-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I do fuzzy testing a 32 bit user mode linux guest (v3.14-rc3-43-g805937c) with trinity and use a BTRFS file created on a ram disk within the UML and loop mounted onto a mount point within the UML for victim files for trinity (all inside the UML guest). Since few hours the test script hangs. When I try at the host try to get a back trace of the hanging "linux" process I do get back traces like the following : $ date; sudo gdb /home/tfoerste/devel/linux/linux 25083 -n -batch -ex 'bt' Tue Feb 18 22:12:19 CET 2014 warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? check_valid_pointer (object=<optimized out>, page=<optimized out>, s=<optimized out>) at mm/slub.c:250 250 if (object < base || object >= base + page->objects * s->size || #0 check_valid_pointer (object=<optimized out>, page=<optimized out>, s=<optimized out>) at mm/slub.c:250 #1 on_freelist (s=0x49c49e40, page=0xbc69a00, search=0x48e98800) at mm/slub.c:891 #2 0x084dfa85 in free_debug_processing (s=0x49c49e40, page=0xbc69a00, object=0x48e98800, addr=59, flags=0x36e77ddc) at mm/slub.c:1123 #3 0x084dfd47 in __slab_free (s=0x49c49e40, page=0xbc69a00, x=0x48e98800, addr=59) at mm/slub.c:2549 #4 0x080feff1 in slab_free (addr=<optimized out>, x=<optimized out>, page=<optimized out>, s=<optimized out>) at mm/slub.c:2695 #5 kfree (x=0x48e98800) at mm/slub.c:3397 #6 0x0827aab8 in btrfs_delayed_refs_qgroup_accounting (trans=0x499cb2d0, fs_info=0x49c750f0) at fs/btrfs/extent-tree.c:2603 #7 0x08294c4f in __btrfs_end_transaction (trans=0x499cb2d0, root=0x48d525b0, throttle=0) at fs/btrfs/transaction.c:694 #8 0x08294f30 in btrfs_end_transaction (trans=0x499cb2d0, root=0x48d525b0) at fs/btrfs/transaction.c:780 #9 0x0829e850 in btrfs_finish_ordered_io (ordered_extent=0x40714840) at fs/btrfs/inode.c:2696 #10 0x0829e97e in finish_ordered_fn (work=0x407148bc) at fs/btrfs/inode.c:2753 #11 0x082c8984 in worker_loop (arg=0x40c77540) at fs/btrfs/async-thread.c:326 #12 0x08096266 in kthread (_create=0x36e58960) at kernel/kthread.c:207 #13 0x0805f7eb in new_thread_handler () at arch/um/kernel/process.c:129 #14 0x00000000 in ?? () $ date; sudo gdb /home/tfoerste/devel/linux/linux 25083 -n -batch -ex 'bt' Tue Feb 18 22:12:35 CET 2014 warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? check_valid_pointer (object=<optimized out>, page=<optimized out>, s=<optimized out>) at mm/slub.c:250 250 if (object < base || object >= base + page->objects * s->size || #0 check_valid_pointer (object=<optimized out>, page=<optimized out>, s=<optimized out>) at mm/slub.c:250 #1 on_freelist (s=0x49c49180, page=0xbb653c0, search=0x40c66af0) at mm/slub.c:891 #2 0x084dfa85 in free_debug_processing (s=0x49c49180, page=0xbb653c0, object=0x40c66af0, addr=29, flags=0x36c47a14) at mm/slub.c:1123 #3 0x084dfd47 in __slab_free (s=0x49c49180, page=0xbb653c0, x=0x40c66af0, addr=29) at mm/slub.c:2549 #4 0x080feff1 in slab_free (addr=<optimized out>, x=<optimized out>, page=<optimized out>, s=<optimized out>) at mm/slub.c:2695 #5 kfree (x=0x40c66af0) at mm/slub.c:3397 #6 0x082a8ccb in __btrfs_buffered_write (file=0x1d, i=0x36c47bb0, pos=12215744) at fs/btrfs/file.c:1624 #7 0x082a9105 in btrfs_file_aio_write (iocb=0x36c47bf4, iov=0x36c47bec, nr_segs=1, pos=12215743) at fs/btrfs/file.c:1773 #8 0x081051ce in do_sync_write (filp=0x36eee6c0, buf=0x1d <Address 0x1d out of bounds>, len=0, ppos=0x36c47c84) at fs/read_write.c:421 #9 0x08105271 in __kernel_write (file=0x36eee6c0, buf=0x3ca255be "", count=0, pos=0x36c47c84) at fs/read_write.c:445 #10 0x08129afd in write_pipe_buf (pipe=0x40d8c240, buf=0x49fece70, sd=0x36c47cf4) at fs/splice.c:1071 #11 0x0812ad70 in splice_from_pipe_feed (pipe=0x40d8c240, sd=0x36c47cf4, actor=0x8129aa0 <write_pipe_buf>) at fs/splice.c:833 #12 0x0812af1d in __splice_from_pipe (pipe=0x40d8c240, sd=0x36c47cf4, actor=0x8129aa0 <write_pipe_buf>) at fs/splice.c:954 #13 0x0812afa5 in splice_from_pipe (pipe=0x40d8c240, out=0x1d, ppos=0x1d, len=29, flags=29, actor=0x1d) at fs/splice.c:989 #14 0x0812affb in default_file_splice_write (pipe=0x1d, out=0x1d, ppos=0x36c47e60, len=29, flags=29) at fs/splice.c:1083 #15 0x081293c5 in do_splice_from (flags=<optimized out>, len=<optimized out>, ppos=<optimized out>, out=<optimized out>, pipe=<optimized out>) at fs/splice.c:1125 #16 direct_splice_actor (pipe=0x0, sd=0x1d) at fs/splice.c:1281 #17 0x0812b2e1 in splice_direct_to_actor (in=0x36eee6c0, sd=0x36c47dc8, actor=0x8129380 <direct_splice_actor>) at fs/splice.c:1234 #18 0x0812b475 in do_splice_direct (in=0x1d, ppos=0x36c47e58, out=0x0, opos=0x36c47e60, len=268435456, flags=29) at fs/splice.c:1324 #19 0x08104df9 in do_sendfile (out_fd=921626304, in_fd=0, ppos=0x36c47e90, count=29, max=8796093022207) at fs/read_write.c:1152 #20 0x0810611a in SYSC_sendfile64 (count=<optimized out>, offset=<optimized out>, in_fd=<optimized out>, out_fd=<optimized out>) at fs/read_write.c:1207 #21 SyS_sendfile64 (out_fd=215, in_fd=215, offset=135081984, count=268435456) at fs/read_write.c:1199 #22 0x08062ab4 in handle_syscall (r=0x49c970c8) at arch/um/kernel/skas/syscall.c:35 #23 0x08074905 in handle_trap (local_using_sysemu=<optimized out>, regs=<optimized out>, pid=<optimized out>) at arch/um/os-Linux/skas/process.c:198 #24 userspace (regs=0x49c970c8) at arch/um/os-Linux/skas/process.c:431 #25 0x0805f770 in fork_handler () at arch/um/kernel/process.c:149 #26 0x00000000 in ?? () $ date; sudo gdb /home/tfoerste/devel/linux/linux 25083 -n -batch -ex 'bt' Tue Feb 18 22:15:52 CET 2014 warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? 