From: Dave Jones <davej@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: BUG_ON(nd->inode != parent->d_inode);
Date: Fri, 8 Mar 2013 18:07:34 -0500 [thread overview]
Message-ID: <20130308230734.GA28317@redhat.com> (raw)
In-Reply-To: <CA+55aFyNAA3u2k_38iqRPN0EqtP=qXu1wu_vnXnAgQmp6NwGJA@mail.gmail.com>
On Fri, Mar 08, 2013 at 02:41:19PM -0800, Linus Torvalds wrote:
> On Fri, Mar 8, 2013 at 1:04 PM, Dave Jones <davej@redhat.com> wrote:
> >
> > queue up the sad trombone noises.
> >
> > One of the things trinity passes syscalls is a page of deformed unicode.
> > Apparently this page is so fucked up, that it crashes *printk*.
>
> It's probably my debug stuff that is bogus. One of the string pointers
> passed to printk %s seems bad, and instead of being a proper kernel
> pointer it's "0xaf0f48ef7bdef7bd". So trying to access it causes a GP
> fault (it's not a validly formed pointer)
>
> I'm not seeing what the problem is, but I'll mull on it..
Ok, got something more meaningful out of the lookup_slow trace.
[ 66.082984] parent->dname.name (06b6b6b6b6b6b6b)
[ 66.083637] parent =
At first I thought AH-HA! SLAB POISON!
But look closer.. it's shifted by 8 bits.
Also, this isn't a pointer, that's the output of..
printk("parent->dname.name %s (%x%x%x%x%x%x%x%x)\n", parent->d_name.name,
parent->d_name.name[0],
parent->d_name.name[1],
parent->d_name.name[2],
parent->d_name.name[3],
parent->d_name.name[4],
parent->d_name.name[5],
parent->d_name.name[6],
parent->d_name.name[7]);
Interestingly, that pattern always seems to be the same across different reboots.
parent seems to be a pointer to "\0".
Another oddball crash..
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [< (null)>] (null)
PGD 10f366067 PUD 10f36c067 PMD 0
Oops: 0010 [#1] PREEMPT SMP
Modules linked in: can_bcm irda pppoe pppox ppp_generic can slhc af_802154 atm rds af_key phonet nfc ipx p8023 p8022 af_rxrpc caif_socket caif crc_ccitt decnet netrom appletalk x25 psnap llc rose ax25 lockd sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack nf_conntrack ip6table_filter ip6_tables snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_pcm btusb bluetooth usb_debug snd_page_alloc microcode snd_timer rfkill snd serio_raw pcspkr edac_core soundcore r8169 mii vhost_net tun macvtap macvlan kvm_amd kvm radeon backlight drm_kms_helper ttm
CPU 0
Pid: 822, comm: trinity-child0 Not tainted 3.9.0-rc1+ #85 Gigabyte Technology Co., Ltd. GA-MA78GM-S2H/GA-MA78GM-S2H
RIP: 0010:[<0000000000000000>] [< (null)>] (null)
RSP: 0018:ffff88010f033db0 EFLAGS: 00010246
RAX: ffffffff8181f540 RBX: ffff8800cf49c940 RCX: 0000000000000000
RDX: 0000000000000600 RSI: ffff8800cf49c940 RDI: ffff8800cf492170
RBP: ffff88010f033dd8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff8800cf49f530
R13: ffff88010f033f28 R14: 0000000000000000 R15: ffffffffa0000000
FS: 00007f29dffed740(0000) GS:ffff88012ae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000010f365000 CR4: 00000000000007f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process trinity-child0 (pid: 822, threadinfo ffff88010f032000, task ffff8801103ec920)
Stack:
ffffffff811c5fad ffff8800cf49f530 ffff88010f033f28 0000000000000000
0000000000000600 ffff88010f033e08 ffffffff811c61c8 ffff88010f033e18
0100000000000000 0000000000000000 0000000000000000 ffff88010f033e18
Call Trace:
[<ffffffff811c5fad>] ? lookup_real+0x1d/0x60
[<ffffffff811c61c8>] __lookup_hash+0x38/0x50
[<ffffffff811c61f9>] lookup_hash+0x19/0x20
[<ffffffff811c96a5>] kern_path_create+0x95/0x170
[<ffffffff811c7b56>] ? getname_flags.part.33+0x86/0x150
[<ffffffffa0000000>] ? 0xffffffff9fffffff
[<ffffffff811c97ca>] user_path_create+0x4a/0x70
[<ffffffff811cc66c>] sys_mknodat+0xac/0x1d0
[<ffffffff8134b4be>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffffa0000000>] ? 0xffffffff9fffffff
[<ffffffff811cc7ad>] sys_mknod+0x1d/0x20
[<ffffffff816d1142>] system_call_fastpath+0x16/0x1b
[<ffffffffa0000000>] ? 0xffffffff9fffffff
Code: Bad RIP value.
RIP [< (null)>] (null)
RSP <ffff88010f033db0>
CR2: 0000000000000000
---[ end trace f74c72ebf05e8c15 ]---
I'll add some similar printk's to lookup_real and see what falls out.
Dave
next prev parent reply other threads:[~2013-03-08 23:07 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-07 2:16 BUG_ON(nd->inode != parent->d_inode); Dave Jones
2013-03-07 15:30 ` BUG_ON(nd->inode->i_op->follow_link); Dave Jones
2013-03-07 17:30 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-07 19:35 ` BUG_ON(nd->inode->i_op->follow_link); Dave Jones
2013-03-07 20:33 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-07 21:38 ` ipc/testmsg GPF Dave Jones
2013-03-07 21:45 ` Linus Torvalds
2013-03-07 21:49 ` David Miller
2013-03-07 21:51 ` Linus Torvalds
2013-03-07 22:03 ` Dave Jones
2013-03-07 22:36 ` pipe_release oops Dave Jones
2013-03-07 23:14 ` fasync_remove_entry oops Dave Jones
2013-03-07 23:46 ` Linus Torvalds
2013-03-07 23:54 ` Dave Jones
2013-03-08 0:20 ` Dave Jones
2013-03-08 0:21 ` pipe_release oops Linus Torvalds
2013-03-08 14:53 ` Dave Jones
2013-03-08 18:30 ` Linus Torvalds
2013-03-08 18:26 ` Jörn Engel
2013-03-10 23:33 ` Al Viro
2013-03-12 19:09 ` Jörn Engel
2013-03-10 22:10 ` Al Viro
2013-03-11 0:35 ` Al Viro
2013-03-11 15:10 ` Linus Torvalds
2013-03-11 18:05 ` Al Viro
2013-03-12 13:06 ` Al Viro
2013-03-12 15:31 ` Linus Torvalds
2013-03-12 19:43 ` Al Viro
2013-03-12 19:56 ` Dave Jones
2013-03-12 20:09 ` Linus Torvalds
2013-03-12 20:51 ` Al Viro
2013-03-27 13:51 ` Yet another pipe related oops Dave Jones
2013-03-27 15:20 ` Al Viro
2013-03-27 16:33 ` Linus Torvalds
2013-03-27 16:53 ` Raymond Jennings
2013-03-27 17:45 ` Al Viro
2013-04-01 20:34 ` Al Viro
2013-04-01 21:00 ` Greg Kroah-Hartman
2013-04-01 21:21 ` Al Viro
2013-04-01 21:44 ` Greg Kroah-Hartman
2013-04-01 23:27 ` Al Viro
2013-04-02 0:22 ` Al Viro
2013-04-02 1:55 ` Greg Kroah-Hartman
2013-03-12 1:27 ` pipe_release oops Dave Jones
2013-03-09 0:27 ` ipc/testmsg GPF Peter Hurley
2013-03-09 0:32 ` Dave Jones
2013-03-11 18:26 ` Dave Jones
2013-03-11 19:03 ` Peter Hurley
2013-03-12 22:02 ` Andrew Morton
2013-03-12 22:33 ` Dave Jones
2013-03-15 21:21 ` Dave Jones
2013-03-25 16:37 ` Dave Jones
2013-03-25 18:28 ` Peter Hurley
2013-03-25 18:39 ` Dave Jones
2013-03-07 22:18 ` BUG_ON(nd->inode->i_op->follow_link); Dave Jones
2013-03-07 22:50 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-07 23:03 ` BUG_ON(nd->inode->i_op->follow_link); Dave Jones
2013-03-07 23:55 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-11 0:02 ` BUG_ON(nd->inode->i_op->follow_link); Al Viro
2013-03-10 23:04 ` BUG_ON(nd->inode->i_op->follow_link); Al Viro
2013-03-12 18:31 ` BUG_ON(nd->inode->i_op->follow_link); Linus Torvalds
2013-03-08 15:04 ` BUG_ON(nd->inode != parent->d_inode); Dave Jones
2013-03-08 18:51 ` Linus Torvalds
2013-03-08 19:18 ` Dave Jones
2013-03-08 19:20 ` Dave Jones
2013-03-08 19:36 ` Dave Jones
2013-03-08 19:47 ` Linus Torvalds
2013-03-08 21:04 ` Dave Jones
2013-03-08 22:41 ` Linus Torvalds
2013-03-08 23:07 ` Dave Jones [this message]
2013-03-08 23:14 ` Dave Jones
2013-03-08 23:20 ` Linus Torvalds
2013-03-08 23:28 ` Linus Torvalds
2013-03-08 23:34 ` Dave Jones
2013-03-08 23:47 ` Dave Jones
2013-03-08 23:51 ` Linus Torvalds
2013-03-08 23:30 ` Dave Jones
2013-03-08 23:45 ` Linus Torvalds
2013-03-08 23:55 ` Dave Jones
2013-03-09 0:02 ` Linus Torvalds
2013-03-09 0:19 ` Dave Jones
2013-03-09 0:29 ` Raymond Jennings
2013-03-09 0:36 ` Dave Jones
2013-03-09 1:18 ` Linus Torvalds
2013-03-09 2:03 ` Dave Jones
2013-03-09 2:08 ` Linus Torvalds
2013-03-09 2:26 ` Dave Jones
2013-03-09 2:56 ` Dave Jones
2013-03-09 2:57 ` Dave Jones
[not found] ` <CA+55aFxyOYXnzDoWr7Utr1QLjjMUCON5EGH3FMvGBHxnxMJmQQ@mail.gmail.com>
2013-03-09 3:25 ` Dave Jones
2013-03-09 3:38 ` Eric W. Biederman
2013-03-09 4:26 ` Dave Jones
2013-03-09 8:28 ` Eric W. Biederman
[not found] ` <CA+55aFweyfew3VU79ZQV4otJcWiF0=xKXxDtADXcccNxGaqMwA@mail.gmail.com>
2013-03-09 3:50 ` Dave Jones
2013-03-09 4:31 ` Linus Torvalds
2013-03-09 4:39 ` Dave Jones
2013-03-09 5:13 ` Sasha Levin
2013-03-09 5:16 ` Dave Jones
2013-03-09 3:27 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130308230734.GA28317@redhat.com \
--to=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.