Re: Kernel OOOPS in 2.6.11.6

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Chris Wright <chrisw@osdl.org>
To: Coywolf Qi Hunt <coywolf@gmail.com>
Cc: Chris Wright <chrisw@osdl.org>, Ali Akcaagac <aliakc@web.de>,
	linux-kernel@vger.kernel.org
Subject: Re: Kernel OOOPS in 2.6.11.6
Date: Mon, 28 Mar 2005 15:04:16 -0800	[thread overview]
Message-ID: <20050328230416.GP30522@shell0.pdx.osdl.net> (raw)
In-Reply-To: <2cd57c9005032814572b7e9bac@mail.gmail.com>

* Coywolf Qi Hunt (coywolf@gmail.com) wrote:
> On Mon, 28 Mar 2005 14:44:30 -0800, Chris Wright <chrisw@osdl.org> wrote:
> > * Ali Akcaagac (aliakc@web.de) wrote:
> > > And happy easter to you all. Just got this while trying to delete some
> > > files on my system.
> > 
> > I'm curious, what was the virtual address the kernel was "Unable to handle..."
> > That part was left off this bug report.
> > 
> > > :  printing eip:
> > > : c021f089
> > > : *pde = 00000000
> > > : Oops: 0000 [#1]
> > > : PREEMPT
> > > : Modules linked in: snd_seq_midi snd_emu10k1_synth snd_emux_synth
> > > snd_seq_virmidi snd_seq_midi_event snd_seq_midi_emul snd_seq snd_emu10k1
> > > snd_rawmidi snd_seq_device snd_ac97_codec snd_pcm snd_timer
> > > snd_page_alloc snd_util_mem snd_hwdep snd soundcore parport_pc lp
> > > parport 8139too mii crc32
> > > : CPU:    0
> > > : EIP:    0060:[linvfs_open+89/160]    Not tainted VLI
> > > : EFLAGS: 00010282   (2.6.11.6)
> > > : EIP is at linvfs_open+0x59/0xa0
> > 
> > Nothing in the -stable series has changed either XFS or the core vfs
> > path on during file open.  Without a chance of reproducing or any more
> > information, it'll be tough to make much progress here.
> > 
> > > : eax: 00000000   ebx: c77ac06c   ecx: 00000001   edx: c021f030
> > > : esi: 00000000   edi: c77ac050   ebp: dffe41a0   esp: c2d95f14
> > > : ds: 007b   es: 007b   ss: 0068
> > > : Process mc (pid: 17862, threadinfo=c2d94000 task=d18d2a80)
> > > : Stack: c01561a9 dffe41a0 d73504c0 00000000 c77ac06c c015446b c77ac06c
> > > d73504c0
> > > :        00000001 ffffffe9 00008000 00008000 dc364000 c2d94000 c015426c
> > > cbcdff54
> > > :        dffe41a0 00008000 c2d95f60 cbcdff54 dffe41a0 bfffeef0 0d00ad72
> > > 00300001
> > > : Call Trace:
> > > :  [get_empty_filp+89/208] get_empty_filp+0x59/0xd0
> > > :  [dentry_open+491/672] dentry_open+0x1eb/0x2a0
> > > :  [filp_open+92/112] filp_open+0x5c/0x70
> > > :  [get_unused_fd+123/224] get_unused_fd+0x7b/0xe0
> > > :  [sys_open+73/144] sys_open+0x49/0x90
> > > :  [syscall_call+7/11] syscall_call+0x7/0xb
> > > : Code: 5b 3c b8 01 00 00 00 e8 c6 42 ef ff b8 00 e0 ff ff 21 e0 8b 40
> > > 08 a8 08 75 4d 85 f6 7c 0a 7f 32 81 fb ff ff ff 7f 77 2a 8b 47 14 <8b>
> > > 50 08 c7 44 24 04 00 00 00 00 89 04 24 ff 52 04 8b 5c 24 08
> > 
> > Best I can tell, you hit this:
> > 
> >  mov    0x8(%eax),%edx
> > 
> > with eax == 00000000.  This corresponds to a vp->v_fops (or rather
> > vp->v_bh.bh_first->bd_ops) deref.  So, looks like the vnode has a
> > NULL v_bh.bh_first (which looks like it's meant to be used to mean
> > uninitialized).  May check with XFS folks if they've seen this type
> > of bug.
> 
> I think it is f = kmem_cache_alloc(filp_cachep, GFP_KERNEL); returns an
> invalid pointer, then in memset(f, 0, sizeof(*f)); fault happens at address f.
> eax == 0 is to clear the memory in memset().

The trace indicates it's in linvfs_open
(EIP: 0060:[linvfs_open+89/160])
and the insturction dump at the end supports that.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

next prev parent reply	other threads:[~2005-03-28 23:06 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-28 11:09 Kernel OOOPS in 2.6.11.6 Ali Akcaagac
2005-03-28 22:44 ` Chris Wright
2005-03-28 22:57   ` Coywolf Qi Hunt
2005-03-28 23:04     ` Chris Wright [this message]
2005-03-29  0:12       ` Coywolf Qi Hunt
2005-03-29  0:24         ` Chris Wright
2005-03-29  2:06           ` Chris Wedgwood
2005-03-29  2:27             ` Keith Owens
2005-03-29  3:12               ` Chris Wedgwood
2005-03-29  0:28         ` Ali Akcaagac
2005-03-29  6:30   ` Nathan Scott
2005-03-29 16:55     ` Christoph Hellwig
2005-03-29 16:59     ` Chris Wright
2005-03-29 17:01       ` Christoph Hellwig
2005-04-01 21:08         ` Ali Akcaagac

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050328230416.GP30522@shell0.pdx.osdl.net \
    --to=chrisw@osdl.org \
    --cc=aliakc@web.de \
    --cc=coywolf@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox