lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070412095552.GA24355@elte.hu>
Date:	Thu, 12 Apr 2007 11:55:52 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Adrian Bunk <bunk@...sta.de>,
	Greg Kroah-Hartman <gregkh@...e.de>
Subject: [new 2.6.21-rc6 crash] BUG: unable to handle kernel paging request at virtual address 6b6b6ceb


i just got the crash below (with slab debug enabled) on -rc6-git4. I 
never saw this one before, and as you can see from the recompile count, 
i've rebuilt this tree a fair number of times - and the config didnt 
change much.

I promptly re-tried the same bzImage but the crash did not reoccur.

So we've got a memory corruptor of some sort in v2.6.21-to-be. I'm 100% 
sure that i never saw this under any v2.6.20 variant or on any prior 
kernel. The crash site corresponds to a module-refcount dec:

(gdb) list *0x00000000c013c1f4
0xc013c1f4 is in module_put (kernel/module.c:801).
796
797     void module_put(struct module *module)
798     {
799             if (module) {
800                     unsigned int cpu = get_cpu();
801                     local_dec(&module->ref[cpu].count);
802                     /* Maybe they're waiting for us to drop reference? */
803                     if (unlikely(!module_is_live(module)))
804                             wake_up_process(module->waiter);
805                     put_cpu();
(gdb)

NOTE: i'm still using a bzImage kernel, so there are no true modules in 
the kernel. (This also makes it pretty likely that this is not a build 
artifact either.)

(config and full bootlog attached.)

	Ingo

---------------------->
BUG: unable to handle kernel paging request at virtual address 6b6b6ceb
 printing eip:
c013c1f5
*pde = 0203000c
Oops: 0002 [#1]
SMP 
Modules linked in:
CPU:    0
EIP:    0060:[<c013c1f5>]    Not tainted VLI
EFLAGS: 00010256   (2.6.21-rc6 #273)
EIP is at module_put+0x19/0x2d
eax: 6b6b6ceb   ebx: f72fee2c   ecx: c03c9b36   edx: 6b6b6b6b
esi: f7428f54   edi: 6b6b6b6b   ebp: f737bf38   esp: f737bf38
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process udev (pid: 1768, ti=f737a000 task=f7488000 task.ti=f737a000)
Stack: f737bf50 c019e832 f749092c 00000010 f72feda4 f746487c f737bf78 c0167c7f 
       00000000 00000000 f72f6ba4 c2928d48 f72feda4 f746487c f7be81d4 00000000 
       f737bf80 c0167d3b f737bf98 c01658b2 00000003 00000003 f7be81d4 f7be8254 
Call Trace:
 [<c0104c44>] show_trace_log_lvl+0x19/0x2e
 [<c0104cf4>] show_stack_log_lvl+0x9b/0xa3
 [<c0104fdd>] show_registers+0x1c8/0x29a
 [<c01052d0>] die+0x119/0x1f0
 [<c03cd075>] do_page_fault+0x4e3/0x5b8
 [<c03cb7a4>] error_code+0x7c/0x84
 [<c019e832>] sysfs_release+0x55/0x76
 [<c0167c7f>] __fput+0xb9/0x15e
 [<c0167d3b>] fput+0x17/0x19
 [<c01658b2>] filp_close+0x52/0x5a
 [<c01660a3>] sys_close+0x76/0xad
 [<c0103dc0>] syscall_call+0x7/0xb
 =======================
Code: 0a 00 89 f8 e8 90 f3 0a 00 5e 5f 89 d8 5b 5e 5f c9 c3 55 85 c0 89 c2 89 e5 74 22 64 a1 04 00 00 00 c1 e0 07 8d 84 10 80 01 00 00 <ff> 08 83 3a 02 75 0b 8b 82 88 11 00 00 e8 63 eb fd ff c9 c3 55 
EIP: [<c013c1f5>] module_put+0x19/0x2d SS:ESP 0068:f737bf38


Download attachment ".config.crash.bz2" of type "application/x-bzip2" (14678 bytes)

Download attachment "crash.log.bz2" of type "application/x-bzip2" (11495 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