From: Andrew Morton <akpm@digeo.com>
To: Arador <diegocg@teleline.es>
Cc: linux-kernel@vger.kernel.org
Subject: Re: 2.5.67-mm4
Date: Sat, 19 Apr 2003 14:02:42 -0700 [thread overview]
Message-ID: <20030419140242.350dd5bf.akpm@digeo.com> (raw)
In-Reply-To: <20030419202802.15d79547.diegocg@teleline.es>
Arador <diegocg@teleline.es> wrote:
>
> On Fri, 18 Apr 2003 01:45:36 -0700
> Andrew Morton <akpm@digeo.com> wrote:
>
> >
> > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.5/2.5.67/2.5.67-mm4/
>
>
> I got this oops while loading xchat2:
> Unable to handle kernel paging request at virtual address 6b6b6bf7
> printing eip:
> c0107643
> *pde = 00000000
> Oops: 0000 [#1]
> CPU: 1
> EIP: 0060:[<c0107643>] Not tainted VLI
> EFLAGS: 00210202
> EIP is at release_thread+0x13/0x60
> eax: 6b6b6b6b ebx: ce9a2060 ecx: 00000000 edx: 00200296
> esi: c2a90000 edi: ce9a265c ebp: c2a91efc esp: c2a91ee8
> ds: 007b es: 007b ss: 0068
> Process xchat (pid: 1389, threadinfo=c2a90000 task=ca36b310)
> Stack: cffe77e8 c03573a0 ce9a2060 c2a90000 ce9a2060 c2a91f1c c012400a ce9a2060
> 00000000 c68a7df4 ce9a2060 00000586 bfffdc14 c2a91f48 c0125fe0 ce9a2060
> fffffe00 ca36b310 00000000 c03571c0 c2a9007b ce9a2104 ce9a2060 ca36b310
> Call Trace:
> [<c012400a>] release_task+0x1ba/0x270
> [<c0125fe0>] wait_task_zombie+0x170/0x1d0
> [<c01264f7>] sys_wait4+0x267/0x2b0
> [<c0131011>] sys_rt_sigaction+0xd1/0x100
> [<c011d590>] default_wake_function+0x0/0x20
> [<c011d590>] default_wake_function+0x0/0x20
> [<c0109a5f>] syscall_call+0x7/0xb
OK, we died in release_thread:
266 if (dead_task->mm->context.size) {
the `mm' has been returned to slab.
Something is wrong with the task_struct refcounting, there is
no doubt about that. Several people have reported instances where
the slab use-after-free detector has detected task_struct.usage
being decremented against a freed task_struct. Probably this
is the same bug, detected by other means.
It has been seen on uniprocessor too. We don't know what is causing it.
next prev parent reply other threads:[~2003-04-19 20:50 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-18 8:45 2.5.67-mm4 Andrew Morton
2003-04-18 9:17 ` 2.5.67-mm4 Andrei Ivanov
2003-04-18 9:26 ` 2.5.67-mm4 Andrew Morton
2003-04-18 14:31 ` 2.5.67-mm4 Seth Chandler
2003-04-18 15:32 ` 2.5.67-mm4 Andrei Ivanov
2003-04-18 15:49 ` 2.5.67-mm4 Toon van der Pas
2003-04-18 21:48 ` 2.5.67-mm4 Andrew Morton
2003-04-18 23:25 ` 2.5.67-mm4 Nick Piggin
2003-04-18 16:17 ` 2.5.67-mm4 devfs don't compile Helge Hafting
2003-04-18 16:24 ` Randy.Dunlap
2003-04-19 18:28 ` 2.5.67-mm4 Arador
2003-04-19 21:02 ` Andrew Morton [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-04-18 19:37 2.5.67-mm4 Andrei Ivanov
2003-04-18 20:54 ` 2.5.67-mm4 Nick Orlov
2003-04-18 21:54 ` 2.5.67-mm4 Christoph Hellwig
2003-04-18 22:10 ` 2.5.67-mm4 Nick Orlov
2003-04-18 22:12 ` 2.5.67-mm4 Christoph Hellwig
2003-04-18 22:29 ` 2.5.67-mm4 Nick Orlov
2003-04-18 23:07 ` 2.5.67-mm4 Nick Orlov
2003-04-19 7:45 ` 2.5.67-mm4 Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030419140242.350dd5bf.akpm@digeo.com \
--to=akpm@digeo.com \
--cc=diegocg@teleline.es \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox