Re: kernel bug 2.6.31-rc6

From: Eric Paris
Date: Wed Aug 19 2009 - 09:38:51 EST

Next message: Wu Fengguang: "[RFC] memcg: move definitions to .h and inline some functions"
Previous message: Minchan Kim: "Re: [RFC] respect the referenced bit of KVM guest pages?"
In reply to: Christoph Thielecke: "kernel bug 2.6.31-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 18, 2009 at 8:43 AM, Christoph
Thielecke<christoph.thielecke@xxxxxx> wrote:
> Hello list,
>
> I got an kernel bug using 2.6.31-rc6 (machine freeze, sysreq not working).
> Interesting: I use kde3 (user crissi) and start an second xserver in
> userspace (xephyr) (user kde-devel). I allow to write the xserver on my
> display via xhost +.
>
> @linus
> This is different from bug before because I start there a new session via kdm
> (2x xorg).
>
>
> Aug 18 10:24:09 develop kernel: idr_remove called for id=2147483647 which is
> not allocated.

2147483647 = 0x7FFFFFFF = INT_MAX

I don't use INT_MAX in my code anywhere! Anyone on list have a clue
what could rewrite it to INT_MAX? This doesn't look to me

Only thing I can think of is that it got freed and reused by something else ??

> Aug 18 10:24:09 develop kernel: Pid: 17363, comm: kded4 Tainted: P
> 2.6.31-rc6 #2
> Aug 18 10:24:09 develop kernel: Call Trace:
> Aug 18 10:24:09 develop kernel: [<c133a0b0>] ? printk+0x18/0x20
> Aug 18 10:24:09 develop kernel: [<c11d00c0>] idr_remove+0x79/0x1ad
> Aug 18 10:24:09 develop kernel: [<c10db9d1>] ?
> fsnotify_add_notify_event+0x105/0x205
> Aug 18 10:24:09 develop kernel: [<c10ddce3>] inotify_remove_from_idr+0x21/0x34
> Aug 18 10:24:09 develop kernel: [<c10de1ae>]
> inotify_ignored_and_remove_idr+0x85/0xb7
> Aug 18 10:24:09 develop kernel: [<c10dd753>] inotify_freeing_mark+0x8/0xa
> Aug 18 10:24:09 develop kernel: [<c10dc3ab>]
> fsnotify_destroy_mark_by_entry+0xf3/0x132
> Aug 18 10:24:09 develop kernel: [<c10ddc82>] sys_inotify_rm_watch+0x5e/0x8d
> Aug 18 10:24:09 develop kernel: [<c1003610>] sysenter_do_call+0x12/0x2c

So the syscall wd was correct, the entry was found in the idr, but the
entry->wd = INT_MAX which is not what it is supposed to be. At some
point that entry had to be correct, since it was returned to userspace
from inotify_update_watch().

That function looks horrid, so I'll recheck it, but I'm once again stumped...

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Wu Fengguang: "[RFC] memcg: move definitions to .h and inline some functions"
Previous message: Minchan Kim: "Re: [RFC] respect the referenced bit of KVM guest pages?"
In reply to: Christoph Thielecke: "kernel bug 2.6.31-rc6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]