Hi,
* On Mon, Sep 03, 2012 at 06:15:21AM +0530, Raghavendra D Prabhu
<raghu.prabhu13@xxxxxxxxx> wrote:
Hi,
* On Fri, Aug 17, 2012 at 01:15:43PM -0500, Eric Sandeen <sandeen@xxxxxxxxxxx>
wrote:
On 8/17/12 1:02 PM, Christoph Hellwig wrote:
I'd be this is my new code added to xfs_buf_item_unpin, but I don't
quite understand why. It's been a long time since I wrote that code,
but I had to add that code to make sure we clear all buffers during
a forced shutdown. Can you test if things go away if you just remove it
(even if causes other hangs?)
It does go away AFAIK, since the bisect found it.
Sadly it's been on the back burner for me, under other deadline pressure.
-Eric
_______________________________________________
xfs mailing list
xfs@xxxxxxxxxxx
http://oss.sgi.com/mailman/listinfo/xfs
I hit the same bug on xfstest 137 while testing and it is indeed
POISON_FREE.
Here are the intermediate backtraces: http://sprunge.us/HZeD
I am also attaching the full backtrace.
git head:
commit b686d1f79acb65c6a34473c15fcfa2ee54aed8e2
Author: Jeff Liu <jeff.liu@xxxxxxxxxx>
Date: Tue Aug 21 17:12:18 2012 +0800
With DEBUG_PAGEALLOC enabled, I got following:
[ 182.925026] [<ffffffff815813ce>] ? xfs_buf_iodone_work+0x43/0xb7
[ 182.925026] [<ffffffff8166c7b5>] xfs_buf_iodone_callbacks+0x4d2/0x5aa
[ 182.925026] [<ffffffff8166d041>] ? xfs_buf_item_unpin+0x7b4/0x812
[ 182.925026] [<ffffffff815813ce>] xfs_buf_iodone_work+0x43/0xb7
[ 182.925026] [<ffffffff81581ccc>] xfs_buf_ioend+0x29a/0x2fc
[ 182.925026] [<ffffffff8166d041>] xfs_buf_item_unpin+0x7b4/0x812
[ 182.925026] [<ffffffff8165bfe4>] xfs_trans_committed_bulk+0x223/0x6d1
[ 182.925026] [<ffffffff81317583>] ? __slab_free+0xa46/0xc2f
[ 182.925026] [<ffffffff81665edc>] ? xlog_write+0x18b/0x95c
[ 182.925026] [<ffffffff8116f30b>] ? debug_check_no_locks_freed+0x121/0x17b
[ 182.925026] [<ffffffff81318ab0>] ? kmem_cache_free+0x338/0x491
[ 182.925026] [<ffffffff81661dcf>] ? xfs_log_ticket_put+0xaf/0xbc
[ 182.925026] [<ffffffff81667fe7>] xlog_cil_committed+0x3b/0x1fa
[ 182.925026] [<ffffffff816691e1>] xlog_cil_push+0x6ca/0x6f6
[ 182.925026] [<ffffffff81170c84>] ? __lock_release+0x64/0xb6
[ 182.925026] [<ffffffff81669389>] xlog_cil_push_foreground+0x17c/0x1fa
[ 182.925026] [<ffffffff816697d1>] xlog_cil_force_lsn+0x90/0x27e
[ 182.925026] [<ffffffff813a4a42>] ? sync_inodes_sb+0x23e/0x26c
[ 182.925026] [<ffffffff81664c3c>] _xfs_log_force+0x67/0x620
[ 182.925026] [<ffffffff81db7f97>] ? wait_for_common+0x231/0x3ac
[ 182.925026] [<ffffffff81665359>] xfs_log_force+0x164/0x1c2
[ 182.925026] [<ffffffff815ac8cc>] xfs_quiesce_data+0x21/0x9f
[ 182.925026] [<ffffffff815a6780>] xfs_fs_sync_fs+0x5a/0xe0
[ 182.925026] [<ffffffff813af269>] __sync_filesystem+0x9e/0xc2
[ 182.925026] [<ffffffff813af357>] sync_filesystem+0xca/0x12d
[ 182.925026] [<ffffffff8134c95f>] generic_shutdown_super+0x61/0x203
[ 182.925026] [<ffffffff8134cb42>] kill_block_super+0x41/0x1a6
[ 182.925026] [<ffffffff8134dbf4>] deactivate_locked_super+0x9b/0x104
[ 182.925026] [<ffffffff8134f0a7>] deactivate_super+0x147/0x187
[ 182.925026] [<ffffffff8138f1d4>] mntput_no_expire+0x308/0x32a
[ 182.925026] [<ffffffff81391bc5>] sys_umount+0x1a6/0x1e4
[ 182.925026] [<ffffffff81dcb3e9>] system_call_fastpath+0x16/0x1b
Full here -- http://sprunge.us/CPKW
One more thing, in xfs_buf_do_callbacks,
while ((lip = bp->b_fspriv) != NULL) {
bp->b_fspriv = lip->li_bio_list;
ASSERT(lip->li_cb != NULL);
In the loop before the crash, lip->li_bio_list is NULL which
explains the use-after-free.
_______________________________________________
xfs mailing list
xfs@xxxxxxxxxxx
http://oss.sgi.com/mailman/listinfo/xfs
Regards,
--
Raghavendra Prabhu
GPG Id : 0xD72BE977
Fingerprint: B93F EBCB 8E05 7039 CD3C A4B8 A616 DCA1 D72B E977
www: wnohang.net
pgpK9bqDFnGeg.pgp
Description: PGP signature
|