* Re: Linux 2.5.74: BUG at mm/slab.c:1537
@ 2003-07-03 20:13 Manfred Spraul
2003-07-03 21:17 ` Andrew Morton
0 siblings, 1 reply; 5+ messages in thread
From: Manfred Spraul @ 2003-07-03 20:13 UTC (permalink / raw)
To: Andy Pfiffer; +Cc: linux-kernel, yoshfuji, Andrew Morton
The problem is caused by changeset 1.1310.102.3, 2003/07/01
02:01:51+10:00, yoshfuji@linux-ipv6.org:
http://linus.bkbits.net:8080/linux-2.5/diffs/net/ipv4/raw.c@3f005eebc5YsuvTFXhDo-QDhPEgh5Q?nav=index.html
(Subject: [NET] fixed /proc/net/raw{,6} seq_file support)
raw_iter_state is just an integer. Without that patch, the integer is
stored directly in the seq->private pointer (note the & in the define of
raw_seq_private, around line 690 of net/ipv4/raw.c). The patch converts
part of the code to an pointer to an integer, but other parts still
consider seq->private as an integer. The oops is actually a BUG
statement in kmalloc: it complains (if CONFIG_DEBUG_SLAB is enabled)
about the invalid pointer.
--
Manfred
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Linux 2.5.74: BUG at mm/slab.c:1537
2003-07-03 20:13 Linux 2.5.74: BUG at mm/slab.c:1537 Manfred Spraul
@ 2003-07-03 21:17 ` Andrew Morton
2003-07-04 0:42 ` YOSHIFUJI Hideaki / 吉藤英明
0 siblings, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2003-07-03 21:17 UTC (permalink / raw)
To: Manfred Spraul; +Cc: andyp, linux-kernel, yoshfuji, akpm
Manfred Spraul <manfred@colorfullife.com> wrote:
>
> The problem is caused by changeset 1.1310.102.3, 2003/07/01
> 02:01:51+10:00, yoshfuji@linux-ipv6.org:
>
> http://linus.bkbits.net:8080/linux-2.5/diffs/net/ipv4/raw.c@3f005eebc5YsuvTFXhDo-QDhPEgh5Q?nav=index.html
> (Subject: [NET] fixed /proc/net/raw{,6} seq_file support)
>
> raw_iter_state is just an integer. Without that patch, the integer is
> stored directly in the seq->private pointer (note the & in the define of
> raw_seq_private, around line 690 of net/ipv4/raw.c). The patch converts
> part of the code to an pointer to an integer, but other parts still
> consider seq->private as an integer. The oops is actually a BUG
> statement in kmalloc: it complains (if CONFIG_DEBUG_SLAB is enabled)
> about the invalid pointer.
>
This is the patch out of bugzilla. I'm not sure who wrote it, and
there is no description.
(Could people please not do that? If you have a patch which fixes a
bug, please squirt it to the mailing list)
25-akpm/net/ipv4/igmp.c | 4 ++--
25-akpm/net/ipv4/raw.c | 2 +-
25-akpm/net/ipv6/anycast.c | 2 +-
25-akpm/net/ipv6/ip6_flowlabel.c | 2 +-
25-akpm/net/ipv6/mcast.c | 4 ++--
25-akpm/net/ipv6/raw.c | 2 +-
6 files changed, 8 insertions(+), 8 deletions(-)
diff -puN net/ipv4/igmp.c~netstat-oops-fix net/ipv4/igmp.c
--- 25/net/ipv4/igmp.c~netstat-oops-fix Thu Jul 3 12:31:19 2003
+++ 25-akpm/net/ipv4/igmp.c Thu Jul 3 12:31:19 2003
@@ -2099,7 +2099,7 @@ struct igmp_mc_iter_state {
struct in_device *in_dev;
};
-#define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)&seq->private)
+#define igmp_mc_seq_private(seq) ((struct igmp_mc_iter_state *)(seq)->private)
static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq)
{
@@ -2254,7 +2254,7 @@ struct igmp_mcf_iter_state {
struct ip_mc_list *im;
};
-#define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)&seq->private)
+#define igmp_mcf_seq_private(seq) ((struct igmp_mcf_iter_state *)(seq)->private)
static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq)
{
diff -puN net/ipv4/raw.c~netstat-oops-fix net/ipv4/raw.c
--- 25/net/ipv4/raw.c~netstat-oops-fix Thu Jul 3 12:31:19 2003
+++ 25-akpm/net/ipv4/raw.c Thu Jul 3 12:31:19 2003
@@ -687,7 +687,7 @@ struct raw_iter_state {
int bucket;
};
-#define raw_seq_private(seq) ((struct raw_iter_state *)&seq->private)
+#define raw_seq_private(seq) ((struct raw_iter_state *)(seq)->private)
static struct sock *raw_get_first(struct seq_file *seq)
{
diff -puN net/ipv6/anycast.c~netstat-oops-fix net/ipv6/anycast.c
--- 25/net/ipv6/anycast.c~netstat-oops-fix Thu Jul 3 12:31:19 2003
+++ 25-akpm/net/ipv6/anycast.c Thu Jul 3 12:31:19 2003
@@ -441,7 +441,7 @@ struct ac6_iter_state {
struct inet6_dev *idev;
};
-#define ac6_seq_private(seq) ((struct ac6_iter_state *)&seq->private)
+#define ac6_seq_private(seq) ((struct ac6_iter_state *)(seq)->private)
static inline struct ifacaddr6 *ac6_get_first(struct seq_file *seq)
{
diff -puN net/ipv6/ip6_flowlabel.c~netstat-oops-fix net/ipv6/ip6_flowlabel.c
--- 25/net/ipv6/ip6_flowlabel.c~netstat-oops-fix Thu Jul 3 12:31:19 2003
+++ 25-akpm/net/ipv6/ip6_flowlabel.c Thu Jul 3 12:31:19 2003
@@ -559,7 +559,7 @@ struct ip6fl_iter_state {
int bucket;
};
-#define ip6fl_seq_private(seq) ((struct ip6fl_iter_state *)&(seq)->private)
+#define ip6fl_seq_private(seq) ((struct ip6fl_iter_state *)(seq)->private)
static struct ip6_flowlabel *ip6fl_get_first(struct seq_file *seq)
{
diff -puN net/ipv6/mcast.c~netstat-oops-fix net/ipv6/mcast.c
--- 25/net/ipv6/mcast.c~netstat-oops-fix Thu Jul 3 12:31:19 2003
+++ 25-akpm/net/ipv6/mcast.c Thu Jul 3 12:31:19 2003
@@ -2045,7 +2045,7 @@ struct igmp6_mc_iter_state {
struct inet6_dev *idev;
};
-#define igmp6_mc_seq_private(seq) ((struct igmp6_mc_iter_state *)&seq->private)
+#define igmp6_mc_seq_private(seq) ((struct igmp6_mc_iter_state *)(seq)->private)
static inline struct ifmcaddr6 *igmp6_mc_get_first(struct seq_file *seq)
{
@@ -2185,7 +2185,7 @@ struct igmp6_mcf_iter_state {
struct ifmcaddr6 *im;
};
-#define igmp6_mcf_seq_private(seq) ((struct igmp6_mcf_iter_state *)&seq->private)
+#define igmp6_mcf_seq_private(seq) ((struct igmp6_mcf_iter_state *)(seq)->private)
static inline struct ip6_sf_list *igmp6_mcf_get_first(struct seq_file *seq)
{
diff -puN net/ipv6/raw.c~netstat-oops-fix net/ipv6/raw.c
--- 25/net/ipv6/raw.c~netstat-oops-fix Thu Jul 3 12:31:19 2003
+++ 25-akpm/net/ipv6/raw.c Thu Jul 3 12:31:19 2003
@@ -913,7 +913,7 @@ struct raw6_iter_state {
int bucket;
};
-#define raw6_seq_private(seq) ((struct raw6_iter_state *)&seq->private)
+#define raw6_seq_private(seq) ((struct raw6_iter_state *)(seq)->private)
static struct sock *raw6_get_first(struct seq_file *seq)
{
_
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Linux 2.5.74: BUG at mm/slab.c:1537
2003-07-03 21:17 ` Andrew Morton
@ 2003-07-04 0:42 ` YOSHIFUJI Hideaki / 吉藤英明
0 siblings, 0 replies; 5+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2003-07-04 0:42 UTC (permalink / raw)
To: akpm; +Cc: manfred, andyp, linux-kernel, akpm, yoshfuji
In article <20030703141758.12ec3825.akpm@osdl.org> (at Thu, 3 Jul 2003 14:17:58 -0700), Andrew Morton <akpm@osdl.org> says:
> This is the patch out of bugzilla. I'm not sure who wrote it, and
> there is no description.
>
> (Could people please not do that? If you have a patch which fixes a
> bug, please squirt it to the mailing list)
I am so sorry to have introduced this bug.
I am the author of the patch, and I have already submit it
here and to netdev.
http://www.ussg.iu.edu/hypermail/linux/kernel/0307.0/0503.html
--
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Linux 2.5.74: BUG at mm/slab.c:1537
@ 2003-07-03 15:17 Kronos
0 siblings, 0 replies; 5+ messages in thread
From: Kronos @ 2003-07-03 15:17 UTC (permalink / raw)
To: linux-kernel
Andy Pfiffer <andyp@osdl.org> ha scritto:
> kernel BUG at mm/slab.c:1537!
> invalid operand: 0000 [#1]
> CPU: 0
> EIP: 0060:[<c01457ad>] Not tainted
> EFLAGS: 00010002
> EIP is at kfree+0x35/0x268
> eax: 0000002c ebx: ded59b68 ecx: c150bc20 edx: c0412ce8
> esi: 00000100 edi: 00040000 ebp: df12df30 esp: df12df00
> ds: 007b es: 007b ss: 0068
> Process netstat (pid: 1405, threadinfo=df12c000 task=df3c6080)
> Stack: c0389060 00000100 ded59b68 df5e0e64 df0b4cb4 df12df6c df5e0e84
> df12df30
> c0344ca1 ded59b68 00000001 00000206 df12df48 c017ae8c 00000100
> defe1c54
> df5e0e64 df0b4cb4 df12df6c c015b9c7 df0b4cb4 df5e0e64 defe1c54
> df5e0e64
> Call Trace:
> [<c0344ca1>] raw_seq_start+0x4d/0x58
> [<c017ae8c>] seq_release_private+0x18/0x30
> [<c015b9c7>] __fput+0x3b/0xfc
> [<c015b987>] fput+0x17/0x1c
> [<c015a402>] filp_close+0x10a/0x118
> [<c015a4ba>] sys_close+0xaa/0x100
> [<c010af6f>] syscall_call+0x7/0xb
>
> Code: 0f 0b 01 06 27 8d 38 c0 83 c4 08 8d 04 bf c1 e0 03 89 45 f8
I can reproduce it with cat /proc/net/raw:
kernel BUG at mm/slab.c:1537!
invalid operand: 0000 [#7]
CPU: 0
EIP: 0060:[<c015ae85>] Not tainted
EFLAGS: 00010082
EIP is at kfree+0x315/0x330
eax: 0000002c ebx: 00040000 ecx: 00000000 edx: 00000001
esi: de5e390c edi: c8b355d0 ebp: e9edff1c esp: e9edfef0
ds: 007b es: 007b ss: 0068
Process cat (pid: 4564, threadinfo=e9ede000 task=dbcae3c0)
Stack: c0373c00 00000100 eeb94044 00000000 dff166c8 de5e392c e9edff1c 00000206
dff166c8 de5e390c c8b355d0 e9edff38 c01a9263 00000100 00000000 de5e390c
de5e390c effe67c4 e9edff5c c017a642 c8b355d0 de5e390c c8b355d0 eacf22e8
Call Trace:
[<c01a9263>] seq_release_private+0x23/0x3f
[<c017a642>] __fput+0x112/0x120
[<c017862a>] filp_close+0x15a/0x220
[<c01787f2>] sys_close+0x102/0x220
[<c01795df>] sys_read+0x3f/0x60
[<c010b10f>] syscall_call+0x7/0xb
Code: 0f 0b 01 06 b6 30 37 c0 e9 0f fd ff ff 8d b4 26 00 00 00 00
ksymoops says:
>>EIP; c015ae85 <kfree+315/330> <=====
>>esi; de5e390c <_end+1e161064/3fb7b758>
>>edi; c8b355d0 <_end+86b2d28/3fb7b758>
>>ebp; e9edff1c <_end+29a5d674/3fb7b758>
>>esp; e9edfef0 <_end+29a5d648/3fb7b758>
Trace; c01a9263 <seq_release_private+23/3f>
Trace; c017a642 <__fput+112/120>
Trace; c017862a <filp_close+15a/220>
Trace; c01787f2 <sys_close+102/220>
Trace; c01795df <sys_read+3f/60>
Trace; c010b10f <syscall_call+7/b>
