From: Raghavendra D Prabhu <raghu.prabhu13@gmail.com>
To: Eric Sandeen <sandeen@sandeen.net>, xfs@oss.sgi.com
Subject: Re: XFS regression: Oops in xfs_buf_do_callbacks on xfstest 137
Date: Mon, 3 Sep 2012 08:35:06 +0530 [thread overview]
Message-ID: <20120903030506.GA48608@Archie.local> (raw)
In-Reply-To: <20120903004521.GA61118@Archie>
[-- Attachment #1.1: Type: text/plain, Size: 4036 bytes --]
Hi,
* On Mon, Sep 03, 2012 at 06:15:21AM +0530, Raghavendra D Prabhu <raghu.prabhu13@gmail.com> wrote:
>Hi,
>
>
>* On Fri, Aug 17, 2012 at 01:15:43PM -0500, Eric Sandeen <sandeen@sandeen.net> wrote:
>>On 8/17/12 1:02 PM, Christoph Hellwig wrote:
>>>I'd be this is my new code added to xfs_buf_item_unpin, but I don't
>>>quite understand why. It's been a long time since I wrote that code,
>>>but I had to add that code to make sure we clear all buffers during
>>>a forced shutdown. Can you test if things go away if you just remove it
>>>(even if causes other hangs?)
>>
>>It does go away AFAIK, since the bisect found it.
>>
>>Sadly it's been on the back burner for me, under other deadline pressure.
>>
>>-Eric
>>
>>_______________________________________________
>>xfs mailing list
>>xfs@oss.sgi.com
>>http://oss.sgi.com/mailman/listinfo/xfs
>
>I hit the same bug on xfstest 137 while testing and it is indeed
>POISON_FREE.
>
>Here are the intermediate backtraces: http://sprunge.us/HZeD
>
>I am also attaching the full backtrace.
>
>
>git head:
>
>commit b686d1f79acb65c6a34473c15fcfa2ee54aed8e2
> Author: Jeff Liu <jeff.liu@oracle.com>
> Date: Tue Aug 21 17:12:18 2012 +0800
>
With DEBUG_PAGEALLOC enabled, I got following:
[ 182.925026] [<ffffffff815813ce>] ? xfs_buf_iodone_work+0x43/0xb7
[ 182.925026] [<ffffffff8166c7b5>] xfs_buf_iodone_callbacks+0x4d2/0x5aa
[ 182.925026] [<ffffffff8166d041>] ? xfs_buf_item_unpin+0x7b4/0x812
[ 182.925026] [<ffffffff815813ce>] xfs_buf_iodone_work+0x43/0xb7
[ 182.925026] [<ffffffff81581ccc>] xfs_buf_ioend+0x29a/0x2fc
[ 182.925026] [<ffffffff8166d041>] xfs_buf_item_unpin+0x7b4/0x812
[ 182.925026] [<ffffffff8165bfe4>] xfs_trans_committed_bulk+0x223/0x6d1
[ 182.925026] [<ffffffff81317583>] ? __slab_free+0xa46/0xc2f
[ 182.925026] [<ffffffff81665edc>] ? xlog_write+0x18b/0x95c
[ 182.925026] [<ffffffff8116f30b>] ? debug_check_no_locks_freed+0x121/0x17b
[ 182.925026] [<ffffffff81318ab0>] ? kmem_cache_free+0x338/0x491
[ 182.925026] [<ffffffff81661dcf>] ? xfs_log_ticket_put+0xaf/0xbc
[ 182.925026] [<ffffffff81667fe7>] xlog_cil_committed+0x3b/0x1fa
[ 182.925026] [<ffffffff816691e1>] xlog_cil_push+0x6ca/0x6f6
[ 182.925026] [<ffffffff81170c84>] ? __lock_release+0x64/0xb6
[ 182.925026] [<ffffffff81669389>] xlog_cil_push_foreground+0x17c/0x1fa
[ 182.925026] [<ffffffff816697d1>] xlog_cil_force_lsn+0x90/0x27e
[ 182.925026] [<ffffffff813a4a42>] ? sync_inodes_sb+0x23e/0x26c
[ 182.925026] [<ffffffff81664c3c>] _xfs_log_force+0x67/0x620
[ 182.925026] [<ffffffff81db7f97>] ? wait_for_common+0x231/0x3ac
[ 182.925026] [<ffffffff81665359>] xfs_log_force+0x164/0x1c2
[ 182.925026] [<ffffffff815ac8cc>] xfs_quiesce_data+0x21/0x9f
[ 182.925026] [<ffffffff815a6780>] xfs_fs_sync_fs+0x5a/0xe0
[ 182.925026] [<ffffffff813af269>] __sync_filesystem+0x9e/0xc2
[ 182.925026] [<ffffffff813af357>] sync_filesystem+0xca/0x12d
[ 182.925026] [<ffffffff8134c95f>] generic_shutdown_super+0x61/0x203
[ 182.925026] [<ffffffff8134cb42>] kill_block_super+0x41/0x1a6
[ 182.925026] [<ffffffff8134dbf4>] deactivate_locked_super+0x9b/0x104
[ 182.925026] [<ffffffff8134f0a7>] deactivate_super+0x147/0x187
[ 182.925026] [<ffffffff8138f1d4>] mntput_no_expire+0x308/0x32a
[ 182.925026] [<ffffffff81391bc5>] sys_umount+0x1a6/0x1e4
[ 182.925026] [<ffffffff81dcb3e9>] system_call_fastpath+0x16/0x1b
Full here -- http://sprunge.us/CPKW
One more thing, in xfs_buf_do_callbacks,
while ((lip = bp->b_fspriv) != NULL) {
bp->b_fspriv = lip->li_bio_list;
ASSERT(lip->li_cb != NULL);
In the loop before the crash, lip->li_bio_list is NULL which
explains the use-after-free.
>_______________________________________________
>xfs mailing list
>xfs@oss.sgi.com
>http://oss.sgi.com/mailman/listinfo/xfs
Regards,
--
Raghavendra Prabhu
GPG Id : 0xD72BE977
Fingerprint: B93F EBCB 8E05 7039 CD3C A4B8 A616 DCA1 D72B E977
www: wnohang.net
[-- Attachment #1.2: Type: application/pgp-signature, Size: 490 bytes --]
[-- Attachment #2: Type: text/plain, Size: 121 bytes --]
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
prev parent reply other threads:[~2012-09-03 3:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-02 17:44 XFS regression: Oops in xfs_buf_do_callbacks on xfstest 137 Eric Sandeen
2012-08-17 18:02 ` Christoph Hellwig
2012-08-17 18:15 ` Eric Sandeen
2012-09-03 0:45 ` Raghavendra D Prabhu
2012-09-03 3:05 ` Raghavendra D Prabhu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120903030506.GA48608@Archie.local \
--to=raghu.prabhu13@gmail.com \
--cc=sandeen@sandeen.net \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox