From: "Chen, Kenneth W" <kenneth.w.chen@intel.com>

We hit this bug when we have the following scenario:

One process initializes an AIO context and then forks out many child
processes.  When those child processes exit, many BUG checks
(effectively kernel oops) were triggered from put_ioctx(ctx) in function
exit_aio().

The issue was that the AIO context was incorrectly copied upon forking
and mislead all child processes to think they have an IO context and
trying to free it where they really don't own.  The following patch fix
the issue.



 25-akpm/kernel/fork.c |    1 +
 1 files changed, 1 insertion(+)

diff -puN kernel/fork.c~aio-fork-fix kernel/fork.c
--- 25/kernel/fork.c~aio-fork-fix	Mon Jul  7 15:14:40 2003
+++ 25-akpm/kernel/fork.c	Mon Jul  7 15:14:40 2003
@@ -375,6 +375,7 @@ static struct mm_struct * mm_init(struct
 	mm->core_waiters = 0;
 	mm->page_table_lock = SPIN_LOCK_UNLOCKED;
 	mm->ioctx_list_lock = RW_LOCK_UNLOCKED;
+	mm->ioctx_list = NULL;
 	mm->default_kioctx = (struct kioctx)INIT_KIOCTX(mm->default_kioctx, *mm);
 	mm->free_area_cache = TASK_UNMAPPED_BASE;
 

_