From: "Paul Menage" <menage@google.com>
To: "Cedric Le Goater" <clg@fr.ibm.com>
Cc: "Andrew Morton" <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: 2.6.23-mm1 - list_add corruption in cgroup
Date: Fri, 19 Oct 2007 15:11:38 -0700 [thread overview]
Message-ID: <6599ad830710191511k20744898oeede19ec8fc5d92@mail.gmail.com> (raw)
In-Reply-To: <4716303C.8020009@fr.ibm.com>
On 10/17/07, Cedric Le Goater <clg@fr.ibm.com> wrote:
> Hello !
>
> While polling the contents of a cgroup task file, I caught the
> following corruption. Is there a known race (and a fix) or should
> I start digging ?
>
> list_add corruption. next->prev should be prev (ffffffff80a3f338), but was 0000000000200200. (next=ffff810103dcbe90).
> ------------[ cut here ]------------
> kernel BUG at /home/legoater/linux/2.6.23-mm1/lib/list_debug.c:27!
> invalid opcode: 0000 [1] SMP
> last sysfs file: /devices/pci0000:00/0000:00:1e.0/0000:01:01.0/local_cpus
> CPU 3
> Modules linked in: ipt_REJECT iptable_filter autofs4 nfs lockd sunrpc tg3 sg joydev ext3 jbd ehci_hcd ohci_hcd uhci_hcd
> Pid: 2441, comm: bash Not tainted 2.6.23-mm1 #4
> RIP: 0010:[<ffffffff80308cda>] [<ffffffff80308cda>] __list_add+0x27/0x5b
> RSP: 0018:ffff810103d87dd8 EFLAGS: 00010296
> RAX: 0000000000000079 RBX: ffff810105033040 RCX: 0000000000000079
> RDX: ffff810103d960c0 RSI: 0000000000000001 RDI: 0000000000000096
> RBP: ffff810103d87dd8 R08: 0000000000000002 R09: ffff810008123780
> R10: 0000000000000000 R11: ffff810103d87a98 R12: 0000000000000000
> R13: ffff810105033040 R14: ffff810104c11ac0 R15: 0000000000000000
> FS: 00007f4e273556f0(0000) GS:ffff81010011a840(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00000000006ca2f8 CR3: 0000000103d82000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process bash (pid: 2441, threadinfo ffff810103d86000, task ffff810103d960c0)
> last branch before last exception/interrupt
> from [<ffffffff80235885>] printk+0x68/0x69
> to [<ffffffff80308cda>] __list_add+0x27/0x5b
> Stack: ffff810103d87de8 ffffffff80308d1a ffff810103d87e08 ffffffff802606bf
> ffff810103d87e08 0000000000000000 ffff810103d87ea8 ffffffff80233dca
> ffff810103ddf340 00007f4e27355780 0000000000000000 ffff810103d87f58
> Call Trace:
> [<ffffffff80308d1a>] list_add+0xc/0xe
> [<ffffffff802606bf>] cgroup_post_fork+0x41/0x52
> [<ffffffff80233dca>] copy_process+0x12d0/0x143a
> [<ffffffff8020b9b5>] tracesys+0xdc/0xe1
> [<ffffffff80234095>] do_fork+0x76/0x203
> [<ffffffff802679cc>] audit_syscall_entry+0x148/0x17e
> [<ffffffff8020b9b5>] tracesys+0xdc/0xe1
> [<ffffffff80209dd5>] sys_clone+0x23/0x25
> [<ffffffff8020bb67>] ptregscall_common+0x67/0xb0
This is a crash on
list_add(&child->cg_list, &child->cgroups->tasks);
in cgroup_post_fork(). So it looks like child->cgroups->tasks.next is
a deleted list element. But there are no places that modify that list
outside of write_lock(&css_set_lock) as far as I can see, so I'm a bit
confused as to what the problem could be. I'll try to reproduce this.
