#119 Oops at pvpop_procfs_getattr+0x1d3

v1.9.2
closed-out-of-date
nobody
5
2007-08-13
2006-11-18
Roger Tsang
No

<1>Unable to handle kernel NULL pointer dereference at virtual address 0000006c
<1> printing eip:
<4>c0210eb3
<1>*pde = 00000000
<1>Oops: 0002 [#1]
<4>Modules linked in: udf sha256 aes_i586 dm_crypt loop ipt_MASQUERADE nfsd exportfs tun ipt_REJECT ipt_state ipt_multiport iptable_filter iptable_nat ip_conntrack ip_tables binfmt_misc dm_mod ehci_hcd usbcore floppy drbd sk98lin r8169 via_rhine
<4>CPU: 0
<4>EIP: 0060:[<c0210eb3>] Not tainted VLI
<4>EFLAGS: 00010246 (2.6.10-bk7-ssi43)
<4>EIP is at pvpop_procfs_getattr+0x1d3/0x220
<4>eax: 00000058 ebx: c4967c1c ecx: c4967c74 edx: 00000000
<4>esi: c4967c00 edi: dac36d14 ebp: d4f71e30 esp: d4f71dc8
<4>ds: 007b es: 007b ss: 0068
<4>Process pidof (pid: 245061, threadinfo=d4f70000 task=ce0c2020)
<4>Stack: c4967c00 00000000 c03e23b0 f6d8e144 ce0c2020 c0517500 00000002 f6d8e144
<4> 00000000 00000000 f6f6ceac d4f71e20 c02717ab f6d8e144 00000000 00000002
<4> 00000000 00000000 00000000 00000000 00000000 00000000 d4f71e6c e7456764
<4>Call Trace:
<4> [<c0104aaf>] show_stack+0x7f/0xa0
<4> [<c0104c49>] show_registers+0x159/0x220
<4> [<c0104fc1>] die+0xd1/0x190
<4> [<c01164ad>] do_page_fault+0x45d/0x659
more>
Only 'q' or 'Q' are processed at more prompt, input ignored
<4> [<c010472b>] error_code+0x2b/0x30
<4> [<c0184543>] pid_revalidate+0x63/0x120
<4> [<c0164a07>] do_lookup+0x57/0x90
<4> [<c0164bd0>] link_path_walk+0x190/0xca0
<4> [<c0165927>] path_lookup+0x77/0x120
<4> [<c0166067>] open_namei+0x87/0x5c0
<4> [<c0155c1a>] filp_open+0x3a/0x60
<4> [<c0156003>] sys_open+0x53/0x90
<4> [<c0103c75>] sysenter_past_esp+0x52/0x75
<4>Code: ff 31 c0 83 c4 5c 5b 5e 5f c9 c3 8b 45 10 89 44 24 04 8b 43 08 89 04 24 e8 eb fd ff ff 85 c0 0f 85 59 ff ff ff 8b 56 0c 8d 42 58 <c7> 40 14 00 00 00 00 c7 40 08 00 00 00 00 ff 42 58 0f 8e 2b 16
<4>

Stack traceback for pid 245061
0xce0c2020 245061 245060 1 0 R 0xce0c21e0 *pidof
EBP EIP Function (args)
0xd4f71e30 0xc0210eb3 pvpop_procfs_getattr+0x1d3 (0xc4967c00, 0x0, 0x0, 0xd4f71e54, 0xd4f71e58)
0xd4f71e6c 0xc0184543 pid_revalidate+0x63 (0xdac36d14, 0xd4f71f58, 0x1, 0xcac2d00d, 0x5d9e22f4)
0xd4f71e8c 0xc0164a07 do_lookup+0x57 (0xd4f71f58, 0xd4f71ed8, 0xd4f71ed0, 0xc0164a07, 0xf7d916b4)
0xd4f71ef4 0xc0164bd0 link_path_walk+0x190 (0x0, 0xf7d94d00, 0xd4f71f58, 0x0)
0xd4f71f0c 0xc0165927 path_lookup+0x77 (0x3f0, 0xd4f71f70, 0xcac2d000, 0xdbd61054, 0xfffffff3)
0xd4f71f40 0xc0166067 open_namei+0x87 (0xcac2d000, 0x1, 0x1b6, 0xd4f71f58, 0xf7d916b4)
0xd4f71f9c 0xc0155c1a filp_open+0x3a (0xcac2d000, 0x0, 0x1b6, 0xbffffc10, 0x0)
0xd4f71fbc 0xc0156003 sys_open+0x53
0xc0103c75 sysenter_past_esp+0x52

Related

Bugs: #1

Discussion

  • Roger Tsang
    Roger Tsang
    2006-11-18

    Logged In: YES
    user_id=1246761
    Originator: YES

    0xc0210eb3 pvpop_procfs_getattr+0x1d3: movl $0x0,0x14(%eax)
    0xc0210eba pvpop_procfs_getattr+0x1da: movl $0x0,0x8(%eax)
    0xc0210ec1 pvpop_procfs_getattr+0x1e1: incl 0x58(%edx)
    0xc0210ec4 pvpop_procfs_getattr+0x1e4: jle 0xc02124f5 .text.lock.dvp_pvpops+0x41d
    0xc0210eca pvpop_procfs_getattr+0x1ea: movl $0xc03e23b0,0x4(%esp,1)
    0xc0210ed2 pvpop_procfs_getattr+0x1f2: mov %esi,(%esp,1)
    0xc0210ed5 pvpop_procfs_getattr+0x1f5: call 0xc020a970 vproc_release_movement
    0xc0210eda pvpop_procfs_getattr+0x1fa: mov $0xfffffffd,%eax
    0xc0210edf pvpop_procfs_getattr+0x1ff: jmp 0xc0210e8b pvpop_procfs_getattr+0x1ab
    0xc0210ee1 pvpop_procfs_getattr+0x201: mov 0xffffffcc(%ebp),%ebx
    0xc0210ee4 pvpop_procfs_getattr+0x204: mov %esi,(%esp,1)
    0xc0210ee7 pvpop_procfs_getattr+0x207: movl $0xc03e23b0,0x4(%esp,1)
    0xc0210eef pvpop_procfs_getattr+0x20f: call 0xc020a970 vproc_release_movement
    0xc0210ef4 pvpop_procfs_getattr+0x214: mov %ebx,%eax
    0xc0210ef6 pvpop_procfs_getattr+0x216: add $0x5c,%esp
    0xc0210ef9 pvpop_procfs_getattr+0x219: pop %ebx

    c0210fd0: e8 eb fd ff ff call c0210dc0 <ssi_do_files_check>
    c0210fd5: 85 c0 test %eax,%eax
    c0210fd7: 0f 85 59 ff ff ff jne c0210f36 <pvpop_procfs_getattr+0x126>
    return (lockp->sl_owner == current);
    }

    static inline void ssi_unlock_lock(LOCK_T *lockp)
    {
    c0210fdd: 8b 56 0c mov 0xc(%esi),%edx
    c0210fe0: 8d 42 58 lea 0x58(%edx),%eax
    SSI_LOCK_ASSERT_INITED(lockp);
    SSI_LOCK_ASSERT(!in_interrupt());
    #if __SSI_LOCK_DEBUG
    if (!ssi_lock_lockowned(lockp)) {
    SSI_LOCK_ASSERT(lockp->sl_owner != NULL);
    if (lockp->sl_owner != NULL)
    printk(KERN_DEBUG
    "ssi_unlock_lock:"
    " lock not owned by this process: 0x%p\n",
    lockp);
    }
    #endif
    SSI_LOCK_ASSERT(ssi_lock_lockowned(lockp));
    lockp->sl_owner = NULL;
    c0210fe3: c7 40 14 00 00 00 00 movl $0x0,0x14(%eax)
    */
    static inline void up(struct semaphore * sem)
    {
    #ifdef CONFIG_SSI
    sem->owner = NULL;
    c0210fea: c7 40 08 00 00 00 00 movl $0x0,0x8(%eax)
    #endif
    __asm__ __volatile__(
    c0210ff1: ff 42 58 incl 0x58(%edx)
    c0210ff4: 0f 8e 2b 16 00 00 jle c0212625 <.text.lock.dvp_pvpops+0x41d>
    c0210ffa: c7 44 24 04 54 24 3e movl $0xc03e2454,0x4(%esp)
    c0211001: c0
    c0211002: 89 34 24 mov %esi,(%esp)
    c0211005: e8 96 9a ff ff call c020aaa0 <vproc_release_movement>
    c021100a: b8 fd ff ff ff mov $0xfffffffd,%eax
    c021100f: eb aa jmp c0210fbb <pvpop_procfs_getattr+0x1ab>
    c0211011: 8b 5d cc mov 0xffffffcc(%ebp),%ebx

    The oops occured at lockp->sl_owner = NULL statement inside VPROC_UNLOCK_EXCL() inside the following block in pvpop_procfs_getattr():

    if (do_check && !ssi_do_files_check(pvp->pvp_pproc, fd)) {
    VPROC_UNLOCK_EXCL(v, "pvpop_procfs_getattr");

    VPROC_RELEASE_MOVEMENT(v, "pvpop_procfs_getattr");
    return(-ESRCH);
    }

     
  • Roger Tsang
    Roger Tsang
    2007-08-13

    Logged In: YES
    user_id=1246761
    Originator: YES

    I haven't seen this and 1.9.3 has upgraded to 2.6.11-ssi

     
  • Roger Tsang
    Roger Tsang
    2007-08-13

    • status: open --> closed-out-of-date