BUG in tty_open when using containers and ptrace

Sukadev Bhattiprolu sukadev at linux.vnet.ibm.com
Wed Jul 22 18:27:33 PDT 2009


Grzegorz Nosek [root at localdomain.pl] wrote:
| On wto, lip 21, 2009 at 11:41:20 -0700, Sukadev Bhattiprolu wrote:
| > I set 
| > 	CONFIG_SLUB_DEBUG=y
| > 	CONFIG_SLUB=y
| > 	CONFIG_SLUB_DEBUG_ON=y
| > 	# CONFIG_SLUB_STATS is not set
| > 
| > and tried 2.6.29, 2.6.31-rc3 and linux-mmotm from July 13, but have
| > not been able to repro either on an i386 machine or on a KVM guest.
| > 
| > I run your program ./tty-bug in a tight loop. I will try to run the
| > program overnight in a loop. 
| > 
| > Given that your program does not depend on NET_NS, can you see if you
| > can repro on 2.6.28 and see if we can bisect this problem ?
| 
| Immediate crash. I tried 2.6.18-something (Debian etch kernel) that I
| had lying around on the VM. The result:

Interesting.

Attaching test program and Ccing Peter Anvin for any insights.

| 
| idr_remove called for id=0 which is not allocated.
|  [<c01b7abc>] idr_remove+0xd4/0x137
|  [<c01fa871>] release_mem+0x1d5/0x1e1
|  [<c01fb4ec>] release_dev+0x5d6/0x5ee
|  [<c011669e>] __wake_up+0x2a/0x3d
|  [<c01f9e1f>] tty_ldisc_enable+0x1f/0x21
|  [<c01fabf5>] init_dev+0x378/0x49f
|  [<c01fd2e4>] tty_open+0x2a9/0x2e8
|  [<c0161899>] chrdev_open+0x126/0x141
|  [<c0161773>] chrdev_open+0x0/0x141
|  [<c0158b65>] __dentry_open+0xc8/0x1ac
|  [<c0158cad>] nameidata_to_filp+0x19/0x28
|  [<c0158ce7>] do_filp_open+0x2b/0x31
|  [<c027fddd>] do_nanosleep+0x43/0x6a
|  [<c0125f96>] do_sigaction+0x99/0x156
|  [<c0158d2b>] do_sys_open+0x3e/0xb3
|  [<c0158dcd>] sys_open+0x16/0x18
|  [<c0102c7b>] syscall_call+0x7/0xb
| 
| (on the bright side, the machine is still usable afterwards).
| 
| However, 2.6.26 (both mine and Debian) survives the test so it may indeed
| be a recent regression (was it broken again after fixing sometime
| between .18 and .26?)
| 
| Bisecting...
| 
| Best regards,
|  Grzegorz Nosek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tty-bug.c
Type: text/x-csrc
Size: 848 bytes
Desc: not available
Url : http://lists.linux-foundation.org/pipermail/containers/attachments/20090722/6572113a/attachment.c 


More information about the Containers mailing list