[Fwd: Bug in procfs code]

Vladimir Pastukhov (vol@kom.mplik.ru)
Mon, 24 Feb 1997 19:19:52 +0459

Hello.

I've sent this to Linus, but then received an automated reply
about "Linus currently does not read email", so I'm forwarding
my message to linux-kernel.

Vladimir Pastukhov wrote:
>
> Hello, Linus !
>
> I've just found a bug related to proc filesystem
> code of Linux kernel.
>
> The problem appears when trying to access file descriptor
> of zombie process. I've first noticed it after installing
> open-1.4 and trying to run 'open -us' on Spawn_Console key
> from inittab.
>
> You can easily reproduce it using
> the following program:
>
> /* zombie.c */
> #include <unistd.h>
> main() {
> if (fork() == 0)
> exit(0);
> else
> while(1) sleep(10000);
> }
>
> This is what I've got on my machine:
>
> vol:~$ uname -a
> Linux vol 2.0.29 #10 Thu Feb 20 16:36:41 EKBT 1997 i586
> vol:~$ gcc zombie.c -o zombie
> vol:~$ ./zombie &
> [1] 14173
> vol:~$ ps | grep zombie
> 14173 3 S 0:00 ./zombie
> 14174 3 Z 0:00 (zombie <zombie>)
> 14181 3 S 0:00 grep zombie
> vol:~$ ls /proc/14174/fd/0
> general protection: 0000
> CPU: 0
> EIP: 0010:[<0015eb58>]
> EFLAGS: 00010286
> eax: 9f400165 ebx: ffffffff ecx: 00000000 edx: 00415810
> esi: 019bc010 edi: 0199b8b8 ebp: 0000375e esp: 00d00f18
> ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
> Process ls (pid: 14188, process nr: 78, stackpage=00d00000)
> Stack: 0199b8b8 00d00f74 00d00f74 00000001 001ee298 0012a89a 0199b8b8
> 019bc010
> 00000001 00d00f74 00000000 00d00f74 00d00fb4 bffff30c 00000000
> 0012aaa0
> 0199b8b8 019bc00f 00000001 00d00f74 00000000 00d00fb4 bffff49a
> 00000000
> Call Trace: [<0012a89a>] [<0012aaa0>] [<0012ab38>] [<00128ded>]
> [<0010a615>]
> Code: 83 78 30 00 0f 84 b8 fe ff ff 89 e8 c1 e0 10 8d 84 08 00 01
> Segmentation fault
> vol:~$
>
> System doesn't crash, and my system log contains:
>
> Feb 24 18:29:59 vol kernel: general protection: 0000
> Feb 24 18:29:59 vol kernel: CPU: 0
> Feb 24 18:29:59 vol kernel: EIP: 0010:[proc_lookupfd+360/436]
> Feb 24 18:29:59 vol kernel: EFLAGS: 00010286
> Feb 24 18:29:59 vol kernel: eax: 9f400165 ebx: ffffffff ecx:
> 00000000 edx: 00415810
> Feb 24 18:29:59 vol kernel: esi: 019bc010 edi: 0199b8b8 ebp:
> 0000375e esp: 00d00f18
> Feb 24 18:29:59 vol kernel: ds: 0018 es: 0018 fs: 002b gs: 002b
> ss: 0018
> Feb 24 18:29:59 vol kernel: Process ls (pid: 14188, process nr: 78,
> stackpage=00d00000)
> Feb 24 18:29:59 vol kernel: Stack: 0199b8b8 00d00f74 00d00f74 00000001
> 001ee298 0012a89a 0199b8b8 019bc010
> Feb 24 18:29:59 vol kernel: 00000001 00d00f74 00000000 00d00f74
> 00d00fb4 bffff30c 00000000 0012aaa0
> Feb 24 18:29:59 vol kernel: 0199b8b8 019bc00f 00000001 00d00f74
> 00000000 00d00fb4 bffff49a 00000000
> Feb 24 18:29:59 vol kernel: Call Trace: [lookup+218/244] [_namei+84/188]
> [lnamei+48/72] [sys_newlstat+41/88] [system_call+85/128]
> Feb 24 18:29:59 vol kernel: Code: 83 78 30 00 0f 84 b8 fe ff ff 89 e8 c1
> e0 10 8d 84 08 00 01
>
> I've tried kernel v2.1.26 with similar results.
>
> Hopefully it is easy to fix,
> Vladimir.

PS: Later I've noticed that after those experiments
/proc/ksyms and /proc/net/tcp both contained really weird
unreadable stuff and I had to reboot.