lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <200708210256.58818.rc.poison@gmail.com>
Date:	Tue, 21 Aug 2007 02:56:49 +0200
From:	poison <rc.poison@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: BUG: unable to handle kernel NULL pointer dereference - linux-2.6.22

Hello,
after running a few instances of bittorent-curses on 2.6.22 - 2.6.22.3 it 
takes about 15min to 2hrs for my System to hang. 2.6.21.7 is definately fine, 
2.6.21 probably (ran for 4hrs without hanging). 
If I'm lucky the Oops below makes it to my syslog (unfortunately SysRq-{p,s,i} 
doesn't work when it hangs, neither can I ssh into it):

Aug 18 19:47:41 draco kernel: BUG: unable to handle kernel NULL pointer 
dereference at virtual address 00000000
Aug 18 19:47:41 draco kernel:  printing eip:
Aug 18 19:47:41 draco kernel: c038fcba
Aug 18 19:47:41 draco kernel: *pdpt = 0000000033830001
Aug 18 19:47:41 draco kernel: *pde = 0000000000000000
Aug 18 19:47:41 draco kernel: Oops: 0002 [#1]
Aug 18 19:47:41 draco kernel: SMP 
Aug 18 19:47:41 draco kernel: Modules linked in: snd_hda_intel snd_emu10k1 
cls_u32 sch_sfq sch_htb snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq 
snd_pcm_oss snd_mixer_oss rfcomm hidp l2cap nfsd exportfs lockd sunrpc 
coretemp hwmon eeprom snd_rawmidi snd_ac97_codec hci_usb ac97_bus 
snd_seq_device snd_util_mem snd_pcm bluetooth snd_hwdep snd_timer snd 
snd_page_alloc i2c_i801 emu10k1_gp gameport i2c_core sg
Aug 18 19:47:41 draco kernel: CPU:    0
Aug 18 19:47:41 draco kernel: EIP:    0060:[<c038fcba>]    Not tainted VLI
Aug 18 19:47:41 draco kernel: EFLAGS: 00210202   (2.6.22.2poison #14)
Aug 18 19:47:41 draco kernel: EIP is at tcp_sendmsg+0x40a/0xb70
Aug 18 19:47:41 draco kernel: eax: 00000000   ebx: ec5b807c   ecx: c04b43a0   
edx: ec5b807c
Aug 18 19:47:41 draco kernel: esi: ec5b8000   edi: 00000100   ebp: ec524180   
esp: f3a11d30
Aug 18 19:47:41 draco kernel: ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 
0068
Aug 18 19:47:41 draco kernel: Process bittorrent-curs (pid: 3974, ti=f3a10000 
task=f3a0e000 task.ti=f3a10000)
Aug 18 19:47:41 draco kernel: Stack: ffffffff ebe562f5 0000000b 00000000 
f3a11d94 00000000 ec5b807c 00000000 
Aug 18 19:47:41 draco kernel:        00000001 00100100 f3a11f40 00000000 
00000040 00000200 00000200 000004b6 
Aug 18 19:47:41 draco kernel:        08604707 00200200 f3e5c798 eeaa4b40 
00000000 f3a0e000 000001f5 00100100 
Aug 18 19:47:41 draco kernel: Call Trace:
Aug 18 19:47:41 draco kernel:  [<c03ac267>] inet_sendmsg+0x37/0x70
Aug 18 19:47:41 draco kernel:  [<c03511ef>] sock_sendmsg+0xbf/0xf0
Aug 18 19:47:41 draco kernel:  [<c012fe60>] autoremove_wake_function+0x0/0x50
Aug 18 19:47:41 draco kernel:  [<c01188f0>] default_wake_function+0x0/0x10
Aug 18 19:47:41 draco last message repeated 3 times
Aug 18 19:47:41 draco kernel:  [<c015589d>] find_extend_vma+0x1d/0x70
Aug 18 19:47:41 draco kernel:  [<c03515cf>] sys_sendto+0x12f/0x180
Aug 18 19:47:41 draco kernel:  [<c0139dfc>] futex_wake+0xac/0xd0
Aug 18 19:47:41 draco kernel:  [<c013a4dd>] do_futex+0x6bd/0xbd0
Aug 18 19:47:41 draco kernel:  [<c0351653>] sys_send+0x33/0x40
Aug 18 19:47:41 draco kernel:  [<c03525c2>] sys_socketcall+0x142/0x280
Aug 18 19:47:41 draco kernel:  [<c0205d20>] copy_to_user+0x30/0x60
Aug 18 19:47:41 draco kernel:  [<c0102a92>] syscall_call+0x7/0xb
Aug 18 19:47:41 draco kernel:  =======================
Aug 18 19:47:41 draco kernel: Code: 85 fb 06 00 00 80 ca 10 8b 83 94 00 00 00 
88 53 68 f0 81 00 00 00 01 00 8b 44 24 18 ff 40 08 8b 54 24 18 8b 42 04 89 13 
89 43 04 <89> 18 89 5a 04 8b 8e 2c 01 00 00 85 c9 0f 84 19 06 00 00 8b 83 
Aug 18 19:47:41 draco kernel: EIP: [<c038fcba>] tcp_sendmsg+0x40a/0xb70 SS:ESP 
0068:f3a11d30
Aug 18 19:47:51 draco kernel: 
Aug 18 19:47:51 draco kernel: Pid: 3812, comm:                    X
Aug 18 19:47:51 draco kernel: EIP: 0060:[<c014a4c2>] CPU: 0
Aug 18 19:47:51 draco kernel: EIP is at __get_free_pages+0x22/0x40
Aug 18 19:47:51 draco kernel:  EFLAGS: 00003246    Not tainted  
(2.6.22.2poison #14)
Aug 18 19:47:51 draco kernel: EAX: 000000d0 EBX: 000000d0 ECX: c0496b40 EDX: 
00000000
Aug 18 19:47:51 draco kernel: ESI: 00000000 EDI: f5ba1be4 EBP: f49a4d80 DS: 
007b ES: 007b FS: 00d8
Aug 18 19:47:51 draco kernel: CR0: 8005003b CR2: b7384000 CR3: 37165000 CR4: 
000006f0
Aug 18 19:47:51 draco kernel:  [<c01734b6>] __pollwait+0xa6/0x100
Aug 18 19:47:51 draco kernel:  [<c03c9597>] unix_poll+0x17/0xa0
Aug 18 19:47:51 draco kernel:  [<c03500bc>] sock_poll+0xc/0x10
Aug 18 19:47:51 draco kernel:  [<c0172bec>] do_select+0x25c/0x490
Aug 18 19:47:51 draco kernel:  [<c0173410>] __pollwait+0x0/0x100
Aug 18 19:47:51 draco kernel:  [<c01188f0>] default_wake_function+0x0/0x10
Aug 18 19:47:51 draco last message repeated 19 times
Aug 18 19:47:51 draco kernel:  [<c0172fe8>] core_sys_select+0x1c8/0x2f0
Aug 18 19:47:51 draco kernel:  [<c0166a30>] do_readv_writev+0x120/0x190
Aug 18 19:47:51 draco kernel:  [<c03503c0>] sock_aio_write+0x0/0x110
Aug 18 19:47:51 draco kernel:  [<c017355d>] sys_select+0x4d/0x1b0
Aug 18 19:47:51 draco kernel:  [<c0166adc>] vfs_writev+0x3c/0x50
Aug 18 19:47:51 draco kernel:  [<c0166f97>] sys_writev+0x47/0x80
Aug 18 19:47:51 draco kernel:  [<c0102a92>] syscall_call+0x7/0xb
Aug 18 19:47:51 draco kernel:  =======================
---

It's also attached together with one from a tainted 2.6.22.3

The error is reproducable for me by running 4 bittorent instances and wating. 
2.6.22 lives no longer than 2hrs, so when bisecting I assumed it was good 
after 4hrs ... so I may as well have taken a wrong turn. Result here:

00ed8e3dda47f8421b11da17e353d7db8c878121 is first bad commit
commit 00ed8e3dda47f8421b11da17e353d7db8c878121
Author: Dmitriy Monakhov <dmonakhov@...ru>
Date:   Sun Mar 11 15:36:19 2007 +0300

    driver core: fix device_add error path

     - At the moment we jump here device was't added to
       dev->class->devices list yet.

    Signed-off-by: Monakhov Dmitriy <dmonakhov@...nvz.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de>

:040000 040000 bc29a0e7ec67055b2cad30ef3e0d19b8fe0c0981 
8b1eee1c34d5b5db827a4d0c8a8363eb827338f3 M      dr
ivers
---

gcc -v
Reading specs from /usr/lib/gcc/i486-slackware-linux/4.1.2/specs
Target: i486-slackware-linux
Configured 
with: ../gcc-4.1.2/configure --prefix=/usr --enable-shared --enable-languages=ada,c,c++,fortran,java,objc --enable-threads=posix --enable-__cxa_atexit --disable-checking --with-gnu-ld --verbose --with-arch=i486 --target=i486-slackware-linux --host=i486-slackware-linux
Thread model: posix
gcc version 4.1.
---

All traffic went over an USB NIC (D-Link DUB-E100) using the asix driver.
I have no idea what further information could be useful, so shout =)

---
If you only have a hammer, you tend to see every problem as a nail.
                -- Maslow

View attachment "Oops" of type "text/plain" (10747 bytes)

Download attachment "config.gz" of type "application/x-gzip" (13016 bytes)

Download attachment "lspci.gz" of type "application/x-gzip" (2750 bytes)

Download attachment "lsusb.gz" of type "application/x-gzip" (2782 bytes)

Download attachment "signature.asc " of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