Re: Linux 2.4.33-rc1 - Willy Tarreau

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Willy Tarreau <w@1wt.eu>
To: Grant Coady <gcoady.lk@gmail.com>
Cc: Marcelo Tosatti <marcelo@kvack.org>,
	linux-kernel@vger.kernel.org, Al Viro <viro@ftp.linux.org.uk>
Subject: Re: Linux 2.4.33-rc1
Date: Mon, 19 Jun 2006 00:37:36 +0200	[thread overview]
Message-ID: <20060618223736.GA4965@1wt.eu> (raw)
In-Reply-To: <ksib9210010mt9r3gjevi3dhlp4biqf59k@4ax.com>

Hi Grant,

On Mon, Jun 19, 2006 at 08:25:06AM +1000, Grant Coady wrote:
> On Sun, 18 Jun 2006 10:37:18 -0300, Marcelo Tosatti <marcelo@kvack.org> wrote:
> 
> >Can you please try the attached patch.
> >
> >Grab a reference to the victim inode before calling vfs_unlink() to avoid
> >it vanishing under us.
> >
> >diff --git a/fs/namei.c b/fs/namei.c
> >index 42cce98..7993283 100644
> >--- a/fs/namei.c
> >+++ b/fs/namei.c
> >@@ -1509,6 +1509,7 @@ asmlinkage long sys_unlink(const char * 
> > 	char * name;
> > 	struct dentry *dentry;
> > 	struct nameidata nd;
> >+	struct inode *inode = NULL;
> > 
> > 	name = getname(pathname);
> > 	if(IS_ERR(name))
> >@@ -1527,11 +1528,16 @@ asmlinkage long sys_unlink(const char * 
> > 		/* Why not before? Because we want correct error value */
> > 		if (nd.last.name[nd.last.len])
> > 			goto slashes;
> >+		inode = dentry->d_inode;
> >+		if (inode)
> >+			atomic_inc(&inode->i_count);
> > 		error = vfs_unlink(nd.dentry->d_inode, dentry);
> > 	exit2:
> > 		dput(dentry);
> > 	}

Could you add this line here, because your oops still looks like the NULL
is close to this area :

+       printk(KERN_DEBUG "nd.dentry->d_inode = %p\n", nd.dentry->d_inode);


> > 	up(&nd.dentry->d_inode->i_sem);
> >+	if (inode)
> >+		iput(inode);
> > exit1:
> > 	path_release(&nd);
> > exit:
> 
> /home/share is an NFS mounted directory, via ssh terminal:
> 
> grant@sempro:~$ dmesg >/home/share/dmesg-2.4.33-rc1a
> grant@sempro:~$ rm /home/share/dmesg-2.4.33-rc1a
> Segmentation fault
> 
> Network connection lost, copy / paste oops from screen to file, reboot, 
> and...
> 
> ksymoops 2.4.11 on i686 2.4.33-rc1a.  Options used
>      -v /home/grant/linux/linux-2.4.33-rc1a/vmlinux (specified)
>      -k /proc/ksyms (default)
>      -l /proc/modules (default)
>      -o /lib/modules/2.4.33-rc1a/ (default)
>      -m /boot/System.map-2.4.33-rc1a (specified)
> 
> Unable to handle kernel NULL pointer dereference at virtual address 00000088
> *pde = 00000000
> Oops: 0002
> CPU:    0
> EIP:    0010:[<c013eeb4>]    Not tainted
> Using defaults from ksymoops -t elf32-i386 -a i386
> EFLAGS: 00010282
> eax: 00000000   ebx: 00000000   ecx: 00000088   edx: 00000088
> esi: f6e2ed08   edi: f5954e40   ebp: f6e2ec80   esp: f587ff68
> ds: 0018   es: 0018   ss: 0018
> Process rm (pid: 241, stackpage=f587f000)
> Stack: f6e2ec80 f5954e40 f5954e40 f75a7000 f58ca0c0 f587ff90 c013f078 f6e2ec80
>        f5954e40 f5954e40 f6eb8440 c19ac440 f75a700c 00000011 c1bbcfcb 00000010
>        00000000 00000004 f587e000 bffff986 08051050 bffff768 c0106eff bffff986
> Call Trace:    [<c013f078>] [<c0106eff>]
> Code: ff 80 88 00 00 00 0f 8e 58 16 00 00 85 db 74 16 89 d8 8b 5c
> 
> 
> >>EIP; c013eeb4 <vfs_unlink+a4/1a0>   <=====
> 
> >>esi; f6e2ed08 <_end+36a9305c/386be3d4>
> >>edi; f5954e40 <_end+355b9194/386be3d4>
> >>ebp; f6e2ec80 <_end+36a92fd4/386be3d4>
> >>esp; f587ff68 <_end+354e42bc/386be3d4>
> 
> Trace; c013f078 <sys_unlink+c8/140>
> Trace; c0106eff <system_call+33/38>
> 
> Code;  c013eeb4 <vfs_unlink+a4/1a0>
> 00000000 <_EIP>:
> Code;  c013eeb4 <vfs_unlink+a4/1a0>   <=====
>    0:   ff 80 88 00 00 00         incl   0x88(%eax)   <=====
> Code;  c013eeba <vfs_unlink+aa/1a0>
>    6:   0f 8e 58 16 00 00         jle    1664 <_EIP+0x1664>
> Code;  c013eec0 <vfs_unlink+b0/1a0>
>    c:   85 db                     test   %ebx,%ebx
> Code;  c013eec2 <vfs_unlink+b2/1a0>
>    e:   74 16                     je     26 <_EIP+0x26>
> Code;  c013eec4 <vfs_unlink+b4/1a0>
>   10:   89 d8                     mov    %ebx,%eax
> Code;  c013eec6 <vfs_unlink+b6/1a0>
>   12:   8b 5c 00 00               mov    0x0(%eax,%eax,1),%ebx
> 
> 
> Sorry for bad news.  As before, the 'rm file' succeeded, prior to the 
> segfault.  I put the dmesg (before oops) and 'grep = .config' up on 
> <http://bugsplatter.mine.nu/test/linux-2.4/sempro/> with -rc1a suffix
> 
> Repeat with extract 2.4.32 + patches --> same, note that the oops is 
> only on deleting file over NFS, I noticed 2.6.16.20 has extra NFS 
> stuff around this area.

