JFFS2 in mtd-snapshot-20051118 crashed on linux-2.4.20

kevinwu kevinwu at e28.com
Mon Dec 5 22:53:47 EST 2005 

I found JFFS2 crashed in snapshot mtd-snapshot-20051118.tar.bz2.
I copy lots of small files to jffs2 partition, and diff it, umount it,
mount it, remove all, copy once again...

I use the following test script:

#! /bin/sh

if [ $# -lt 1 ]; then
        echo "Usage: `basename $0` loop_count"
        exit 1
fi

cd /root
killall *.elf
sleep 1
cd /home/utils
./fuser -km /dev/mtdblock/5
./umount /dev/mtdblock/5
./mount -t jffs2 /dev/mtdblock/5 /usr/share
rm -rf /usr/share/*

count=`expr $1`
i=0

while [ $i -lt $count ]
do
for loop in `ls /home/utils/testfiles `
do
        cp -rf /home/utils/testfiles/$loop /usr/share/$loop
        sync
done
./diff -r /home/utils/testfiles/ /usr/share/
./umount /dev/mtdblock/5
./mount -t jffs2 /dev/mtdblock/5 /usr/share
rm -rf /usr/share/*
i=`expr $i + 1`
echo finished loop $i
done
./umount /dev/mtdblock/5


My /dev/mtdblock/5 partition is about 32 MiB in size.
CPU is ARM926EJS.
Kernel is Linux-2.4.20. I back ported JFFS2 for linux-2.6 to
linux-2.4.20.
I did not enable EBS or CS support.
Call stack is:

add_wait_queue_exclusive
__down
jffs2_lookup
real_lookup
__user_walk
sys_lstat64
__wake_up
jffs2_garbage_collect_live.
jffs2_garbage_collect_pass.
jffs2_flash_wbuf_gc.
sync_supers
try_to_free_buffers
kupdate

I do not know if this scenario can reoccur on Linux-2.6.
The attched file is my script and test file.
I am a chinese. So the test file names are chinese.

I execute the following command:
cd /home/utils
/home/utils/flash_eraseall -j /dev/mtd/5
/home/utils/mount -t jffs2 /dev/mtdblock/5 /usr/share
./fstest.sh 100


The following is the dump infomation.
It seems that down function's input parameter is NULL address or an
illegal address.

# cd /home/utils
# /home/utils/flash_eraseall -j /dev/mtd/5
Erasing 16 Kibyte @ a98000 -- 33 % complete. Cleanmarker written at
a98000.
Skipping bad block at 0x00a9c000
Erasing 16 Kibyte @ 1ffc000 -- 99 % complete. Cleanmarker written at
1ffc000.
# /home/utils/mount -t jffs2 /dev/mtdblock/5 /usr/share
# ./fstest.sh 100
cd: 8: can't cd to /root
killall: *.elf: no process killed
finished loop 1
finished loop 2
finished loop 3
finished loop 4
Unable to handle kernel NULL pointer dereference at virtual address
00000000
pgd = c0004000
*pgd = 00000000, *pmd = 00000000
Internal error: Oops: ffffffff
CPU: 0
pc : [<c0028220>]    lr : [<00000000>]    Not tainted
sp : c02f1e88  ip : c02f1ea4  fp : c02f1e98
r10: c19614e8  r9 : 00000000  r8 : c02f1e9c
r7 : c1c594e0  r6 : c0b281bc  r5 : c0b281b4  r4 : 40000013
r3 : 00000002  r2 : c02f0000  r1 : c02f1e9c  r0 : c0b281bc
Flags: nZcv  IRQs off  FIQs on  Mode SVC_32  Segment kernel
Control: 5717F  Table: 11AE8000  DAC: 0000001D
Process kupdated (pid: 7, stack limit = 0xc02f0380)
Stack: (0xc02f1e88 to 0xc02f2000)
1e80:                   c02f0000 c02f1ecc c02f1e9c c001bfdc c00281ec
00000001
1ea0: c02f0000 c0b281bc 00000000 c0b281b4 c0b281b4 c17bd730 c1c594e0
00000000
1ec0: c02f1f20 c02f1ed0 c001c30c c001bfa0 c1c594e0 c19614e8 c17bd730
c0b281b4
1ee0: c00aca74 c1c594e0 c19614b4 00000000 00000000 00000000 c0b281b4
c1813ae8
1f00: c17bd730 c1c594e0 c19614e8 00000000 00000001 c02f1f80 c02f1f24
c00ac944
1f20: c00aca2c 41069263 10014b10 c02f1f48 c02f1f3c c00ed5a4 c00fb460
c02f1f68
1f40: c02f1f4c c19614b4 c1c594e0 c1c595d4 ffffffd1 c1c595a0 c1c5950c
c1c594e0
1f60: 00000000 0000011f 00784200 41069263 10014b10 c02f1fa4 c02f1f84
c00b242c
1f80: c00ac2c4 c1c59400 c1c59444 00000000 c02f0350 c01bb608 c02f1fc0
c02f1fa8
1fa0: c0057200 c00b2374 c02f0000 c02f0340 c00154f4 c02f1fd4 c02f1fc4
c00561d0
1fc0: c0057070 c02f0000 c02f1ff4 c02f1fd8 c00565f0 c0056198 00000000
00010e00
1fe0: c01d0544 c01d052c 00000000 c02f1ff8 c001af80 c0056480 00000000
00000000
bbbbbbbbbbb: Stack: (0xc02f1e88 to 0xc02f2000)
1e80:                   c02f0000 c02f1ecc c02f1e9c c001bfdc c00281ec
00000001
1ea0: c02f0000 c0b281bc 00000000 c0b281b4 c0b281b4 c17bd730 c1c594e0
00000000
1ec0: c02f1f20 c02f1ed0 c001c30c c001bfa0 c1c594e0 c19614e8 c17bd730
c0b281b4
1ee0: c00aca74 c1c594e0 c19614b4 00000000 00000000 00000000 c0b281b4
c1813ae8
1f00: c17bd730 c1c594e0 c19614e8 00000000 00000001 c02f1f80 c02f1f24
c00ac944
1f20: c00aca2c 41069263 10014b10 c02f1f48 c02f1f3c c00ed5a4 c00fb460
c02f1f68
1f40: c02f1f4c c19614b4 c1c594e0 c1c595d4 ffffffd1 c1c595a0 c1c5950c
c1c594e0
1f60: 00000000 0000011f 00784200 41069263 10014b10 c02f1fa4 c02f1f84
c00b242c
1f80: c00ac2c4 c1c59400 c1c59444 00000000 c02f0350 c01bb608 c02f1fc0
c02f1fa8
1fa0: c0057200 c00b2374 c02f0000 c02f0340 c00154f4 c02f1fd4 c02f1fc4
c00561d0
1fc0: c0057070 c02f0000 c02f1ff4 c02f1fd8 c00565f0 c0056198 00000000
00010e00
1fe0: c01d0544 c01d052c 00000000 c02f1ff8 c001af80 c0056480 00000000
00000000


The crash is random.
I am debuging it.
Does anyone know what's the matter? Any advice?
Has MTD driver a stable release version?

-- 
Best Regards

Kevin Wu

System Software Engineer, E28.com


Office: 86-21-23060088-352
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fstest.sh
Type: application/x-shellscript
Size: 608 bytes
Desc: not available
Url : http://lists.infradead.org/pipermail/linux-mtd/attachments/20051206/69411b76/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: testfiles.tgz
Type: application/x-compressed-tar
Size: 137830 bytes
Desc: not available
Url : http://lists.infradead.org/pipermail/linux-mtd/attachments/20051206/69411b76/attachment-0001.bin

More information about the linux-mtd mailing list