lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date:	Fri, 11 Sep 2009 16:54:49 -0400
From:	Dave Jones <>
Subject: lockup with 2.6.31 while running sfuzz.

Just before locking up completely, I managed to capture this ..
Repeated it twice. Happens within a few minutes of running.


BUG: unable to handle kernel NULL pointer dereference at 0000000000000070
IP: [<ffffffff81096d61>] __lock_acquire+0xae/0xc0e
PGD 3088f067 PUD 3146c067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/system/cpu/cpu3/cache/index1/shared_cpu_map
CPU 0 
Modules linked in: ip_queue sctp libcrc32c ip6_queue can_bcm sco cmtp kernelcapi bnep can_raw hidp l2cap rds rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr pppoe pppox ppp_generic slhc atm appletalk can af_key rose ax25 bluetooth rfkill ipx p8022 psnap llc p8023 decnet irda crc_ccitt gfs2 dlm configfs nfsd lockd nfs_acl auth_rpcgss sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 p4_clockmod freq_table speedstep_lib xfs exportfs vfat fat ext2 dm_multipath snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_timer e1000 i2c_i801 snd iTCO_wdt shpchp iTCO_vendor_support e752x_edac ppdev edac_core parport_pc soundcore snd_page_alloc dcdbas parport raid1 raid0 floppy radeon ttm drm_kms_helper drm i2c_algo_bit i2c_core [last unloaded: freq_table]
Pid: 1859, comm: sfuzz Not tainted 2.6.31-2.fc12.x86_64 #1 Precision WorkStation 470    
RIP: 0010:[<ffffffff81096d61>]  [<ffffffff81096d61>] __lock_acquire+0xae/0xc0e
RSP: 0018:ffff88003085fb68  EFLAGS: 00010046
RAX: 0000000000000046 RBX: ffff88003143a4a0 RCX: ffffffff81439f9c
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000068
RBP: ffff88003085fbe8 R08: 0000000000000002 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000246
R13: 0000000000000068 R14: 0000000000000002 R15: 0000000000000000
FS:  00007f3df0ecd700(0000) GS:ffff880004600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000070 CR3: 0000000030da4000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process sfuzz (pid: 1859, threadinfo ffff88003085e000, task ffff88003143a4a0)
 ffff88003085fb78 ffffffff81019a3b ffff88003085fb88 0000000067f0b452
<0> 000000003085fbb8 0000000067f0b452 ffff880000000000 ffffffff815041ee
<0> ffffffff817e5da8 0000000067f0b452 ffff88003085fbe8 0000000000000002
Call Trace:
 [<ffffffff81019a3b>] ? native_sched_clock+0x2d/0x62
 [<ffffffff815041ee>] ? __mutex_unlock_slowpath+0x12f/0x158
 [<ffffffff810979af>] lock_acquire+0xee/0x12e
 [<ffffffff81439f9c>] ? lock_sock_nested+0x4d/0x12d
 [<ffffffff814552b5>] ? rtnl_lock+0x2a/0x40
 [<ffffffff81439f9c>] ? lock_sock_nested+0x4d/0x12d
 [<ffffffff815062a2>] _spin_lock_bh+0x4a/0x93
 [<ffffffff81439f9c>] ? lock_sock_nested+0x4d/0x12d
 [<ffffffff81439f9c>] lock_sock_nested+0x4d/0x12d
 [<ffffffffa06b20c2>] lock_sock+0x23/0x39 [can_raw]
 [<ffffffffa06b2b98>] raw_release+0x3c/0x12f [can_raw]
 [<ffffffff81436b96>] sock_release+0x32/0x98
 [<ffffffff81436c34>] sock_close+0x38/0x50
 [<ffffffff81143e21>] __fput+0x137/0x200
 [<ffffffff81143f17>] fput+0x2d/0x43
 [<ffffffff81438007>] sys_accept4+0x1f4/0x224
 [<ffffffff81141fa4>] ? fsnotify_modify+0x7b/0x9a
 [<ffffffff81011f7a>] ? sysret_check+0x2e/0x69
 [<ffffffff810c3bae>] ? audit_syscall_entry+0x12d/0x16d
 [<ffffffff81438202>] sys_accept+0x23/0x39
 [<ffffffff81011f42>] system_call_fastpath+0x16/0x1b
Code: 00 be f4 09 00 00 0f 85 0c 0b 00 00 e9 a4 0a 00 00 83 fe 07 76 11 e8 e7 aa 1e 00 48 c7 c7 3e c1 66 81 e9 c0 0a 00 00 85 f6 75 09 <49> 8b 45 08 48 85 c0 75 2b 31 d2 4c 89 ef 48 89 4d 98 4c 89 4d 
RIP  [<ffffffff81096d61>] __lock_acquire+0xae/0xc0e
 RSP <ffff88003085fb68>
CR2: 0000000000000070
---[ end trace 6d2b85c48fdea652 ]---

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists