On Fri, Feb 21, 2014 at 12:40 PM, poma <pomidorabelisima(a)gmail.com&gt; wrote: > > Affected kernels - 3.14.0-0.rc3*: > > - 3.14.0-0.rc3.git0.1 > http://koji.fedoraproject.org/koji/buildinfo?buildID=498711 > > - 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1 > > - 3.14.0-0.rc3.git2.1 > http://koji.fedoraproject.org/koji/buildinfo?buildID=499061 > > - 3.14.0-0.rc3.git5.1 > http://koji.fedoraproject.org/koji/buildinfo?buildID=499636 > > Memtest86+ 4.20 - OK > http://goo.gl/1nm1nV > > RHBZ > https://bugzilla.redhat.com/show_bug.cgi?id=1067919 > > messages-Oops-es-3.14.0-0.rc3 > https://bugzilla.redhat.com/attachment.cgi?id=865926 Maybe commits 7053aee26a3548ebaba046ae2e52396ccf56ac6c (fsnotify: do not share events between notification groups) and 85816794240b9659e66e4d9b0df7c6e814e5f603 (fanotify: Fix use after free for permission events) introduced this regression.

On 21.02.2014 16:48, Jan Kara wrote: > On Fri 21-02-14 14:08:03, Richard Weinberger wrote: >> On Fri, Feb 21, 2014 at 12:40 PM, poma <pomidorabelisima(a)gmail.com&gt; wrote: >>> >>> Affected kernels - 3.14.0-0.rc3*: >>> >>> - 3.14.0-0.rc3.git0.1 >>> http://koji.fedoraproject.org/koji/buildinfo?buildID=498711 >>> >>> - 3.14.0-0.rc3.git0.7 based on 3.14.0-0.rc3.git0.1 >>> >>> - 3.14.0-0.rc3.git2.1 >>> http://koji.fedoraproject.org/koji/buildinfo?buildID=499061 >>> >>> - 3.14.0-0.rc3.git5.1 >>> http://koji.fedoraproject.org/koji/buildinfo?buildID=499636 >>> >>> Memtest86+ 4.20 - OK >>> http://goo.gl/1nm1nV >>> >>> RHBZ >>> https://bugzilla.redhat.com/show_bug.cgi?id=1067919 >>> >>> messages-Oops-es-3.14.0-0.rc3 >>> https://bugzilla.redhat.com/attachment.cgi?id=865926 >> >> Maybe commits 7053aee26a3548ebaba046ae2e52396ccf56ac6c (fsnotify: do >> not share events between notification groups) >> and 85816794240b9659e66e4d9b0df7c6e814e5f603 (fanotify: Fix use after >> free for permission events) introduced this regression. > So the immediate problem seems to be that event->tgid is 0xffffffff > instead of a pointer. I don't see how this could be use after free and we > unconditionally initialize event->tgid to something sensible. Hum, but if > it is an overflow event, we are in a trouble since that doesn't have ->tgid > field at all so we read random crap that happens to be beyond the event > structure. Actually there seem to be more problems in the handling of > overflow event so I better add that to my testing (both for fanotify and > inotify). I'll work on the fix. Thanks for report! > > Honza > The test was successfully completed with the '3.14-rc5'. Thanks guys, Jan for the patchwork!