* BUG on fs/inode.c:1442 (linux 3.3.1 and 3.3.2)
@ 2012-04-15 21:56 Lluís Batlle i Rossell
2012-04-18 11:48 ` Jan Kara
0 siblings, 1 reply; 4+ messages in thread
From: Lluís Batlle i Rossell @ 2012-04-15 21:56 UTC (permalink / raw)
To: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 427 bytes --]
Hello,
destroying my openvpn client connection (SIGINT to openvp), in linux 3.3.1 and
now also in 3.3.2, I noticed this BUG in dmesg (attached).
It's a vanilla 3.3.2, at this shot.
I know it never happened to me in any 3.2, but I did not try 3.3.0.
I attach the .config. And I have the debug info for this kernel too, if this
helps someone find a fix. But I imagine it's easy to reproduce.
Thank you,
Lluís.
[-- Attachment #2: bug2.txt --]
[-- Type: text/plain, Size: 3808 bytes --]
[39301.878926] ------------[ cut here ]------------
[39301.878999] kernel BUG at fs/inode.c:1442!
[39301.879052] invalid opcode: 0000 [#1]
[39301.879105] CPU 0
[39301.879133] Modules linked in: reiserfs xts gf128mul af_packet bridge stp nls_iso8859_1 nls_cp437 vfat fat usb_storage usb_libusual uas arc4 iwlwifi mac80211 joydev snd_hda_codec_hdmi uvcvideo snd_hda_codec_realtek videobuf2_core cfg80211 psmouse snd_hda_intel snd_hda_codec acer_wmi videodev sparse_keymap i2c_i801 rfkill sg v4l2_compat_ioctl32 videobuf2_vmalloc rtc_cmos videobuf2_memops pcspkr wmi iTCO_wdt thermal snd_hwdep serio_raw battery ac i915 evdev mac_hid fbcon tileblit font bitblit softcursor drm_kms_helper drm intel_agp i2c_algo_bit button intel_gtt agpgart i2c_core video atl1c tun kvm_intel kvm fuse cpufreq_conservative cpufreq_ondemand cpufreq_powersave cpufreq_performance acpi_cpufreq freq_table processor thermal_sys hwmon mperf snd_pcm_oss snd_pcm snd_timer snd_page_alloc snd_mixer_oss snd soundcore nfsd lockd nfs_acl auth_rpcgss exportfs loop sunrpc ipv6 usbhid hid power_supply scsi_wait_scan sr_mod cdrom ehci_hcd uhci_hcd usbcore usb_common lzo sd_mod crc_t10dif ata_piix libata scsi_mod cryptd cbc sha256_generic dm_crypt dm_mod aes_x86_64 aes_generic btrfs zlib_deflate crc32c libcrc32c ext4 jbd2 crc16 ext3 jbd ext2 mbcache unix
[39301.880010]
[39301.880010] Pid: 20915, comm: openvpn Not tainted 3.3.2 #1 Acer Aspire 4810T/Aspire 4810T
[39301.880010] RIP: 0010:[<ffffffff8113b4f7>] [<ffffffff8113b4f7>] iput+0x1b7/0x1f0
[39301.880010] RSP: 0018:ffff880058af1dd8 EFLAGS: 00010202
[39301.880010] RAX: ffff8800b591ffa0 RBX: ffff8800b591ffa0 RCX: 0000000000000000
[39301.880010] RDX: ffff8800b591f800 RSI: ffff8800b591fba8 RDI: ffff8800b591ffa0
[39301.880010] RBP: ffff880058af1df8 R08: dead000000100100 R09: dead000000200200
[39301.880010] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[39301.880010] R13: ffff8800b591fb88 R14: ffff8800b3d3f000 R15: ffff880058af1e68
[39301.880010] FS: 00007f0fe5e99700(0000) GS:ffffffff81620000(0000) knlGS:0000000000000000
[39301.880010] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[39301.880010] CR2: 00007ffd75a23000 CR3: 0000000057f86000 CR4: 00000000000406f0
[39301.880010] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[39301.880010] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[39301.880010] Process openvpn (pid: 20915, threadinfo ffff880058af0000, task ffff8800b53a5980)
[39301.880010] Stack:
[39301.880010] 0000000000000000 ffff8800b591ff70 0000000000000000 ffff8800b591fb88
[39301.880010] ffff880058af1e18 ffffffff812c9a01 ffff880059afd400 ffffffff81686068
[39301.880010] ffff880058af1e38 ffffffff812cec2f ffff880058af1e28 ffff8800b591f800
[39301.880010] Call Trace:
[39301.880010] [<ffffffff812c9a01>] sock_release+0x71/0x90
[39301.880010] [<ffffffff812cec2f>] sk_release_kernel+0x2f/0x60
[39301.880010] [<ffffffffa0627915>] tun_free_netdev+0x15/0x20 [tun]
[39301.880010] [<ffffffff812e2b6c>] netdev_run_todo+0x22c/0x360
[39301.880010] [<ffffffff812ec37e>] rtnl_unlock+0xe/0x10
[39301.880010] [<ffffffffa06286e5>] tun_chr_close+0xb5/0x100 [tun]
[39301.880010] [<ffffffff81124c92>] fput+0xd2/0x210
[39301.880010] [<ffffffff81121d46>] filp_close+0x66/0x90
[39301.880010] [<ffffffff81121de8>] sys_close+0x78/0xb0
[39301.880010] [<ffffffff8137f3a7>] system_call_fastpath+0x16/0x1b
[39301.880010] Code: 89 8b e0 00 00 00 48 8d 8a 00 01 00 00 48 89 8b e8 00 00 00 48 89 82 00 01 00 00 48 8b 43 28 83 80 10 01 00 00 01 e9 8e fe ff ff <0f> 0b be 76 05 00 00 48 c7 c7 fe 3b 55 81 e8 b6 7d f0 ff e9 9f
[39301.880010] RIP [<ffffffff8113b4f7>] iput+0x1b7/0x1f0
[39301.880010] RSP <ffff880058af1dd8>
[39301.901976] ---[ end trace 5ddcafba128ae2ca ]---
[-- Attachment #3: config.gz --]
[-- Type: application/x-gunzip, Size: 33822 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: BUG on fs/inode.c:1442 (linux 3.3.1 and 3.3.2)
2012-04-15 21:56 BUG on fs/inode.c:1442 (linux 3.3.1 and 3.3.2) Lluís Batlle i Rossell
@ 2012-04-18 11:48 ` Jan Kara
2012-05-06 12:31 ` Lluís Batlle i Rossell
0 siblings, 1 reply; 4+ messages in thread
From: Jan Kara @ 2012-04-18 11:48 UTC (permalink / raw)
To: Lluís Batlle i Rossell; +Cc: linux-kernel
Hello,
On Sun 15-04-12 23:56:01, Lluís Batlle i Rossell wrote:
> destroying my openvpn client connection (SIGINT to openvp), in linux 3.3.1 and
> now also in 3.3.2, I noticed this BUG in dmesg (attached).
>
> It's a vanilla 3.3.2, at this shot.
>
> I know it never happened to me in any 3.2, but I did not try 3.3.0.
>
> I attach the .config. And I have the debug info for this kernel too, if this
> helps someone find a fix. But I imagine it's easy to reproduce.
From the first look it would seem as use after free bug but can you
please post disassembly of iput() function from your kernel? I.e. you load
vmlinux in gdb and run 'disass iput'. Thanks.
Honza
> [39301.878926] ------------[ cut here ]------------
> [39301.878999] kernel BUG at fs/inode.c:1442!
> [39301.879052] invalid opcode: 0000 [#1]
> [39301.879105] CPU 0
> [39301.879133] Modules linked in: reiserfs xts gf128mul af_packet bridge stp nls_iso8859_1 nls_cp437 vfat fat usb_storage usb_libusual uas arc4 iwlwifi mac80211 joydev snd_hda_codec_hdmi uvcvideo snd_hda_codec_realtek videobuf2_core cfg80211 psmouse snd_hda_intel snd_hda_codec acer_wmi videodev sparse_keymap i2c_i801 rfkill sg v4l2_compat_ioctl32 videobuf2_vmalloc rtc_cmos videobuf2_memops pcspkr wmi iTCO_wdt thermal snd_hwdep serio_raw battery ac i915 evdev mac_hid fbcon tileblit font bitblit softcursor drm_kms_helper drm intel_agp i2c_algo_bit button intel_gtt agpgart i2c_core video atl1c tun kvm_intel kvm fuse cpufreq_conservative cpufreq_ondemand cpufreq_powersave cpufreq_performance acpi_cpufreq freq_table processor thermal_sys hwmon mperf snd_pcm_oss snd_pcm snd_timer snd_page_alloc snd_mixer_oss snd soundcore nfsd lockd nfs_acl auth_rpcgss exportfs loop sunrpc ipv6 usbhid hid power_supply scsi_wait_scan sr_mod cdrom ehci_hcd uhci_hcd usbcore usb_common lzo sd_mod crc_t10dif ata_piix libata scsi_mod cr
> yptd cbc sha256_generic dm_crypt dm_mod aes_x86_64 aes_generic btrfs zlib_deflate crc32c libcrc32c ext4 jbd2 crc16 ext3 jbd ext2 mbcache unix
> [39301.880010]
> [39301.880010] Pid: 20915, comm: openvpn Not tainted 3.3.2 #1 Acer Aspire 4810T/Aspire 4810T
> [39301.880010] RIP: 0010:[<ffffffff8113b4f7>] [<ffffffff8113b4f7>] iput+0x1b7/0x1f0
> [39301.880010] RSP: 0018:ffff880058af1dd8 EFLAGS: 00010202
> [39301.880010] RAX: ffff8800b591ffa0 RBX: ffff8800b591ffa0 RCX: 0000000000000000
> [39301.880010] RDX: ffff8800b591f800 RSI: ffff8800b591fba8 RDI: ffff8800b591ffa0
> [39301.880010] RBP: ffff880058af1df8 R08: dead000000100100 R09: dead000000200200
> [39301.880010] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
> [39301.880010] R13: ffff8800b591fb88 R14: ffff8800b3d3f000 R15: ffff880058af1e68
> [39301.880010] FS: 00007f0fe5e99700(0000) GS:ffffffff81620000(0000) knlGS:0000000000000000
> [39301.880010] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [39301.880010] CR2: 00007ffd75a23000 CR3: 0000000057f86000 CR4: 00000000000406f0
> [39301.880010] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [39301.880010] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [39301.880010] Process openvpn (pid: 20915, threadinfo ffff880058af0000, task ffff8800b53a5980)
> [39301.880010] Stack:
> [39301.880010] 0000000000000000 ffff8800b591ff70 0000000000000000 ffff8800b591fb88
> [39301.880010] ffff880058af1e18 ffffffff812c9a01 ffff880059afd400 ffffffff81686068
> [39301.880010] ffff880058af1e38 ffffffff812cec2f ffff880058af1e28 ffff8800b591f800
> [39301.880010] Call Trace:
> [39301.880010] [<ffffffff812c9a01>] sock_release+0x71/0x90
> [39301.880010] [<ffffffff812cec2f>] sk_release_kernel+0x2f/0x60
> [39301.880010] [<ffffffffa0627915>] tun_free_netdev+0x15/0x20 [tun]
> [39301.880010] [<ffffffff812e2b6c>] netdev_run_todo+0x22c/0x360
> [39301.880010] [<ffffffff812ec37e>] rtnl_unlock+0xe/0x10
> [39301.880010] [<ffffffffa06286e5>] tun_chr_close+0xb5/0x100 [tun]
> [39301.880010] [<ffffffff81124c92>] fput+0xd2/0x210
> [39301.880010] [<ffffffff81121d46>] filp_close+0x66/0x90
> [39301.880010] [<ffffffff81121de8>] sys_close+0x78/0xb0
> [39301.880010] [<ffffffff8137f3a7>] system_call_fastpath+0x16/0x1b
> [39301.880010] Code: 89 8b e0 00 00 00 48 8d 8a 00 01 00 00 48 89 8b e8 00 00 00 48 89 82 00 01 00 00 48 8b 43 28 83 80 10 01 00 00 01 e9 8e fe ff ff <0f> 0b be 76 05 00 00 48 c7 c7 fe 3b 55 81 e8 b6 7d f0 ff e9 9f
> [39301.880010] RIP [<ffffffff8113b4f7>] iput+0x1b7/0x1f0
> [39301.880010] RSP <ffff880058af1dd8>
> [39301.901976] ---[ end trace 5ddcafba128ae2ca ]---
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: BUG on fs/inode.c:1442 (linux 3.3.1 and 3.3.2)
2012-04-18 11:48 ` Jan Kara
@ 2012-05-06 12:31 ` Lluís Batlle i Rossell
2012-05-09 10:44 ` Jan Kara
0 siblings, 1 reply; 4+ messages in thread
From: Lluís Batlle i Rossell @ 2012-05-06 12:31 UTC (permalink / raw)
To: Jan Kara; +Cc: linux-kernel
On Wed, Apr 18, 2012 at 01:48:44PM +0200, Jan Kara wrote:
> Hello,
>
> On Sun 15-04-12 23:56:01, Lluís Batlle i Rossell wrote:
> > destroying my openvpn client connection (SIGINT to openvp), in linux 3.3.1 and
> > now also in 3.3.2, I noticed this BUG in dmesg (attached).
> >
> > It's a vanilla 3.3.2, at this shot.
> >
> > I know it never happened to me in any 3.2, but I did not try 3.3.0.
> >
> > I attach the .config. And I have the debug info for this kernel too, if this
> > helps someone find a fix. But I imagine it's easy to reproduce.
> From the first look it would seem as use after free bug but can you
> please post disassembly of iput() function from your kernel? I.e. you load
> vmlinux in gdb and run 'disass iput'. Thanks.
Sorry for the delay. Here it is, for 3.3.2:
ffffffff8113b340 <iput>:
ffffffff8113b340: 55 push %rbp
ffffffff8113b341: 48 89 e5 mov %rsp,%rbp
ffffffff8113b344: 48 83 ec 20 sub $0x20,%rsp
ffffffff8113b348: 48 89 5d e8 mov %rbx,-0x18(%rbp)
ffffffff8113b34c: 4c 89 65 f0 mov %r12,-0x10(%rbp)
ffffffff8113b350: 4c 89 6d f8 mov %r13,-0x8(%rbp)
ffffffff8113b354: e8 a7 3d 24 00 callq ffffffff8137f100 <mcount>
ffffffff8113b359: 48 85 ff test %rdi,%rdi
ffffffff8113b35c: 48 89 fb mov %rdi,%rbx
ffffffff8113b35f: 74 24 je ffffffff8113b385 <iput+0x45>
ffffffff8113b361: f6 87 98 00 00 00 40 testb $0x40,0x98(%rdi)
ffffffff8113b368: 0f 85 89 01 00 00 jne ffffffff8113b4f7 <iput+0x1b7>
ffffffff8113b36e: 48 8d b7 80 00 00 00 lea 0x80(%rdi),%rsi
ffffffff8113b375: 48 8d bf 10 01 00 00 lea 0x110(%rdi),%rdi
ffffffff8113b37c: e8 2f b4 0a 00 callq ffffffff811e67b0 <_atomic_dec_and_lock>
ffffffff8113b381: 85 c0 test %eax,%eax
ffffffff8113b383: 75 13 jne ffffffff8113b398 <iput+0x58>
ffffffff8113b385: 48 8b 5d e8 mov -0x18(%rbp),%rbx
ffffffff8113b389: 4c 8b 65 f0 mov -0x10(%rbp),%r12
ffffffff8113b38d: 4c 8b 6d f8 mov -0x8(%rbp),%r13
ffffffff8113b391: c9 leaveq
ffffffff8113b392: c3 retq
ffffffff8113b393: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
ffffffff8113b398: f6 83 98 00 00 00 08 testb $0x8,0x98(%rbx)
ffffffff8113b39f: 4c 8b 63 28 mov 0x28(%rbx),%r12
ffffffff8113b3a3: 4d 8b 6c 24 30 mov 0x30(%r12),%r13
ffffffff8113b3a8: 0f 85 4b 01 00 00 jne ffffffff8113b4f9 <iput+0x1b9>
ffffffff8113b3ae: 49 8b 45 20 mov 0x20(%r13),%rax
ffffffff8113b3b2: 48 85 c0 test %rax,%rax
ffffffff8113b3b5: 0f 84 a5 00 00 00 je ffffffff8113b460 <iput+0x120>
ffffffff8113b3bb: 48 89 df mov %rbx,%rdi
ffffffff8113b3be: ff d0 callq *%rax
ffffffff8113b3c0: 85 c0 test %eax,%eax
ffffffff8113b3c2: 0f 85 b0 00 00 00 jne ffffffff8113b478 <iput+0x138>
ffffffff8113b3c8: 41 f6 44 24 53 40 testb $0x40,0x53(%r12)
ffffffff8113b3ce: 0f 85 b4 00 00 00 jne ffffffff8113b488 <iput+0x148>
ffffffff8113b3d4: 48 83 8b 98 00 00 00 orq $0x10,0x98(%rbx)
ffffffff8113b3db: 10
ffffffff8113b3dc: be 01 00 00 00 mov $0x1,%esi
ffffffff8113b3e1: 48 89 df mov %rbx,%rdi
ffffffff8113b3e4: e8 67 d7 00 00 callq ffffffff81148b50 <write_inode_now>
ffffffff8113b3e9: 48 8b 83 98 00 00 00 mov 0x98(%rbx),%rax
ffffffff8113b3f0: a8 08 test $0x8,%al
ffffffff8113b3f2: 0f 85 17 01 00 00 jne ffffffff8113b50f <iput+0x1cf>
ffffffff8113b3f8: 48 83 e0 ef and $0xffffffffffffffef,%rax
ffffffff8113b3fc: 48 83 c8 20 or $0x20,%rax
ffffffff8113b400: 48 8b 93 e0 00 00 00 mov 0xe0(%rbx),%rdx
ffffffff8113b407: 48 89 83 98 00 00 00 mov %rax,0x98(%rbx)
ffffffff8113b40e: 48 8d 83 e0 00 00 00 lea 0xe0(%rbx),%rax
ffffffff8113b415: 48 39 d0 cmp %rdx,%rax
ffffffff8113b418: 74 2e je ffffffff8113b448 <iput+0x108>
ffffffff8113b41a: 48 8b 8b e8 00 00 00 mov 0xe8(%rbx),%rcx
ffffffff8113b421: 48 89 4a 08 mov %rcx,0x8(%rdx)
ffffffff8113b425: 48 89 11 mov %rdx,(%rcx)
ffffffff8113b428: 48 89 83 e0 00 00 00 mov %rax,0xe0(%rbx)
ffffffff8113b42f: 48 89 83 e8 00 00 00 mov %rax,0xe8(%rbx)
ffffffff8113b436: 48 8b 43 28 mov 0x28(%rbx),%rax
ffffffff8113b43a: ff 0c 25 84 3c 65 81 decl 0xffffffff81653c84
ffffffff8113b441: 83 a8 10 01 00 00 01 subl $0x1,0x110(%rax)
ffffffff8113b448: 48 89 df mov %rbx,%rdi
ffffffff8113b44b: e8 50 fd ff ff callq ffffffff8113b1a0 <evict>
ffffffff8113b450: 48 8b 5d e8 mov -0x18(%rbp),%rbx
ffffffff8113b454: 4c 8b 65 f0 mov -0x10(%rbp),%r12
ffffffff8113b458: 4c 8b 6d f8 mov -0x8(%rbp),%r13
ffffffff8113b45c: c9 leaveq
ffffffff8113b45d: c3 retq
ffffffff8113b45e: 66 90 xchg %ax,%ax
ffffffff8113b460: 8b 43 48 mov 0x48(%rbx),%eax
ffffffff8113b463: 85 c0 test %eax,%eax
ffffffff8113b465: 74 11 je ffffffff8113b478 <iput+0x138>
ffffffff8113b467: 48 83 bb c8 00 00 00 cmpq $0x0,0xc8(%rbx)
ffffffff8113b46e: 00
ffffffff8113b46f: 0f 85 53 ff ff ff jne ffffffff8113b3c8 <iput+0x88>
ffffffff8113b475: 0f 1f 00 nopl (%rax)
ffffffff8113b478: 48 8b 83 98 00 00 00 mov 0x98(%rbx),%rax
ffffffff8113b47f: e9 78 ff ff ff jmpq ffffffff8113b3fc <iput+0xbc>
ffffffff8113b484: 0f 1f 40 00 nopl 0x0(%rax)
ffffffff8113b488: 48 8b 83 98 00 00 00 mov 0x98(%rbx),%rax
ffffffff8113b48f: 80 cc 01 or $0x1,%ah
ffffffff8113b492: a8 87 test $0x87,%al
ffffffff8113b494: 48 89 83 98 00 00 00 mov %rax,0x98(%rbx)
ffffffff8113b49b: 0f 85 e4 fe ff ff jne ffffffff8113b385 <iput+0x45>
ffffffff8113b4a1: 48 8d 83 e0 00 00 00 lea 0xe0(%rbx),%rax
ffffffff8113b4a8: 48 3b 83 e0 00 00 00 cmp 0xe0(%rbx),%rax
ffffffff8113b4af: 0f 85 d0 fe ff ff jne ffffffff8113b385 <iput+0x45>
ffffffff8113b4b5: 48 8b 53 28 mov 0x28(%rbx),%rdx
ffffffff8113b4b9: ff 04 25 84 3c 65 81 incl 0xffffffff81653c84
ffffffff8113b4c0: 48 8b 8a 00 01 00 00 mov 0x100(%rdx),%rcx
ffffffff8113b4c7: 48 89 41 08 mov %rax,0x8(%rcx)
ffffffff8113b4cb: 48 89 8b e0 00 00 00 mov %rcx,0xe0(%rbx)
ffffffff8113b4d2: 48 8d 8a 00 01 00 00 lea 0x100(%rdx),%rcx
ffffffff8113b4d9: 48 89 8b e8 00 00 00 mov %rcx,0xe8(%rbx)
