lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5105F203.9060200@ionic.de>
Date:	Mon, 28 Jan 2013 04:35:31 +0100
From:	Mihai Moldovan <ionic@...ic.de>
To:	LKML <linux-kernel@...r.kernel.org>
Subject: Panic during interrupt handling while terminating hostapd

Hi,

I've found yet another problem with (at least) 3.7.4 and 3.8-rc4.

When terminating hostapd via SIGINT, this bug and panic came up:

----------------------------------------------------------------------------------------------------
BUG: unable to handle kernel paging request at 0000001d00008000
IP: [<-----ADDRESS---->] kmem_cache_alloc+0x43/0xb0
PGD 21c3db067 PUD 0
Oops: 0000 [#1] SMP
Modules linked in: xt_conntrack xt_dscp i915 ath9k drm_kms_helper mac80211
kvm_intel video ath9k_common ath9k_hw kvm e1000e ath backlight cfg80211 rfkill
CPU 2
Pid: 6972, comm: modprobe Tainted: G        W    3.7.4-OSS4.2
#3                  /DQ45CB
RIP: 0010:[<-----ADDRESS---->]  [<-----ADDRESS---->] kmem_cache_alloc+0x43/0xb0
RSP: 0018:-----ADDRESS----  EFLAGS: 00010206
RAX: -----ADDRESS---- RBX: -----ADDRESS---- RCX: -----ADDRESS----
RDX: -----ADDRESS---- RSI: -----ADDRESS---- RDI: -----ADDRESS----
RBP: -----ADDRESS---- R08: -----ADDRESS---- R09: -----ADDRESS----
R10: -----ADDRESS---- R11: -----ADDRESS---- R12: -----ADDRESS----
FS:  -----ADDRESS----(0000) GS:-----ADDRESS----(0000) knlGS:-----ADDRESS----
CS:  0010 DS: 0000 ES: 0000 CR0: -----ADDRESS----
CR2: -----ADDRESS---- CR3: -----ADDRESS---- CR4: -----ADDRESS----
DR0: -----ADDRESS---- CR1: -----ADDRESS---- DR2: -----ADDRESS----
DR3: -----ADDRESS---- DR6: -----ADDRESS---- DR7: -----ADDRESS----
Process modprobe (pid: 6972, threadinfo -----ADDRESS----, task -----ADDRESS----)
Stack:
 -----ADDRESS---- -----ADDRESS---- -----ADDRESS---- -----ADDRESS----
 -----ADDRESS---- -----ADDRESS---- -----ADDRESS---- -----ADDRESS----
 -----ADDRESS---- -----ADDRESS---- -----ADDRESS---- -----ADDRESS----
Call Trace:
 [<-----ADDRESS---->] __d_alloc+0x2f/0x180
 [<-----ADDRESS---->] d_alloc+0x13/0x70
 [<-----ADDRESS---->] lookup_dcache+0xa3/0xd0
 [<-----ADDRESS---->] ? path_get+0x26/0x40
 [<-----ADDRESS---->] lookup_open+0x54/0x1c0
 [<-----ADDRESS---->] do_last+0x319/0x830
 [<-----ADDRESS---->] path_openat+0xae/0x4c0
 [<-----ADDRESS---->] ? handle_mm_fault+0x210/0x2d0
 [<-----ADDRESS---->] do_filp_open+0x3d/0xa0
 [<-----ADDRESS---->] ? __alloc_fd+0x45/0x120
 [<-----ADDRESS---->] do_sys_open+0xf9/0x1e0
 [<-----ADDRESS---->] sys_openat+0xf/0x20
 [<-----ADDRESS---->] system_call_fastpath+0x16/0x1b
Code: 5d e0 4c 89 65 e8 49 8b 4d 00 65 48 03 0c 25 28 cd 00 00 48 8b 51 08 4c 8b
21 4d 85 e4 74 62 49 63 45 20 48 8d 4a 01 49 8b 7d 00 <49> 8b 1c
 04 4c 89 e0 65 48 0f c7 0f 0f 94 c0 84 c0 74 c8 49 63
RIP  [<-----ADDRESS---->] kmem_cache_alloc+0x43/0xb0
 RSP <-----ADDRESS---->
CR2: -----ADDRESS----
general protection fault: 0000 [#2] SMP
Modules linked in: xt_conntrack xt_dscp i915 ath9k drm_kms_helper mac80211
kvm_intel video ath9k_common ath9k_hw kvm e1000e ath backlight cfg80211 rfkill
CPU 2
Pid: 0, comm: swapper/2 Tainted: G      D W    3.7.4-OSS4.2 #3                 
/DQ45CB
RIP: 0010[<-----ADDRESS---->]  [<-----ADDRESS---->] rcu_do_batch.isra.37+0x131/0x290
RSP: 0018:-----ADDRESS----  EFLAGS: 00010212
RAX: -----ADDRESS---- RBX: -----ADDRESS---- RCX: -----ADDRESS----
RDX: -----ADDRESS---- RSI: -----ADDRESS---- RDI: -----ADDRESS----
RBP: -----ADDRESS---- R08: -----ADDRESS---- R09: -----ADDRESS----
R10: -----ADDRESS---- R11: -----ADDRESS---- R12: -----ADDRESS----
R13: -----ADDRESS---- R14: -----ADDRESS---- R15: -----ADDRESS----
FS:  -----ADDRESS----(0000) GS:-----ADDRESS----(0000) knlGS:-----ADDRESS----
CS:  0010 DS: 0000 ES: 0000 CR0: -----ADDRESS----
CR2: -----ADDRESS---- CR3: -----ADDRESS---- CR4: -----ADDRESS----
DR0: -----ADDRESS---- DR1: -----ADDRESS---- DR2: -----ADDRESS----
DR3: -----ADDRESS---- DR6: -----ADDRESS---- DR7: -----ADDRESS----
Process swapper/2 (pid: 0, threadinfo -----ADDRESS----, task -----ADDRESS----)
Stack:
 -----ADDRESS---- -----ADDRESS---- -----ADDRESS---- -----ADDRESS----
 -----ADDRESS---- -----ADDRESS---- -----ADDRESS---- -----ADDRESS----
 -----ADDRESS---- -----ADDRESS---- -----ADDRESS---- -----ADDRESS----
Call Trace:
 <IRQ>
 [<-----ADDRESS---->] ? tick_program_event+0x1f/0x30
 [<-----ADDRESS---->] __rcu_process_callbacks+0xaa/0x140
 [<-----ADDRESS---->] rcu_process_callbacks+0x48/0x70
 [<-----ADDRESS---->] __do_softirq+0xa8/0x150
 [<-----ADDRESS---->] call_softirq+0x1c/0x30
 [<-----ADDRESS---->] do_softirq+0x4d/0x80
 [<-----ADDRESS---->] irq_exit+0x8e/0xb0
 [<-----ADDRESS---->] do_IRQ+0x5e/0xd0
 [<-----ADDRESS---->] common_interrupt+0x67/0x67
 <EOI>
 [<-----ADDRESS---->] ? acpi_idle_enter_simple+0xbd/0xf4
 [<-----ADDRESS---->] ? acpi_idle_enter_simple+0xb8/0xf4
 [<-----ADDRESS---->] acpi_idle_enter_bm+0xe1/0x24b
 [<-----ADDRESS---->] ? menu_select+0xe4/0x300
 [<-----ADDRESS---->] cpuidle_enter+0x19/0x20
 [<-----ADDRESS---->] cpuidle_idle_call+0x8b/0xf0
 [<-----ADDRESS---->] cpu_idle+0xbf/0x110
 [<-----ADDRESS---->] start_secondary+0xb3/0xb5
Code: b8 8b 92 ac 01 00 00 85 d2 75 2f 4d 85 ff 74 2a 4c 89 ff 48 8b 57 08 4c 8b
3f 48 81 fa ff 0f 00 00 41 0f 18 0f 76 ab 48 89 45 a8 <ff> d2 48
 8b 45 a8 eb b4 0f 1f 80 00 00 00 00 48 89 c1 9c 41 5d
RIP [<-----ADDRESS---->] rcu_do_batch.isra.37+0x131/0x290
RSP <-----ADDRESS---->
Kernel panic - not syncing: Fatal exception in interrupt
panic occurred, switching back to text console.
----------------------------------------------------------------------------------------------------

Should you need the mentioned addresses, just say the word and I'll transcribe them.

As I have no idea whom to CC, I left that out. Maybe the maintainers of the ACPI
subsystem (Len Brown) or IRQ subsystem (Thomas Gleixner), but I don't want to
pester them with unneccesary traffic. After all the problem was initiated by
hostapd and most likely the ath9k cards.

Best regards,



Mihai


Download attachment "smime.p7s" of type "application/pkcs7-signature" (4506 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