2.4.0-test10-pre3:Oops in mm/filemap.c:filemap_write_page

From: Russell King (rmk@arm.linux.org.uk)
Date: Thu Oct 19 2000 - 16:16:00 EST

Next message: XVA International: "(no subject)"
Previous message: Jeff V. Merkey: "Re: [ADMIN] some list related topics .."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'm seeing an oops caused by a NULL pointer dereference in mm/filemap.c,
filemap_write_page. The NULL pointer in question is page->mapping.
The box on which this is happening is using a root NFS filesystem (in
fact all but one of its filesystems are NFS).

So the file that was mapped has been deleted... Ok,
With the following in filemap_sync_pte:

        if (page->index != pgoff) {
                printk("weirdness: pgoff=%lu index=%lu address=%lu vm_start=%lu vm_pgoff=%lu\n",
                        pgoff, page->index, address, vma->vm_start, vma->vm_pgoff);
        }
+ if (!page->mapping) {
+ printk("--> page %p mapping NULL - address %lx\n", page, address);
+ printk("--> vma->vm_file = %p\n", vma->vm_file);
+ if (vma->vm_file) {
+ char *s = d_path(vma->vm_file->f_dentry, vma->vm_file->f_vfsmnt, buf, PAGE_SIZ$
+ printk("--> %s\n", s);
+ }
+ page_cache_free(page);
+ return 0;
+ }
        lock_page(page);

this reveals:

--> page c017e118 mapping NULL - address 40264000
--> vma->vm_file = c0c8b120
--> /var/tmp/.nfs0000161300000002 (deleted)

And the stack trace indicates that the kernel execution path came from
sys_munmap.

(and the box doesn't hang, so I can then get the following strace and
send you this mail... should've kept the old sendmail binary lying
around...):

open("/var/tmp/000703", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
fcntl(5, F_SETFD, FD_CLOEXEC) = 0
lseek(5, 0, SEEK_END) = 0
lseek(5, 49152, SEEK_CUR) = 49152
write(5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096
old_mmap(NULL, 53248, PROT_READ|PROT_WRITE, MAP_SHARED, 5, 0) = 0x40264000
fcntl(5, F_SETLKW, {type=F_WRLCK, whence=SEEK_SET, start=0, len=1}) = 0
fcntl(5, F_SETLK, {type=F_UNLCK, whence=SEEK_SET, start=0, len=1}) = 0
close(5) = 0
unlink("/var/tmp/000703") = 0
...
munmap(0x40264000, 53248) = 0

So I'm guessing that the unlink is causing NFS to remove page->mapping
for a dirty mmap'd file, which then causes munmap to explode.

I'm not a VFS, MM nor NFS wizard, so it'll probably take me many hours
to figure out what's causing this. Any chance someone else can take a
look?
   _____
  |_____| ------------------------------------------------- ---+---+-
  | | Russell King rmk@arm.linux.org.uk --- ---
  | | | | http://www.arm.linux.org.uk/personal/aboutme.html / / |
  | +-+-+ --- -+-
  / | THE developer of ARM Linux |+| /|\
/ | | | --- |
    +-+-+ ------------------------------------------------- /\\\ |

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: XVA International: "(no subject)"
Previous message: Jeff V. Merkey: "Re: [ADMIN] some list related topics .."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Oct 23 2000 - 21:00:16 EST