Re: kernel 2.6.39 (user mode linux) crashes (2.6.38 works fine)

From: Toralf Förster
Date: Thu May 19 2011 - 16:18:30 EST

richard -rw- weinberger wrote at 19:00:35
> Can you bisect the issue?

tfoerste@n22 ~/devel/linux-2.6 $ git bisect bad
2e12978a9f7a7abd54e8eb9ce70a7718767b8b2c is the first bad commit
commit 2e12978a9f7a7abd54e8eb9ce70a7718767b8b2c
Author: Lai Jiangshan <laijs@xxxxxxxxxxxxxx>
Date: Wed Dec 22 14:18:50 2010 +0800

futex,plist: Pass the real head of the priority list to plist_del()

Some plist_del()s in kernel/futex.c are passed a faked head of the
priority list.

It does not fail because the current code does not require the real head
in plist_del(). The current code of plist_del() just uses the head for
so it will not cause a bad result even when we use a faked head.

But it is undocumented usage:

* plist_del - Remove a @node from plist.
* @node: &struct plist_node pointer - entry to be removed
* @head: &struct plist_head pointer - list head

The document says that the @head is the "list head" head of the priority

In futex code, several places use "plist_del(&q->list, &q->list.plist);",
they pass a fake head. We need to fix them all.

Thanks to Darren Hart for many suggestions.

Acked-by: Darren Hart <dvhart@xxxxxxxxxxxxxxx>
Signed-off-by: Lai Jiangshan <laijs@xxxxxxxxxxxxxx>
LKML-Reference: <4D11984A.5030203@xxxxxxxxxxxxxx>
Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>

:040000 040000 78d47de377f8da1c131007a17ca915fbd13f7ff6
ffac93205aaf22fda0667d6395c8da7c7bf692e4 M kernel

Toralf Förster
pgp finger print: 7B1A 07F4 EC82 0F90 D4C2 8936 872A E508 7DB6 9DA3
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at