From: Nathan Scott <nathans@sgi.com>
To: Linus Torvalds <torvalds@osdl.org>, Neil Brown <neilb@cse.unsw.edu.au>
Cc: pinotj@club-internet.fr, manfred@colorfullife.com, akpm@osdl.org,
linux-kernel@vger.kernel.org
Subject: Re: [Oops] i386 mm/slab.c (cache_flusharray)
Date: Fri, 5 Dec 2003 14:00:19 +1100 [thread overview]
Message-ID: <20031205030018.GA1693@frodo> (raw)
In-Reply-To: <Pine.LNX.4.58.0312041050050.6638@home.osdl.org>
On Thu, Dec 04, 2003 at 11:09:29AM -0800, Linus Torvalds wrote:
> ...
> So the oops it found was apparently triggered by the debugging changes,
> not necessarily by a real bug.
>
> Ugh, that XFS code is _broken_. Instead of keeping track of how it got the
> memory, it totally forgets where the memory came from, and then it later
> asks "oh, btw, how the hell did I allocate this?".
>
This patch removes that code, fixes a small memory leak that was
lurking in there too, and adds the missing-bio_put-on-error case
that Neil found in pagebuf.
Neil, with this & Linus' 2 patches (and CONFIG_SLAB_DEBUG off ;)
I now have what looks like a 100% reproducible test case for the
handle_stripe already-freed-bio panic. This doesn't tickle the
raid5.c BUG_ON you sent me but its exactly the same spot as last
time (i.e. handle_stripe+0xda6), every time.
# raidstart /dev/md0
# mkfs.xfs -f /dev/md0
# mount /dev/md0
# umount /dev/md0
# mount /dev/md0
On my (quad p3) test machine, this second mount panics every time.
cheers.
--
Nathan
--- fs/xfs/pagebuf/page_buf.h.orig 2003-12-05 13:47:12.275589232 +1100
+++ fs/xfs/pagebuf/page_buf.h 2003-12-05 13:43:30.898243704 +1100
@@ -123,12 +123,13 @@
_PBF_PRIVATE_BH = (1 << 17), /* do not use public buffer heads */
_PBF_ALL_PAGES_MAPPED = (1 << 18), /* all pages in range mapped */
_PBF_ADDR_ALLOCATED = (1 << 19), /* pb_addr space was allocated */
- _PBF_MEM_ALLOCATED = (1 << 20), /* pb_mem+underlying pages alloc'd */
+ _PBF_MEM_ALLOCATED = (1 << 20), /* underlying pages are allocated */
+ _PBF_MEM_SLAB = (1 << 21), /* underlying pages are slab allocated */
- PBF_FORCEIO = (1 << 21),
- PBF_FLUSH = (1 << 22), /* flush disk write cache */
- PBF_READ_AHEAD = (1 << 23),
- PBF_RUN_QUEUES = (1 << 24), /* run block device task queue */
+ PBF_FORCEIO = (1 << 22),
+ PBF_FLUSH = (1 << 23), /* flush disk write cache */
+ PBF_READ_AHEAD = (1 << 24),
+ PBF_RUN_QUEUES = (1 << 25), /* run block device task queue */
} page_buf_flags_t;
--- fs/xfs/pagebuf/page_buf.c.orig 2003-12-05 13:47:06.888408208 +1100
+++ fs/xfs/pagebuf/page_buf.c 2003-12-05 13:43:30.888245224 +1100
@@ -343,9 +343,6 @@
page_cache_release(page);
}
}
-
- if (pb->pb_pages != pb->pb_page_array)
- kfree(pb->pb_pages);
}
/*
@@ -384,20 +381,17 @@
if (pb->pb_flags & _PBF_MEM_ALLOCATED) {
if (pb->pb_pages) {
/* release the pages in the address list */
- if (pb->pb_pages[0] &&
- PageSlab(pb->pb_pages[0])) {
- /*
- * This came from the slab
- * allocator free it as such
- */
+ if ((pb->pb_pages[0]) &&
+ (pb->pb_flags & _PBF_MEM_SLAB)) {
kfree(pb->pb_addr);
} else {
_pagebuf_freepages(pb);
}
-
+ if (pb->pb_pages != pb->pb_page_array)
+ kfree(pb->pb_pages);
pb->pb_pages = NULL;
}
- pb->pb_flags &= ~_PBF_MEM_ALLOCATED;
+ pb->pb_flags &= ~(_PBF_MEM_ALLOCATED | _PBF_MEM_SLAB);
}
}
@@ -944,7 +938,7 @@
return NULL;
}
/* otherwise pagebuf_free just ignores it */
- pb->pb_flags |= _PBF_MEM_ALLOCATED;
+ pb->pb_flags |= (_PBF_MEM_ALLOCATED | _PBF_MEM_SLAB);
PB_CLEAR_OWNER(pb);
up(&pb->pb_sema); /* Return unlocked pagebuf */
@@ -1412,6 +1406,7 @@
if (size)
goto next_chunk;
} else {
+ bio_put(bio);
pagebuf_ioerror(pb, EIO);
}
next prev parent reply other threads:[~2003-12-05 3:06 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-04 18:27 [Oops] i386 mm/slab.c (cache_flusharray) pinotj
2003-12-04 18:49 ` Linus Torvalds
2003-12-04 19:09 ` Linus Torvalds
2003-12-04 21:21 ` Nathan Scott
2003-12-05 7:14 ` Christoph Hellwig
2003-12-05 9:34 ` Nathan Scott
2003-12-05 14:22 ` Christoph Hellwig
2003-12-05 3:00 ` Nathan Scott [this message]
2003-12-05 6:40 ` Linus Torvalds
2003-12-04 19:19 ` Manfred Spraul
2003-12-04 21:26 ` Nathan Scott
-- strict thread matches above, loose matches on Subject: below --
2003-12-09 0:57 pinotj
2003-12-09 2:03 ` Nathan Scott
2003-12-09 7:21 ` Christoph Hellwig
2003-12-09 23:58 ` Nathan Scott
2003-12-12 19:00 ` Christoph Hellwig
2003-12-12 20:07 ` Manfred Spraul
2003-12-03 23:06 pinotj
2003-12-03 23:26 ` Linus Torvalds
2003-11-29 17:41 pinotj
2003-12-02 0:36 ` Linus Torvalds
2003-12-02 1:37 ` Nathan Scott
2003-12-02 6:44 ` Nathan Scott
2003-12-02 18:05 ` Mike Fedyk
2003-12-02 20:05 ` Nathan Scott
2003-11-27 18:42 pinotj
2003-11-27 18:55 ` Manfred Spraul
2003-12-02 1:03 ` Mike Fedyk
2003-11-25 17:30 pinotj
2003-11-25 22:51 ` Linus Torvalds
2003-11-27 18:07 ` Manfred Spraul
2003-11-22 7:47 Re: " pinotj
2003-11-22 10:55 ` Manfred Spraul
2003-11-21 18:12 pinotj
2003-11-21 18:58 ` Manfred Spraul
2003-11-20 1:50 pinotj
2003-11-20 2:09 ` Andrew Morton
2003-11-19 18:19 pinotj
2003-11-20 1:07 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031205030018.GA1693@frodo \
--to=nathans@sgi.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
--cc=neilb@cse.unsw.edu.au \
--cc=pinotj@club-internet.fr \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.