ffffffff8113b4e0: 48 89 82 00 01 00 00 mov %rax,0x100(%rdx)
ffffffff8113b4e7: 48 8b 43 28 mov 0x28(%rbx),%rax
ffffffff8113b4eb: 83 80 10 01 00 00 01 addl $0x1,0x110(%rax)
ffffffff8113b4f2: e9 8e fe ff ff jmpq ffffffff8113b385 <iput+0x45>
ffffffff8113b4f7: 0f 0b ud2
ffffffff8113b4f9: be 76 05 00 00 mov $0x576,%esi
ffffffff8113b4fe: 48 c7 c7 fe 3b 55 81 mov $0xffffffff81553bfe,%rdi
ffffffff8113b505: e8 b6 7d f0 ff callq ffffffff810432c0 <warn_slowpath_null>
ffffffff8113b50a: e9 9f fe ff ff jmpq ffffffff8113b3ae <iput+0x6e>
ffffffff8113b50f: be 8a 05 00 00 mov $0x58a,%esi
ffffffff8113b514: 48 c7 c7 fe 3b 55 81 mov $0xffffffff81553bfe,%rdi
ffffffff8113b51b: e8 a0 7d f0 ff callq ffffffff810432c0 <warn_slowpath_null>
ffffffff8113b520: 48 8b 83 98 00 00 00 mov 0x98(%rbx),%rax
ffffffff8113b527: e9 cc fe ff ff jmpq ffffffff8113b3f8 <iput+0xb8>
ffffffff8113b52c: 0f 1f 40 00 nopl 0x0(%rax)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: BUG on fs/inode.c:1442 (linux 3.3.1 and 3.3.2)
2012-05-06 12:31 ` Lluís Batlle i Rossell
@ 2012-05-09 10:44 ` Jan Kara
0 siblings, 0 replies; 4+ messages in thread
From: Jan Kara @ 2012-05-09 10:44 UTC (permalink / raw)
To: Lluís Batlle i Rossell; +Cc: Jan Kara, linux-kernel
On Sun 06-05-12 14:31:00, Lluís Batlle i Rossell wrote:
> On Wed, Apr 18, 2012 at 01:48:44PM +0200, Jan Kara wrote:
> > Hello,
> >
> > On Sun 15-04-12 23:56:01, Lluís Batlle i Rossell wrote:
> > > destroying my openvpn client connection (SIGINT to openvp), in linux 3.3.1 and
> > > now also in 3.3.2, I noticed this BUG in dmesg (attached).
> > >
> > > It's a vanilla 3.3.2, at this shot.
> > >
> > > I know it never happened to me in any 3.2, but I did not try 3.3.0.
> > >
> > > I attach the .config. And I have the debug info for this kernel too, if this
> > > helps someone find a fix. But I imagine it's easy to reproduce.
> > From the first look it would seem as use after free bug but can you
> > please post disassembly of iput() function from your kernel? I.e. you load
> > vmlinux in gdb and run 'disass iput'. Thanks.
>
> Sorry for the delay. Here it is, for 3.3.2:
Thanks for the disassembly. I was hoping that the contents of
inode->i_state would be loaded in some register so we can see what value
it has. Sadly that's not the case so I cannot say anything more.
Did the bug happen to you again after the original report?
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-05-09 13:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-04-15 21:56 BUG on fs/inode.c:1442 (linux 3.3.1 and 3.3.2) Lluís Batlle i Rossell
2012-04-18 11:48 ` Jan Kara
2012-05-06 12:31 ` Lluís Batlle i Rossell
2012-05-09 10:44 ` Jan Kara
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.