lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200712160118.58611.m.kozlowski@tuxland.pl>
Date:	Sun, 16 Dec 2007 01:18:58 +0100
From:	Mariusz Kozlowski <m.kozlowski@...land.pl>
To:	Andrew Morton <akpm@...ux-foundation.org>, jgarzik@...ox.com
Cc:	linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: 2.6.24-rc5-mm1: cat /proc/net/packet -> oops

Hello,

	As one of usual tests I run the following script:

for i in `find /proc -type f`; do
        echo -n "cat $i > /dev/null ... ";
        cat $i > /dev/null;
        echo "done";
done

This time the culprit is /proc/net/packet. cat process gets killed 

$ cat /proc/net/packet 
Segmentation fault

and lost in lots of messages from the script but for some reason there is no
info in syslog (why?). I could capture the oops only when issued sysrq-7
or grater. That's why I didn't catch the oops earlier.

I found it because the bug makes my sparc64 box need a hardware reset most of the
time it happens and produces oops 2 screens long. x86 kills the cat process but
system is still usable and running fine. Bisection points to:

git-ubi.patch
GOOD
#
git-net.patch 
BAD
ipsec-fix-reversed-icmp6-policy-check.patch

but this seems to be far from precise :)

$ grep ^commit git-net.patch | wc -l
361

Not sure if this is important but when bisecting the mm tree the oops got shorter
at some point so maybe some other patch is also involved. This one is from x86:

[  194.508398] BUG: unable to handle kernel paging request at virtual address bbbbbd47
[  194.508412] printing eip: c0135d59 *pde = 00000000 
[  194.508419] Oops: 0000 [#1] PREEMPT 
[  194.508424] last sysfs file: /devices/pci0000:00/0000:00:01.0/0000:01:05.0/resource
[  194.508428] Modules linked in: usbhid hid orinoco_cs orinoco hermes pcmcia firmware_class uhci_hcd ehci_hcd usbcore psmouse yenta_socket rsrc_nonstatic rtc 8139too
[  194.508443] 
[  194.508447] Pid: 5368, comm: cat Not tainted (2.6.24-rc5 #9)
[  194.508450] EIP: 0060:[<c0135d59>] EFLAGS: 00210046 CPU: 0
[  194.508466] EIP is at __lock_acquire+0x5b/0xfc4
[  194.508469] EAX: 00200002 EBX: 00200246 ECX: bbbbbd43 EDX: 00000002
[  194.508472] ESI: bbbbbd43 EDI: 00000000 EBP: d816ce80 ESP: d816ce14
[  194.508475]  DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[  194.508479] Process cat (pid: 5368, ti=d816c000 task=d826a000 task.ti=d816c000)
[  194.508481] Stack: c0135a21 d826a000 00000000 d816ce38 c0135697 00000000 d826a000 c0146ded 
[  194.508490]        c1304f98 00000002 00000000 bbbbbd43 00000001 d826a000 d816cec0 c013681d 
[  194.508498]        00000006 00000003 c03daa08 00000001 00000044 000002ad 00000000 00000005 
[  194.508506] Call Trace:
[  194.508508]  [<c01035d8>] show_trace_log_lvl+0x1a/0x30
[  194.508518]  [<c0103693>] show_stack_log_lvl+0xa5/0xca
[  194.508523]  [<c0103787>] show_registers+0xcf/0x23f
[  194.508528]  [<c0103a04>] die+0x10d/0x1f5
[  194.508532]  [<c0110cee>] do_page_fault+0x27e/0x5f0
[  194.508540]  [<c034684a>] error_code+0x6a/0x70
[  194.508550]  [<c0136d20>] lock_acquire+0x5e/0x76
[  194.508555]  [<c03461a6>] _read_lock+0x35/0x42
[  194.508560]  [<c02d957a>] sock_i_ino+0x14/0x30
[  194.508568]  [<c032c7e8>] packet_seq_show+0x19/0xa0
[  194.508576]  [<c0179f5c>] seq_read+0x19a/0x29e
[  194.508583]  [<c0191b25>] proc_reg_read+0x57/0x78
[  194.508590]  [<c0161c8a>] vfs_read+0x89/0x11d
[  194.508596]  [<c0162054>] sys_read+0x3d/0x64
[  194.508600]  [<c010261a>] sysenter_past_esp+0x5f/0xa5
[  194.508605]  =======================
[  194.508607] Code: c0 85 c0 0f 84 64 03 00 00 9c 58 f6 c4 02 0f 85 b8 07 00 00 83 ff 07 0f 87 de 07 00 00 85 ff 8d 76 00 0f 85 4f 03 00 00 8b 4d c0 <8b> 71 04 85 f6 0f 84 41 03 00 00 89 f0 e8 d8 d7 ff ff 85 c0 0f 
[  194.508651] EIP: [<c0135d59>] __lock_acquire+0x5b/0xfc4 SS:ESP 0068:d816ce14
[  194.508660] note: cat[5368] exited with preempt_count 2

.config attached.

Regards,

	Mariusz

View attachment ".config" of type "text/plain" (41743 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