Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933597Ab0BYUCu (ORCPT ); Thu, 25 Feb 2010 15:02:50 -0500 Received: from mail-fx0-f219.google.com ([209.85.220.219]:41846 "EHLO mail-fx0-f219.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933562Ab0BYUCr (ORCPT ); Thu, 25 Feb 2010 15:02:47 -0500 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:from:date:x-google-sender-auth:message-id :subject:to:content-type; b=vtAZFTEHKyRd+o6hfPMzz5av1VwKREtYBPKXOO/M6w+GtWXaXCNdq2HTIf7kMt0359 I7DNjitZByFIc7g+KWq+D9qt8EsCqsRgOJShbe2yzMGjLFV8EIdJQLG3r2HTQ8HPzQq4 sGNHGlJQqoclWU1XoBglfhqW7w7vTJaMvw7zk= MIME-Version: 1.0 From: Andrew Lutomirski Date: Thu, 25 Feb 2010 15:01:08 -0500 X-Google-Sender-Auth: 609532e42e942095 Message-ID: Subject: [2.6.33 regression] btrfs mount causes memory corruption To: linux-kernel@vger.kernel.org, linux-btrfs@vger.kernel.org Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3279 Lines: 68 Mounting btrfs corrupts memory and causes nasty crashes within a few seconds. This seems to happen even if the mount fails (note the unrecognized mount option). This is a regression from 2.6.32, and I've attached an example. --Andy Btrfs loaded device fsid cf4a8e080605f191-af91bbbf445c98b8 devid 2 transid 68136 /dev/dm-2 device fsid cf4a8e080605f191-af91bbbf445c98b8 devid 1 transid 68136 /dev/dm-1 device fsid cf4a8e080605f191-af91bbbf445c98b8 devid 2 transid 68136 /dev/mapper/big_2 device fsid cf4a8e080605f191-af91bbbf445c98b8 devid 1 transid 68136 /dev/mapper/big_1 device fsid cf4a8e080605f191-af91bbbf445c98b8 devid 1 transid 68136 /dev/mapper/big_1 btrfs: unrecognized mount option 'acl' btrfs: open_ctree failed ------------[ cut here ]------------ kernel BUG at mm/slub.c:2969! invalid opcode: 0000 [#1] SMP last sysfs file: /sys/kernel/mm/ksm/run CPU 6 Pid: 2692, comm: bash Tainted: G W 2.6.33 #2 P6T WS PRO/System Product Name RIP: 0010:[] [] kfree+0x62/0xd5 RSP: 0018:ffff88019db87c68 EFLAGS: 00010246 RAX: 0040000000080000 RBX: ffff88019db87d18 RCX: ffff8801b175de20 RDX: ffffea0000000000 RSI: ffffea0003800000 RDI: ffff880100000000 RBP: ffff88019db87c88 R08: ffffffff81a57aa0 R09: ffff8801b551c240 R10: 00000002412fde13 R11: 0000000000000000 R12: ffff880100000000 R13: ffffffff811d9532 R14: 0000000000000010 R15: ffff88019db87ce8 FS: 00007fde0bce7700(0000) GS:ffff8800282c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f041b1b4600 CR3: 00000001b776a000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process bash (pid: 2692, threadinfo ffff88019db86000, task ffff88019d928000) Stack: ffff8801b551c240 ffff88019db87d18 0000000000000000 ffff88019b65f164 <0> ffff88019db87ca8 ffffffff811d9532 ffff88019db87ce8 ffff8801b4b8f548 <0> ffff88019db87cc8 ffffffff811de035 ffff8801b4b8f548 ffff8801b644bba8 Call Trace: [] ebitmap_destroy+0x21/0x3c [] context_destroy+0x58/0x6c [] security_compute_sid+0x26d/0x282 [] security_transition_sid+0x1f/0x21 [] selinux_bprm_set_creds+0xd1/0x25f [] ? vma_link+0x88/0xb1 [] ? selinux_vm_enough_memory+0x40/0x45 [] ? spin_unlock_irqrestore+0x9/0xb [] ? __up_write+0x42/0x47 [] security_bprm_set_creds+0x13/0x15 [] prepare_binprm+0xc3/0xf0 [] do_execve+0x150/0x2d2 [] sys_execve+0x43/0x5a [] stub_execve+0x6a/0xc0 Code: 83 c3 08 48 83 3b 00 eb ec 49 83 fc 10 0f 86 82 00 00 00 4c 89 e7 e8 c5 e2 ff ff 48 89 c6 48 8b 00 84 c0 78 14 66 a9 00 c0 75 04 <0f> 0b eb fe 48 89 f7 e8 ea 36 fd ff eb 5c 48 8b 4d 08 48 8b 7e RIP [] kfree+0x62/0xd5 RSP ---[ end trace 57f7151f6a5def07 ]--- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/