Re: RFC: Bug in generic_forget_inode() ?

[Andrew Morton]

Russ Weight <rweight@xxxxxxxxxx> wrote:
>
> generic_forget_inode() is eventually called (within the context of
>  iput), the inode is placed on the unused list, and the inode_lock is
>  dropped.
> 
>  kswapd calls prune_icache(), locks the inode_lock, and pulls the same
>  inode off of the unused list. Upon completion, prune_icache() calls
>  dispose_list() for the inodes that it has collected.
> 
>  generic_forget_inode() calls write_inode_now(), which calls
>  __writeback_single_inode() which calls __sync_single_inode().
>  __sync_single_inode() panics when attempting to move the inode onto the
>  unused list (the last call to list_move). This is due to the poison
>  values that were previously loaded into the next and prev list pointers
>  by list_del().

It's not clear what the actual bug is here.  When you say that
__sync_single_inode() panics over the list pointers, who was it that
poisoned them?  dispose_list()?

Certainly isofs_fill_super() could trivially be rewritten to not do the
iget()/iput() but we should be sure that that's really the bug.  The inode
lifetime management is rather messy, I'm afraid.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/