Hi, * On Mon, Sep 03, 2012 at 06:15:21AM +0530, Raghavendra D Prabhu <raghu.prabhu13@xxxxxxxxx> wrote:
Hi, * On Fri, Aug 17, 2012 at 01:15:43PM -0500, Eric Sandeen <sandeen@xxxxxxxxxxx> wrote:On 8/17/12 1:02 PM, Christoph Hellwig wrote:I'd be this is my new code added to xfs_buf_item_unpin, but I don't quite understand why. It's been a long time since I wrote that code, but I had to add that code to make sure we clear all buffers during a forced shutdown. Can you test if things go away if you just remove it (even if causes other hangs?)It does go away AFAIK, since the bisect found it. Sadly it's been on the back burner for me, under other deadline pressure. -Eric _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfsI hit the same bug on xfstest 137 while testing and it is indeed POISON_FREE.Here are the intermediate backtraces: http://sprunge.us/HZeD I am also attaching the full backtrace. git head: commit b686d1f79acb65c6a34473c15fcfa2ee54aed8e2 Author: Jeff Liu <jeff.liu@xxxxxxxxxx> Date: Tue Aug 21 17:12:18 2012 +0800
With DEBUG_PAGEALLOC enabled, I got following: [ 182.925026] [<ffffffff815813ce>] ? xfs_buf_iodone_work+0x43/0xb7 [ 182.925026] [<ffffffff8166c7b5>] xfs_buf_iodone_callbacks+0x4d2/0x5aa [ 182.925026] [<ffffffff8166d041>] ? xfs_buf_item_unpin+0x7b4/0x812 [ 182.925026] [<ffffffff815813ce>] xfs_buf_iodone_work+0x43/0xb7 [ 182.925026] [<ffffffff81581ccc>] xfs_buf_ioend+0x29a/0x2fc [ 182.925026] [<ffffffff8166d041>] xfs_buf_item_unpin+0x7b4/0x812 [ 182.925026] [<ffffffff8165bfe4>] xfs_trans_committed_bulk+0x223/0x6d1 [ 182.925026] [<ffffffff81317583>] ? __slab_free+0xa46/0xc2f [ 182.925026] [<ffffffff81665edc>] ? xlog_write+0x18b/0x95c [ 182.925026] [<ffffffff8116f30b>] ? debug_check_no_locks_freed+0x121/0x17b [ 182.925026] [<ffffffff81318ab0>] ? kmem_cache_free+0x338/0x491 [ 182.925026] [<ffffffff81661dcf>] ? xfs_log_ticket_put+0xaf/0xbc [ 182.925026] [<ffffffff81667fe7>] xlog_cil_committed+0x3b/0x1fa [ 182.925026] [<ffffffff816691e1>] xlog_cil_push+0x6ca/0x6f6 [ 182.925026] [<ffffffff81170c84>] ? __lock_release+0x64/0xb6 [ 182.925026] [<ffffffff81669389>] xlog_cil_push_foreground+0x17c/0x1fa [ 182.925026] [<ffffffff816697d1>] xlog_cil_force_lsn+0x90/0x27e [ 182.925026] [<ffffffff813a4a42>] ? sync_inodes_sb+0x23e/0x26c [ 182.925026] [<ffffffff81664c3c>] _xfs_log_force+0x67/0x620 [ 182.925026] [<ffffffff81db7f97>] ? wait_for_common+0x231/0x3ac [ 182.925026] [<ffffffff81665359>] xfs_log_force+0x164/0x1c2 [ 182.925026] [<ffffffff815ac8cc>] xfs_quiesce_data+0x21/0x9f [ 182.925026] [<ffffffff815a6780>] xfs_fs_sync_fs+0x5a/0xe0 [ 182.925026] [<ffffffff813af269>] __sync_filesystem+0x9e/0xc2 [ 182.925026] [<ffffffff813af357>] sync_filesystem+0xca/0x12d [ 182.925026] [<ffffffff8134c95f>] generic_shutdown_super+0x61/0x203 [ 182.925026] [<ffffffff8134cb42>] kill_block_super+0x41/0x1a6 [ 182.925026] [<ffffffff8134dbf4>] deactivate_locked_super+0x9b/0x104 [ 182.925026] [<ffffffff8134f0a7>] deactivate_super+0x147/0x187 [ 182.925026] [<ffffffff8138f1d4>] mntput_no_expire+0x308/0x32a [ 182.925026] [<ffffffff81391bc5>] sys_umount+0x1a6/0x1e4 [ 182.925026] [<ffffffff81dcb3e9>] system_call_fastpath+0x16/0x1bFull here -- http://sprunge.us/CPKW
One more thing, in xfs_buf_do_callbacks,
while ((lip = bp->b_fspriv) != NULL) {
bp->b_fspriv = lip->li_bio_list;
ASSERT(lip->li_cb != NULL);
In the loop before the crash, lip->li_bio_list is NULL which
explains the use-after-free.
_______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
Regards, -- Raghavendra Prabhu GPG Id : 0xD72BE977 Fingerprint: B93F EBCB 8E05 7039 CD3C A4B8 A616 DCA1 D72B E977 www: wnohang.net
Attachment:
pgpoGMw2Iv2OZ.pgp
Description: PGP signature
_______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
