From: Jens Axboe <axboe@kernel.dk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Tejun Heo <tj@kernel.org>,
Wanlong Gao <gaowanlong@cn.fujitsu.com>,
Steven Rostedt <rostedt@goodmis.org>,
Namhyung Kim <namhyung@gmail.com>,
Alasdair G Kergon <agk@redhat.com>,
"dm-devel@redhat.com" <dm-devel@redhat.com>,
Neil Brown <neilb@suse.de>, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [BUG REPORT] Kernel panic on 3.9.0-rc7-4-gbb33db7
Date: Thu, 18 Apr 2013 13:37:05 -0700 [thread overview]
Message-ID: <20130418203705.GJ4816@kernel.dk> (raw)
In-Reply-To: <CA+55aFxEThMJid_PiL=ko3duRPzzynkhMovsrm3TR_UXxUGciA@mail.gmail.com>
On Thu, Apr 18 2013, Linus Torvalds wrote:
> On Thu, Apr 18, 2013 at 11:13 AM, Jens Axboe <axboe@kernel.dk> wrote:
> > On Thu, Apr 18 2013, Tejun Heo wrote:
> >> On Thu, Apr 18, 2013 at 10:39:00AM -0700, Jens Axboe wrote:
> >> >
> >> > Yep, thanks Linus for that hint... Must be someone abusing it for a
> >> > flag field post submission? Crazy.
> >>
> >> Let's hope that's not the case because there'll be blood if it is. :)
> >
> > Yeah, it's beyond the amount of crazy I've come to expect from various
> > random users of IO interfaces :-)
>
> I think it's more likely to be some use-after-free after a long timeout.
>
> Wanlong says it happens a few minutes after boot, so maybe something
> times out a command, does the blk_complete_request(), and free's the
> bio, which gets re-used before the softirq actually ends up running.
>
> I note that Wanlong uses the SLAB allocator, not the SLUB one. I
> wonder if the thing goes away with SLUB, and if not, if
> CONFIG_SLUB_DEBUG_ON=y might help debug it?
Hmm dunno. It happens right after we've completed the bio, which touches
a lot of fields too. bi_bdev sits between bi_next (which we definitely
used) and bi_flags.
But adding slab use-after-free debugging would show for sure.
--
Jens Axboe
next prev parent reply other threads:[~2013-04-18 20:37 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-17 8:36 [BUG REPORT] Kernel panic on 3.9.0-rc7-4-gbb33db7 Wanlong Gao
2013-04-17 14:46 ` Steven Rostedt
2013-04-18 12:37 ` Jens Axboe
2013-04-18 12:54 ` Wanlong Gao
2013-04-18 13:35 ` Jens Axboe
2013-04-18 14:14 ` Wanlong Gao
2013-04-18 14:30 ` Jens Axboe
2013-04-18 14:45 ` Wanlong Gao
2013-04-18 17:52 ` Tejun Heo
2013-04-19 4:06 ` Wanlong Gao
2013-04-18 16:08 ` Linus Torvalds
2013-04-18 17:27 ` Tejun Heo
2013-04-18 17:39 ` Jens Axboe
2013-04-18 18:07 ` Tejun Heo
2013-04-18 18:13 ` Jens Axboe
2013-04-18 19:10 ` Linus Torvalds
2013-04-18 20:37 ` Jens Axboe [this message]
2013-04-19 1:08 ` srostedt@gmail.com
2013-04-19 6:10 ` Wanlong Gao
2013-04-19 3:33 ` Wanlong Gao
2013-04-19 5:57 ` Tejun Heo
2013-04-19 6:17 ` Tejun Heo
2013-04-19 6:30 ` Wanlong Gao
2013-04-19 13:31 ` Jens Axboe
2013-04-19 8:24 ` Jan Schmidt
2013-04-19 12:15 ` Chris Mason
2013-04-19 13:32 ` Jens Axboe
2013-04-19 13:52 ` Chris Mason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130418203705.GJ4816@kernel.dk \
--to=axboe@kernel.dk \
--cc=agk@redhat.com \
--cc=dm-devel@redhat.com \
--cc=gaowanlong@cn.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=namhyung@gmail.com \
--cc=neilb@suse.de \
--cc=rostedt@goodmis.org \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox