| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 16 Dec 2007 01:18:58 +0100
From: Mariusz Kozlowski <m.kozlowski@...land.pl>
To: Andrew Morton <akpm@...ux-foundation.org>, jgarzik@...ox.com
Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: 2.6.24-rc5-mm1: cat /proc/net/packet -> oops
Hello,
As one of usual tests I run the following script:
for i in `find /proc -type f`; do
echo -n "cat $i > /dev/null ... ";
cat $i > /dev/null;
echo "done";
done
This time the culprit is /proc/net/packet. cat process gets killed
$ cat /proc/net/packet
Segmentation fault
and lost in lots of messages from the script but for some reason there is no
info in syslog (why?). I could capture the oops only when issued sysrq-7
or grater. That's why I didn't catch the oops earlier.
I found it because the bug makes my sparc64 box need a hardware reset most of the
time it happens and produces oops 2 screens long. x86 kills the cat process but
system is still usable and running fine. Bisection points to:
git-ubi.patch
GOOD
#
git-net.patch
BAD
ipsec-fix-reversed-icmp6-policy-check.patch
but this seems to be far from precise :)
$ grep ^commit git-net.patch | wc -l
361
Not sure if this is important but when bisecting the mm tree the oops got shorter
at some point so maybe some other patch is also involved. This one is from x86:
[ 194.508398] BUG: unable to handle kernel paging request at virtual address bbbbbd47
[ 194.508412] printing eip: c0135d59 *pde = 00000000
[ 194.508419] Oops: 0000 [#1] PREEMPT
[ 194.508424] last sysfs file: /devices/pci0000:00/0000:00:01.0/0000:01:05.0/resource
[ 194.508428] Modules linked in: usbhid hid orinoco_cs orinoco hermes pcmcia firmware_class uhci_hcd ehci_hcd usbcore psmouse yenta_socket rsrc_nonstatic rtc 8139too
[ 194.508443]
[ 194.508447] Pid: 5368, comm: cat Not tainted (2.6.24-rc5 #9)
[ 194.508450] EIP: 0060:[<c0135d59>] EFLAGS: 00210046 CPU: 0
[ 194.508466] EIP is at __lock_acquire+0x5b/0xfc4
[ 194.508469] EAX: 00200002 EBX: 00200246 ECX: bbbbbd43 EDX: 00000002
[ 194.508472] ESI: bbbbbd43 EDI: 00000000 EBP: d816ce80 ESP: d816ce14
[ 194.508475] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[ 194.508479] Process cat (pid: 5368, ti=d816c000 task=d826a000 task.ti=d816c000)
[ 194.508481] Stack: c0135a21 d826a000 00000000 d816ce38 c0135697 00000000 d826a000 c0146ded
[ 194.508490] c1304f98 00000002 00000000 bbbbbd43 00000001 d826a000 d816cec0 c013681d
[ 194.508498] 00000006 00000003 c03daa08 00000001 00000044 000002ad 00000000 00000005
[ 194.508506] Call Trace:
[ 194.508508] [<c01035d8>] show_trace_log_lvl+0x1a/0x30
[ 194.508518] [<c0103693>] show_stack_log_lvl+0xa5/0xca
[ 194.508523] [<c0103787>] show_registers+0xcf/0x23f
[ 194.508528] [<c0103a04>] die+0x10d/0x1f5
[ 194.508532] [<c0110cee>] do_page_fault+0x27e/0x5f0
[ 194.508540] [<c034684a>] error_code+0x6a/0x70
[ 194.508550] [<c0136d20>] lock_acquire+0x5e/0x76
[ 194.508555] [<c03461a6>] _read_lock+0x35/0x42
[ 194.508560] [<c02d957a>] sock_i_ino+0x14/0x30
[ 194.508568] [<c032c7e8>] packet_seq_show+0x19/0xa0
[ 194.508576] [<c0179f5c>] seq_read+0x19a/0x29e
[ 194.508583] [<c0191b25>] proc_reg_read+0x57/0x78
[ 194.508590] [<c0161c8a>] vfs_read+0x89/0x11d
[ 194.508596] [<c0162054>] sys_read+0x3d/0x64
[ 194.508600] [<c010261a>] sysenter_past_esp+0x5f/0xa5
[ 194.508605] =======================
[ 194.508607] Code: c0 85 c0 0f 84 64 03 00 00 9c 58 f6 c4 02 0f 85 b8 07 00 00 83 ff 07 0f 87 de 07 00 00 85 ff 8d 76 00 0f 85 4f 03 00 00 8b 4d c0 <8b> 71 04 85 f6 0f 84 41 03 00 00 89 f0 e8 d8 d7 ff ff 85 c0 0f
[ 194.508651] EIP: [<c0135d59>] __lock_acquire+0x5b/0xfc4 SS:ESP 0068:d816ce14
[ 194.508660] note: cat[5368] exited with preempt_count 2
.config attached.
Regards,
Mariusz
View attachment ".config" of type "text/plain" (41743 bytes)
Powered by blists - more mailing lists