Pre-45 oopses

Michael L. Galbraith (mikeg@weiden.de)
Fri, 11 Jul 1997 06:27:11 +0200 (MET DST)


On 9 Jul 1997, Linus Torvalds wrote:

> Ok, how many people want to test out a pre-patch?
>
Never could resist a patch.

This oops is new to pre-45. It didn't eat the filesystem (spare :). System is
up-to-the-usec tools/libs wise MMX-150-Overdrive. Oops is reproducable.

Unable to handle kernel NULL pointer dereference at virtual address 0000001c
current->tss.cr3 = 04227000, `r3 = 04227000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c012917a>]
EFLAGS: 00010297
eax: 00000000 ebx: c43465a0 ecx: 00000003 edx: 00000000
esi: 00000001 edi: c43465a0 ebp: 00000001 esp: c4219f40
ds: 0018 es: 0018 ss: 0018
Process safedelchk (pid: 228, process nr: 17, stackpage=c4219000)
Stack: c43465a0 c4219f7c c01293b1 00000000 00000001 0000002e c48e600a c01294e3
c43465a0 c4219f7c 00000001 c4219fbc 00000001 bffffb88 0000612f c48e6006
00000003 00006130 c0129568 c48e6000 00000000 00000001 c4218000 bffff908
Call Trace: [<c01293b1>] [<c01294e3>] [<c0129568>] [<c01275ea>] [<c010944a>]
Code: 0f b7 5a 1c 8b 42 54 85 c0 74 13 8b 40 40 85 c0 74 0c 56 52
Using `/boot/2.1.44/System.map' to map addresses to symbols.

>>EIP: c012917a <permission+a/d8>
Trace: c01293b1 <lookup+15/60>
Trace: c01294e3 <lookup_dentry+b7/10c>
Trace: c0129568 <__namei+30/94>
Trace: c01275ea <sys_newstat+1a/6c>
Trace: c010944a <system_call+3a/40>

Code: c012917a <permission+a/d8> movzwl 0x1c(%edx),%ebx
Code: c012917e <permission+e/d8> movl 0x54(%edx),%eax
Code: c0129181 <permission+11/d8> testl %eax,%eax
Code: c0129183 <permission+13/d8> je c0129198 <permission+28/d8>
Code: c0129185 <permission+15/d8> movl 0x40(%eax),%eax
Code: c0129188 <permission+18/d8> testl %eax,%eax
Code: c012918a <permission+1a/d8> je c0129198 <permission+28/d8>
Code: c012918c <permission+1c/d8> pushl %esi
Code: c012918d <permission+1d/d8> pushl %edx
Code: c012918e <permission+1e/d8>

> Does this first pre-45 look better than plain 44?
>
> Linus
>

Well.. it still corrupts /proc/net/dev if I include ipv6 as a module. After
corruption, any process that touches proc/net/dev becomes unkillable runaway.

This Oops was generated by starting lmbench.. the latency progs were then
left in runaway mode with load at 6+. Eject ipv6, and it mostly works here.
Oops is fully reproducable evil bastard.

I removed ipv6, and was able to run lmbench ok. Afterward, I started the
byte benchmarks (does provide relative numbers) and took a nap. I awoke to
black death.. no magic keys.. doorknob dead. Fsck griped about deleted
inodes in the files byte uses to test, but fixed it ok again. (yeah Ted!)

Unable to handle kernel paging request at virtual address c581a7a0
current->tss.cr3 = 04d59000, `r3 = 04d59000
*pde = 04ec7063
*pte = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c014c1d3>]
EFLAGS: 00010246
eax: 00000000 ebx: c581a7a0 ecx: 00000000 edx: 00000000
esi: c4487f58 edi: c4487f58 ebp: c4487f38 esp: c4487f0c
ds: 0018 es: 0018 ss: 0018
Process netstat (pid: 532, process nr: 27, stackpage=c4487000)
Stack: bffff198 c48bf860 bffff198 00008912 c4dd186c 00000002 c4486000 000003e0
bffff280 00000400 bffff260 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 c014cc0e bffff198 bffff198 c016933b 00008912
Call Trace: [<c014cc0e>] [<c016933b>] [<c0146fc9>] [<c012ace7>] [<c010944a>]
Code: 8b 13 89 d6 89 ef fc ac aa 84 c0 75 fa 66 8b 43 46 66 89 44
Using `/boot/2.1.44/System.map' to map addresses to symbols.

>>EIP: c014c1d3 <dev_ifconf+af/18c>
Trace: c014cc0e <dev_ioctl+1aa/208>
Trace: c016933b <inet_ioctl+3eb/44c>
Trace: c0146fc9 <sock_ioctl+21/28>
Trace: c012ace7 <sys_ioctl+143/158>
Trace: c010944a <system_call+3a/40>

Code: c014c1d3 <dev_ifconf+af/18c> movl (%ebx),%edx
Code: c014c1d5 <dev_ifconf+b1/18c> movl %edx,%esi
Code: c014c1d7 <dev_ifconf+b3/18c> movl %ebp,%edi
Code: c014c1d9 <dev_ifconf+b5/18c> cld
Code: c014c1da <dev_ifconf+b6/18c> lodsb %ds:(%esi),%al
Code: c014c1db <dev_ifconf+b7/18c> stosb %al,%es:(%edi)
Code: c014c1dc <dev_ifconf+b8/18c> testb %al,%al
Code: c014c1de <dev_ifconf+ba/18c> jne c014c1da <dev_ifconf+b6/18c>
Code: c014c1e0 <dev_ifconf+bc/18c> movw 0x46(%ebx),%ax
Code: c014c1e4 <dev_ifconf+c0/18c> movw %ax,0xffffff90(%eax,%eax,1)
Code: c014c1e9 <dev_ifconf+c5/18c> nop
Code: c014c1ea <dev_ifconf+c6/18c> nop