Summary: cat /proc/buddyinfo + netstat -a kills machine
Kernel Version: 2.5.73-bk10
Status: NEW
Severity: blocking
Owner: [email protected]
Submitter: [email protected]
Distribution:SLES
Hardware Environment:8way 900Mhz PIII
Problem Description:
on 2.5.73-bk10 as well as 2.5.73-mm3, issuing netsta -a followed by cat
/proc/buddy infor causes segfaults and locks up the system.
Repeated issuing of netstat -a prodices the following trap:
Unable to handle kernel paging request at virtual address 00c1a000
printing eip:
c01405ed
*pde = 00000000
Oops: 0000 [#1]
CPU: 1
EIP: 0060:[<c01405ed>] Not tainted
EFLAGS: 00010086
EIP is at kfree+0x3d/0x70
eax: 00000001 ebx: 00c1a000 ecx: f65b85c0 edx: c19f6009
esi: 00000100 edi: 00000206 ebp: f57c9720 esp: f5b13f4c
ds: 007b es: 007b ss: 0068
Process netstat (pid: 2545, threadinfo=f5b12000 task=f58bb960)
Stack: f68fd438 00000000 f68fd420 f65b85c0 f6caead0 c0173fd5 00000100 f65b85c0
f65b85c0 f7fdeb60 f6caead0 c0156c21 f6caead0 f65b85c0 f65b85c0 0805f038
f6aaf440 00000000 c01552a9 f65b85c0 f6aaf440 f65b85c0 0805f038 0805f038
Call Trace:
[<c0173fd5>] seq_release_private+0x25/0x48
[<c0156c21>] __fput+0xb1/0xc0
[<c01552a9>] filp_close+0x99/0xd0
[<c015533e>] sys_close+0x5e/0x80
[<c010afdf>] syscall_call+0x7/0xb
Cating of /proc/buddy info produces:
<1>Unable to handle kernel paging request at virtual address 08c19ec0
printing eip:
c013d5e0
*pde = 00000000
Oops: 0000 [#2]
CPU: 0
EIP: 0060:[<c013d5e0>] Not tainted
EFLAGS: 00010006
EIP is at frag_show+0xd0/0x140
eax: 08c19ec0 ebx: c047e3f8 ecx: 08c19ec0 edx: c19f6009
esi: 000006b7 edi: c047e1f8 ebp: c047e3f8 esp: f60b7f0c
ds: 007b es: 007b ss: 0068
Process cat (pid: 5355, threadinfo=f60b6000 task=f52aa0c0)
Stack: f68fd520 c041caa6 00000000 c041ca07 00000078 00000000 00000206 c047e180
c047c980 f68fd520 c047c980 00000000 c01737a2 f68fd520 c047c980 00002000
f68fd538 00000000 c014a082 f6ba1dc0 00000000 00000000 00000000 c66d5a20
Call Trace:
[<c01737a2>] seq_read+0x102/0x300
[<c014a082>] do_brk+0x142/0x220
[<c0155b4e>] vfs_read+0xbe/0x130
[<c0155df2>] sys_read+0x42/0x70
[<c010afdf>] syscall_call+0x7/0xb
Code: 8b 01 89 ca 46 89 c1 0f 18 00 90 39 da 75 f1 c7 44 24 04 a6
/autobench/scripts/getsysinfo: line 133: 5355 Segmentation fault cat
/proc/buddyinfo >
$2/proc/buddyinfo.$1$RUN_SUFFIX
Steps to reproduce:
run netstat -a a few times until it traps. then cat /proc/buddyinfo and hte
system will be locked up.
On Wed, 2003-07-02 at 09:27, Martin J. Bligh wrote:
> Summary: cat /proc/buddyinfo + netstat -a kills machine
> Kernel Version: 2.5.73-bk10
> Status: NEW
> Severity: blocking
> Owner: [email protected]
> Submitter: [email protected]
When you post these, would you mind putting a nice URL to the bug along
with everything else? It would save me the ~4 seconds that it takes to
type/copy the bug into the Bug# field on the bugme opening page.
--
Dave Hansen
[email protected]
--On Wednesday, July 02, 2003 09:39:58 -0700 Dave Hansen <[email protected]> wrote:
> On Wed, 2003-07-02 at 09:27, Martin J. Bligh wrote:
>> Summary: cat /proc/buddyinfo + netstat -a kills machine
>> Kernel Version: 2.5.73-bk10
>> Status: NEW
>> Severity: blocking
>> Owner: [email protected]
>> Submitter: [email protected]
>
> When you post these, would you mind putting a nice URL to the bug along
> with everything else? It would save me the ~4 seconds that it takes to
> type/copy the bug into the Bug# field on the bugme opening page.
They do already, provided the moron sending them out doesn't chop too
much off the head of the email by mistake ;-)
M.
Hello.
I'm not so sure if this is ralated to BUG#863, but anyway;
Following patch fixes segv/oops with /proc/net/{raw,igmp,mfilter,
raw6,igmp6,mfilter6,anycast,ip6_flowlabel}.
I should be more careful about cast...; sorry...
Thanks.
Index: linux-2.5/net/ipv4/igmp.c
===================================================================
RCS file: /home/cvs/linux-2.5/net/ipv4/igmp.c,v
retrieving revision 1.29
diff -u -r1.29 igmp.c
--- linux-2.5/net/ipv4/igmp.c 1 Jul 2003 16:42:06 -0000 1.29
+++ linux-2.5/net/ipv4/igmp.c 3 Jul 2003 05:06:18 -0000
@@ -2099,7 +2099,7 @@
struct in_device *in_dev;
};
-#define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)&seq->private)
+#define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private)
static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq)
{
@@ -2254,7 +2254,7 @@
struct ip_mc_list *im;
};
-#define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)&seq->private)
+#define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private)
static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq)
{
Index: linux-2.5/net/ipv4/raw.c
===================================================================
RCS file: /home/cvs/linux-2.5/net/ipv4/raw.c,v
retrieving revision 1.32
diff -u -r1.32 raw.c
--- linux-2.5/net/ipv4/raw.c 1 Jul 2003 16:42:06 -0000 1.32
+++ linux-2.5/net/ipv4/raw.c 3 Jul 2003 05:06:18 -0000
@@ -687,7 +687,7 @@
int bucket;
};
-#define raw_seq_private(seq) ((struct raw_iter_state *)&seq->private)
+#define raw_seq_private(seq) ((struct raw_iter_state *)(seq)->private)
static struct sock *raw_get_first(struct seq_file *seq)
{
Index: linux-2.5/net/ipv6/anycast.c
===================================================================
RCS file: /home/cvs/linux-2.5/net/ipv6/anycast.c,v
retrieving revision 1.4
diff -u -r1.4 anycast.c
--- linux-2.5/net/ipv6/anycast.c 1 Jul 2003 16:42:06 -0000 1.4
+++ linux-2.5/net/ipv6/anycast.c 3 Jul 2003 05:06:18 -0000
@@ -441,7 +441,7 @@
struct inet6_dev *idev;
};
-#define ac6_seq_private(seq) ((struct ac6_iter_state *)&seq->private)
+#define ac6_seq_private(seq) ((struct ac6_iter_state *)(seq)->private)
static inline struct ifacaddr6 *ac6_get_first(struct seq_file *seq)
{
Index: linux-2.5/net/ipv6/ip6_flowlabel.c
===================================================================
RCS file: /home/cvs/linux-2.5/net/ipv6/ip6_flowlabel.c,v
retrieving revision 1.5
diff -u -r1.5 ip6_flowlabel.c
--- linux-2.5/net/ipv6/ip6_flowlabel.c 1 Jul 2003 16:42:06 -0000 1.5
+++ linux-2.5/net/ipv6/ip6_flowlabel.c 3 Jul 2003 05:06:18 -0000
@@ -559,7 +559,7 @@
int bucket;
};
-#define ip6fl_seq_private(seq) ((struct ip6fl_iter_state *)&(seq)->private)
+#define ip6fl_seq_private(seq) ((struct ip6fl_iter_state *)(seq)->private)
static struct ip6_flowlabel *ip6fl_get_first(struct seq_file *seq)
{
Index: linux-2.5/net/ipv6/mcast.c
===================================================================
RCS file: /home/cvs/linux-2.5/net/ipv6/mcast.c,v
retrieving revision 1.25
diff -u -r1.25 mcast.c
--- linux-2.5/net/ipv6/mcast.c 1 Jul 2003 16:42:06 -0000 1.25
+++ linux-2.5/net/ipv6/mcast.c 3 Jul 2003 05:06:18 -0000
@@ -2045,7 +2045,7 @@
struct inet6_dev *idev;
};
-#define igmp6_mc_seq_private(seq) ((struct igmp6_mc_iter_state *)&seq->private)
+#define igmp6_mc_seq_private(seq) ((struct igmp6_mc_iter_state *)(seq)->private)
static inline struct ifmcaddr6 *igmp6_mc_get_first(struct seq_file *seq)
{
@@ -2185,7 +2185,7 @@
struct ifmcaddr6 *im;
};
-#define igmp6_mcf_seq_private(seq) ((struct igmp6_mcf_iter_state *)&seq->private)
+#define igmp6_mcf_seq_private(seq) ((struct igmp6_mcf_iter_state *)(seq)->private)
static inline struct ip6_sf_list *igmp6_mcf_get_first(struct seq_file *seq)
{
Index: linux-2.5/net/ipv6/raw.c
===================================================================
RCS file: /home/cvs/linux-2.5/net/ipv6/raw.c,v
retrieving revision 1.31
diff -u -r1.31 raw.c
--- linux-2.5/net/ipv6/raw.c 1 Jul 2003 16:42:06 -0000 1.31
+++ linux-2.5/net/ipv6/raw.c 3 Jul 2003 05:06:18 -0000
@@ -913,7 +913,7 @@
int bucket;
};
-#define raw6_seq_private(seq) ((struct raw6_iter_state *)&seq->private)
+#define raw6_seq_private(seq) ((struct raw6_iter_state *)(seq)->private)
static struct sock *raw6_get_first(struct seq_file *seq)
{
--
Hideaki YOSHIFUJI @ USAGI Project <[email protected]>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
On Thu, 3 Jul 2003, YOSHIFUJI Hideaki / [iso-2022-jp] 吉藤英明 wrote:
> I'm not so sure if this is ralated to BUG#863, but anyway;
>
> Following patch fixes segv/oops with /proc/net/{raw,igmp,mfilter,
> raw6,igmp6,mfilter6,anycast,ip6_flowlabel}.
Applied to bk://kernel.bkbits.net/jmorris/net-2.5
- James
--
James Morris
<[email protected]>