Re: [BUG REPORT] Kernel panic on 3.9.0-rc7-4-gbb33db7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 18 2013, Linus Torvalds wrote:
> On Thu, Apr 18, 2013 at 11:13 AM, Jens Axboe <axboe@xxxxxxxxx> wrote:
> > On Thu, Apr 18 2013, Tejun Heo wrote:
> >> On Thu, Apr 18, 2013 at 10:39:00AM -0700, Jens Axboe wrote:
> >> >
> >> > Yep, thanks Linus for that hint... Must be someone abusing it for a
> >> > flag field post submission? Crazy.
> >>
> >> Let's hope that's not the case because there'll be blood if it is. :)
> >
> > Yeah, it's beyond the amount of crazy I've come to expect from various
> > random users of IO interfaces :-)
> 
> I think it's more likely to be some use-after-free after a long timeout.
> 
> Wanlong says it happens a few minutes after boot, so maybe something
> times out a command, does the blk_complete_request(), and free's the
> bio, which gets re-used before the softirq actually ends up running.
> 
> I note that Wanlong uses the SLAB allocator, not the SLUB one. I
> wonder if the thing goes away with SLUB, and if not, if
> CONFIG_SLUB_DEBUG_ON=y might help debug it?

Hmm dunno. It happens right after we've completed the bio, which touches
a lot of fields too. bi_bdev sits between bi_next (which we definitely
used) and bi_flags.

But adding slab use-after-free debugging would show for sure.

-- 
Jens Axboe

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel




[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux