2.2.17 --- extreme format string weirdness in /proc

From: Nix (nix@esperi.demon.co.uk)
Date: Sat Sep 30 2000 - 09:09:10 EST

Yesterday, I noticed that netstat had stopped working on my 2.2.17 box
(with the reiserfs 3.5.26 patches and lm-sensors/i2c-2.5.2, as it
happens), built with gcc-1.1.2.

The reason is fairly self-evident:

: loki:/# cat /proc/net/dev
: Inter-| Receive | Transmit
: face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
: lo:%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu
: eth0:%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu

Probably not right.

This is repeated in other files (I only checked /proc; its
subdirectories are probably affected too, viz /proc/net/dev above):

: loki:/# cat /proc/uptime
: %lu.%lu %lu.%lu

: loki:/proc# cat locks
: 1: POSIX ADVISORY WRITE 481 08:07:%ld %ld %ld %lx %lx %lx %lx %lx
: 1: -> POSIX ADVISORY WRITE 174 08:07:%ld %ld %ld %lx %lx %lx %lx %lx
: 1: -> POSIX ADVISORY WRITE 175 08:07:%ld %ld %ld %lx %lx %lx %lx %lx

: loki:/proc# cat meminfo
: total: used: free: shared: buffers: cached:
: Mem: %lu %lu %lu %lu %lu %lu
: Swap: %lu %lu %lu
: MemTotal: %lu kB
: MemFree: %lu kB
: MemShared: %lu kB
: Buffers: %lu kB
: Cached: %lu kB
: SwapTotal: %lu kB
: SwapFree: %lu kB

: loki:/proc# cat modules
: lm75 %lu%ld
: lm78 %lu%ld
: sensors %lu%ld [lm75 lm78]
: i2c-isa %lu%ld (unused)
: i2c-piix4 %lu%ld (unused)
: i2c-core %lu%ld [lm75 lm78 sensors i2c-isa i2c-piix4]
: sb %lu%ld
: uart401 %lu%ld [sb]
: sound %lu%ld [sb uart401]
: soundlow %lu%ld [sound]
: soundcore %lu%ld [sb sound]
: nls_cp437 %lu%ld (autoclean)
: reiserfs %lu%ld

: loki:/proc# cat slabinfo
: slabinfo - version: 1.0
: kmem_cache %lu %lu
: pio_request %lu %lu
: tcp_tw_bucket %lu %lu
: tcp_bind_bucket %lu %lu
: tcp_open_request %lu %lu
: skbuff_head_cache %lu %lu
: sock %lu %lu
: dquot %lu %lu
: filp %lu %lu
: signal_queue %lu %lu
: buffer_head %lu %lu
: mm_struct %lu %lu
: vm_area_struct %lu %lu
: dentry_cache %lu %lu
: files_cache %lu %lu
: uid_cache %lu %lu
: size-131072 %lu %lu
: size-65536 %lu %lu
: size-32768 %lu %lu
: size-16384 %lu %lu
: size-8192 %lu %lu
: size-4096 %lu %lu
: size-2048 %lu %lu
: size-1024 %lu %lu
: size-512 %lu %lu
: size-256 %lu %lu
: size-128 %lu %lu
: size-64 %lu %lu
: size-32 %lu %lu
: slab_cache %lu %lu

: loki:/proc# cat stat
: cpu 10801482 36327863 3223181 %lu
: disk 25052 2198771 0 0
: disk_rio 0 1390850 0 0
: disk_wio 0 807921 0 0
: disk_rblk 0 3675365 0 0
: disk_wblk 0 2264982 0 0
: page 0 6518171
: swap 4765642 246633
: intr 98595 50377578 501107 0 0 0 31628678 3 0 141 4926244 0 1028218 341901 1 1332247 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
: ctxt 810791682
: btime %lu
: processes %lu

(really weird; half the fields OK, half %lu?!?)

/proc/ksyms contains random garbage.

/proc/ioports oopses if I try to cat it, but the oops message that
results isn't much use, as the same gremlins have been at it:

: Sep 30 14:57:19 loki kernel: Unable to handle kernel NULL pointer dereference at virtual address %%lx
: Sep 30 14:57:19 loki last message repeated 2 times
: Sep 30 14:57:19 loki kernel: current->tss.cr3 = %%lx, %%cr3 = %%lx
: Sep 30 14:57:20 loki last message repeated 2 times
: Sep 30 14:57:20 loki kernel: *pde = %%lx
: Sep 30 14:57:20 loki last message repeated 2 times
: Sep 30 14:57:20 loki kernel: Oops: %%lx
: Sep 30 14:57:20 loki kernel: Oops: %%lx
: Sep 30 14:57:20 loki kernel: CPU: 0
: Sep 30 14:57:20 loki kernel: CPU: 0
: Sep 30 14:57:20 loki kernel: EIP: 0010:[<%lx>]
: Sep 30 14:57:20 loki kernel: EIP: 0010:[<%lx>]
: Sep 30 14:57:20 loki kernel: EFLAGS: %%lx
: Sep 30 14:57:20 loki kernel: EFLAGS: %%lx
: Sep 30 14:57:20 loki kernel: eax: %%lx ebx: %%lx ecx: %%lx edx: %%lx
: Sep 30 14:57:20 loki kernel: eax: %%lx ebx: %%lx ecx: %%lx edx: %%lx
: Sep 30 14:57:20 loki kernel: esi: %%lx edi: %%lx ebp: %%lx esp: %%lx
: Sep 30 14:57:20 loki kernel: esi: %%lx edi: %%lx ebp: %%lx esp: %%lx
: Sep 30 14:57:20 loki kernel: ds: 0018 es: 0018 ss: 0018
: Sep 30 14:57:20 loki kernel: ds: 0018 es: 0018 ss: 0018
: Sep 30 14:57:20 loki kernel: Process cat (pid: 14808, process nr: 171, stackpage=%%lx)
: Sep 30 14:57:20 loki kernel: Process cat (pid: 14808, process nr: 171, stackpage=%%lx)
: Sep 30 14:57:20 loki kernel: Stack: %%lx %%lx %%lx %%lx %%lx %%lx %%lx %%lx
: Sep 30 14:57:20 loki kernel: Stack: %%lx %%lx %%lx %%lx %%lx %%lx %%lx %%lx
: Sep 30 14:57:20 loki kernel: %%lx %%lx %%lx %%lx %%lx %%lx %%lx %%lx
: Sep 30 14:57:20 loki last message repeated 2 times
: Sep 30 14:57:20 loki kernel: Call Trace: [<%lx>] [<%lx>] [<%lx>] [<%lx>] [<%lx>] [<%lx>] [<%lx>]
: Sep 30 14:57:21 loki kernel: %%lx %%lx %%lx %%lx %%lx %%lx %%lx %%lx
: Sep 30 14:57:21 loki kernel: Call Trace: [<%lx>] [<%lx>] [<%lx>] [<%lx>] [<%lx>] [<%lx>] [<%lx>]
: Sep 30 14:57:21 loki kernel: [<%lx>] [<%lx>] [<%lx>]
: Sep 30 14:57:21 loki kernel: [<%lx>] [<%lx>] [<%lx>]
: Sep 30 14:57:21 loki kernel: Code: 80 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 89 44 24 10 f7 c5
: Sep 30 14:57:21 loki kernel: Code: 80 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 89 44 24 10 f7 c5

Likewise /proc/rtc.

It's not been wrong forever; it went wrong without warning at 5 days, 19
hours, 45 minutes uptime, according to procmeter.

More cats are available upon request :) 

-- 
`Ergotism is what you get if you overuse the word "therefore". Egotism
 on the other hand is a form of "I" strain.' --- Paul Martin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Sat Sep 30 2000 - 21:00:26 EST