bug? in fs/buffer.c

Pascal Cuoq (Pascal.Cuoq@ens-lyon.fr)
Tue, 26 Aug 1997 00:16:18 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ron Smits: "Re: QNX version pre6-1 doesn't patch"
Previous message: Alan Cox: "Re: 2.0.31-7 Oopses on full partition"

Hi,

I am trying to have Linux run on a Toshiba T4800C notebook, and the
system hangs from times to time. This is hard to reproduce but it
seems that 'hdparm -t' makes the 'bug' appear more often than normal
use.

This is probably not a bug but is rather caused by the
non-standardness of my material. I would however like to see Linux
run on this machine and I would be glad if someone could help me to
locate the place where a workaround might be needed. There are two
points where it happens, more often (almost always) in the first one.
It is in file fs/buffer.c, function find_candidate.

I included the disassembly of this function as compiled on this
computer (linux 2.0.30 compiled with gcc 2.7.2.2). The same kernel
works well on all other machines, it does not seem to be a compiler
bug either.

If someone has suggestions, I would appreciate if he could send it
directly to me, in place of or at the same time as to the list.

Pascal
--------------------------
Dump of assembler code for function find_candidate:
0x125b80 <f_c>: subl $0x4,%esp
0x125b83 <f_c+3>: pushl %ebp
0x125b84 <f_c+4>: pushl %edi
0x125b85 <f_c+5>: pushl %esi
0x125b86 <f_c+6>: pushl %ebx
0x125b87 <f_c+7>: movl 0x18(%esp,1),%eax
0x125b8b <f_c+11>: movl 0x1c(%esp,1),%edi
0x125b8f <f_c+15>: movl 0x20(%esp,1),%ebp
0x125b93 <f_c+19>: movl %eax,0x10(%esp,1)
0x125b97 <f_c+23>: testl %eax,%eax
0x125b99 <f_c+25>: je 0x125c78 <f_c+248>
0x125b9f <f_c+31>: nop
0x125ba0 <f_c+32>: cmpl $0x0,(%edi)
0x125ba3 <f_c+35>: jle 0x125c78 <f_c+248>
0x125ba9 <f_c+41>: movl 0x10(%esp,1),%edx
0x125bad <f_c+45>: cmpl %ebp,0x20(%edx)
0x125bb0 <f_c+48>: je 0x125bd0 <f_c+80>
0x125bb2 <f_c+50>: pushl $0x1
0x125bb4 <f_c+52>: leal 0x14(%esp,1),%eax
0x125bb8 <f_c+56>: pushl %eax
0x125bb9 <f_c+57>: pushl %edx
0x125bba <f_c+58>: call 0x127410 <try_to_free_buffer>
0x125bbf <f_c+63>: addl $0xc,%esp
0x125bc2 <f_c+66>: jmp 0x125c60 <f_c+224>
... (nops)
0x125bd0 <f_c+80>: testb $0x4,0x14(%edx)
0x125bd4 <f_c+84>: je 0x125bf0 <f_c+112>
0x125bd6 <f_c+86>: movl 0x28(%edx),%eax
0x125bd9 <f_c+89>: decl %eax
0x125bda <f_c+90>: cmpl $0x1,%eax
0x125bdd <f_c+93>: ja 0x125bf0 <f_c+112>
0x125bdf <f_c+95>: movl $0x0,(%edi)
0x125be5 <f_c+101>: xorl %eax,%eax
0x125be7 <f_c+103>: popl %ebx
0x125be8 <f_c+104>: popl %esi
0x125be9 <f_c+105>: popl %edi
0x125bea <f_c+106>: popl %ebp
0x125beb <f_c+107>: addl $0x4,%esp
0x125bee <f_c+110>: ret
0x125bef <f_c+111>: nop
0x125bf0 <f_c+112>: movl 0x10(%esp,1),%ebx
0x125bf4 <f_c+116>: cmpl $0x0,0x1c(%ebx)
0x125bf8 <f_c+120>: jne 0x125c60 <f_c+224>
0x125bfa <f_c+122>: movl 0x14(%ebx),%esi
0x125bfd <f_c+125>: testl $0x40,%esi
0x125c03 <f_c+131>: jne 0x125c60 <f_c+224>
0x125c05 <f_c+133>: testl $0x4,%esi
0x125c0b <f_c+139>: jne 0x125c60 <f_c+224>
0x125c0d <f_c+141>: movl 0x24(%ebx),%eax
0x125c10 <f_c+144>: shrl $0xc,%eax
0x125c13 <f_c+147>: movl 0x199240,%ecx
0x125c19 <f_c+153>: leal (%eax,%eax,2),%edx
0x125c1c <f_c+156>: leal (%eax,%edx,4),%edx
0x125c1f <f_c+159>: cmpl $0x1,0x14(%ecx,%edx,4)
0x125c24 <f_c+164>: jne 0x125c2e <f_c+174>
0x125c26 <f_c+166>: testl $0x2,%esi
0x125c2c <f_c+172>: je 0x125c40 <f_c+192>
0x125c2e <f_c+174>: pushl %ebx
0x125c2f <f_c+175>: call 0x1264f0 <refile_buffer>
0x125c34 <f_c+180>: xorl %eax,%eax
0x125c36 <f_c+182>: addl $0x4,%esp
0x125c39 <f_c+185>: jmp 0x125c4c <f_c+204>
... (nops)
0x125c40 <f_c+192>: movl $0x1,%eax
0x125c45 <f_c+197>: cmpl %ebp,0x20(%ebx)
0x125c48 <f_c+200>: je 0x125c4c <f_c+204>
0x125c4a <f_c+202>: xorl %eax,%eax
0x125c4c <f_c+204>: testl %eax,%eax
0x125c4e <f_c+206>: je 0x125c60 <f_c+224>
0x125c50 <f_c+208>: movl 0x10(%esp,1),%eax
0x125c54 <f_c+212>: popl %ebx
0x125c55 <f_c+213>: popl %esi
0x125c56 <f_c+214>: popl %edi
0x125c57 <f_c+215>: popl %ebp
0x125c58 <f_c+216>: addl $0x4,%esp
0x125c5b <f_c+219>: ret
0x125c5c <f_c+220>: nop
0x125c5d <f_c+221>: nop
0x125c5e <f_c+222>: nop
0x125c5f <f_c+223>: nop
0x125c60 <f_c+224>: movl 0x10(%esp,1),%eax
0x125c64 <f_c+228>: movl 0x18(%eax),%eax
0x125c67 <f_c+231>: movl %eax,0x10(%esp,1)
0x125c6b <f_c+235>: decl (%edi)
0x125c6d <f_c+237>: cmpl $0x0,0x10(%esp,1)
0x125c72 <f_c+242>: jne 0x125ba0 <f_c+32>
0x125c78 <f_c+248>: xorl %eax,%eax
0x125c7a <f_c+250>: popl %ebx
0x125c7b <f_c+251>: popl %esi
0x125c7c <f_c+252>: popl %edi
0x125c7d <f_c+253>: popl %ebp
0x125c7e <f_c+254>: addl $0x4,%esp
0x125c81 <f_c+257>: ret

<1>Unable to handle kernel NULL pointer dereference at virtual address c0000018
<1>current->tss.cr3 = 0027c000, Lr3 = 0027c000
<1>*pde = 00102067
<1>*pte = 00000027
<4>Oops: 0000
<4>CPU: 0
<4>EIP: 0010:[find_candidate+228/272]
<4>EFLAGS: 00010212
<4>eax: 00000000 ebx: 0022dcfc ecx: 00000000 edx: 001f5f58
<4>esi: 00000001 edi: 0022dd00 ebp: 00000400 esp: 0022dcc4
<4>ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
<4>Process hdparm (pid: 84, process nr: 22, stackpage=0022d000)
<4>Stack: 0022dcfc 00000001 00000400 00010000 00000000 00125d29 00f81b98 0022dd00
<4> 00000400 00000003 00220300 00000001 00000400 00220300 000012bf 00000039
<4> 00000100 0007de98 001260bf 00000300 00126216 00000400 00000003 0022de94
<4>Call Trace: [refill_freelist+153/1024] [getblk+47/1040] [getblk+390/1040] [block_read+857/1536] [sys_read+138/176] [system_call+82/128]
<4>Code: 8b 40 18 89 44 24 10 ff 0f 83 7c 24 10 00 0f 85 28 ff ff ff

<4>general protection: 0000
<4>CPU: 0
<4>EIP: 0010:[find_candidate+45/272]
<4>EFLAGS: 00010202
<4>eax: f000ecf4 ebx: 00074cfc ecx: 001d988c edx: f000ecf4
<4>esi: 00000001 edi: 00074d00 ebp: 00000400 esp: 00074cc4
<4>ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
<4>Process hdparm (pid: 223, process nr: 21, stackpage=00074000)
<4>Stack: 00074cfc 00000001 00000400 00010000 f000ecf4 00125d29 00948098 00074d00
<4> 00000400 0000003f 00070300 00000001 00000400 00070300 000012f0 00000001
<4> 00000100 00f0b318 001260bf 00000300 00126216 00000400 0000003f 00074f5c
<4>Call Trace: [refill_freelist+153/1024] [getblk+47/1040] [getblk+390/1040] [block_read+857/1536] [sys_read+138/176] [system_call+82/128]
<4>Code: 39 6a 20 74 1e 6a 01 8d 44 24 14 50 52 e8 51 18 00 00 83 c4
<4>general protection: 0000
<4>CPU: 0
<4>EIP: 0010:[find_candidate+45/272]
<4>EFLAGS: 00010202
<4>eax: f000ecf4 ebx: 004e8cfc ecx: 00000000 edx: f000ecf4
<4>esi: 00000001 edi: 004e8d00 ebp: 00000400 esp: 004e8cc4
<4>ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
<4>Process hdparm (pid: 238, process nr: 21, stackpage=004e8000)
<4>Stack: 004e8cfc 00000001 00000400 00010000 f000ecf4 00125d29 00cfee18 004e8d00
<4> 00000400 0000001b 004e0300 00000001 00000400 004e0300 00001242 00000001
<4> 00000100 007e2818 001260bf 00000300 00126216 00000400 0000001b 004e8f58
<4>Call Trace: [refill_freelist+153/1024] [getblk+47/1040] [getblk+390/1040] [block_read+857/1536] [sys_read+138/176] [system_call+82/128]
<4>Code: 39 6a 20 74 1e 6a 01 8d 44 24 14 50 52 e8 51 18 00 00 83 c4
<4>general protection: 0000
<4>CPU: 0
<4>EIP: 0010:[find_candidate+45/272]
<4>EFLAGS: 00010206
<4>eax: f000ecf4 ebx: 004e8cfc ecx: 00000000 edx: f000ecf4
<4>esi: 00000001 edi: 004e8d00 ebp: 00000400 esp: 004e8cc4
<4>ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
<4>Process hdparm (pid: 240, process nr: 21, stackpage=004e8000)
<4>Stack: 004e8cfc 00000001 00000400 00010000 f000ecf4 00125d29 00078998 004e8d00
<4> 00000400 00000033 004e0300 00000001 00000400 004e0300 00001291 00000003
<4> 00000100 00d4de18 001260bf 00000300 00126216 00000400 00000033 004e8f40
<4>Call Trace: [refill_freelist+153/1024] [getblk+47/1040] [getblk+390/1040] [block_read+857/1536] [sys_read+138/176] [system_call+82/128]
<4>Code: 39 6a 20 74 1e 6a 01 8d 44 24 14 50 52 e8 51 18 00 00 83 c4
<4>general protection: 0000
<4>CPU: 0
<4>EIP: 0010:[find_candidate+45/272]
<4>EFLAGS: 00010202
<4>eax: f000ecf4 ebx: 004e8cfc ecx: 00000000 edx: f000ecf4
<4>esi: 00000001 edi: 004e8d00 ebp: 00000400 esp: 004e8cc4
<4>ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
<4>Process hdparm (pid: 242, process nr: 21, stackpage=004e8000)
<4>Stack: 004e8cfc 00000001 00000400 00010000 f000ecf4 00125d29 00fa0c18 004e8d00
<4> 00000400 00000020 004e0300 00000001 00000400 004e0300 000012e0 00000001
<4> 00000100 00e29618 001260bf 00000300 00126216 00000400 00000020 004e8f0c
<4>Call Trace: [refill_freelist+153/1024] [getblk+47/1040] [getblk+390/1040] [block_read+857/1536] [sys_read+138/176] [system_call+82/128]
<4>Code: 39 6a 20 74 1e 6a 01 8d 44 24 14 50 52 e8 51 18 00 00 83 c4
<4>general protection: 0000
<4>CPU: 0
<4>EIP: 0010:[find_candidate+45/272]
<4>EFLAGS: 00010202
<4>eax: f000ecf4 ebx: 004e8cfc ecx: 00000000 edx: f000ecf4
<4>esi: 00000001 edi: 004e8d00 ebp: 00000400 esp: 004e8cc4
<4>ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
<4>Process hdparm (pid: 245, process nr: 21, stackpage=004e8000)
<4>Stack: 004e8cfc 00000001 00000400 00010000 f000ecf4 00125d29 00562998 004e8d00
<4> 00000400 00000030 004e0300 00000001 00000400 004e0300 0000132e 00000002
<4> 00000100 00ced698 001260bf 00000300 00126216 00000400 00000030 004e8f8c
<4>Call Trace: [refill_freelist+153/1024] [getblk+47/1040] [getblk+390/1040] [block_read+857/1536] [sys_read+138/176] [system_call+82/128]
<4>Code: 39 6a 20 74 1e 6a 01 8d 44 24 14 50 52 e8 51 18 00 00 83 c4

Next message: Ron Smits: "Re: QNX version pre6-1 doesn't patch"
Previous message: Alan Cox: "Re: 2.0.31-7 Oopses on full partition"