| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090812205215.GA21451@elte.hu>
Date: Wed, 12 Aug 2009 22:52:15 +0200
From: Ingo Molnar <mingo@...e.hu>
To: Catalin Marinas <catalin.marinas@....com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: kmemleak: Protect the seq start/next/stop sequence by
rcu_read_lock()
* Catalin Marinas <catalin.marinas@....com> wrote:
> kmemleak: Allow rescheduling during an object scanning
i tried this in -tip testing, and it crashes quickly:
[ 81.900051] BUG: unable to handle kernel paging request at ffff880020000000
[ 81.901382] IP: [<ffffffff8112ae7e>] scan_block+0xee/0x190
[ 81.901382] PGD 1002063 PUD 1006063 PMD 200001e2
[ 81.901382] Oops: 0000 [#1] SMP
[ 81.901382] last sysfs file: /sys/class/net/eth0/broadcast
[ 81.901382] CPU 1
[ 81.901382] Modules linked in:
[ 81.901382] Pid: 1508, comm: kmemleak Tainted: G W 2.6.31-rc5-tip #3776 System Product Name
[ 81.901382] RIP: 0010:[<ffffffff8112ae7e>] [<ffffffff8112ae7e>] scan_block+0xee/0x190
[ 81.901382] RSP: 0018:ffff88003d625da0 EFLAGS: 00010046
[ 81.901382] RAX: ffff880020000000 RBX: ffff880020001000 RCX: 0000000000000000
[ 81.901382] RDX: ffff88003f826b80 RSI: ffff880020001000 RDI: ffff880020000000
[ 81.901382] RBP: ffff88003d625de0 R08: 0000000000000002 R09: ffff88003d61b038
[ 81.901382] R10: ffff88003d61b7a0 R11: 0000000000000001 R12: ffff880020000000
[ 81.901382] R13: 0000000000000246 R14: ffff880020000ff9 R15: 0000000000000000
[ 81.901382] FS: 00007f9b585da780(0000) GS:ffff880002ae8000(0000) knlGS:00000000f7f6a6c0
[ 81.901382] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[ 81.901382] CR2: ffff880020000000 CR3: 000000003d5eb000 CR4: 00000000000006a0
[ 81.901382] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 81.901382] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 81.901382] Process kmemleak (pid: 1508, threadinfo ffff88003d624000, task ffff88003d61b000)
[ 81.901382] Stack:
[ 81.901382] ffff88003f826b80 ffffffff81852f2c 000000003ddd3038 ffff880020001000
[ 81.901382] <0> ffff88003f826b80 0000000000000246 ffff880024000000 0000000000000000
[ 81.901382] <0> ffff88003d625e20 ffffffff8112b016 000000003ddd3038 000000003ddd3038
[ 81.901382] Call Trace:
[ 81.901382] [<ffffffff81852f2c>] ? _spin_lock_irqsave+0x8c/0xc0
[ 81.901382] [<ffffffff8112b016>] scan_object+0xf6/0x140
[ 81.901382] [<ffffffff8112b412>] kmemleak_scan+0x3b2/0x6b0
[ 81.901382] [<ffffffff8112b060>] ? kmemleak_scan+0x0/0x6b0
[ 81.901382] [<ffffffff8112be50>] ? kmemleak_scan_thread+0x0/0x100
[ 81.901382] [<ffffffff8112bebb>] kmemleak_scan_thread+0x6b/0x100
[ 81.901382] [<ffffffff810a0176>] kthread+0xb6/0xd0
[ 81.901382] [<ffffffff810305ca>] child_rip+0xa/0x20
[ 81.901382] [<ffffffff8102ff50>] ? restore_args+0x0/0x30
[ 81.901382] [<ffffffff810a00c0>] ? kthread+0x0/0xd0
[ 81.901382] [<ffffffff810305c0>] ? child_rip+0x0/0x20
[ 81.901382] Code: 41 b3 a6 00 48 8d 7b 58 48 c7 c2 90 61 b9 81 e8 89 5a 20 00 4c 89 ee 48 89 df e8 9e 7b 72 00 49 83 c4 08 4d 39 e6 76 35 45 85 ff <49> 8b 1c 24 0f 84 50 ff ff ff 31 d2 be 7b 03 00 00 48 c7 c7 00
[ 81.901382] RIP [<ffffffff8112ae7e>] scan_block+0xee/0x190
[ 81.901382] RSP <ffff88003d625da0>
[ 81.901382] CR2: ffff880020000000
[ 81.901382] ---[ end trace 6d450e935ee1897e ]---
[ 81.901382] Kernel panic - not syncing: Fatal exception
[ 81.901382] Pid: 1508, comm: kmemleak Tainted: G D W 2.6.31-rc5-tip #3776
[ 81.901382] Call Trace:
[ 81.901382] [<ffffffff8184ee14>] panic+0x84/0x160
[ 81.901382] [<ffffffff8185487a>] oops_end+0xba/0x110
[ 81.901382] [<ffffffff8105d599>] no_context+0x109/0x1b0
[ 81.901382] [<ffffffff8105d7ad>] __bad_area_nosemaphore+0x16d/0x210
[ 81.901382] [<ffffffff810b83c4>] ? mark_held_locks+0x84/0xc0
[ 81.901382] [<ffffffff810b9bf4>] ? __lock_acquire+0x304/0x5c0
[ 81.901382] [<ffffffff8105d871>] bad_area_nosemaphore+0x21/0x40
[ 81.901382] [<ffffffff81856abe>] do_page_fault+0x29e/0x350
[ 81.901382] [<ffffffff81852402>] ? trace_hardirqs_off_thunk+0x3a/0x3c
[ 81.901382] [<ffffffff81853875>] page_fault+0x25/0x30
[ 81.901382] [<ffffffff8112ae7e>] ? scan_block+0xee/0x190
[ 81.901382] [<ffffffff81852f2c>] ? _spin_lock_irqsave+0x8c/0xc0
[ 81.901382] [<ffffffff8112b016>] scan_object+0xf6/0x140
[ 81.901382] [<ffffffff8112b412>] kmemleak_scan+0x3b2/0x6b0
[ 81.901382] [<ffffffff8112b060>] ? kmemleak_scan+0x0/0x6b0
[ 81.901382] [<ffffffff8112be50>] ? kmemleak_scan_thread+0x0/0x100
[ 81.901382] [<ffffffff8112bebb>] kmemleak_scan_thread+0x6b/0x100
[ 81.901382] [<ffffffff810a0176>] kthread+0xb6/0xd0
[ 81.901382] [<ffffffff810305ca>] child_rip+0xa/0x20
[ 81.901382] [<ffffffff8102ff50>] ? restore_args+0x0/0x30
[ 81.901382] [<ffffffff810a00c0>] ? kthread+0x0/0xd0
[ 81.901382] [<ffffffff810305c0>] ? child_rip+0x0/0x20
[ 81.901382] Rebooting in 1 seconds..Press any key to enter the menu
config attached.
Ingo
View attachment "config" of type "text/plain" (63387 bytes)
Powered by blists - more mailing lists