On Thu, Apr 18, 2013 at 11:13 AM, Jens Axboe <axboe@xxxxxxxxx> wrote: > On Thu, Apr 18 2013, Tejun Heo wrote: >> On Thu, Apr 18, 2013 at 10:39:00AM -0700, Jens Axboe wrote: >> > >> > Yep, thanks Linus for that hint... Must be someone abusing it for a >> > flag field post submission? Crazy. >> >> Let's hope that's not the case because there'll be blood if it is. :) > > Yeah, it's beyond the amount of crazy I've come to expect from various > random users of IO interfaces :-) I think it's more likely to be some use-after-free after a long timeout. Wanlong says it happens a few minutes after boot, so maybe something times out a command, does the blk_complete_request(), and free's the bio, which gets re-used before the softirq actually ends up running. I note that Wanlong uses the SLAB allocator, not the SLUB one. I wonder if the thing goes away with SLUB, and if not, if CONFIG_SLUB_DEBUG_ON=y might help debug it? Linus -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel