[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071003084607.GC32218@elte.hu>
Date: Wed, 3 Oct 2007 10:46:07 +0200
From: Ingo Molnar <mingo@...e.hu>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Greg KH <gregkh@...e.de>,
Alexander Viro <viro@....linux.org.uk>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>
Subject: [bug] crash when reading /proc/mounts (was: Re: Linux 2.6.23-rc9
and a heads-up for the 2.6.24 series..)
hm, i just triggered the procfs crash below with -rc9 on a testbox.
Config attached. It's easy to reproduce it via 'service sshd restart'.
The crash site is:
(gdb) list *0xc017599d
0xc017599d is in seq_path (fs/seq_file.c:354).
349 if (m->count < m->size) {
350 char *s = m->buf + m->count;
351 char *p = d_path(dentry, mnt, s, m->size - m->count);
352 if (!IS_ERR(p)) {
353 while (s <= p) {
354 char c = *p++;
355 if (!c) {
356 p = m->buf + m->count;
357 m->count = s - m->buf;
358 return s - p;
(gdb)
any ideas? Fortunately i was able to do an strace of the incident:
3247 munmap(0xb7f3e000, 4096) = 0
3247 open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
3247 fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
3247 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f3e000
3247 read(3, <unfinished ...>
3247 +++ killed by SIGSEGV +++
and doing "cat /proc/mounts" triggers the crash reliably.
Ingo
---------------->
BUG: unable to handle kernel paging request at virtual address f2a40000
printing eip:
c017599d
*pdpt = 0000000000001001
*pde = 0000000000aee067
*pte = 0000000032a40000
Oops: 0000 [#1]
PREEMPT DEBUG_PAGEALLOC
Modules linked in:
CPU: 0
EIP: 0060:[<c017599d>] Not tainted VLI
EFLAGS: 00010297 (2.6.23-rc9 #89)
EIP is at seq_path+0x60/0xca
eax: f2a3fffe ebx: c290c8d4 ecx: f6e341f0 edx: f2a3fffe
esi: f2a3f007 edi: c29097f0 ebp: ec5ddf1c esp: ec5ddf04
ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
Process sshd (pid: 2743, ti=ec5dc000 task=f6e341f0 task.ti=ec5dc000)
Stack: 00000ff9 c2bf6b40 f2a3fffe c29097c0 c2bf6b40 c29097f0 ec5ddf34 c0173c41
c05ffe64 00000400 c2bf6b40 c29097f0 ec5ddf74 c0175d2b 00000400 b7fa2000
f5277600 c2bf6b60 00000000 c0109e99 ec5ddf80 00000246 c01555e6 00000000
Call Trace:
[<c0106f80>] show_trace_log_lvl+0x19/0x2e
[<c0107030>] show_stack_log_lvl+0x9b/0xa3
[<c0107428>] show_registers+0x1c4/0x2e3
[<c010772d>] die+0x115/0x1e0
[<c0115e3b>] do_page_fault+0x808/0x8e1
[<c0508faa>] error_code+0x6a/0x70
[<c0173c41>] show_vfsmnt+0x44/0x11e
[<c0175d2b>] seq_read+0xeb/0x25f
[<c0160e63>] vfs_read+0x87/0xe5
[<c0161613>] sys_read+0x3d/0x61
[<c010606e>] sysenter_past_esp+0x6b/0xb5
=======================
Code: 89 45 f0 76 77 eb 7a 8b 55 ec 8b 4d ec 89 f7 8b 02 89 c2 03 51 0c 29 c7 89 f0 89 79 0c 29 d0 eb 6c 89 f8 88 06 46 eb 54 8b 55 f0 <8b> 3a 42 89 55 f0 89 f9 84 c9 74 d0 8b 45 08 0f be d9 89 da e8
EIP: [<c017599d>] seq_path+0x60/0xca SS:ESP 0068:ec5ddf04
BUG: unable to handle kernel paging request at virtual address f2a40000
printing eip:
c017599d
*pdpt = 0000000000001001
*pde = 0000000000aee067
*pte = 0000000032a40000
Oops: 0000 [#2]
PREEMPT DEBUG_PAGEALLOC
Modules linked in:
CPU: 0
EIP: 0060:[<c017599d>] Tainted: G D VLI
EFLAGS: 00010297 (2.6.23-rc9 #89)
EIP is at seq_path+0x60/0xca
eax: f2a3fffe ebx: c290c8d4 ecx: c02be275 edx: f2a3fffe
esi: f2a3f007 edi: c29097f0 ebp: ef2b7f1c esp: ef2b7f04
ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
Process sshd (pid: 2744, ti=ef2b6000 task=f6e5cce0 task.ti=ef2b6000)
Stack: 00000ff9 c2bf6b40 f2a3fffe c29097c0 c2bf6b40 c29097f0 ef2b7f34 c0173c41
c05ffe64 00000400 c2bf6b40 c29097f0 ef2b7f74 c0175d2b 00000400 b7f09000
f7375240 c2bf6b60 00000000 00000073 ef2b7f80 00000246 c01555e6 00000000
Call Trace:
[<c0106f80>] show_trace_log_lvl+0x19/0x2e
[<c0107030>] show_stack_log_lvl+0x9b/0xa3
[<c0107428>] show_registers+0x1c4/0x2e3
[<c010772d>] die+0x115/0x1e0
[<c0115e3b>] do_page_fault+0x808/0x8e1
[<c0508faa>] error_code+0x6a/0x70
[<c0173c41>] show_vfsmnt+0x44/0x11e
[<c0175d2b>] seq_read+0xeb/0x25f
[<c0160e63>] vfs_read+0x87/0xe5
[<c0161613>] sys_read+0x3d/0x61
[<c010606e>] sysenter_past_esp+0x6b/0xb5
=======================
Code: 89 45 f0 76 77 eb 7a 8b 55 ec 8b 4d ec 89 f7 8b 02 89 c2 03 51 0c 29 c7 89 f0 89 79 0c 29 d0 eb 6c 89 f8 88 06 46 eb 54 8b 55 f0 <8b> 3a 42 89 55 f0 89 f9 84 c9 74 d0 8b 45 08 0f be d9 89 da e8
EIP: [<c017599d>] seq_path+0x60/0xca SS:ESP 0068:ef2b7f04
View attachment "config-crash" of type "text/plain" (40127 bytes)
Powered by blists - more mailing lists