Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Keith Owens <kaos@sgi.com>
To: Andrew Morton <akpm@osdl.org>
Cc: Sonny Rao <sonny@burdell.org>,
	rdunlap@xenotime.net, miles.lane@gmail.com, airlied@gmail.com,
	linux-kernel@vger.kernel.org, Greg KH <greg@kroah.com>
Subject: Re: OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0
Date: Tue, 09 Aug 2005 09:09:57 +1000	[thread overview]
Message-ID: <19267.1123542597@ocs3.ocs.com.au> (raw)
In-Reply-To: Your message of "Mon, 08 Aug 2005 10:44:04 MST." <20050808104404.11846951.akpm@osdl.org>

On Mon, 8 Aug 2005 10:44:04 -0700, 
Andrew Morton <akpm@osdl.org> wrote:
>Sonny Rao <sonny@burdell.org> wrote:
>> Modules linked in: cpufreq_userspace cpufreq_stats freq_table cpufreq_powersave 
>> cpufreq_ondemand cpufreq_conservative ipv6 video thermal processor hotkey fan co
>> ntainer button battery ac nfs lockd sunrpc af_packet tg3 ohci_hcd usbcore generi
>> c serverworks i2c_piix4 i2c_core sworks_agp agpgart pcspkr rtc floppy tsdev dm_m
>> od parport_pc lp parport ide_generic ide_disk ide_cd cdrom ide_core unix
>> CPU:    0
>> EIP:    0060:[<c01a8bcc>]    Not tainted VLI
>> EFLAGS: 00010246   (2.6.13-rc4-mm1) 
>> EIP is at sysfs_release+0x4c/0xb0
>> eax: 762f7373   ebx: 762f7373   ecx: 00000001   edx: ef3c5000
>> esi: f596a188   edi: f21fecc0   ebp: ef3c5f3c   esp: ef3c5f2c
>> ds: 007b   es: 007b   ss: 0068
>> Process udev (pid: 11843, threadinfo=ef3c5000 task=ef78e550)
>> Stack: f596a188 00000010 f762d580 c21bc944 ef3c5f68 c0166cea c21bc944 f762d580 
>>        00000000 00000000 c2137980 ec7e9748 f762d580 dcae7300 00000000 ef3c5f78 
>>        c0166aeb f762d580 f762d580 ef3c5f94 c01650ab f762d580 dcae7300 dcae7300 
>> Call Trace:
>>  [<c010401f>] show_stack+0x7f/0xa0
>>  [<c01041d4>] show_registers+0x164/0x1d0
>>  [<c0104422>] die+0x122/0x1c0
>>  [<c030db1e>] do_page_fault+0x2ce/0x600
>>  [<c0103ccb>] error_code+0x4f/0x54
>>  [<c0166cea>] __fput+0x1da/0x1f0
>>  [<c0166aeb>] fput+0x2b/0x50
>>  [<c01650ab>] filp_close+0x4b/0x80
>>  [<c016514e>] sys_close+0x6e/0x90
>>  [<c010312f>] sysenter_past_esp+0x54/0x75
>> Code: 85 f6 8b 40 14 8b 58 04 74 08 89 34 24 e8 0d 97 04 00 85 db 74 38 b8 01 00
>>  00 00 e8 af 18 f7 ff e8 4a e5 04 00 c1 e0 07 8d 04 18 <ff> 88 00 01 00 00 83 3b
>>  02 74 49 b8 01 00 00 00 e8 cf 18 f7 ff 
>>  <6>note: udev[11843] exited with preempt_count 1
>> Using generic hotkey driver
>> ibm_acpi: acpi_evalf(DHKC, d, ...) failed: 4097
>> ibm_acpi: `enable,0xffff' invalid for parameter `hotkey'
>> toshiba_acpi: Unknown parameter `hotkeys_over_acpi'
>> apm: BIOS not found.
>> 
>> Let me see if I can reproduce this on either 2.6.13-rc4 or  2.6.13-rc6 
>> 
>> Machine is an IBM x335 (dual P4), and I'm not using any framebuffer
>> stuff. 
>> 
>
>Keith, does this look like the use-after-free which you've been hitting?

It is certainly in the same place, freeing the data that is chained off
sd->s_element.  This oops does not show any memory poisoning, but I am
guessing that the kernel was not compiled with slab debugging.  On
balance, it looks like the same problem.

next prev parent reply	other threads:[~2005-08-08 23:10 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-03  8:41 OOPS in 2.6.13-rc1-mm1 -- EIP is at sysfs_release+0x49/0xb0 Miles Lane
2005-07-06 22:27 ` Andrew Morton
2005-07-07  1:41   ` Schneelocke
2005-07-07 10:31 ` Dave Airlie
2005-07-07 14:56   ` Miles Lane
2005-07-11  4:26   ` Miles Lane
2005-07-13  7:17     ` Dave Airlie
2005-07-13 14:54       ` Miles Lane
2005-07-13 19:42         ` randy_dunlap
2005-08-08 16:53           ` Sonny Rao
2005-08-08 17:44             ` Andrew Morton
2005-08-08 20:18               ` Sonny Rao
2005-08-08 23:09               ` Keith Owens [this message]
2005-08-08 23:59                 ` Sonny Rao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=19267.1123542597@ocs3.ocs.com.au \
    --to=kaos@sgi.com \
    --cc=airlied@gmail.com \
    --cc=akpm@osdl.org \
    --cc=greg@kroah.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=miles.lane@gmail.com \
    --cc=rdunlap@xenotime.net \
    --cc=sonny@burdell.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox