[CHECKER] Double txEnd calls causing the kernel to panic (JFS 2.4,kernel 2.4.19)

From: Junfeng Yang
Date: Fri Apr 30 2004 - 17:37:35 EST

Next message: Greg KH: "Re: 2.6.6-rc3-mm1 (compile stats)"
Previous message: Douglas Mayle: "Re: [PATCH] Framebuffer Layer - Radeonfb, kernel 2.6.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The common pattern in JFS is to call txCommit then call txEnd to end a
transction. But if diWrite in txCommit fails (it fails when
read_cache_page fails to get a page), txAbortCommit will be called.
txAbortCommit will subsequently call txEnd and set tblk->next to
txAnchor.freetid. Later on, when the second txEnd gets called on the same
tid, the assertion assert(tblk->next) in txEnd will always fail.

void txEnd(tid_t tid)
{
struct tblock *tblk = tid_to_tblock(tid);
...
Assert == 0 -->
assert(tblk->next == 0);

/*
* insert tblock back on freelist
*/
Set to non zero -->
tblk->next = TxAnchor.freetid;
TxAnchor.freetid = tid;
...
}

here is an example:
int jfs_mkdir(struct inode *dip, struct dentry *dentry, int mode)
{
...
rc = txCommit(tid, 2, &iplist[0], 0);

out3:
txEnd(tid);
...
}

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: 2.6.6-rc3-mm1 (compile stats)"
Previous message: Douglas Mayle: "Re: [PATCH] Framebuffer Layer - Radeonfb, kernel 2.6.5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]