On Wed, Feb 11, 2009 at 9:07 AM, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: >> In case you missed it, KOSAKI Motohiro posted a similar stack-trace >> (but not the same BUG) in this thread: >> http://lkml.org/lkml/2009/2/10/7 >> > > Both traces include the newly-added put_cred_rcu(). Suspicious. > I have this test case which triggers it regularly after some minutes: #include <sys/wait.h> #include <sys/types.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> int main(int argc, char* argv[]) { unsigned int i; if (fork() == 0) { while (1) system("echo -n ."); } for (i = 0; i < 2; ++i) { if (fork() == 0) { while (1) { setreuid(0, 0xcafeba); setreuid(0xcafeba, 0); setreuid(0, 0xcafebb); setreuid(0xcafebb, 0); } exit(EXIT_SUCCESS); } } while (!(wait(NULL) == -1 && errno == ECHILD)) ; return 0; } It seems to be the combination of exec() and setreuid(), but I couldn't get it to work with just exec() instead of system(). It is possible that CONFIG_USER_SCHED must be =y for this to work. It can probably be simplified too... Vegard -- "The animistic metaphor of the bug that maliciously sneaked in while the programmer was not looking is intellectually dishonest as it disguises that the error is the programmer's own creation." -- E. W. Dijkstra, EWD1036 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
