Re: .17rc5 cfq slab corruption.
From: Jens Axboe
Date: Tue May 30 2006 - 15:39:34 EST
On Wed, May 31 2006, OGAWA Hirofumi wrote:
> Jens Axboe <axboe@xxxxxxx> writes:
>
> > On Tue, May 30 2006, Jens Axboe wrote:
> >> On Tue, May 30 2006, Jens Axboe wrote:
> >> > On Tue, May 30 2006, Jens Axboe wrote:
> >> > > On Tue, May 30 2006, Dave Jones wrote:
> >> > > > On Tue, May 30, 2006 at 06:49:18PM +0200, Jens Axboe wrote:
> >> > > >
> >> > > > > > List corruption. next->prev should be f74a5e2c, but was ea7ed31c
> >> > > > > > Pointing at cfq_set_request.
> >> > > > >
> >> > > > > I think I'm missing a piece of this - what list was corrupted, in what
> >> > > > > function did it trigger?
> >> > > >
> >> > > > If you look at the attachment in the bugzilla url in my previous msg,
> >> > > > you'll see this:
> >> > > >
> >> > > > ay 30 05:31:33 mandril kernel: List corruption. next->prev should be f74a5e2c, but was ea7ed31c
> >> > > > May 30 05:31:33 mandril kernel: ------------[ cut here ]------------
> >> > > > May 30 05:31:33 mandril kernel: kernel BUG at include/linux/list.h:58!
> >> > > > May 30 05:31:33 mandril kernel: invalid opcode: 0000 [#1]
> >> > > > May 30 05:31:33 mandril kernel: SMP
> >> > > > May 30 05:31:33 mandril kernel: last sysfs file: /devices/pci0000:00/0000:00:1f.3/i2c-0/0-002e/pwm3
> >> > > > May 30 05:31:33 mandril kernel: Modules linked in: iptable_filter ipt_DSCP iptable_mangle ip_tables x_tables eeprom lm85 hwmon_vid hwmon i2c_isa ipv6 nls_utf8 loop dm_mirror dm_mod video button battery ac lp parport_pc parport ehci_hcd uhci_hcd floppy snd_intel8x0 snd_ac97_codec snd_ac97_bus sg snd_seq_dummy matroxfb_base snd_seq_oss snd_seq_midi_event matroxfb_DAC1064 snd_seq matroxfb_accel matroxfb_Ti3026 3w_9xxx matroxfb_g450 snd_seq_device g450_pll matroxfb_misc snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd e1000 soundcore snd_page_alloc i2c_i801 i2c_core ext3 jbd 3w_xxxx ata_piix libata sd_mod scsi_mod
> >> > > > May 30 05:31:33 mandril kernel: CPU: 0
> >> > > > May 30 05:31:33 mandril kernel: EIP: 0060:[<c04e3310>] Not tainted VLI
> >> > > > May 30 05:31:33 mandril kernel: EFLAGS: 00210292 (2.6.16-1.2227_FC6 #1)
> >> > > > May 30 05:31:33 mandril kernel: EIP is at cfq_set_request+0x202/0x3ff
> >> > >
> >> > > Just do a l *cfq_set_request+0x202 from gdb if you have
> >> > > CONFIG_DEBUG_INFO enabled in your vmlinux.
> >> >
> >> > Doh, found it. Dave, please try and reproduce with this applied:
> >>
> >> Nevermind, that's not it either. Damn. Stay tuned.
> >
> > Try this instead, please.
>
> Umm.. don't we need this line?
>
> static void cfq_free_io_context(struct io_context *ioc)
> {
> struct cfq_io_context *__cic;
> struct rb_node *n;
> int freed = 0;
>
> while ((n = rb_first(&ioc->cic_root)) != NULL) {
> __cic = rb_entry(n, struct cfq_io_context, rb_node);
> rb_erase(&__cic->rb_node, &ioc->cic_root);
> list_del(&__cic->queue_list);
> ^^^^^^^^ <---- this line
> kmem_cache_free(cfq_ioc_pool, __cic);
> freed++;
> }
>
> if (atomic_sub_and_test(freed, &ioc_count) && ioc_gone)
> complete(ioc_gone);
Yep, looks like that is missing as well. Care to send a proper patch and
I'll shove it in, too.
--
Jens Axboe
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/