* Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page
@ 2007-08-05 19:03 Juergen Kreileder
2007-08-05 19:46 ` Arjan van de Ven
2007-08-16 18:45 ` SLUB problems (was Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page) Juergen Kreileder
0 siblings, 2 replies; 6+ messages in thread
From: Juergen Kreileder @ 2007-08-05 19:03 UTC (permalink / raw)
To: linux-kernel, dm-devel
I've upgraded devmapper to 1.02.20 and lvm2 to 2.02.26. Didn't help much,
I just got a the same BUG again:
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at virtual address f492c1f8
printing eip:
f492c1f8
*pdpt = 0000000000001001
*pde = 80000000348001e3
*pte = ec1c7da0ec1c7da0
Oops: 0011 [#1]
CPU: 0
EIP: 0060:[<f492c1f8>] Not tainted VLI
EFLAGS: 00010282 (2.6.22.1-jk1-exec-shield #1)
EIP is at 0xf492c1f8
eax: f492c1cc ebx: f492c1cc ecx: 00000000 edx: f492c1f8
esi: f492c1f8 edi: 00000000 ebp: 00000000 esp: d4177db4
ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
Process lvcreate (pid: 2303, ti=d4176000 task=d1c88a00 task.ti=d4176000)
Stack: c02088c4 f492c1e4 c02088d0 c03dd95e c2969f60 c0209118 ce684800 e5436280
00000287 c03dd952 c03dd952 f6a44548 c018e393 c19ea90c 00000000 c19eb900
c03dd952 c18f9780 f45cb300 00000000 c0157664 c18f97cc c18f9780 c01575be
Call Trace:
[kobject_cleanup+116/128] kobject_cleanup+0x74/0x80
[kobject_release+0/16] kobject_release+0x0/0x10
[kref_put+56/160] kref_put+0x38/0xa0
[sysfs_hash_and_remove+275/320] sysfs_hash_and_remove+0x113/0x140
[sysfs_slab_alias+100/128] sysfs_slab_alias+0x64/0x80
[sysfs_slab_add+174/208] sysfs_slab_add+0xae/0xd0
[kmem_cache_create+236/320] kmem_cache_create+0xec/0x140
[jobs_init+46/128] jobs_init+0x2e/0x80
[kcopyd_init+45/176] kcopyd_init+0x2d/0xb0
[kcopyd_client_create+28/208] kcopyd_client_create+0x1c/0xd0
[init_hash_tables+142/192] init_hash_tables+0x8e/0xc0
[snapshot_ctr+506/752] snapshot_ctr+0x1fa/0x2f0
[dm_split_args+47/272] dm_split_args+0x2f/0x110
[dm_table_add_target+252/400] dm_table_add_target+0xfc/0x190
[vmalloc+32/48] vmalloc+0x20/0x30
[populate_table+98/192] populate_table+0x62/0xc0
[table_load+82/240] table_load+0x52/0xf0
[table_load+0/240] table_load+0x0/0xf0
[ctl_ioctl+209/288] ctl_ioctl+0xd1/0x120
[ctl_ioctl+0/288] ctl_ioctl+0x0/0x120
[do_ioctl+59/96] do_ioctl+0x3b/0x60
[vfs_ioctl+94/416] vfs_ioctl+0x5e/0x1a0
[sys_ioctl+61/128] sys_ioctl+0x3d/0x80
[sysenter_past_esp+95/133] sysenter_past_esp+0x5f/0x85
=======================
Code: 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <f8> c1 92 f4 f8 c1 92 f4 4c 16 b6 f5 00 00 00 00 00 00 00 00 00
EIP: [<f492c1f8>] 0xf492c1f8 SS:ESP 0068:d4177db4
> I got the appended BUG from a 32-bit 2.6.22.1 kernel (with exec-shield
> patch and PAE enabled) on an Athlon64 with dmsetup 1.02.03 and lvm2
> v2.02.02.
