| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Jan 2008 22:10:16 +0100 From: Jan Kara <jack@...e.cz> To: Nai Xia <nai.xia@...il.com> Cc: linux-kernel@...r.kernel.org Subject: Re: Oops in touch_atime for kernel 2.6.23.12 Hi, thanks for your report. > I'm using Debian unstable/sid/lenny with homemade kernel 2.6.23.12 > patched with tuxonice-3.0-rc3-for-2.6.23.9 and compiled with > gcc version 4.2.3 20071123 (prerelease) (Debian 4.2.2-4). > > My root file system is xfs which does not have "noatime" option. > I was "tar xf"ing a big tar ball when this happen and ultimately leads to a > hang up. I am trying to reproduce it again in a similar setting virutal > machine,but till now it does not happen again. > I will provide further details if it appears again. > > The objdump for touch_atime of my vmlinux is as follows: > > c0191870 <touch_atime>: > c0191870: 83 ec 0c sub $0xc,%esp > c0191873: 89 c1 mov %eax,%ecx > c0191875: 89 1c 24 mov %ebx,(%esp) > c0191878: 89 74 24 04 mov %esi,0x4(%esp) > c019187c: 89 7c 24 08 mov %edi,0x8(%esp) > c0191880: 8b 5a 08 mov 0x8(%edx),%ebx > c0191883: f6 83 1c 01 00 00 02 testb $0x2,0x11c(%ebx) > c019188a: 0f 85 92 00 00 00 jne c0191922 <touch_atime+0xb2> > c0191890: 8b bb 88 00 00 00 mov 0x88(%ebx),%edi > c0191896: 8b 47 30 mov 0x30(%edi),%eax > c0191899: a9 01 04 00 00 test $0x401,%eax > c019189e: 0f 85 7e 00 00 00 jne c0191922 <touch_atime+0xb2> > c01918a4: f6 c4 08 test $0x8,%ah > c01918a7: 74 10 je c01918b9 <touch_atime+0x49> > c01918a9: 0f b7 43 66 movzwl 0x66(%ebx),%eax > c01918ad: 25 00 f0 00 00 and $0xf000,%eax > c01918b2: 3d 00 40 00 00 cmp $0x4000,%eax > c01918b7: 74 69 je c0191922 <touch_atime+0xb2> > c01918b9: 85 c9 test %ecx,%ecx > c01918bb: 0f 84 b7 00 00 00 je c0191978 <touch_atime+0x108> > c01918c1: 8b 51 28 mov 0x28(%ecx),%edx > c01918c4: f6 c2 08 test $0x8,%dl > c01918c7: 75 59 jne c0191922 <touch_atime+0xb2> > c01918c9: f6 c2 10 test $0x10,%dl > c01918cc: 75 63 jne c0191931 <touch_atime+0xc1> > c01918ce: 83 e2 20 and $0x20,%edx > c01918d1: 8d 73 44 lea 0x44(%ebx),%esi > c01918d4: 74 0d je c01918e3 <touch_atime+0x73> > c01918d6: 8b 43 44 mov 0x44(%ebx),%eax > c01918d9: 8d 53 4c lea 0x4c(%ebx),%edx > c01918dc: 39 43 4c cmp %eax,0x4c(%ebx) > c01918df: 7c 39 jl c019191a <touch_atime+0xaa> > c01918e1: 7e 2f jle c0191912 <touch_atime+0xa2> > c01918e3: 89 f8 mov %edi,%eax > c01918e5: e8 e6 04 f9 ff call c0121dd0 <current_fs_time> > c01918ea: 39 43 44 cmp %eax,0x44(%ebx) > c01918ed: 8d 76 00 lea 0x0(%esi),%esi > c01918f0: 74 5e je c0191950 <touch_atime+0xe0> > c01918f2: 89 53 48 mov %edx,0x48(%ebx) > c01918f5: ba 01 00 00 00 mov $0x1,%edx > c01918fa: 89 43 44 mov %eax,0x44(%ebx) > c01918fd: 89 d8 mov %ebx,%eax > c01918ff: 8b 74 24 04 mov 0x4(%esp),%esi > c0191903: 8b 1c 24 mov (%esp),%ebx > c0191906: 8b 7c 24 08 mov 0x8(%esp),%edi > c019190a: 83 c4 0c add $0xc,%esp > c019190d: e9 ce 8c 00 00 jmp c019a5e0 <__mark_inode_dirty> > c0191912: 8b 4e 04 mov 0x4(%esi),%ecx > c0191915: 39 4a 04 cmp %ecx,0x4(%edx) > c0191918: 79 c9 jns c01918e3 <touch_atime+0x73> > c019191a: 3b 43 54 cmp 0x54(%ebx),%eax > c019191d: 8d 53 54 lea 0x54(%ebx),%edx > c0191920: 7e 35 jle c0191957 <touch_atime+0xe7> > > c0191922: 8b 1c 24 mov (%esp),%ebx This is really strange - we tried to load a value from a stack and oopsed... > c0191925: 8b 74 24 04 mov 0x4(%esp),%esi > c0191929: 8b 7c 24 08 mov 0x8(%esp),%edi > c019192d: 83 c4 0c add $0xc,%esp > c0191930: c3 ret > c0191931: 0f b7 43 66 movzwl 0x66(%ebx),%eax > c0191935: 25 00 f0 00 00 and $0xf000,%eax > c019193a: 3d 00 40 00 00 cmp $0x4000,%eax > c019193f: 74 e1 je c0191922 <touch_atime+0xb2> > c0191941: 83 e2 20 and $0x20,%edx > c0191944: 8d 73 44 lea 0x44(%ebx),%esi > c0191947: 74 9a je c01918e3 <touch_atime+0x73> > c0191949: eb 8b