Re: [BUG REPORT] Kernel panic on 3.9.0-rc7-4-gbb33db7

From: Linus Torvalds
Date: Thu Apr 18 2013 - 15:10:48 EST


On Thu, Apr 18, 2013 at 11:13 AM, Jens Axboe <axboe@xxxxxxxxx> wrote:
> On Thu, Apr 18 2013, Tejun Heo wrote:
>> On Thu, Apr 18, 2013 at 10:39:00AM -0700, Jens Axboe wrote:
>> >
>> > Yep, thanks Linus for that hint... Must be someone abusing it for a
>> > flag field post submission? Crazy.
>>
>> Let's hope that's not the case because there'll be blood if it is. :)
>
> Yeah, it's beyond the amount of crazy I've come to expect from various
> random users of IO interfaces :-)

I think it's more likely to be some use-after-free after a long timeout.

Wanlong says it happens a few minutes after boot, so maybe something
times out a command, does the blk_complete_request(), and free's the
bio, which gets re-used before the softirq actually ends up running.

I note that Wanlong uses the SLAB allocator, not the SLUB one. I
wonder if the thing goes away with SLUB, and if not, if
CONFIG_SLUB_DEBUG_ON=y might help debug it?

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/