Re: [bug] WARNING: at drivers/char/tty_io.c:1266 tty_open+0x1ea/0x388()

[Ingo Molnar <mingo@elte.hu>]

* Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:

> > I have applied your patch from yesterday (attached further below for 
> > reference) and the SLAB corruption has not triggered - instead i'm 
> > now getting this warning, after 96 reboots
> 
> That one is interesting btw - however its not a new bug. The 
> WARN_ON() was added in the new patches to catch cases where the 
> tty open/close locking was broken and see if all the ldisc related 
> ones were nailed.
> 
> Apparently on a very SMP box they are not. It's not however a new 
> bug - just the result of checking for the problem.
> 
> +        WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
> 
> 
> ..
> 
> which means that someone cleared the ldisc behind our back despite 
> us holding tty_mutex. That would suggest a hangup/reopen race 
> which shouldn't be too hard to find.
> 
> Dunno what you feed your SMP box but its very useful 8)

it's plain old-fashioned brute force plus a randconfig search: if a 
race is possible it will trigger eventually here, given the right 
hardware (i use a number of different systems), given the right 
user-space (i use heterogenous installations), given the right 
compiler/binutils (that too is heterogenous) and the right timing 
and kernel feature combo via a huge, 2^1000 randconfig space.

Plus this system is an old P4 HyperThreading dual-socket system: 
pretty much the only thing HyperThreading is good for on that box is 
finding SMP races: that CPU can (and will) yield between 
hyperthreads on arbitrary instruction boundaries - opening up races 
wide open.

In fact we had races in the past that would only trigger on that 
box, ever. (note that this warning did trigger on another box as 
well - after 350+ bootups ...) And we thought P4-HT is pure crap ;-)

	Ingo