Grzegorz Nosek [root@xxxxxxxxxxxxxx] wrote:
| On wto, lip 21, 2009 at 11:41:20 -0700, Sukadev Bhattiprolu wrote:
| > I set
| > CONFIG_SLUB_DEBUG=y
| > CONFIG_SLUB=y
| > CONFIG_SLUB_DEBUG_ON=y
| > # CONFIG_SLUB_STATS is not set
| >
| > and tried 2.6.29, 2.6.31-rc3 and linux-mmotm from July 13, but have
| > not been able to repro either on an i386 machine or on a KVM guest.
| >
| > I run your program ./tty-bug in a tight loop. I will try to run the
| > program overnight in a loop.
| >
| > Given that your program does not depend on NET_NS, can you see if you
| > can repro on 2.6.28 and see if we can bisect this problem ?
|
| Immediate crash. I tried 2.6.18-something (Debian etch kernel) that I
| had lying around on the VM. The result:
Interesting.
Attaching test program and Ccing Peter Anvin for any insights.
|
| idr_remove called for id=0 which is not allocated.
| [<c01b7abc>] idr_remove+0xd4/0x137
| [<c01fa871>] release_mem+0x1d5/0x1e1
| [<c01fb4ec>] release_dev+0x5d6/0x5ee
| [<c011669e>] __wake_up+0x2a/0x3d
| [<c01f9e1f>] tty_ldisc_enable+0x1f/0x21
| [<c01fabf5>] init_dev+0x378/0x49f
| [<c01fd2e4>] tty_open+0x2a9/0x2e8
| [<c0161899>] chrdev_open+0x126/0x141
| [<c0161773>] chrdev_open+0x0/0x141
| [<c0158b65>] __dentry_open+0xc8/0x1ac
| [<c0158cad>] nameidata_to_filp+0x19/0x28
| [<c0158ce7>] do_filp_open+0x2b/0x31
| [<c027fddd>] do_nanosleep+0x43/0x6a
| [<c0125f96>] do_sigaction+0x99/0x156
| [<c0158d2b>] do_sys_open+0x3e/0xb3
| [<c0158dcd>] sys_open+0x16/0x18
| [<c0102c7b>] syscall_call+0x7/0xb
|
| (on the bright side, the machine is still usable afterwards).
|
| However, 2.6.26 (both mine and Debian) survives the test so it may indeed
| be a recent regression (was it broken again after fixing sometime
| between .18 and .26?)
|
| Bisecting...
|
| Best regards,
| Grzegorz Nosek
#define _GNU_SOURCE
#include <fcntl.h>
#include <sched.h>
#include <stdlib.h>
#include <sys/mount.h>
#include <sys/signal.h>
#include <unistd.h>
#include <linux/fs.h>
void dummy(int sig)
{
}
static int child(void *unused)
{
signal(SIGINT, dummy);
signal(SIGHUP, dummy);
pause(); /* cheesy synchronisation to wait for /dev/pts/0 to appear */
mount("/dev/pts/0", "/dev/console", NULL, MS_BIND, NULL);
sleep(2);
open("/dev/console", O_RDWR);
dup(0);
dup(0);
write(1, "Hello world!\n", sizeof("Hello world!\n")-1);
return 0;
}
int main(void)
{
pid_t pid;
char *stack;
int fd;
stack = malloc(16384);
pid = clone(child, stack+16384, CLONE_NEWNS|SIGCHLD, NULL);
fd = open("/dev/ptmx", O_RDWR|O_NOCTTY|O_NONBLOCK);
unlockpt(fd);
grantpt(fd);
kill(pid, SIGHUP);
sleep(1);
return 0; /* exit before child opens /dev/console */
}
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