> (Note, the message comes from the vanilla kernel, not from the
> exec-shiled patch.)
>
> I wasn't able to reproduce the problem so far. The machine creates
> several snapshot volumes every 4 hours and worked fine with the new
> kernel for several days. It had 2.6.16.12+exec-shield before and ran
> flawlessy for over a year.
>
>
> kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
> BUG: unable to handle kernel paging request at virtual address f551df78
> printing eip:
> f551df78
> *pdpt = 0000000000001001
> *pde = 80000000354001e3
> *pte = 9293396c5d22e546
> Oops: 0011 [#1]
> CPU: 0
> EIP: 0060:[<f551df78>] Not tainted VLI
> EFLAGS: 00010286 (2.6.22.1-jk1-exec-shield #1)
> EIP is at 0xf551df78
> eax: f551df4c ebx: f551df4c ecx: 00000000 edx: f551df78
> esi: f551df78 edi: 00000000 ebp: 00000000 esp: e8ee5db4
> ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
> Process lvcreate (pid: 25916, ti=e8ee4000 task=f7358a00 task.ti=e8ee4000)
> Stack: c02088c4 f551df64 c02088d0 c03dd95e c64ccf00 c0209118 00000287 c03dd95e
> 00000287 c018e38b c03dd952 d3e460e8 c018e393 c192a90c 00000000 c192b900
> c03dd952 f557a600 f59bbcc0 00000000 c0157664 f557a64c f557a600 c01575be
> Call Trace:
> [kobject_cleanup+116/128] kobject_cleanup+0x74/0x80
> [kobject_release+0/16] kobject_release+0x0/0x10
> [kref_put+56/160] kref_put+0x38/0xa0
> [sysfs_hash_and_remove+267/320] sysfs_hash_and_remove+0x10b/0x140
> [sysfs_hash_and_remove+275/320] sysfs_hash_and_remove+0x113/0x140
> [sysfs_slab_alias+100/128] sysfs_slab_alias+0x64/0x80
> [sysfs_slab_add+174/208] sysfs_slab_add+0xae/0xd0
> [kmem_cache_create+236/320] kmem_cache_create+0xec/0x140
> [jobs_init+46/128] jobs_init+0x2e/0x80
> [kcopyd_init+45/176] kcopyd_init+0x2d/0xb0
> [kcopyd_client_create+28/208] kcopyd_client_create+0x1c/0xd0
> [init_hash_tables+142/192] init_hash_tables+0x8e/0xc0
> [snapshot_ctr+506/752] snapshot_ctr+0x1fa/0x2f0
> [dm_split_args+47/272] dm_split_args+0x2f/0x110
> [dm_table_add_target+252/400] dm_table_add_target+0xfc/0x190
> [vmalloc+32/48] vmalloc+0x20/0x30
> [populate_table+98/192] populate_table+0x62/0xc0
> [table_load+82/240] table_load+0x52/0xf0
> [table_load+0/240] table_load+0x0/0xf0
> [ctl_ioctl+209/288] ctl_ioctl+0xd1/0x120
> [ctl_ioctl+0/288] ctl_ioctl+0x0/0x120
> [do_ioctl+59/96] do_ioctl+0x3b/0x60
> [vfs_ioctl+94/416] vfs_ioctl+0x5e/0x1a0
> [sys_ioctl+61/128] sys_ioctl+0x3d/0x80
> [sysenter_past_esp+95/133] sysenter_past_esp+0x5f/0x85
> =======================
> Code: 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00 \
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <78> df 51 f5 78 df 51 f5 74 1b 8b \
> f7 00 00 00 00 00 00 00 00 32
> EIP: [<f551df78>] 0xf551df78 SS:ESP 0068:e8ee5db4
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page
2007-08-05 19:03 lvcreate on 2.6.22.1: kernel tried to execute NX-protected page Juergen Kreileder
@ 2007-08-05 19:46 ` Arjan van de Ven
2007-08-16 18:45 ` SLUB problems (was Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page) Juergen Kreileder
1 sibling, 0 replies; 6+ messages in thread
From: Arjan van de Ven @ 2007-08-05 19:46 UTC (permalink / raw)
To: Juergen Kreileder; +Cc: dm-devel, linux-kernel
On Sun, 2007-08-05 at 21:03 +0200, Juergen Kreileder wrote:
> I've upgraded devmapper to 1.02.20 and lvm2 to 2.02.26. Didn't help much,
> I just got a the same BUG again:
>
> kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
> BUG: unable to handle kernel paging request at virtual address f492c1f8
I suspect this is a module that got unloaded but still had some function
pointer registered somewhere.....
do you know if/which module that could be?
(one trick is to compile the kernel such that you don't allow modules to
be unloaded at all; if that makes it work it's clearly the type of bug I
described above)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page
@ 2007-08-05 19:46 ` Arjan van de Ven
0 siblings, 0 replies; 6+ messages in thread
From: Arjan van de Ven @ 2007-08-05 19:46 UTC (permalink / raw)
To: Juergen Kreileder; +Cc: linux-kernel, dm-devel
On Sun, 2007-08-05 at 21:03 +0200, Juergen Kreileder wrote:
> I've upgraded devmapper to 1.02.20 and lvm2 to 2.02.26. Didn't help much,
> I just got a the same BUG again:
>
> kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
> BUG: unable to handle kernel paging request at virtual address f492c1f8
I suspect this is a module that got unloaded but still had some function
pointer registered somewhere.....
do you know if/which module that could be?
(one trick is to compile the kernel such that you don't allow modules to
be unloaded at all; if that makes it work it's clearly the type of bug I
described above)
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page
2007-08-05 19:46 ` Arjan van de Ven
@ 2007-08-05 19:52 ` Juergen Kreileder
-1 siblings, 0 replies; 6+ messages in thread
From: Juergen Kreileder @ 2007-08-05 19:52 UTC (permalink / raw)
To: Arjan van de Ven; +Cc: dm-devel, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 760 bytes --]
Arjan van de Ven wrote:
> On Sun, 2007-08-05 at 21:03 +0200, Juergen Kreileder wrote:
>> I've upgraded devmapper to 1.02.20 and lvm2 to 2.02.26. Didn't help much,
>> I just got a the same BUG again:
>>
>> kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
>> BUG: unable to handle kernel paging request at virtual address f492c1f8
>
>
> I suspect this is a module that got unloaded but still had some function
> pointer registered somewhere.....
>
> do you know if/which module that could be?
> (one trick is to compile the kernel such that you don't allow modules to
> be unloaded at all; if that makes it work it's clearly the type of bug I
> described above)
It's a static kernel, no modules. I've attached the config.
Juergen
[-- Attachment #2: config-2.6.22.1-jk1-exec-shield.gz --]
[-- Type: application/x-gzip, Size: 8526 bytes --]
[-- Attachment #3: Type: text/plain, Size: 0 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page
@ 2007-08-05 19:52 ` Juergen Kreileder
0 siblings, 0 replies; 6+ messages in thread
From: Juergen Kreileder @ 2007-08-05 19:52 UTC (permalink / raw)
To: Arjan van de Ven; +Cc: linux-kernel, dm-devel
[-- Attachment #1: Type: text/plain, Size: 760 bytes --]
Arjan van de Ven wrote:
> On Sun, 2007-08-05 at 21:03 +0200, Juergen Kreileder wrote:
>> I've upgraded devmapper to 1.02.20 and lvm2 to 2.02.26. Didn't help much,
>> I just got a the same BUG again:
>>
>> kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
>> BUG: unable to handle kernel paging request at virtual address f492c1f8
>
>
> I suspect this is a module that got unloaded but still had some function
> pointer registered somewhere.....
>
> do you know if/which module that could be?
> (one trick is to compile the kernel such that you don't allow modules to
> be unloaded at all; if that makes it work it's clearly the type of bug I
> described above)
It's a static kernel, no modules. I've attached the config.
Juergen
[-- Attachment #2: config-2.6.22.1-jk1-exec-shield.gz --]
[-- Type: application/x-gzip, Size: 8526 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* SLUB problems (was Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page)
2007-08-05 19:03 lvcreate on 2.6.22.1: kernel tried to execute NX-protected page Juergen Kreileder
2007-08-05 19:46 ` Arjan van de Ven
@ 2007-08-16 18:45 ` Juergen Kreileder
1 sibling, 0 replies; 6+ messages in thread
From: Juergen Kreileder @ 2007-08-16 18:45 UTC (permalink / raw)
To: linux-kernel, dm-devel
I got a few more oopses like the one in the original message (see below)
and one with a different call trace but that happened while creating a
snapshot too.
After that I rebuilt the kernel with SLAB instead of SLUB. The system
is running fine for a week now.
BUG: unable to handle kernel NULL pointer dereference at virtual address
00000013
printing eip:
c0118ef5
*pdpt = 000000001d044001
*pde = 0000000020946067
*pte = 0000000000000000
Oops: 0002 [#1]
CPU: 0
EIP: 0060:[dup_fd+181/432] Not tainted VLI
EFLAGS: 00010286 (2.6.22.1-jk1-exec-shield #1)
EIP is at dup_fd+0xb5/0x1b0
eax: f0f30128 ebx: 00000013 ecx: ffffffff edx: 0000000c
esi: f0f300ec edi: f537b7ac ebp: f537b7e4 esp: d94cbef8
ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
Process udev (pid: 9491, ti=d94ca000 task=f6b36a00 task.ti=d94ca000)
Stack: 00000001 f537b788 00000020 f0f30128 f537b780 f5784f00 00000000
c18e5370
01200011 c0119034 fffffff4 f5784f00 c0119360 dd044270 de5469a0
f2b82a80
0000251a f5784fbc d94cbfb8 bfb1bbe8 c040d0d0 c18e5370 01200011
b7f734a8
Call Trace:
[copy_files+68/96] copy_files+0x44/0x60
[copy_process+624/2752] copy_process+0x270/0xac0
[do_fork+100/496] do_fork+0x64/0x1f0
[sys_clone+50/64] sys_clone+0x32/0x40
[sysenter_past_esp+95/133] sysenter_past_esp+0x5f/0x85
=======================
Code: 08 f3 a5 89 c1 83 e1 03 74 02 f3 a4 8b 5c 24 08 85 db 74 23 89 f6
8b 44 24 0c 8b 08 83 c0 04 89 44 24 0c 85 c9 0f 84 a1 00 00 00 <ff> 41
14 89 4d 00 83 c5 04 4b 75 df 8b 4c 24 04 31 f6 89 ef 8b
EIP: [dup_fd+181/432] dup_fd+0xb5/0x1b0 SS:ESP 0068:d94cbef8
Juergen Kreileder wrote:
> I got the appended BUG from a 32-bit 2.6.22.1 kernel (with exec-shield
> patch and PAE enabled) on an Athlon64 with dmsetup 1.02.03 and lvm2
> v2.02.02.
> (Note, the message comes from the vanilla kernel, not from the
> exec-shiled patch.)
>
> I wasn't able to reproduce the problem so far. The machine creates
> several snapshot volumes every 4 hours and worked fine with the new
> kernel for several days. It had 2.6.16.12+exec-shield before and ran
> flawlessy for over a year.
>
>
> kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
> BUG: unable to handle kernel paging request at virtual address f551df78
> printing eip:
> f551df78
> *pdpt = 0000000000001001
> *pde = 80000000354001e3
> *pte = 9293396c5d22e546
> Oops: 0011 [#1]
> CPU: 0
> EIP: 0060:[<f551df78>] Not tainted VLI
> EFLAGS: 00010286 (2.6.22.1-jk1-exec-shield #1)
> EIP is at 0xf551df78
> eax: f551df4c ebx: f551df4c ecx: 00000000 edx: f551df78
> esi: f551df78 edi: 00000000 ebp: 00000000 esp: e8ee5db4
> ds: 007b es: 007b fs: 0000 gs: 0033 ss: 0068
> Process lvcreate (pid: 25916, ti=e8ee4000 task=f7358a00 task.ti=e8ee4000)
> Stack: c02088c4 f551df64 c02088d0 c03dd95e c64ccf00 c0209118 00000287 c03dd95e
> 00000287 c018e38b c03dd952 d3e460e8 c018e393 c192a90c 00000000 c192b900
> c03dd952 f557a600 f59bbcc0 00000000 c0157664 f557a64c f557a600 c01575be
> Call Trace:
> [kobject_cleanup+116/128] kobject_cleanup+0x74/0x80
> [kobject_release+0/16] kobject_release+0x0/0x10
> [kref_put+56/160] kref_put+0x38/0xa0
> [sysfs_hash_and_remove+267/320] sysfs_hash_and_remove+0x10b/0x140
> [sysfs_hash_and_remove+275/320] sysfs_hash_and_remove+0x113/0x140
> [sysfs_slab_alias+100/128] sysfs_slab_alias+0x64/0x80
> [sysfs_slab_add+174/208] sysfs_slab_add+0xae/0xd0
> [kmem_cache_create+236/320] kmem_cache_create+0xec/0x140
> [jobs_init+46/128] jobs_init+0x2e/0x80
> [kcopyd_init+45/176] kcopyd_init+0x2d/0xb0
> [kcopyd_client_create+28/208] kcopyd_client_create+0x1c/0xd0
> [init_hash_tables+142/192] init_hash_tables+0x8e/0xc0
> [snapshot_ctr+506/752] snapshot_ctr+0x1fa/0x2f0
> [dm_split_args+47/272] dm_split_args+0x2f/0x110
> [dm_table_add_target+252/400] dm_table_add_target+0xfc/0x190
> [vmalloc+32/48] vmalloc+0x20/0x30
> [populate_table+98/192] populate_table+0x62/0xc0
> [table_load+82/240] table_load+0x52/0xf0
> [table_load+0/240] table_load+0x0/0xf0
> [ctl_ioctl+209/288] ctl_ioctl+0xd1/0x120
> [ctl_ioctl+0/288] ctl_ioctl+0x0/0x120
> [do_ioctl+59/96] do_ioctl+0x3b/0x60
> [vfs_ioctl+94/416] vfs_ioctl+0x5e/0x1a0
> [sys_ioctl+61/128] sys_ioctl+0x3d/0x80
> [sysenter_past_esp+95/133] sysenter_past_esp+0x5f/0x85
> =======================
> Code: 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 20 00 00 00 00 00 00 \
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <78> df 51 f5 78 df 51 f5 74 1b 8b \
> f7 00 00 00 00 00 00 00 00 32
> EIP: [<f551df78>] 0xf551df78 SS:ESP 0068:e8ee5db4
Juergen
--
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-08-16 18:45 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-05 19:03 lvcreate on 2.6.22.1: kernel tried to execute NX-protected page Juergen Kreileder
2007-08-05 19:46 ` Arjan van de Ven
2007-08-05 19:46 ` Arjan van de Ven
2007-08-05 19:52 ` Juergen Kreileder
2007-08-05 19:52 ` Juergen Kreileder
2007-08-16 18:45 ` SLUB problems (was Re: lvcreate on 2.6.22.1: kernel tried to execute NX-protected page) Juergen Kreileder
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.