87b4126f10
One of our test team hit a reiserfs_panic while running fsstress tests on 2.6.19-rc1. The message looks like : REISERFS: panic(device Null superblock): reiserfs[5676]: assertion !(p->path_length != 1 ) failed at fs/reiserfs/stree.c:397:reiserfs_check_path: path not properly relsed. The backtrace looked : kernel BUG in reiserfs_panic at fs/reiserfs/prints.c:361! .reiserfs_check_path+0x58/0x74 .reiserfs_get_block+0x1444/0x1508 .__block_prepare_write+0x1c8/0x558 .block_prepare_write+0x34/0x64 .reiserfs_prepare_write+0x118/0x1d0 .generic_file_buffered_write+0x314/0x82c .__generic_file_aio_write_nolock+0x350/0x3e0 .__generic_file_write_nolock+0x78/0xb0 .generic_file_write+0x60/0xf0 .reiserfs_file_write+0x198/0x2038 .vfs_write+0xd0/0x1b4 .sys_write+0x4c/0x8c syscall_exit+0x0/0x4 Upon debugging I found that the restart_transaction was not releasing the path if the th->refcount was > 1. /*static*/ int restart_transaction(struct reiserfs_transaction_handle *th, struct inode *inode, struct path *path) { [...] /* we cannot restart while nested */ if (th->t_refcount > 1) { <<- Path is not released in this case! return 0; } pathrelse(path); <<- Path released here. [...] This could happen in such a situation : In reiserfs/inode.c: reiserfs_get_block() :: if (repeat == NO_DISK_SPACE || repeat == QUOTA_EXCEEDED) { /* restart the transaction to give the journal a chance to free ** some blocks. releases the path, so we have to go back to ** research if we succeed on the second try */ SB_JOURNAL(inode->i_sb)->j_next_async_flush = 1; -->> retval = restart_transaction(th, inode, &path); <<-- We are supposed to release the path, no matter we succeed or fail. But if the th->refcount is > 1, the path is still valid. And, if (retval) goto failure; repeat = _allocate_block(th, block, inode, &allocated_block_nr, NULL, create); If the above allocate_block fails with NO_DISK_SPACE or QUOTA_EXCEEDED, we would have path which is not released. if (repeat != NO_DISK_SPACE && repeat != QUOTA_EXCEEDED) { goto research; } if (repeat == QUOTA_EXCEEDED) retval = -EDQUOT; else retval = -ENOSPC; goto failure; [...] failure: [...] reiserfs_check_path(&path); << Panics here ! Attached here is a patch which could fix the issue. fix reiserfs/inode.c : restart_transaction() to release the path in all cases. The restart_transaction() doesn't release the path when the the journal handle has a refcount > 1. This would trigger a reiserfs_panic() if we encounter an -ENOSPC / -EDQUOT in reiserfs_get_block(). Signed-off-by: Suzuki K P <suzuki@in.ibm.com> Cc: "Vladimir V. Saveliev" <vs@namesys.com> Cc: <reiserfs-dev@namesys.com> Cc: Jeff Mahoney <jeffm@suse.com> Acked-by: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
||
---|---|---|
.. | ||
9p | ||
adfs | ||
affs | ||
afs | ||
autofs | ||
autofs4 | ||
befs | ||
bfs | ||
cifs | ||
coda | ||
configfs | ||
cramfs | ||
debugfs | ||
devpts | ||
dlm | ||
ecryptfs | ||
efs | ||
exportfs | ||
ext2 | ||
ext3 | ||
ext4 | ||
fat | ||
freevxfs | ||
fuse | ||
gfs2 | ||
hfs | ||
hfsplus | ||
hostfs | ||
hpfs | ||
hppfs | ||
hugetlbfs | ||
isofs | ||
jbd | ||
jbd2 | ||
jffs | ||
jffs2 | ||
jfs | ||
lockd | ||
minix | ||
msdos | ||
ncpfs | ||
nfs | ||
nfs_common | ||
nfsd | ||
nls | ||
ntfs | ||
ocfs2 | ||
openpromfs | ||
partitions | ||
proc | ||
qnx4 | ||
ramfs | ||
reiserfs | ||
romfs | ||
smbfs | ||
sysfs | ||
sysv | ||
udf | ||
ufs | ||
vfat | ||
xfs | ||
aio.c | ||
attr.c | ||
bad_inode.c | ||
binfmt_aout.c | ||
binfmt_elf_fdpic.c | ||
binfmt_elf.c | ||
binfmt_em86.c | ||
binfmt_flat.c | ||
binfmt_misc.c | ||
binfmt_script.c | ||
binfmt_som.c | ||
bio.c | ||
block_dev.c | ||
buffer.c | ||
char_dev.c | ||
compat_ioctl.c | ||
compat.c | ||
dcache.c | ||
dcookies.c | ||
direct-io.c | ||
dnotify.c | ||
dquot.c | ||
drop_caches.c | ||
eventpoll.c | ||
exec.c | ||
fcntl.c | ||
fifo.c | ||
file_table.c | ||
file.c | ||
filesystems.c | ||
fs-writeback.c | ||
generic_acl.c | ||
inode.c | ||
inotify_user.c | ||
inotify.c | ||
internal.h | ||
ioctl.c | ||
ioprio.c | ||
Kconfig | ||
Kconfig.binfmt | ||
libfs.c | ||
locks.c | ||
Makefile | ||
mbcache.c | ||
mpage.c | ||
namei.c | ||
namespace.c | ||
nfsctl.c | ||
no-block.c | ||
open.c | ||
pipe.c | ||
pnode.c | ||
pnode.h | ||
posix_acl.c | ||
quota_v1.c | ||
quota_v2.c | ||
quota.c | ||
read_write.c | ||
read_write.h | ||
readdir.c | ||
select.c | ||
seq_file.c | ||
splice.c | ||
stat.c | ||
super.c | ||
sync.c | ||
utimes.c | ||
xattr_acl.c | ||
xattr.c |