Code; c015ae85 <kfree+315/330>
00000000 <_EIP>:
Code; c015ae85 <kfree+315/330> <=====
0: 0f 0b ud2a <=====
Code; c015ae87 <kfree+317/330>
2: 01 06 add %eax,(%esi)
Code; c015ae89 <kfree+319/330>
4: b6 30 mov $0x30,%dh
Code; c015ae8b <kfree+31b/330>
6: 37 aaa
Code; c015ae8c <kfree+31c/330>
7: c0 e9 0f shr $0xf,%cl
Code; c015ae8f <kfree+31f/330>
a: fd std
Code; c015ae90 <kfree+320/330>
b: ff (bad)
Code; c015ae91 <kfree+321/330>
c: ff 8d b4 26 00 00 decl 0x26b4(%ebp)
HTH,
Luca
--
Reply-To: kronos@kronoz.cjb.net
Home: http://kronoz.cjb.net
You and me baby ain't nothin' but mammals
So let's do it like they do on the Discovery Channel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Linux 2.5.74: BUG at mm/slab.c:1537
2003-07-02 21:36 Linux 2.5.74 Linus Torvalds
@ 2003-07-02 23:45 ` Andy Pfiffer
0 siblings, 0 replies; 5+ messages in thread
From: Andy Pfiffer @ 2003-07-02 23:45 UTC (permalink / raw)
To: Linus Torvalds; +Cc: Kernel Mailing List
2.5.74 booted okay, but after I "init 1", it BUG's (whitespace mangled):
Shutting down zope
done
Shutting down RPC portmap daemon
done
Shutting down SSH daemonkfree_debugcheck: out of range ptr 100h.
------------[ cut here ]------------
kernel BUG at mm/slab.c:1537!
invalid operand: 0000 [#1]
CPU: 0
EIP: 0060:[<c01457ad>] Not tainted
EFLAGS: 00010002
EIP is at kfree+0x35/0x268
eax: 0000002c ebx: ded59b68 ecx: c150bc20 edx: c0412ce8
esi: 00000100 edi: 00040000 ebp: df12df30 esp: df12df00
ds: 007b es: 007b ss: 0068
Process netstat (pid: 1405, threadinfo=df12c000 task=df3c6080)
Stack: c0389060 00000100 ded59b68 df5e0e64 df0b4cb4 df12df6c df5e0e84
df12df30
c0344ca1 ded59b68 00000001 00000206 df12df48 c017ae8c 00000100
defe1c54
df5e0e64 df0b4cb4 df12df6c c015b9c7 df0b4cb4 df5e0e64 defe1c54
df5e0e64
Call Trace:
[<c0344ca1>] raw_seq_start+0x4d/0x58
[<c017ae8c>] seq_release_private+0x18/0x30
[<c015b9c7>] __fput+0x3b/0xfc
[<c015b987>] fput+0x17/0x1c
[<c015a402>] filp_close+0x10a/0x118
[<c015a4ba>] sys_close+0xaa/0x100
[<c010af6f>] syscall_call+0x7/0xb
Code: 0f 0b 01 06 27 8d 38 c0 83 c4 08 8d 04 bf c1 e0 03 89 45 f8
done
Shutting down syslog services
failed
Shutting down network interfaces:
eth0
done
Shutting down personal-firewall [not active]
unused
Saving random seed
done
Loading keymap qwerty/us.map.gz
done
Loading console font lat1-16.psfu
done
Loading screenmap none
done
Setting up console ttys
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-07-04 0:26 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-03 20:13 Linux 2.5.74: BUG at mm/slab.c:1537 Manfred Spraul
2003-07-03 21:17 ` Andrew Morton
2003-07-04 0:42 ` YOSHIFUJI Hideaki / 吉藤英明
-- strict thread matches above, loose matches on Subject: below --
2003-07-03 15:17 Kronos
2003-07-02 21:36 Linux 2.5.74 Linus Torvalds
2003-07-02 23:45 ` Linux 2.5.74: BUG at mm/slab.c:1537 Andy Pfiffer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).