On Sun, Dec 22, 2013 at 11:09:34AM -0800, Linus Torvalds wrote:
> On Sat, Dec 21, 2013 at 3:06 PM, Benjamin LaHaise wrote:
> >
> > Linus, feel free to add my Signed-off-by: to your sanitization of
> > aio_setup_ring() as well, as it works okay in my testing.
>
> Nobody commented on your req
On Sat, Dec 21, 2013 at 3:06 PM, Benjamin LaHaise wrote:
>
> Linus, feel free to add my Signed-off-by: to your sanitization of
> aio_setup_ring() as well, as it works okay in my testing.
Nobody commented on your request for comments, so I applied my patch
and pulled your branch, because I'm going
[ Patches inline below for people to comment on ]
On Thu, Dec 19, 2013 at 08:00:42PM -0500, Dave Jones wrote:
> On Thu, Dec 19, 2013 at 06:38:54PM -0500, Benjamin LaHaise wrote:
> > On Thu, Dec 19, 2013 at 03:24:16PM -0500, Dave Jones wrote:
> > > Yes. Note the original trace in this thread was
On Thu, Dec 19, 2013 at 06:38:54PM -0500, Benjamin LaHaise wrote:
> On Thu, Dec 19, 2013 at 03:24:16PM -0500, Dave Jones wrote:
> > Yes. Note the original trace in this thread was a
> > VM_BUG_ON(atomic_read(&page->_count) <= 0);
> >
> > Right after these crashes btw, the box locks up solid.
On Thu, Dec 19, 2013 at 03:24:16PM -0500, Dave Jones wrote:
> Yes. Note the original trace in this thread was a
> VM_BUG_ON(atomic_read(&page->_count) <= 0);
>
> Right after these crashes btw, the box locks up solid. So bad that traces
> don't
> always make it over usb-serial. Annoying.
I think
On Thu, Dec 19, 2013 at 08:11:58PM +, Mel Gorman wrote:
> Dave, was this a NUMA machine?
It's a dual core i5-4670T with hyperthreading.
> If yes, was CONFIG_NUMA_BALANCING set?
no.
> Dave, when this this
> bug start triggering? If it's due to a recent change in trinity, can you
> che
On Fri, Dec 20, 2013 at 05:31:29AM +0900, Linus Torvalds wrote:
> On Fri, Dec 20, 2013 at 5:11 AM, Linus Torvalds
> wrote:
> >
> > So here's the same patch, but with stuff moved around a bit, and the
> > "oops, couldn't create page" part fixed.
> >
> > Bit it's still totally and entirely untested.
On Fri, Dec 20, 2013 at 05:11:12AM +0900, Linus Torvalds wrote:
> On Fri, Dec 20, 2013 at 5:02 AM, Linus Torvalds
> wrote:
> >
> > Why not just get rid of the idiotic get_user_pages() crap then?
> > Something like the attached patch?
> >
> > Totally untested, but at least it makes *some* amount of
On Fri, Dec 20, 2013 at 5:11 AM, Linus Torvalds
wrote:
>
> So here's the same patch, but with stuff moved around a bit, and the
> "oops, couldn't create page" part fixed.
>
> Bit it's still totally and entirely untested.
Btw, I think this actually fixes a bug, in that it doesn't leak the
page ref
On Thu, Dec 19, 2013 at 02:53:52PM -0500, Benjamin LaHaise wrote:
> is populated into the page tables). The only place I can see things going
> off the rails is if the get_user_pages() call fails. It's possible trinity
> could be arranging things so that the get_user_pages() call is failing
On Thu, Dec 19, 2013 at 09:41:50AM -0600, Christoph Lameter wrote:
> On Wed, 18 Dec 2013, Linus Torvalds wrote:
>
> > Somebody who knows the migration code needs to look at this. ChristophL?
>
> Its been awhile sorry and there has been a huge amount of work done on top
> of my earlier work. Canno
On Fri, Dec 20, 2013 at 5:02 AM, Linus Torvalds
wrote:
>
> Why not just get rid of the idiotic get_user_pages() crap then?
> Something like the attached patch?
>
> Totally untested, but at least it makes *some* amount of sense.
Ok, that can't work, since the ring_pages[] allocation happens later.
On Fri, Dec 20, 2013 at 4:53 AM, Benjamin LaHaise wrote:
>
> Yes, that's what I found when I started looking into this in detail again.
> I think the page reference counting is actually correct. There are 2
> references on each page: the first is from the find_or_create_page() call,
> and the sec
On Fri, Dec 20, 2013 at 04:45:38AM +0900, Linus Torvalds wrote:
> On Fri, Dec 20, 2013 at 4:26 AM, Benjamin LaHaise wrote:
> >
> > Okay, I'll rewriting it to use truncate to free the pages.
>
> It already does that in put_aio_ring_file() afaik. No?
Yes, that's what I found when I started looking
On Fri, Dec 20, 2013 at 4:26 AM, Benjamin LaHaise wrote:
>
> Okay, I'll rewriting it to use truncate to free the pages.
It already does that in put_aio_ring_file() afaik. No?
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message
On Fri, Dec 20, 2013 at 04:19:15AM +0900, Linus Torvalds wrote:
> Yeah, that looks horribly buggy, if that's the intent.
>
> You can't just put_page() to remove something from the page cache. You
> need to do the whole "remove from radix tree" rigamarole, see for
> example delete_from_page_cache()
On Thu, Dec 19, 2013 at 10:29 AM, Benjamin LaHaise wrote:
>
>> I don't understand this page migration stuff at all, and I actually
>> don't think I understand the refcounting w.r.t. the page cache either.
>> But looking at (say) the aio_free_ring() call at line 409 - we just did
>> one put_page()
On Thu, Dec 19, 2013 at 01:29:21PM -0500, Benjamin LaHaise wrote:
> > > and some kind of double free in an error path would certainly explain
> > > this (with io_setup() . And the first oops reported obviously had that
> > > migration thing. So maybe those "fixes" weren't fixing things at all
On Thu, Dec 19, 2013 at 10:11:34AM -0800, Kent Overstreet wrote:
> On Thu, Dec 19, 2013 at 09:07:27AM -0800, Linus Torvalds wrote:
> > On Thu, Dec 19, 2013 at 7:53 AM, Dave Jones wrote:
> > >
> > > Interesting that CPU2 was doing sys_io_setup again. Different trace
> > > though.
> >
> > Well, it
On Thu, Dec 19, 2013 at 09:07:27AM -0800, Linus Torvalds wrote:
> On Thu, Dec 19, 2013 at 7:53 AM, Dave Jones wrote:
> >
> > Interesting that CPU2 was doing sys_io_setup again. Different trace though.
>
> Well, it was once again in aio_free_ring() - double free or freeing
> while already in use?
On Thu, Dec 19, 2013 at 09:07:27AM -0800, Linus Torvalds wrote:
> On Thu, Dec 19, 2013 at 7:53 AM, Dave Jones wrote:
> >
> > Interesting that CPU2 was doing sys_io_setup again. Different trace though.
>
> Well, it was once again in aio_free_ring() - double free or freeing
> while already in
On Thu, Dec 19, 2013 at 7:53 AM, Dave Jones wrote:
>
> Interesting that CPU2 was doing sys_io_setup again. Different trace though.
Well, it was once again in aio_free_ring() - double free or freeing
while already in use? And this time the other end of the complaint was
allocating a new page that
On Wed, Dec 18, 2013 at 08:40:07PM -0800, Linus Torvalds wrote:
> On Wed, Dec 18, 2013 at 8:07 PM, Dave Jones wrote:
> > Just hit this while fuzzing with lots of child processes.
> > (trinity -C128)
>
> Ok, there's a BUG_ON() in the middle, the "bad page" part is just this:
>
> > BUG: Bad
On Wed, 18 Dec 2013, Linus Torvalds wrote:
> Somebody who knows the migration code needs to look at this. ChristophL?
Its been awhile sorry and there has been a huge amount of work done on top
of my earlier work. Cannot debug that anymore and I am finding myself in
the role of the old guy who jus
On Wed, Dec 18, 2013 at 8:07 PM, Dave Jones wrote:
> Just hit this while fuzzing with lots of child processes.
> (trinity -C128)
Ok, there's a BUG_ON() in the middle, the "bad page" part is just this:
> BUG: Bad page state in process trinity-c93 pfn:100499
> page:ea0004012640 count:0 mapcou
Just hit this while fuzzing with lots of child processes.
(trinity -C128)
BUG: Bad page state in process trinity-c93 pfn:100499
[ cut here ]
kernel BUG at include/linux/mm.h:439!
invalid opcode: [#1] PREEMPT SMP
Modules linked in: dlci sctp snd_seq_dummy hidp fuse r
26 matches
Mail list logo
