On Sat, Jun 26, 2004 at 11:23:14PM +0200, Krzysztof Rusocki wrote:
> On Thu, Jun 24, 2004 at 05:43:13PM +0200, Krzysztof Rusocki wrote:
> >
> > Kernel which reached 14 hours of uptime recently - died on re-check 2 hours
> > ago. Going to try 2.6.4 now...
>
> vanilla 2.6.6 crashes
> vanilla 2.6.5 does not (as far as I can tell)
>
> I'm still doing an investigation here, so don't
> take those words for granted.
>
> And one more thing - I've found that dereference
> which takes place comes from :~1710 (tmp list loop)
>
> list_del_init(&pb->pb_list);
> pagebuf_iostrategy(pb);
> blk_run_address_space(pb->pb_target->pbr_mapping);
> ^^^^^ pb->pb_target equals 0x6b6b6b6b here
>
> Can that help? Or maybe it ain't news for you? :-)
Hmm, it looks like the pagebuf already got freed by pagebuf_iostrategy
when we hit the next line. Let's hope the target hasn't gone away to
(and I'm too sleepy now to check for that) and try the patch below:
===== fs/xfs/linux-2.6/xfs_buf.c 1.118 vs edited =====
--- 1.118/fs/xfs/linux-2.6/xfs_buf.c 2004-06-18 04:05:01 +02:00
+++ edited/fs/xfs/linux-2.6/xfs_buf.c 2004-06-27 00:01:13 +02:00
@@ -1615,6 +1615,7 @@
struct list_head tmp;
unsigned long age;
xfs_buf_t *pb, *n;
+ xfs_buftarg_t *target;
/* Set up the thread */
daemonize("xfsbufd");
@@ -1656,9 +1657,11 @@
while (!list_empty(&tmp)) {
pb = list_entry(tmp.next, xfs_buf_t, pb_list);
+ target = pb->pb_target;
+
list_del_init(&pb->pb_list);
pagebuf_iostrategy(pb);
- blk_run_address_space(pb->pb_target->pbr_mapping);
+ blk_run_address_space(target->pbr_mapping);
}
if (as_list_len > 0)
|