Re: WARNING: at fs/ext4/inode.c:230 ext4_evict_inode+0x4b9/0x6d0()
On Fri, Jul 12, 2013 at 03:35:28PM -0400, Dave Jones wrote: > Just hit a bunch of these.. > > WARNING: CPU: 0 PID: 995613 at fs/ext4/inode.c:230 > ext4_evict_inode+0x4b9/0x6d0() This is fixed up by the following commit which is queued up to be sent to Linus, hopefully before he ships -rc1. I'm just waiting for the regression tests to complete before I sent a pull request. Thanks for testing and reporting this warning! - Ted commit 822dbba33458cd6ad0e715f3f4a57ebc99d54d1b Author: Jan Kara Date: Wed Jul 10 21:31:04 2013 -0400 ext4: fix warning in ext4_evict_inode() The following race can lead to ext4_evict_inode() seeing i_ioend_count > 0 and thus triggering a sanity check warning: CPU1CPU2 ext4_end_bio() ext4_evict_inode() ext4_finish_bio() end_page_writeback(); truncate_inode_pages() evict page WARN_ON(i_ioend_count > 0); ext4_put_io_end_defer() ext4_release_io_end() dec i_ioend_count This is possible use-after-free bug since we decrement i_ioend_count in possibly released inode. Since i_ioend_count is used only for sanity checks one possible solution would be to just remove it but for now I'd like to keep those sanity checks to help debugging the new ext4 writeback code. This patch changes ext4_end_bio() to call ext4_put_io_end_defer() before ext4_finish_bio() in the shortcut case when unwritten extent conversion isn't needed. In that case we don't need the io_end so we are safe to drop it early. Reported-by: Guenter Roeck Tested-by: Guenter Roeck Signed-off-by: Jan Kara Signed-off-by: "Theodore Ts'o" -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
WARNING: at fs/ext4/inode.c:230 ext4_evict_inode+0x4b9/0x6d0()
Just hit a bunch of these.. WARNING: CPU: 0 PID: 995613 at fs/ext4/inode.c:230 ext4_evict_inode+0x4b9/0x6d0() Modules linked in: 8021q garp mrp bridge stp rfcomm tun nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 nfs lockd sunrpc fscache fuse l2tp_ppp l2tp_netlink l2tp_core bnep cmtp kernelcapi hidp scsi_transport_iscsi can_raw ipt_ULOG nfnetlink can_bcm llc2 irda af_802154 x25 can pppoe pppox p pp_generic af_key slhc af_rxrpc atm rds bluetooth vmw_vsock_vmci_transport vmw_vmci phonet vsock netrom appletalk rose ipx p8023 ax25 psnap p8022 llc nfc rfkill caif_socket ca if crc_ccitt btrfs xor snd_hda_codec_realtek snd_hda_intel snd_hda_codec raid6_pq libcrc32c snd_pcm zlib_deflate snd_page_alloc snd_timer pcspkr snd serio_raw edac_core soundc ore r8169 mii sr_mod cdrom pata_atiixp radeon backlight drm_kms_helper ttm CPU: 0 PID: 995613 Comm: trinity-child1 Not tainted 3.10.0+ #10 Hardware name: Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H, BIOS F12a 04/23/2010 81a1c2b3 88010d537d18 816bbb90 88010d537d50 81043f0c 88000c583970 88000c583970 81825420 81825420 88011d4f9f90 88010d537d60 Call Trace: [] dump_stack+0x4e/0x82 [] warn_slowpath_common+0x8c/0xc0 [] warn_slowpath_null+0x1a/0x20 [] ext4_evict_inode+0x4b9/0x6d0 [] evict+0xa3/0x1a0 [] iput+0x105/0x190 [] sync_inodes_sb+0x194/0x240 [] ? wait_for_completion+0xdf/0x110 [] ? generic_write_sync+0x70/0x70 [] sync_inodes_one_sb+0x19/0x20 [] iterate_supers+0xb0/0x110 [] sys_sync+0x35/0x90 [] tracesys+0xdd/0xe2 ---[ end trace 1749b013664e80fc ]--- WARNING: CPU: 1 PID: 998688 at fs/ext4/inode.c:230 ext4_evict_inode+0x4b9/0x6d0() Modules linked in: 8021q garp mrp bridge stp rfcomm tun nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss oid_registry nfsv4 nfs lockd sunrpc fscache fuse l2tp_ppp l2tp_netlink l2tp_core bnep cmtp kernelcapi hidp scsi_transport_iscsi can_raw ipt_ULOG nfnetlink can_bcm llc2 irda af_802154 x25 can pppoe pppox ppp_generic af_key slhc af_rxrpc atm rds bluetooth vmw_vsock_vmci_transport vmw_vmci phonet vsock netrom appletalk rose ipx p8023 ax25 psnap p8022 llc nfc rfkill caif_socket caif crc_ccitt btrfs xor snd_hda_codec_realtek snd_hda_intel snd_hda_codec raid6_pq libcrc32c snd_pcm zlib_deflate snd_page_alloc snd_timer pcspkr snd serio_raw edac_core soundcore r8169 mii sr_mod cdrom pata_atiixp radeon backlight drm_kms_helper ttm CPU: 1 PID: 998688 Comm: gcc Tainted: GW3.10.0+ #10 Hardware name: Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H, BIOS F12a 04/23/2010 81a1c2b3 880126ce7cd0 816bbb90 880126ce7d08 81043f0c 880007d88ae0 880007d88ae0 81825420 81825420 88011afcd780 880126ce7d18 Call Trace: [] dump_stack+0x4e/0x82 [] warn_slowpath_common+0x8c/0xc0 [] warn_slowpath_null+0x1a/0x20 [] ext4_evict_inode+0x4b9/0x6d0 [] evict+0xa3/0x1a0 [] iput+0x105/0x190 [] dput+0x1f8/0x2d0 [] SYSC_renameat+0x35d/0x3b0 [] ? put_lock_stats.isra.27+0xe/0x40 [] ? lock_release_holdtime.part.28+0xe5/0x160 [] ? trace_hardirqs_on+0xd/0x10 [] ? syscall_trace_enter+0x25/0x290 [] SyS_renameat+0xe/0x10 [] SyS_rename+0x1b/0x20 [] tracesys+0xdd/0xe2 ---[ end trace 1749b013664e812a ]--- That's... WARN_ON(atomic_read(&EXT4_I(inode)->i_ioend_count)); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
