Re: [patch] Real-Time Preemption, -RT-2.6.10-rc2-mm3-V0.7.32-6

From: Rui Nuno Capela
Date: Wed Dec 08 2004 - 13:23:08 EST

Steven Rostedt wrote:
> I found a race condition in slab.c, but I'm still trying to figure out
> exactly how it's playing out. This has to do with dynamic loading and
> unloading of caches. I have a small test case that simulates the problem
> at
> This was done on:
> # uname -r
> 2.6.10-rc2-mm3-V0.7.32-9
> I have a module that creates a cache to allocate objects from. When you
> unload the module, it deallocates the objects and then destroys the
> cache. But with your patched kernel I get the following output, and the
> system then goes into an unstable state. That is the system will crash
> at a latter time. Usually when dealing with caches.
> Here's the output:
> slab error in kmem_cache_destroy(): cache `silly_stuff': Can't free all
> objects
> [<c0103953>] dump_stack+0x23/0x30 (20)
> [<c014929f>] kmem_cache_destroy+0xff/0x1a0 (28)
> [<d081e10d>] mkcache_cleanup+0x1d/0x21 [sillymod] (12)
> [<c013a711>] sys_delete_module+0x161/0x1a0 (100)
> [<c0102a00>] syscall_call+0x7/0xb (-8124)
> ---------------------------
> | preempt count: 00000001 ]
> | 1-level deep critical section nesting:
> ----------------------------------------
> .. [<c01383ed>] .... print_traces+0x1d/0x60
> .....[<c0103953>] .. ( <= dump_stack+0x23/0x30)
> I've done some extra testing and found that if I wait between the frees
> and the destroying of the cache, everything works fine. This problem
> happens because it seems that the objects in the slab are being freed in
> a batch style and they don't get freed on the destroy. I put prints in
> to see more information and found that in kmem_cache_destroy, it calls
> __cache_shrink, which calls drain_cpu_caches (obvious from code), but
> what my prints show, is that when it gets down to drain_array_locked (it
> gets in the function) that ac->avail is zero. I need to read more into
> the details of how the slab works, but you can take a look too.
> By the way, 2.6.10-rc2-mm3 does not have a problem with this.

AFAICS this seems to be exactly the bug I've reported recently, about when
an usb-storage flashram stick is first time unplugged.

Good show Steven :) Hope it helps.

rncbc aka Rui Nuno Capela