Paul
next prev parent reply other threads:[~2007-10-19 22:11 UTC|newest]
Thread overview: 163+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-12 4:31 2.6.23-mm1 Andrew Morton
2007-10-12 5:03 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-12 6:42 ` 2.6.23-mm1 Andrew Morton
2007-10-12 6:46 ` 2.6.23-mm1 Al Viro
2007-10-12 7:13 ` 2.6.23-mm1 Andrew Morton
2007-10-12 18:06 ` [PATCH net-2.6] uml: hard_header fix Stephen Hemminger
2007-10-12 19:04 ` 2.6.23-mm1 Al Viro
2007-10-12 19:47 ` 2.6.23-mm1 thread exit_group issue Mathieu Desnoyers
2007-10-12 20:01 ` Andrew Morton
2007-10-13 1:03 ` Andrew Morton
2007-10-13 11:48 ` Oleg Nesterov
2007-10-13 12:02 ` Oleg Nesterov
2007-10-13 17:49 ` Andrew Morton
2007-10-14 4:04 ` Mathieu Desnoyers
2007-10-12 7:25 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-12 8:36 ` 2.6.23-mm1 Sam Ravnborg
2007-10-12 8:31 ` 2.6.23-mm1 Torsten Kaiser
2007-10-12 8:37 ` 2.6.23-mm1 Andrew Morton
2007-10-12 12:46 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 8:01 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 10:55 ` 2.6.23-mm1 Jeff Garzik
2007-10-13 12:03 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 12:19 ` 2.6.23-mm1 Jeff Garzik
2007-10-13 14:32 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 14:40 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 15:13 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 17:48 ` 2.6.23-mm1 Jeff Garzik
2007-10-13 18:05 ` 2.6.23-mm1 Torsten Kaiser
2007-10-13 18:18 ` 2.6.23-mm1 Andrew Morton
2007-10-13 18:35 ` 2.6.23-mm1 Torsten Kaiser
2007-10-14 11:54 ` 2.6.23-mm1 Torsten Kaiser
2007-10-14 18:39 ` 2.6.23-mm1 Andrew Morton
2007-10-14 19:12 ` 2.6.23-mm1 Torsten Kaiser
2007-10-14 19:26 ` 2.6.23-mm1 Andrew Morton
2007-10-14 19:26 ` 2.6.23-mm1 Andrew Morton
2007-10-14 19:40 ` 2.6.23-mm1 Torsten Kaiser
2007-10-14 22:03 ` 2.6.23-mm1 Milan Broz
2007-10-14 22:03 ` 2.6.23-mm1 Milan Broz
2007-10-15 6:50 ` 2.6.23-mm1 Jens Axboe
2007-10-15 6:50 ` 2.6.23-mm1 Jens Axboe
2007-10-15 7:31 ` 2.6.23-mm1 Neil Brown
2007-10-15 7:31 ` 2.6.23-mm1 Neil Brown
2007-10-15 7:45 ` 2.6.23-mm1 Jens Axboe
2007-10-15 7:45 ` 2.6.23-mm1 Jens Axboe
2007-10-13 18:41 ` 2.6.23-mm1 Jeff Garzik
2007-10-12 6:48 ` 2.6.23-mm1 Cedric Le Goater
2007-10-12 6:51 ` [PATCH] add missing parenthesis in cfe_writeblk() macro Mariusz Kozlowski
2007-10-12 7:44 ` 2.6.23-mm1 - build failure on axonram Kamalesh Babulal
2007-10-12 9:42 ` Build Failure (Was Re: 2.6.23-mm1) Dhaval Giani
2007-10-12 9:42 ` Dhaval Giani
2007-10-12 20:38 ` 2.6.23-mm1 Laurent Riffard
2007-10-12 21:00 ` 2.6.23-mm1 Andrew Morton
2007-10-13 9:29 ` [PATCH] Reiser4: Drop 'size' argument from bio_endio and bi_end_io Laurent Riffard
2007-10-13 10:10 ` Jens Axboe
2007-10-14 13:09 ` Edward Shishkin
2007-10-15 16:13 ` 2.6.23-mm1 Zan Lynx
2007-10-12 21:32 ` 2.6.23-mm1 Rafael J. Wysocki
2007-10-15 16:09 ` 2.6.23-mm1 Mark Gross
2007-10-15 20:40 ` 2.6.23-mm1 Rafael J. Wysocki
2007-10-16 19:58 ` 2.6.23-mm1 Mark Gross
2007-10-16 20:28 ` 2.6.23-mm1 Rafael J. Wysocki
2007-10-16 23:31 ` 2.6.23-mm1 Mark Gross
2007-10-17 21:15 ` [PATCH] static initialization with blocking notifiers. was :wqRe: 2.6.23-mm1 Mark Gross
2007-10-17 17:21 ` [PATCH] static initialization and blocking notification for pm_qos... was 2.6.23-mm1 Mark Gross
2007-10-13 4:35 ` 2.6.23-mm1 - Build failure on rgmii Kamalesh Babulal
2007-10-13 4:44 ` 2.6.23-mm1 - build failure with advansys Kamalesh Babulal
2007-10-13 6:52 ` Andrew Morton
2007-10-13 6:52 ` Andrew Morton
2007-10-18 0:07 ` Paul Mackerras
2007-10-18 0:07 ` Paul Mackerras
2007-10-18 1:48 ` Matthew Wilcox
2007-10-18 1:48 ` Matthew Wilcox
2007-10-13 15:50 ` 2.6.23-mm1 pm_prepare() and _finish() w/ args vs. without Joseph Fannin
2007-10-13 17:22 ` Rafael J. Wysocki
2007-10-13 18:40 ` Joseph Fannin
2007-10-13 19:13 ` Rafael J. Wysocki
2007-10-14 19:47 ` Joseph Fannin
2007-10-14 20:20 ` Rafael J. Wysocki
2007-10-15 20:55 ` Rafael J. Wysocki
2007-10-16 17:29 ` Joseph Fannin
2007-10-13 17:12 ` 2.6.23-mm1 Gabriel C
2007-10-13 18:01 ` 2.6.23-mm1 Andrew Morton
2007-10-13 18:08 ` 2.6.23-mm1 Gabriel C
2007-10-15 16:28 ` 2.6.23-mm1 Dave Hansen
2007-10-13 17:58 ` Suspend Broken (Re: 2.6.23-mm1) Dhaval Giani
2007-10-13 18:33 ` Rafael J. Wysocki
2007-10-14 4:26 ` Dhaval Giani
2007-10-14 14:19 ` Rafael J. Wysocki
2007-10-13 22:11 ` [2.6.23-mm1] CONFIG_LOCALVERSION handling broken Tilman Schmidt
2007-10-17 20:27 ` Sam Ravnborg
2007-10-17 23:06 ` Tilman Schmidt
2007-10-27 15:19 ` Tilman Schmidt
2007-10-27 15:28 ` Sam Ravnborg
2007-10-14 22:34 ` 2.6.23-mm1: BUG in reiserfs_delete_xattrs Laurent Riffard
2007-10-14 22:34 ` Laurent Riffard
2007-10-15 8:40 ` Christoph Hellwig
2007-10-15 18:31 ` Jeff Mahoney
2007-10-15 18:31 ` Jeff Mahoney
2007-10-15 18:31 ` Jeff Mahoney
2007-10-15 20:06 ` Laurent Riffard
2007-10-15 20:06 ` Laurent Riffard
2007-10-15 20:23 ` Jeff Mahoney
2007-10-15 20:23 ` Jeff Mahoney
2007-10-17 8:59 ` Christoph Hellwig
2007-10-17 8:58 ` Christoph Hellwig
2007-10-17 14:55 ` Jeff Mahoney
2007-10-17 14:55 ` Jeff Mahoney
2007-10-17 14:55 ` Jeff Mahoney
2007-10-15 19:51 ` Laurent Riffard
2007-10-15 19:51 ` Laurent Riffard
2007-10-15 19:51 ` Laurent Riffard
