Re: bad page state in 3.13-rc4
From: Dave Jones
Date: Thu Dec 19 2013 - 13:35:25 EST
On Thu, Dec 19, 2013 at 01:29:21PM -0500, Benjamin LaHaise wrote:
> > > and some kind of double free in an error path would certainly explain
> > > this (with io_setup() . And the first oops reported obviously had that
> > > migration thing. So maybe those "fixes" weren't fixing things at all
> > > (or just moved the error case around).
> > >
> > > Btw, that "rework aio migrate pages to use aio fs" looks odd. It has
> > > Ben LaHaise marked as author, but no sign-off, instead "Tested-by" and
> > > "Acked-by".
> >
> > I could certainly believe a double free, but rereading the current code
> > I can't find anything, and I just manually tested all the relevant error
> > paths in ioctx_alloc() and aio_setup_ring() without finding anything.
>
> The same here. It would be very helpful to know what syscalls trinity is
> issuing in the lead up to the bug.
Working on narrowing it down. The io_setup fuzzer is actually incredibly dumb,
and 99.9% of the time will just EFAULT or EINVAL. I'll see if I can smarten it
up to succeed more often, in the hope that it can reproduce this faster, because
right now it looks like it needs the planets to line up just right to hit
the bug (even though I've hit it twice in the last 24 hrs)
Dave
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/