Re: fix fs/quota/dquot.c oops error
On Mon 02-11-20 16:38:00, 1 wrote: >An oops error will appear if you follow the steps below: >1.gcc -o test test.c >2.sudo ./test > > >The error can be found in the dmesg file , in the function of >"dquot_add_space". Because a pointer named "dquot" is illegal , so it >need to use functions to detect the pointer. Through the test, it is >found that this function named "access_ok" meets the requirements. Thanks for the patch but it is not correct. A proper fix for this syzbot reproducer is to add more sanity checking into quota code to verify quota file headers are not corrupted. Because these corrupted headers cause bogus return values from get_free_blk() and possibly other quota functions which then confuse __dquot_initialize(). Honza -- Jan Kara SUSE Labs, CR
Oops error
Hello Sorry I had to send this to the whole developer list - there wasn't much in the output of ksymoops that told me who to send it to. Here's the background in case this is useful: I have a background process that plays mp3's through amp. After one finished and another tried to start, I got the oops and the mp3 never played (it went on to the next one). The mp3 was on a UDF CD-RW, and the next one it played was on the hard drive. Soon thereafter I noticed that all mp3's had stopped and that any process that tried to read anything from /cdrom (including ls /cdrom) went into daemon state and refused to die, even with kill -9. I'm guessing that this means the problem is in either the CD-ROM code or the UDF code, but it might be unrelated. I've attached the output from ksymoops. B4N Bruce /\ | Bruce Merry (Entropy)| bmerry at iafrica dot com | | Proud user of Linux! | http://www.cs.uct.ac.za/~bmerry | | Disc space -- the final frontier! | \/ ksymoops 2.3.4 on i686 2.4.0-test8. Options used -V (default) -k /proc/ksyms (default) -l /proc/modules (default) -o /lib/modules/2.4.0-test8/ (default) -m /usr/src/linux/System.map (default) Warning: You did not tell me where to find symbol information. I will assume that the log matches the kernel and modules that are running right now and I'll use the default options above for symbol resolution. If the current kernel and/or modules do not match the log, you can get more accurate output by telling me the kernel version and where to find map, modules, ksyms etc. ksymoops -h explains the options. Sep 11 19:31:10 cheese kernel: Oops: Sep 11 19:31:10 cheese kernel: CPU:0 Sep 11 19:31:10 cheese kernel: EIP:0010:[] Using defaults from ksymoops -t elf32-i386 -a i386 Sep 11 19:31:10 cheese kernel: EFLAGS: 00010246 Sep 11 19:31:10 cheese kernel: eax: c2da4080 ebx: c3bf9ca0 ecx: 0008 edx: 07e81b13 Sep 11 19:31:10 cheese kernel: esi: c2ad edi: 0005 ebp: esp: c2de1ccc Sep 11 19:31:10 cheese kernel: ds: 0018 es: 0018 ss: 0018 Sep 11 19:31:10 cheese kernel: Process amp (pid: 366, stackpage=c2de1000) Sep 11 19:31:10 cheese kernel: Stack: c3bf9ca0 c2ad8400 fd036273 c2de1d64 c2de1d08 c4851f0f Sep 11 19:31:10 cheese kernel:c2ad8400 fd036273 c3df9800 c378f5e0 Sep 11 19:31:10 cheese kernel:c484f25f c2ad8400 fd036273 c28d1860 c3df9800 Sep 11 19:31:10 cheese kernel: Call Trace: [] [] [] [] [] [] [tcp_v4_send_check+45/112] Sep 11 19:31:10 cheese kernel:[] [do_no_page+84/256] [d_alloc+21/368] [real_lookup+79/224] [path_walk+614/2144] [open_namei+118/1360] [filp_open+49/112] [getname+104/176] Sep 11 19:31:10 cheese kernel: Code: 0f b6 14 02 eb 3b 8d b6 00 00 00 00 8d bc 27 00 00 00 00 80 >>EIP; c485223d <[sb]__module_parm_desc_acer+3ae5/b908> <= Trace; fd036273 Trace; c4851f0f <[sb]__module_parm_desc_acer+37b7/b908> Trace; fd036273 Trace; c484f25f <[sb]__module_parm_desc_acer+b07/b908> Trace; fd036273 Trace; fd036273 Trace; c484f5b1 <[sb]__module_parm_desc_acer+e59/b908> Code; c485223d <[sb]__module_parm_desc_acer+3ae5/b908> <_EIP>: Code; c485223d <[sb]__module_parm_desc_acer+3ae5/b908> <= 0: 0f b6 14 02 movzbl (%edx,%eax,1),%edx <= Code; c4852241 <[sb]__module_parm_desc_acer+3ae9/b908> 4: eb 3b jmp41 <_EIP+0x41> c485227e <[sb]__module_parm_desc_acer+3b26/b908> Code; c4852243 <[sb]__module_parm_desc_acer+3aeb/b908> 6: 8d b6 00 00 00 00 leal 0x0(%esi),%esi Code; c4852249 <[sb]__module_parm_desc_acer+3af1/b908> c: 8d bc 27 00 00 00 00 leal 0x0(%edi,1),%edi Code; c4852250 <[sb]__module_parm_desc_acer+3af8/b908> 13: 80 00 00 addb $0x0,(%eax) 1 warning issued. Results may not be reliable.
Oops error
Hello Sorry I had to send this to the whole developer list - there wasn't much in the output of ksymoops that told me who to send it to. Here's the background in case this is useful: I have a background process that plays mp3's through amp. After one finished and another tried to start, I got the oops and the mp3 never played (it went on to the next one). The mp3 was on a UDF CD-RW, and the next one it played was on the hard drive. Soon thereafter I noticed that all mp3's had stopped and that any process that tried to read anything from /cdrom (including ls /cdrom) went into daemon state and refused to die, even with kill -9. I'm guessing that this means the problem is in either the CD-ROM code or the UDF code, but it might be unrelated. I've attached the output from ksymoops. B4N Bruce /\ | Bruce Merry (Entropy)| bmerry at iafrica dot com | | Proud user of Linux! | http://www.cs.uct.ac.za/~bmerry | | Disc space -- the final frontier! | \/ ksymoops 2.3.4 on i686 2.4.0-test8. Options used -V (default) -k /proc/ksyms (default) -l /proc/modules (default) -o /lib/modules/2.4.0-test8/ (default) -m /usr/src/linux/System.map (default) Warning: You did not tell me where to find symbol information. I will assume that the log matches the kernel and modules that are running right now and I'll use the default options above for symbol resolution. If the current kernel and/or modules do not match the log, you can get more accurate output by telling me the kernel version and where to find map, modules, ksyms etc. ksymoops -h explains the options. Sep 11 19:31:10 cheese kernel: Oops: Sep 11 19:31:10 cheese kernel: CPU:0 Sep 11 19:31:10 cheese kernel: EIP:0010:[c485223d] Using defaults from ksymoops -t elf32-i386 -a i386 Sep 11 19:31:10 cheese kernel: EFLAGS: 00010246 Sep 11 19:31:10 cheese kernel: eax: c2da4080 ebx: c3bf9ca0 ecx: 0008 edx: 07e81b13 Sep 11 19:31:10 cheese kernel: esi: c2ad edi: 0005 ebp: esp: c2de1ccc Sep 11 19:31:10 cheese kernel: ds: 0018 es: 0018 ss: 0018 Sep 11 19:31:10 cheese kernel: Process amp (pid: 366, stackpage=c2de1000) Sep 11 19:31:10 cheese kernel: Stack: c3bf9ca0 c2ad8400 fd036273 c2de1d64 c2de1d08 c4851f0f Sep 11 19:31:10 cheese kernel:c2ad8400 fd036273 c3df9800 c378f5e0 Sep 11 19:31:10 cheese kernel:c484f25f c2ad8400 fd036273 c28d1860 c3df9800 Sep 11 19:31:10 cheese kernel: Call Trace: [fd036273] [c4851f0f] [fd036273] [c484f25f] [fd036273] [fd036273] [tcp_v4_send_check+45/112] Sep 11 19:31:10 cheese kernel:[c484f5b1] [do_no_page+84/256] [d_alloc+21/368] [real_lookup+79/224] [path_walk+614/2144] [open_namei+118/1360] [filp_open+49/112] [getname+104/176] Sep 11 19:31:10 cheese kernel: Code: 0f b6 14 02 eb 3b 8d b6 00 00 00 00 8d bc 27 00 00 00 00 80 EIP; c485223d [sb]__module_parm_desc_acer+3ae5/b908 = Trace; fd036273 END_OF_CODE+387b841c/ Trace; c4851f0f [sb]__module_parm_desc_acer+37b7/b908 Trace; fd036273 END_OF_CODE+387b841c/ Trace; c484f25f [sb]__module_parm_desc_acer+b07/b908 Trace; fd036273 END_OF_CODE+387b841c/ Trace; fd036273 END_OF_CODE+387b841c/ Trace; c484f5b1 [sb]__module_parm_desc_acer+e59/b908 Code; c485223d [sb]__module_parm_desc_acer+3ae5/b908 _EIP: Code; c485223d [sb]__module_parm_desc_acer+3ae5/b908 = 0: 0f b6 14 02 movzbl (%edx,%eax,1),%edx = Code; c4852241 [sb]__module_parm_desc_acer+3ae9/b908 4: eb 3b jmp41 _EIP+0x41 c485227e [sb]__module_parm_desc_acer+3b26/b908 Code; c4852243 [sb]__module_parm_desc_acer+3aeb/b908 6: 8d b6 00 00 00 00 leal 0x0(%esi),%esi Code; c4852249 [sb]__module_parm_desc_acer+3af1/b908 c: 8d bc 27 00 00 00 00 leal 0x0(%edi,1),%edi Code; c4852250 [sb]__module_parm_desc_acer+3af8/b908 13: 80 00 00 addb $0x0,(%eax) 1 warning issued. Results may not be reliable.