Thanks for the info and the tests, maybe Al will have some insight here ?

> grant@sempro:~$ dmesg >dmesg
> grant@sempro:~$ rm dmesg
> grant@sempro:~$ dmesg >/home/share/dmesg-test
> grant@sempro:~$ rm /home/share/dmesg-test
> Segmentation fault
> 
> Grant.

Cheers,
Willy

next prev parent reply	other threads:[~2006-06-18 22:37 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-06-16 18:14 Linux 2.4.33-rc1 Marcelo Tosatti
2006-06-16 22:21 ` Grant Coady
2006-06-16 22:38   ` Michal Piotrowski
2006-06-16 23:24     ` Grant Coady
2006-06-17  5:13       ` Willy Tarreau
2006-06-17  6:24         ` Grant Coady
2006-06-17  7:10           ` Willy Tarreau
2006-06-17 17:15             ` Need to format twice /dev/ramX with reiserfs to be able to mount it ? sebastien cabaniols
2006-06-17 18:14               ` Bernd Eckenfels
2006-06-17 18:37                 ` sebastien cabaniols
2006-06-17 19:55             ` Linux 2.4.33-rc1 Marcelo Tosatti
2006-06-18 13:37   ` Marcelo Tosatti
2006-06-18 22:25     ` Grant Coady
2006-06-18 22:37       ` Willy Tarreau [this message]
2006-06-18 23:07         ` Grant Coady
2006-06-19  4:01           ` Willy Tarreau
2006-06-19  5:03             ` Grant Coady
2006-06-19  8:06               ` Willy Tarreau
2006-06-19  8:53                 ` Grant Coady
2006-06-19  9:08                   ` Willy Tarreau
2006-06-19  9:12                 ` Grant Coady
2006-06-19  9:24                   ` Willy Tarreau
2006-06-19 10:27                     ` Grant Coady
2006-06-19 10:31                       ` Willy Tarreau
2006-06-19 20:11                         ` Grant Coady
2006-06-19 20:20                           ` Willy Tarreau
2006-06-19 22:04                 ` Marcelo Tosatti
2006-06-19 23:00                   ` Willy Tarreau
2006-06-19 23:45                     ` Marcelo Tosatti
2006-06-20 22:23                       ` Willy Tarreau
2006-06-21  1:09                         ` Grant Coady
2006-06-21  4:05                           ` Willy Tarreau
2006-06-21 13:50                         ` Marcelo Tosatti
2006-06-21 20:26                           ` Willy Tarreau
2006-06-18 22:33     ` Grant Coady
2006-06-18 22:40       ` Willy Tarreau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060618223736.GA4965@1wt.eu \
    --to=w@1wt.eu \
    --cc=gcoady.lk@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcelo@kvack.org \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox