Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0

Sonny Rao <[email protected]> wrote:
>
> On Wed, Jul 13, 2005 at 12:42:15PM -0700, randy_dunlap wrote:
> > On Wed, 13 Jul 2005 09:54:10 -0500 Miles Lane wrote:
> > 
> > > On 7/13/05, Dave Airlie <[email protected]> wrote:
> > > > > Thanks Dave,
> > > > >
> > > > > I switched to the i915 kernel driver and still got the OOPS.
> > > > > I also continue to get the overlapping mtrr message.  I am currently
> > > > > testing 2.6.13-rc2-git3.  I have tried to run strace with hald, but
> > > > > cannot reproduce the problem this way.  I am not sure I am invoking the
> > > > > command corrently.  I have written to the hal developers, but have not
> > > > > received a response yet.  Here's the current output:
> > > > >
> > > > 
> > > > Can you try and see if you apply the patch from
> > > > 
> > > > http://lkml.org/lkml/2005/7/8/257
> > > > 
> > > > It should apply to your kernel.. I cannot get this to happen on my
> > > > system... the mtrr overlaps are just vesafb setting up the mtrrs, you
> > > > might try without vesafb...
> > > 
> > > I will try booting without vesafb enabled.
> > > 
> > > I get an error building with the patch applied to 2.6.13-rc2-git3:
> > > 
> > > arch/i386/kernel/built-in.o(.text+0x4010): In function `die':
> > > arch/i386/kernel/traps.c:343: undefined reference to `last_sysfs_name'
> > > make: *** [.tmp_vmlinux1] Error 1
> > 
> > Miles,
> > Here is an updated version of the patch that builds for me.
> > (uses last_sysfs_file instead of last_sysfs_name)
> 
> I think I was able to reproduce this same bug on 2.6.13-rc4-mm1,
> here's the output (w/ apologies for long lines):
> 
> Unable to handle kernel paging request at virtual address 762f7473
>  printing eip:
> c01a8bcc
> *pde = 00000000
> Oops: 0002 [#1]
> PREEMPT SMP DEBUG_PAGEALLOC
> last sysfs file: /class/vc/vcs5/dev

gotcha.

> Modules linked in: cpufreq_userspace cpufreq_stats freq_table cpufreq_powersave 
> cpufreq_ondemand cpufreq_conservative ipv6 video thermal processor hotkey fan co
> ntainer button battery ac nfs lockd sunrpc af_packet tg3 ohci_hcd usbcore generi
> c serverworks i2c_piix4 i2c_core sworks_agp agpgart pcspkr rtc floppy tsdev dm_m
> od parport_pc lp parport ide_generic ide_disk ide_cd cdrom ide_core unix
> CPU:    0
> EIP:    0060:[<c01a8bcc>]    Not tainted VLI
> EFLAGS: 00010246   (2.6.13-rc4-mm1) 
> EIP is at sysfs_release+0x4c/0xb0
> eax: 762f7373   ebx: 762f7373   ecx: 00000001   edx: ef3c5000
> esi: f596a188   edi: f21fecc0   ebp: ef3c5f3c   esp: ef3c5f2c
> ds: 007b   es: 007b   ss: 0068
> Process udev (pid: 11843, threadinfo=ef3c5000 task=ef78e550)
> Stack: f596a188 00000010 f762d580 c21bc944 ef3c5f68 c0166cea c21bc944 f762d580 
>        00000000 00000000 c2137980 ec7e9748 f762d580 dcae7300 00000000 ef3c5f78 
>        c0166aeb f762d580 f762d580 ef3c5f94 c01650ab f762d580 dcae7300 dcae7300 
> Call Trace:
>  [<c010401f>] show_stack+0x7f/0xa0
>  [<c01041d4>] show_registers+0x164/0x1d0
>  [<c0104422>] die+0x122/0x1c0
>  [<c030db1e>] do_page_fault+0x2ce/0x600
>  [<c0103ccb>] error_code+0x4f/0x54
>  [<c0166cea>] __fput+0x1da/0x1f0
>  [<c0166aeb>] fput+0x2b/0x50
>  [<c01650ab>] filp_close+0x4b/0x80
>  [<c016514e>] sys_close+0x6e/0x90
>  [<c010312f>] sysenter_past_esp+0x54/0x75
> Code: 85 f6 8b 40 14 8b 58 04 74 08 89 34 24 e8 0d 97 04 00 85 db 74 38 b8 01 00
>  00 00 e8 af 18 f7 ff e8 4a e5 04 00 c1 e0 07 8d 04 18 <ff> 88 00 01 00 00 83 3b
>  02 74 49 b8 01 00 00 00 e8 cf 18 f7 ff 
>  <6>note: udev[11843] exited with preempt_count 1
> Using generic hotkey driver
> ibm_acpi: acpi_evalf(DHKC, d, ...) failed: 4097
> ibm_acpi: `enable,0xffff' invalid for parameter `hotkey'
> toshiba_acpi: Unknown parameter `hotkeys_over_acpi'
> apm: BIOS not found.
> 
> Let me see if I can reproduce this on either 2.6.13-rc4 or  2.6.13-rc6 
> 
> Machine is an IBM x335 (dual P4), and I'm not using any framebuffer
> stuff. 
> 

Keith, does this look like the use-after-free which you've been hitting?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: Keith Owens <[email protected]>
  • Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: Sonny Rao <[email protected]>

• References:
  • OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: Miles Lane <[email protected]>
  • Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: Dave Airlie <[email protected]>
  • Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: Miles Lane <[email protected]>
  • Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: Dave Airlie <[email protected]>
  • Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: Miles Lane <[email protected]>
  • Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: randy_dunlap <[email protected]>
  • Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
    • From: Sonny Rao <[email protected]>

• Prev by Date: Re: [PATCH] 6700/6702PXH quirk
• Next by Date: Re: [PATCH] spi
• Previous by thread: Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
• Next by thread: Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]