1460.204
cache size : 256 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 mmx fxsr sse syscall mp mmxext 3dnowext 3dnow
bogomips : 2916.35
------------[ cut here ]------------
kernel BUG at mm/mmap.c:1793!
invalid operand: 0000 [#1]
SMP
Program received signal SIGTRAP, Trace/breakpoint trap.
0xc01441af in exit_mmap (mm=0xcf90a040) at tlb.h:78
78 tlb->nr = 0;
(gdb)
(gdb) bt
#0 0xc01441af in exit_mmap (mm=0xcf90a040) at tlb.h:78
#1 0xc011c137 in mmput (mm=0xcf90a040) at kernel/fork.c:464
#2 0xc011ff95 in do_exit (code=11) at kernel/exit.c:516
#3 0xc012024a in do_group_exit (exit_code=11) at kernel/exit.c:886
#4 0xc0127f3f in get_signal_to_deliver (info=0xccd4df24, regs=0xccd4dfc4,
cookie=0xc12067c8) at kernel/signal.c:1871
#5 0xc01059eb in do_signal (regs=0xccd4dfc4, oldset=0xcf53ec04)
at arch/i386/kernel/signal.c:572
#6 0xc0105acb in do_notify_resume (regs=0xccd4dfc4, oldset=0xffffffd4,
thread_info_flags=3240126408) at arch/i386/kernel/signal.c:619
#7 0xc0105cbe in work_notifysig () at arch/i386/kernel/entry.S:350
#8 0x1ffccfd8 in ?? ()
#9 0x00000400 in ?? ()
(gdb)
(gdb) c
Continuing.
CPU: 0
EIP: 0060:[<c01441af>] Not tainted VLI
EFLAGS: 00010202 (2.6.7-mm4)
EIP is at exit_mmap+0x13f/0x150
eax: 00000001 ebx: c1204040 ecx: c12067c8 edx: ffffffd4
esi: cf90a040 edi: cf53e6c0 ebp: ccd4dea0 esp: ccd4de80
ds: 007b es: 007b ss: 0068
Process wilson-mmap-tes (pid: 968, threadinfo=ccd4c000 task=cf53e6c0)
Stack: 00000000 ffffffff ccd4de94 00000000 c1204040 0000002c cf90a040
cf90a06c
ccd4deac c011c137 cf90a040 ccd4ded0 c011ff95 00000000 cf53e6c0
0000000a
00000000 cf652b00 ccd4c000 0000000b ccd4deec c012024a 0000000b
cf53ec04
Call Trace:
[<c0106aa6>] show_stack+0xa6/0xb0
[<c0106c1d>] show_registers+0x14d/0x1c0
[<c0106dca>] die+0xaa/0x130
[<c01071ec>] do_invalid_op+0x9c/0xa0
[<c01066dd>] error_code+0x2d/0x38
[<c011c137>] mmput+0x57/0x90
[<c011ff95>] do_exit+0x155/0x330
[<c012024a>] do_group_exit+0x3a/0xc0
[<c0127f3f>] get_signal_to_deliver+0x26f/0x370
[<c01059eb>] do_signal+0x5b/0x100
[<c0105acb>] do_notify_resume+0x3b/0x3d
[<c0105cbe>] work_notifysig+0x13/0x15
Code: 5b 5e c9 c3 8b 03 c7 43 08 00 00 00 00 e8 fa fa fc ff 8b 53 04 83
fa ff 74 a2 8d 43 14 e8 4a 67 00 00 c7 43 04 00 00 00 00 eb 91 <0f> 0b
01 07 ec c3 41 c0 e9 59 ff ff ff 8d 74 26 00 55 89 e5 56
Thanks,
Lena.
/*
* This program was originaly from W.Wilson Ho.
*/
/*
* @(#)bigfile.c 1.2 98/12/19 Connectathon Testsuite
*/
/*
* Write and reread a large file. This potentially covers a few problems
* that have appeared in the past:
* - inability of server to commit a large file range with one RPC
* - client's dirtying memory faster than it can clean it
* - server's returning bogus file attributes, confusing the client
* - client and server not propagating "filesystem full" errors back to the
* application
*/
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <errno.h>
static char usage[] = "usage: bigfile [-s size_in_MB] filename";
static off_t file_size = 30 * 1024 * 1024;
static char *filename; /* name of test file */
static int buffer_size = 8192; /* size of read/write buffer */
static long pagesize;
static void write_read_mmap (int fd);
int main(argc, argv)
int argc;
char **argv;
{
int c;
off_t size;
int fd;
extern int optind;
extern char *optarg;
pagesize = sysconf(_SC_PAGESIZE);
if (pagesize < 0) {
fprintf(stderr, "can't get page size\n");
exit(2);
}
while ((c = getopt(argc, argv, "s:")) != EOF)
switch (c) {
case 's':
size = atol(optarg) * 1024 * 1024;
if (size > 0)
file_size = size;
break;
case '?':
fprintf(stderr, "%s\n", usage);
exit(2);
break;
}
if (optind != argc - 1) {
fprintf(stderr, "%s\n", usage);
exit(2);
}
filename = argv[optind];
printf ("file: %s, size = %lu\n", filename, file_size);
fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, 0666);
if (fd < 0) {
fprintf(stderr, "can't create %s: %s\n",
filename, strerror(errno));
exit(2);
}
write_read_mmap(fd);
if (unlink(filename) < 0) {
fprintf(stderr, "can't unlink %s: %s\n",
filename, strerror(errno));
exit(2);
}
printf ("OK. Passed.\n");
exit(0);
}
/*
* Return non-zero if the given buffer is full of the given value.
