Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759613AbYFIJoU (ORCPT ); Mon, 9 Jun 2008 05:44:20 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1758635AbYFIJoJ (ORCPT ); Mon, 9 Jun 2008 05:44:09 -0400 Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.123]:51100 "EHLO cdptpa-omtalb.mail.rr.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758153AbYFIJoH (ORCPT ); Mon, 9 Jun 2008 05:44:07 -0400 X-Greylist: delayed 5016 seconds by postgrey-1.27 at vger.kernel.org; Mon, 09 Jun 2008 05:44:07 EDT Message-ID: <484CE70A.60703@cfl.rr.com> Date: Mon, 09 Jun 2008 04:17:14 -0400 From: Mark Hounschell User-Agent: Thunderbird 2.0.0.12 (X11/20080226) MIME-Version: 1.0 To: "Luis Claudio R. Goncalves" CC: Steven Rostedt , LKML , RT , Ingo Molnar Subject: Re: 2.6.24.7-rt13 Oops References: <1212723195.24785.40.camel@localhost.localdomain> <484BA2E3.9010305@cfl.rr.com> <20080608125119.GS28755@unix.sh> In-Reply-To: <20080608125119.GS28755@unix.sh> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4872 Lines: 120 Luis Claudio R. Goncalves wrote: > On Sun, Jun 08, 2008 at 05:14:11AM -0400, Mark Hounschell wrote: >> BUG: unable to handle kernel paging request at virtual address 00656c0c > > It seems like you have just found a buffer overflow in vsnprintf... as the > requested address was "el\n" :) > > I wonder where do this data came from. Could you please send us the log > lines around this oops? I have the impression something was printed right > before the oops. > > Luis > There is nothing else around the Oops in the log. However a non-RT kernel will print this. Jun 9 04:15:26 harley kernel: CDB: Jun 9 04:15:26 harley kernel: aic7xxx_dev_reset returns 0x2002 >> printing eip: c01cb82e *pde = 00000000 >> Oops: 0000 [#1] PREEMPT SMP >> Modules linked in: lp af_packet appletalk ax25 ipx p8023 udf ip6t_LOG >> nf_conntrack_ipv6 xt_pkttype ipt_LOG xt_limit snd_pcm_oss snd_mixer_oss >> snd_seq snd_seq_device ip6t_REJECT xt_tcpudp ipt_REJECT xt_state >> iptable_mangle iptable_nat nf_nat iptable_filter ip6table_mangle >> nf_conntrack_ipv4 nf_conntrack ip_tables ip6table_filter ip6_tables >> x_tables ipv6 fuse loop dm_mod snd_hda_intel snd_pcm snd_timer rtc_cmos snd >> rtc_core osst ati_agp i2c_piix4 e1000 ide_cd soundcore parport_pc agpgart >> rtc_lib cdrom sky2 k8temp snd_page_alloc st hwmon i2c_core parport ide_disk >> sg ehci_hcd ohci_hcd usbcore ssb sd_mod edd ext3 mbcache jbd aic7xxx >> scsi_transport_spi pata_jmicron atiixp ide_core ahci libata scsi_mod >> >> Pid: 9661, comm: v27 Not tainted (2.6.24.7-rt13 #3) >> EIP: 0060:[] EFLAGS: 00210097 CPU: 1 >> EIP is at strnlen+0x6/0x18 >> EAX: 00656c0c EBX: 00656c0c ECX: 00656c0c EDX: fffffffe >> ESI: c03c605c EDI: ebb2fdb0 EBP: ffffffff ESP: ebb2fccc >> DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 preempt:00000002 >> Process v27 (pid: 9661, ti=ebb2e000 task=f3ca1810 task.ti=ebb2e000) >> Stack: c01caf08 00200246 c0177fb3 f3c22b40 ebb2fd54 c4835a70 c4835a6c >> 00000400 >> c03c604c c01c6572 c03c644c 00000000 ffffffff f4f573b6 00000400 >> 00656c0c >> f325a9e0 c03c604c c01cb170 ebb2fda8 f4f5739c c011b8fd ebb2fda8 >> 00000b61 >> Call Trace: >> [] vsnprintf+0x29d/0x46a >> [] dput+0x2c/0xff >> [] __next_cpu+0x12/0x21 >> [] vscnprintf+0x14/0x20 >> [] vprintk+0xdc/0x2c8 >> [] __switch_to+0x15/0x11f >> [] __spin_unlock+0xc/0x20 >> [] finish_task_switch+0x26/0x83 >> [] printk+0x1b/0x1f >> [] ahc_linux_queue_recovery_cmd+0x6f/0x982 [aic7xxx] >> [] lock_hrtimer_base+0x15/0x2f >> [] kmem_cache_alloc+0x7d/0xb1 >> [] ahc_linux_dev_reset+0xe/0x2a [aic7xxx] >> [] scsi_try_bus_device_reset+0x1d/0x3c [scsi_mod] >> [] scsi_reset_provider+0x98/0x12a [scsi_mod] >> [] find_extend_vma+0x12/0x49 >> [] get_futex_key+0x6e/0x122 >> [] futex_wait+0x1fc/0x2dc >> [] futex_wahke+0xb8/0xc2 >> [] do_futex+0x7a/0x9eb >> [] hrtimer_forward+0xba/0xd0 >> [] sg_ioctl+0x8d3/0x9dd [sg] >> [] __spin_unlock+0xc/0x20 >> [] getnstimeofday+0x2b/0xb2 >> [] rt_mutex_lock+0x15/0x3f >> [] rt_down+0xe/0x26 >> [] do_ioctl+0x4c/0x62 >> [] vfs_ioctl+0x237/0x249 >> [] sys_ioctl+0x45/0x5d >> [] sysenter_past_esp+0x5f/0x85 >> ======================= >> --------------------------- >> | preempt count: 00000002 ] >> | 2-level deep critical section nesting: >> ---------------------------------------- >> .. [] .... vprintk+0x11/0x2c8 >> .....[<00000000>] .. ( <= _stext+0x3feff000/0x14) >> .. [] .... __spin_lock+0xd/0x23 >> .....[<00000000>] .. ( <= _stext+0x3feff000/0x14) >> >> Code: c9 74 0c f2 ae 74 05 bf 01 00 00 00 4f 89 fa 5f 89 d0 c3 85 c9 57 89 >> c7 89 d0 74 05 f2 ae 75 01 4f 89 f8 5f c3 89 c1 89 c8 eb 06 <80> 38 00 74 >> 07 40 4a 83 fa ff 75 f4 29 c8 c3 90 90 90 57 83 c9 >> EIP: [] strnlen+0x6/0x18 SS:ESP 0068:ebb2fccc >> ---[ end trace a30b09d6b0410b5f ]--- >> note: v27[9661] exited with preempt_count 1 >> >> >> What causes it: >> >> rst_command = SG_SCSI_RESET_DEVICE; >> if (ioctl(Q->DevSpec1, SG_SCSI_RESET, &rst_command) < 0) >> perror("gen_rst: Scsi Device Reset"); >> >> >> Regards >> Mark >> >> >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-rt-users" in >> the body of a message to majordomo@vger.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html > ---end quoted text--- > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/