jmp c01918d6 <touch_atime+0x66> > c019194b: 90 nop > c019194c: 8d 74 26 00 lea 0x0(%esi),%esi > c0191950: 39 56 04 cmp %edx,0x4(%esi) > c0191953: 75 9d jne c01918f2 <touch_atime+0x82> > c0191955: eb cb jmp c0191922 <touch_atime+0xb2> > c0191957: 89 f6 mov %esi,%esi > c0191959: 8d bc 27 00 00 00 00 lea 0x0(%edi),%edi > c0191960: 0f 8c 7d ff ff ff jl c01918e3 <touch_atime+0x73> > c0191966: 8b 46 04 mov 0x4(%esi),%eax > c0191969: 39 42 04 cmp %eax,0x4(%edx) > c019196c: 8d 74 26 00 lea 0x0(%esi),%esi > c0191970: 0f 89 6d ff ff ff jns c01918e3 <touch_atime+0x73> > c0191976: eb aa jmp c0191922 <touch_atime+0xb2> > c0191978: 8d 73 44 lea 0x44(%ebx),%esi > c019197b: 90 nop > c019197c: 8d 74 26 00 lea 0x0(%esi),%esi > c0191980: e9 5e ff ff ff jmp c01918e3 <touch_atime+0x73> > c0191985: 90 nop > c0191986: 90 nop > c0191987: 90 nop > c0191988: 90 nop > c0191989: 90 nop > c019198a: 90 nop > c019198b: 90 nop > c019198c: 90 nop > c019198d: 90 nop > c019198e: 90 nop > c019198f: 90 nop > > > > code: 00 00 00 89 43 44 89 d8 8b 74 24 04 8b ff e9 8b 7c 24 08 83 c4 a0 01 ce > 8c 00 00 8b 4e 00 00 4a 04 79 c9 3b 43 8b 54 53 54 7e 35 <8b> 1c 00 00 74 24 > 04 8b 7c 24 40 28 c4 0c c3 0f b7 43 8b 4c 00 > EIP: [<c0191922>] touch_atime+0xb2/0x120 SS:ESP 0068:da1cbd80 > BUG: unable to handle kernel paging request at virtual address 8efc67ce > printing eip: > c0191922 > *pde = 00000000 > Oops: 0000 [#196] > PREEMPT > Modules linked in: radeon drm binfmt_misc vboxdrv ipt_MASQUERADE iptable_nat > nf_nat nf_conntrack_ipv4 nf_conntrack iptable_filter ip_tables x_tables nfsd > exportfs auth_rpcgss ipv6 nfs lockd sunrpc dm_snapshot usbhid hid pcmcia > snd_intel8x0 snd_intel8x0m snd_ac97_codec ac97_bus snd_pcm_oss snd_pcm > snd_mixer_oss joydev tsdev snd_seq_dummy snd_seq_oss video backlight > snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq yenta_socket snd_timer > snd_seq_device ehci_hcd e1000 uhci_hcd rsrc_nonstatic pcmcia_core snd thermal > psmouse i2c_i801 soundcore serio_raw usbcore snd_page_alloc pcspkr evdev > CPU: 0 > EIP: 0060:[<c0191922>] Tainted: G D VLI The D flag here indicates that the kernel has already oopsed before. The first oops will be probably more important (this second one is likely just an fallout). Are you able to get the first oops? > EFLAGS: 00010246 (2.6.23.12 #1) > EIP is at touch_atime+0xb2/0x120 > eax: 477e33e7 ebx: ef611618 ecx: 00000001 edx: 256ccdf0 > esi: ef61165c edi: efe57800 ebp: 00000000 esp: d6847d80 > ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068 > Process syslogd (pid: 4541, ti=d6846000 task=d8956a80 task.ti=d6846000) > Stack: 00000000 00000180 cf24a200 c015b415 00001000 00000000 00000000 00000000 > 00000000 cf24a200 cf24a244 ef6116ac ef611618 00000180 00000001 00000000 > 00000000 00000000 00001000 00000000 00000000 00000000 00000020 00000000 > Call Trace: > [<c015b415>] do_generic_mapping_read+0x3f5/0x4e0 > [<c015d04a>] generic_file_aio_read+0xba/0x1d0 > [<c015a8e0>] file_read_actor+0x0/0x130 > [<c018e06c>] dput+0x1c/0x160 > [<c02b6b06>] xfs_read+0x156/0x380 > [<c02b32ec>] xfs_file_aio_read+0x6c/0x80 > [<c017c845>] do_sync_read+0xd5/0x120 > [<c015d160>] filemap_fault+0x0/0x450 > [<c015d160>] filemap_fault+0x0/0x450 > [<c01302b0>] autoremove_wake_function+0x0/0x50 > [<c011706b>] do_page_fault+0x18b/0x680 > [<c017d111>] vfs_read+0xa1/0x140 > [<c017c770>] do_sync_read+0x0/0x120 > [<c017d551>] sys_read+0x41/0x70 > [<c010411e>] sysenter_past_esp+0x5f/0x85 > ======================= > Code: 00 00 00 89 43 44 89 d8 8b 74 24 04 8b ff e9 8b 7c 24 08 83 c4 a0 01 ce > 8c 00 00 8b 4e 00 00 4a 04 79 c9 3b 43 8b 54 53 54 7e 35 <8b> 1c 00 00 74 24 > 04 8b 7c 24 40 28 c4 0c c3 0f b7 43 8b 4c 00 Honza -- Jan Kara <jack@...e.cz> SuSE CR Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists