Re: 2.6.26-rc4: RIP __call_for_each_cic+0x20/0x50

From: Jens Axboe
Date: Tue May 27 2008 - 09:35:26 EST


On Tue, May 27 2008, Alexey Dobriyan wrote:
> On Sat, May 10, 2008 at 02:37:19PM +0400, Alexey Dobriyan wrote:
> > > > > > @@ -41,8 +41,8 @@ int put_io_context(struct io_context *ioc)
> > > > > > rcu_read_lock();
> > > > > > if (ioc->aic && ioc->aic->dtor)
> > > > > > ioc->aic->dtor(ioc->aic);
> > > > > > - rcu_read_unlock();
> > > > > > cfq_dtor(ioc);
> > > > > > + rcu_read_unlock();
> > > > > >
> > > > > > kmem_cache_free(iocontext_cachep, ioc);
> > > > > > return 1;
> > > > >
> > > > > This helps in sense that 3 times bulk cross-compiles finish to the end.
> > > > > You'll hear me if another such oops will resurface.
> > > >
> > > > Still looking good?
> > >
> > > Yup!
> >
> > And this with patch in mainline, again with PREEMPT_RCU.
>
> Ping, this happened again with 2.6.26-rc4 and PREEMPT_RCU.

Worrisome... Paul, would you mind taking a quick look at cfq
and see if you can detect why breaks with preempt rcu? It's
clearly a use-after-free symptom, but I don't see how it can
happen.

--
Jens Axboe

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/