Bug in test9's fs/open.c

Thu, 05 Oct 2000 04:54:55 -0700 

        Hi there,

I ran into this oops with test9. It appears on irregular base i.e.
it can be immediately after i run X or minutes later.

As far as i can see the problem is a wild pointer (the first
argument of filp_close - filp) in filp_close(), which is called
by sys_close().

Actually to filp is assigned value from files->fd pool.


Attached is the ksymoops output of the oops. 


        Petkan
ksymoops 2.3.4 on i686 2.4.0-test9.  Options used
     -V (default)
     -k /proc/ksyms (default)
     -l /proc/modules (default)
     -o /lib/modules/2.4.0-test9/ (default)
     -m /boot/System.map-2.4.0-test9 (default)

Warning: You did not tell me where to find symbol information.  I will
assume that the log matches the kernel and modules that are running
right now and I'll use the default options above for symbol resolution.
If the current kernel and/or modules do not match the log, you can get
more accurate output by telling me the kernel version and where to find
map, modules, ksyms etc.  ksymoops -h explains the options.

Unable to handle kernel paging request at virtual address 00040135
c0129f16
*pde = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[<c0129f16>]
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010297
eax: c7d9cc60   ebx: 00040121   ecx: 00000004   edx: c7d9cbc0
esi: bffff604   edi: 00000000   ebp: bffff60c   esp: c76fbfa8
ds: 0018   es: 0018   ss: 0018
Process bash (pid: 1501, stackpage=c76fb000)
Stack: 00040121 bffff604 c0129fb7 00040121 c7d9cbc0 c76fa000 c0108d37 00000004 
       00000000 000005de bffff604 00000000 bffff60c 00000006 0000002b 0000002b 
       00000006 400e846d 00000023 00000287 bffff5d0 0000002b 
Call Trace: [<c0129fb7>] [<c0108d37>] 
Code: 8b 43 14 85 c0 75 13 68 e2 09 1b c0 e8 c5 af fe ff 31 c0 83 

>>EIP; c0129f16 <filp_close+6/64>   <=====
Trace; c0129fb7 <sys_close+43/54>
Trace; c0108d37 <system_call+33/38>
Code;  c0129f16 <filp_close+6/64>
00000000 <_EIP>:
Code;  c0129f16 <filp_close+6/64>   <=====
   0:   8b 43 14                  mov    0x14(%ebx),%eax   <=====
Code;  c0129f19 <filp_close+9/64>
   3:   85 c0                     test   %eax,%eax
Code;  c0129f1b <filp_close+b/64>
   5:   75 13                     jne    1a <_EIP+0x1a> c0129f30 <filp_close+20/64>
Code;  c0129f1d <filp_close+d/64>
   7:   68 e2 09 1b c0            push   $0xc01b09e2
Code;  c0129f22 <filp_close+12/64>
   c:   e8 c5 af fe ff            call   fffeafd6 <_EIP+0xfffeafd6> c0114eec 
<printk+0/15c>
Code;  c0129f27 <filp_close+17/64>
  11:   31 c0                     xor    %eax,%eax
Code;  c0129f29 <filp_close+19/64>
  13:   83 00 00                  addl   $0x0,(%eax)


1 warning issued.  Results may not be reliable.

Reply via email to