0x080fd18a in init_object (s=0x49f43300, object=0x4085c8d3, val=187 '\273') at mm/slub.c:670 670 p[s->object_size - 1] = POISON_END; #0 0x080fd18a in init_object (s=0x49f43300, object=0x4085c8d3, val=187 '\273') at mm/slub.c:670 #1 0x084dfa34 in free_debug_processing (s=0x49f43300, page=0xbb5d280, object=0x4085c880, addr=84, flags=0x36e77b44) at mm/slub.c:1149 #2 0x084dfd47 in __slab_free (s=0x49f43300, page=0xbb5d280, x=0x4085c880, addr=84) at mm/slub.c:2549 #3 0x080fec98 in slab_free (addr=<optimized out>, x=<optimized out>, page=<optimized out>, s=<optimized out>) at mm/slub.c:2695 #4 kmem_cache_free (s=0x49f43300, x=0x4085c880) at mm/slub.c:2704 #5 0x082e3f8f in add_delayed_ref_head (ref=0x4097c080, bytenr=59682816, num_bytes=4096, action=84, is_data=0, trans=<optimized out>, trans=<optimized out>, fs_info=<optimized out>) at fs/btrfs/delayed-ref.c:631 #6 0x082e4891 in btrfs_add_delayed_tree_ref (fs_info=0x49c750f0, trans=0x499cb2d0, bytenr=59682816, num_bytes=4096, parent=0, ref_root=7, level=1082509523, action=2, extent_op=0x0, for_cow=0) at fs/btrfs/delayed-ref.c:804 #7 0x0827e092 in btrfs_free_tree_block (trans=0x499cb2d0, root=0x48d51920, buf=0x407da0d8, parent=4649342998893559892, last_ref=1) at fs/btrfs/extent-tree.c:5962 #8 0x0826aab5 in __btrfs_cow_block (trans=0x499cb2d0, root=0x48d51920, buf=0x407da0d8, parent=0x0, parent_slot=0, cow_ret=0x36e77d94, search_start=0, empty_size=0) at fs/btrfs/ctree.c:1214 #9 0x0826af35 in btrfs_cow_block (trans=0x499cb2d0, root=0x48d51920, buf=0x407da0d8, parent=0x0, parent_slot=84, cow_ret=0x36e77d94) at fs/btrfs/ctree.c:1597 #10 0x0826f166 in btrfs_search_slot (trans=0x499cb2d0, root=0x48d51920, key=0x36e77de2, p=0x499ca1c8, ins_len=0, cow=1) at fs/btrfs/ctree.c:2834 #11 0x08287441 in btrfs_lookup_csum (trans=0x54, root=0x48d51920, path=0x499ca1c8, bytenr=75964416, cow=1082509523) at fs/btrfs/file-item.c:104 #12 0x08288e82 in btrfs_csum_file_blocks (trans=0x499cb2d0, root=0x48d51920, sums=0x40c66c80) at fs/btrfs/file-item.c:725 #13 0x08298705 in add_pending_csums (trans=0x499cb2d0, inode=0x49c2b130, list=0x40714578, file_offset=<optimized out>) at fs/btrfs/inode.c:1734 #14 0x0829e72d in btrfs_finish_ordered_io (ordered_extent=0x40714528) at fs/btrfs/inode.c:2678 #15 0x0829e97e in finish_ordered_fn (work=0x407145a4) at fs/btrfs/inode.c:2753 #16 0x082c8984 in worker_loop (arg=0x40c77540) at fs/btrfs/async-thread.c:326 #17 0x08096266 in kthread (_create=0x36e58960) at kernel/kthread.c:207 #18 0x0805f7eb in new_thread_handler () at arch/um/kernel/process.c:129 Well, this might be just an expected behaviour of the used fuzzing tool, but from my experiences with fuzz testings in the past (with NFSv4) this might indicate a BTRFS issue instead. - -- MfG/Sincerely Toralf Förster pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlMDzpYACgkQxOrN3gB26U4ZqgD/eAhQoh8YuXdsYCOLduxbHTSS AssxQ69VlOGqtZuzOtUA/3ko6jYyMCZ7VpOzOafURXLfkRHdYqdVfmDo5oQ7g1mV =/xSL -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html