Re: 2.6.11-rc2-mm1 kernel BUG at kernel/workqueue.c:104

From: Andrew Morton
Date: Tue Jan 25 2005 - 03:16:55 EST

Next message: Andi Kleen: "Re: [RFC][PATCH] new timeofday core subsystem (v. A2)"
Previous message: Jens Axboe: "Re: [2.6 patch] *-iosched.c: Use proper documentation path"
In reply to: Zwane Mwaikambo: "Re: 2.6.11-rc2-mm1 kernel BUG at kernel/workqueue.c:104"
Next in thread: Roman Zippel: "Re: 2.6.11-rc2-mm1 kernel BUG at kernel/workqueue.c:104"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zwane Mwaikambo <zwane@xxxxxxxxxxxxxxxx> wrote:
>
> On Mon, 24 Jan 2005, Andrew Morton wrote:
>
> > I can't reproduce it from a quick test here. I'd assume that the keystroke
> > came in before the vt's workqueue is initialised. fn_enter() calls
> > put_queue() calls con_schedule_flip() calls schedule_work() which goes BUG:
>
> Boot into runlevel 1 (console will then be on serial, nothing on any of
> the VTs), then press a key. This can be any time after it's booted into
> runlevel 1.
>

OK, thanks. I get what appears to be a use-after-free error.
CONFIG_DEBUG_PAGEALLOC is set:

Program received signal SIGEMT, Emulation trap.
0xc0272bc2 in kbd_keycode (keycode=57, down=1, hw_raw=0, regs=0xc0673f9c)
at drivers/char/keyboard.c:1035
1035 if (tty && (!tty->driver_data)) {
(gdb) p tty
$1 = (struct tty_struct *) 0xce3c4000
(gdb) p *tty
Cannot access memory at address 0xce3c4000
(gdb) bt
#0 0xc0272bc2 in kbd_keycode (keycode=57, down=1, hw_raw=0, regs=0xc0673f9c)
at drivers/char/keyboard.c:1035
#1 0xc0272ee4 in kbd_event (handle=0xcf150674, event_type=1, event_code=57,
value=1) at drivers/char/keyboard.c:1162
#2 0xc03081d8 in input_event (dev=0xcf19b090, type=1, code=57, value=1)
at drivers/input/input.c:188
#3 0xc030a71a in atkbd_report_key (dev=0xcf19b090, regs=0xc1235000, code=57,
value=0) at drivers/input/keyboard/atkbd.c:239
#4 0xc030ab8b in atkbd_interrupt (serio=0xcf771df8, data=57 '9', flags=0,
regs=0xc0673f9c) at drivers/input/keyboard/atkbd.c:392
#5 0xc0279dd9 in serio_interrupt (serio=0xcf771df8, data=57 '9', dfl=0,
regs=0xc1235000) at drivers/input/serio/serio.c:681
#6 0xc027a96f in i8042_interrupt (irq=1, dev_id=0xc06cb3a0, regs=0xc1235000)
at drivers/input/serio/i8042.c:481
#7 0xc013b7e5 in handle_IRQ_event (irq=1, regs=0xc0673f9c, action=0xcf0ee85c)
at kernel/irq/handle.c:90
#8 0xc013b913 in __do_IRQ (irq=1, regs=0xc0673f9c) at kernel/irq/handle.c:177
#9 0xc0104eee in do_IRQ (regs=0x0) at arch/i386/kernel/irq.c:105
#10 0xc010375a in common_interrupt () at arch/i386/kernel/semaphore.c:177

Roman, binary searching indicates that the bug was introduced by
merge-vt_struct-into-vc_data.patch. The latest version.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [RFC][PATCH] new timeofday core subsystem (v. A2)"
Previous message: Jens Axboe: "Re: [2.6 patch] *-iosched.c: Use proper documentation path"
In reply to: Zwane Mwaikambo: "Re: 2.6.11-rc2-mm1 kernel BUG at kernel/workqueue.c:104"
Next in thread: Roman Zippel: "Re: 2.6.11-rc2-mm1 kernel BUG at kernel/workqueue.c:104"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]