2007-10-15 6:18 ` [PATCH] Add irq protection in the percpu-counters cpu-hotplug-callback path Gautham R Shenoy
2007-10-15 12:28 ` nfs mmap adventure (was: 2.6.23-mm1) Peter Zijlstra
2007-10-15 15:43 ` Trond Myklebust
2007-10-15 14:06 ` David Howells
2007-10-15 15:51 ` Trond Myklebust
2007-10-15 16:38 ` Peter Zijlstra
2007-10-15 23:27 ` David Howells
2007-10-16 1:46 ` Nick Piggin
2007-10-16 7:18 ` 2.6.23-mm1 - regression- PowerPC link failure at arch/powerpc/kernel/head_64.o Kamalesh Babulal
2007-10-16 7:28 ` Andrew Morton
2007-10-16 7:44 ` Kamalesh Babulal
2007-10-21 6:42 ` Kamalesh Babulal
2007-10-27 5:05 ` Stephen Rothwell
2007-10-17 7:01 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-17 9:02 ` 2.6.23-mm1 Andrew Morton
2007-10-17 9:10 ` 2.6.23-mm1 Jiri Kosina
2007-10-17 9:36 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-17 11:42 ` 2.6.23-mm1 Jiri Kosina
2007-10-17 12:33 ` 2.6.23-mm1 KAMEZAWA Hiroyuki
2007-10-19 9:07 ` PIE randomization (was Re: 2.6.23-mm1) Jiri Kosina
2007-10-19 21:54 ` 2.6.23-mm1 Jiri Kosina
2007-10-17 15:54 ` 2.6.23-mm1 - list_add corruption in cgroup Cedric Le Goater
2007-10-18 15:56 ` Paul Menage
2007-10-19 22:11 ` Paul Menage [this message]
2007-10-18 12:06 ` 2.6.23-mm1 - powerpc - Build fails at arch/powerpc/boot/inflate.o Kamalesh Babulal
2007-10-18 12:06 ` Kamalesh Babulal
2007-10-18 12:23 ` Paul Mackerras
2007-10-18 12:23 ` Paul Mackerras
2007-10-18 13:20 ` Kamalesh Babulal
2007-10-18 13:20 ` Kamalesh Babulal
2007-10-20 4:57 ` oops in lbmIODone, fails to boot [Re: 2.6.23-mm1] Mattia Dongili
2007-10-20 5:34 ` Andrew Morton
2007-10-20 12:18 ` Dave Kleikamp
2007-10-21 5:44 ` Mattia Dongili
2007-10-20 5:13 ` 2.6.23-mm1 - autofs broken Rik van Riel
2007-10-20 5:39 ` Andrew Morton
2007-10-20 5:54 ` Rik van Riel
2007-10-20 5:54 ` Rik van Riel
2007-10-20 14:56 ` Rik van Riel
2007-10-22 22:03 ` Dave Hansen
2007-10-22 3:45 ` Ian Kent
2007-10-22 16:46 ` Rik van Riel
2007-10-21 5:58 ` mysqld prevents s2ram [Re: 2.6.23-mm1] Mattia Dongili
2007-10-21 6:28 ` Mattia Dongili
2007-10-21 9:58 ` Pavel Machek
2007-10-21 11:53 ` Rafael J. Wysocki
2007-10-22 18:40 ` kernel panic when running tcpdump Mariusz Kozlowski
2007-10-22 18:40 ` Mariusz Kozlowski
2007-10-22 19:03 ` Andrew Morton
2007-10-22 19:03 ` Andrew Morton
2007-10-22 21:16 ` Mariusz Kozlowski
2007-10-22 21:16 ` Mariusz Kozlowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6599ad830710191511k20744898oeede19ec8fc5d92@mail.gmail.com \
--to=menage@google.com \
--cc=akpm@linux-foundation.org \
--cc=clg@fr.ibm.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.