On Mon, 21 Jul 1997, Kristofer T. Karas wrote:
> Came in this morning to find an otherwise stable 2.0.30 machine with
> its filesystem locked (any process opening files, blocks), and an oops
> on the screen. Syslog had some, but not all, of the output (the code
> trace is missing; sigh).
> >>EIP: 1243e1 <find_candidate+2d/f4>
There is a known bug in find_candidate() (in fs/buffer.c).
When freeing a block of "other sizes", and try_to_free_buffer() succeeds,
bh is left pointing at NULL. Hence the opps.
A simple fix is to make fs/buffer.c/find_candidate() look like;
.....
if (size != bh->b_size) {
/* this provides a mechanism for freeing blocks
of other sizes, this is necessary now that we
no longer have the lav code. */
try_to_free_buffer(bh,&bh,1);
if (!bh)
break;
continue;
}
(I would post this in patch format, but I've been hacking in this file and
no longer have a copy of the original - or space for it. Perhaps someone
could produce one...).
Note1: This is fixed in 2.1.x (at least in the later versions).
Note2: find_candidate() shouldn't really be doing this. Only when memory
is low should refill_freelist() try to reap pages from other buffer sizes
(which happens anyway from shrink_mmap()).
Regards,
markhe
-----------------------------------------------------
Mark Hemment UNIX/C Software Engineer (contractor)
"Success has many fathers. Failure is a b**tard"
-----------------------------------------------------