* Otherwise, return zero.
*/
static int
verify(buf, bufsize, val)
char *buf;
long bufsize;
unsigned char val;
{
int i;
for (i = 0; i < bufsize; i++) {
if ((unsigned char)(buf[i]) != val)
return (0);
}
return (1);
}
/*
* Print the contents of the buffer in hex to stderr.
*/
static void
dump_buf(buf, bufsize)
char *buf;
int bufsize;
{
int i;
for (i = 0; i < bufsize; i++) {
fprintf(stderr, "%x ", buf[i]);
if ((i + 1) % 40 == 0)
fprintf(stderr, "\n");
}
fprintf(stderr, "\n");
}
/*
* Write out the given error message and exit. If the error is because
* there is no more space, flag it as a warning, and delete the file.
* Otherwise, flag it as an error and leave the file alone.
*/
static void
io_error(error, errmsg)
int error; /* errno value */
char *errmsg;
{
if (error == EDQUOT || error == ENOSPC)
fprintf(stderr, "Warning: can't complete test: ");
else
fprintf(stderr, "Error: ");
fprintf(stderr, "%s\n", errmsg);
if (error == EDQUOT || error == ENOSPC)
unlink(filename);
exit(2);
}
/*
* Return the test value for the given offset.
*/
static inline unsigned char
testval(off_t offset)
{
return 'a' + (offset % 26);
}
/*
* Write and then randomly reread the file, by mapping it. Same error
* handling as write_read().
*/
static void
write_read_mmap (int fd)
{
long numpages = file_size / pagesize;
char *buf;
int i;
/*
* Truncate the file and then map it in (the entire file). Then
* fill it with unsigned chars, the same as write_read().
*/
if (ftruncate(fd, 0) < 0) {
fprintf(stderr, "can't truncate %s: %s\n",
filename, strerror(errno));
exit(2);
}
if (ftruncate(fd, file_size) < 0) {
int error = errno;
char errmsg[1024];
sprintf(errmsg, "write to %s failed: %s",
filename, strerror(errno));
io_error(error, errmsg);
}
buf = mmap(0, file_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
if (buf == (char *)MAP_FAILED) {
fprintf(stderr, "can't map %s for writing: %s\n",
filename, strerror(errno));
exit(2);
}
for (i = 0; i < numpages; i++) {
unsigned char val = testval(i);
memset(buf + i * pagesize, val, pagesize);
}
if (msync(buf, file_size, MS_SYNC | MS_INVALIDATE) < 0) {
char errmsg[1024];
int error = errno;
sprintf(errmsg, "can't msync %s: %s", filename,
strerror(error));
io_error(error, errmsg);
}
if (munmap(buf, file_size) < 0) {
char errmsg[1024];
int error = errno;
sprintf(errmsg, "can't munmap %s: %s", filename,
strerror(error));
io_error(error, errmsg);
}
/*
* Reread the file, a page at a time, and make sure it has correct
* bits.
*/
for (i = 0; i < numpages; i++) {
unsigned char val = testval(i);
buf = mmap(0, pagesize, PROT_READ, MAP_SHARED, fd,
i * pagesize);
if (buf == (char *)MAP_FAILED) {
fprintf(stderr, "can't map %s for reading: %s\n",
filename, strerror(errno));
exit(2);
}
if (!verify(buf, pagesize, val)) {
fprintf(stderr,
"verify of mapped file failed, offset %ld; ",
(long)i * pagesize);
fprintf(stderr, "expected %x, got \n",
val);
dump_buf(buf, pagesize);
exit(1);
}
if (munmap(buf, pagesize) < 0) {
fprintf(stderr,
"can't unmap file after verifying: %s\n",
strerror(errno));
exit(2);
}
}
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Previous message: Bill Rugolsky Jr.: "Re: libata: 2.6.7-bk6,12 hang with ata_piix in combined mode; -bk5 ok"
- Next in thread: Andrew Morton: "Re: [2.6.7-mm4: OOPS] kernel BUG at mm/mmap.c:1793"
- Reply: Andrew Morton: "Re: [2.6.7-mm4: OOPS] kernel BUG at mm/mmap.c:1793"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
