lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1337782454.20792.63.camel@lappy>
Date:	Wed, 23 May 2012 16:14:14 +0200
From:	Sasha Levin <levinsasha928@...il.com>
To:	a.p.zijlstra@...llo.nl, mingo@...nel.org
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Dave Jones <davej@...hat.com>
Subject: GPF in numa_vma_unlink

Hi all,

During fuzzing with trinity inside a KVM tools guest, using latest linux-next, I've stumbled on the following:

[ 4112.424701] general protection fault: 0000 [#2] PREEMPT SMP DEBUG_PAGEALLOC
[ 4112.427171] CPU 4 
[ 4112.427171] Pid: 20586, comm: trinity Tainted: G      D W    3.4.0-next-20120523-sasha-00004-gaf4dba1 #269  
[ 4112.434521] RIP: 0010:[<ffffffff81098350>]  [<ffffffff81098350>] __ticket_spin_lock+0x30/0x30
[ 4112.434521] RSP: 0018:ffff88003d513d40  EFLAGS: 00010286
[ 4112.434521] RAX: ffff88003dee3000 RBX: 6b6b6b6b6b6b6b6b RCX: 0000000000000000
[ 4112.434521] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 6b6b6b6b6b6b6b6b
[ 4112.434521] RBP: ffff88003d513d58 R08: 0000000000000000 R09: 0000000000000000
[ 4112.434521] R10: 0000000000000000 R11: 0000000000000001 R12: 6b6b6b6b6b6b6b83
[ 4112.434521] R13: ffff88003dee37e8 R14: ffff88003d05a0a8 R15: 0000000000000034
[ 4112.434521] FS:  00007f5fc2781700(0000) GS:ffff880041800000(0000) knlGS:0000000000000000
[ 4112.434521] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 4112.434521] CR2: 00007fd0463ddefc CR3: 0000000003e1c000 CR4: 00000000000406e0
[ 4112.434521] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4112.434521] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 4112.434521] Process trinity (pid: 20586, threadinfo ffff88003d512000, task ffff88003dee3000)
[ 4112.434521] Stack:
[ 4112.434521]  ffffffff81976ecd 6b6b6b6b6b6b6b6b 6b6b6b6b6b6b6b83 ffff88003d513d88
[ 4112.434521]  ffffffff82f695f3 ffffffff8112b27a 0000000000000034 6b6b6b6b6b6b6b6b
[ 4112.434521]  ffff88003f9f7980 ffff88003d513da8 ffffffff8112b27a ffff8800097e43f0
[ 4112.434521] Call Trace:
[ 4112.434521]  [<ffffffff81976ecd>] ? do_raw_spin_trylock+0x2d/0x60
[ 4112.434521]  [<ffffffff82f695f3>] _raw_spin_lock+0x43/0x70
[ 4112.434521]  [<ffffffff8112b27a>] ? numa_vma_unlink+0x2a/0x90
[ 4112.434521]  [<ffffffff8112b27a>] numa_vma_unlink+0x2a/0x90
[ 4112.434521]  [<ffffffff8120f491>] vma_put_policy+0x11/0x30
[ 4112.434521]  [<ffffffff811f7642>] remove_vma+0x62/0x80
[ 4112.434521]  [<ffffffff811f777d>] exit_mmap+0x11d/0x170
[ 4112.434521]  [<ffffffff810cf719>] mmput+0x89/0xe0
[ 4112.434521]  [<ffffffff810d5f7b>] exit_mm+0x11b/0x130
[ 4112.434521]  [<ffffffff82f6a159>] ? _raw_spin_unlock_irq+0x59/0x80
[ 4112.434521]  [<ffffffff810d8933>] do_exit+0x263/0x510
[ 4112.434521]  [<ffffffff810d8c81>] do_group_exit+0xa1/0xe0
[ 4112.434521]  [<ffffffff810d8cd2>] sys_exit_group+0x12/0x20
[ 4112.434521]  [<ffffffff82f6b1b9>] system_call_fastpath+0x16/0x1b
[ 4112.434521] Code: 00 48 89 e5 f0 0f c1 07 89 c2 c1 ea 10 66 39 c2 74 13 66 0f 1f 84 00 00 00 00 00 f3 90 0f b7 07 66 39 d0 75 f6 c9 c3 0f 1f 40 00 <8b> 17 55 89 d1 31 c0 c1 e9 10 48 89 e5 66 39 ca 75 14 8d 8a 00 
[ 4112.434521] RIP  [<ffffffff81098350>] __ticket_spin_lock+0x30/0x30
[ 4112.434521]  RSP <ffff88003d513d40>
[ 4113.313776] ---[ end trace 6d450e935ee18981 ]---

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