From 74524955556096a0b2a821a49b4d0abebad3ee16 Mon Sep 17 00:00:00 2001 From: Tahsin Erdogan Date: Thu, 16 Jun 2016 05:15:33 -0700 Subject: [PATCH] writeback: inode cgroup wb switch should not call ihold() Asynchronous wb switching of inodes takes an additional ref count on an inode to make sure inode remains valid until switchover is completed. However, anyone calling ihold() must already have a ref count on inode, but in this case inode->i_count may already be zero: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 917 at fs/inode.c:397 ihold+0x2b/0x30 CPU: 1 PID: 917 Comm: kworker/u4:5 Not tainted 4.7.0-rc2+ #49 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: writeback wb_workfn (flush-8:16) 0000000000000000 ffff88007ca0fb58 ffffffff805990af 0000000000000000 0000000000000000 ffff88007ca0fb98 ffffffff80268702 0000018d000004e2 ffff88007cef40e8 ffff88007c9b89a8 ffff880079e3a740 0000000000000003 Call Trace: [] dump_stack+0x4d/0x6e [] __warn+0xc2/0xe0 [] warn_slowpath_null+0x18/0x20 [] ihold+0x2b/0x30 [] inode_switch_wbs+0x11c/0x180 [] wbc_detach_inode+0x170/0x1a0 [] writeback_sb_inodes+0x21c/0x530 [] wb_writeback+0xee/0x1e0 [] wb_workfn+0xd7/0x280 [] ? try_to_wake_up+0x1b1/0x2b0 [] process_one_work+0x129/0x300 [] worker_thread+0x126/0x480 [] ? __schedule+0x1c7/0x561 [] ? process_one_work+0x300/0x300 [] kthread+0xc4/0xe0 [] ? kfree+0xc8/0x100 [] ret_from_fork+0x1f/0x40 [] ? __kthread_parkme+0x70/0x70 ---[ end trace aaefd2fd9f306bc4 ]--- Signed-off-by: Tahsin Erdogan Acked-by: Tejun Heo Reviewed-by: Jan Kara Signed-off-by: Jens Axboe --- fs/fs-writeback.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 989a2cef6b76..fe7e83a45eff 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -483,9 +483,9 @@ static void inode_switch_wbs(struct inode *inode, int new_wb_id) goto out_free; } inode->i_state |= I_WB_SWITCH; + __iget(inode); spin_unlock(&inode->i_lock); - ihold(inode); isw->inode = inode; atomic_inc(&isw_nr_in_flight); -- 2.20.1