On Tue, 2011-07-12 at 17:03 -0500, Eric Sandeen wrote: > Sending this for review prior to stable submission... > > A user on #xfs reported that a log replay was oopsing in > __rb_rotate_left() with a null pointer deref. > > I traced this down to the fact that in xfs_alloc_busy_insert(), > we erased a node with rb_erase() when the new node overlapped, > but left it specified as the parent node for the new insertion. > > So when we try to insert a new node with an erased node as > its parent, obviously things go very wrong. > > Upstream, > 97d3ac75e5e0ebf7ca38ae74cebd201c09b97ab2 xfs: exact busy extent tracking > actually fixed this, but as part of a much larger change. Here's > the relevant bit: > > * We also need to restart the busy extent search from the > * tree root, because erasing the node can rearrange the > * tree topology. > */ > rb_erase(&busyp->rb_node, &pag->pagb_tree); > busyp->length = 0; > return false; > > We can do essentially the same thing to older codebases by restarting > the search after the erase. > > This should apply to .35 through .39, and was tested on .39 > with the oopsing replay reproducer. > > Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx> Looks good. Reviewed-by: Alex Elder <aelder@xxxxxxx> _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
