1 |
xD |
2 |
|
3 |
This is really impressive, Bug has repeated in kernel 3.10 . I don't |
4 |
know how many possibilities exists to replay the same kernel bug, hit |
5 |
while emerging xz package, with two different kernels, 3.4.1 ebuild |
6 |
from hardened gentoo and 3.10, the latest one. Hangs in the same |
7 |
place. with VirtualBox and with KVM |
8 |
|
9 |
|
10 |
2013/7/15, Javier Juan Martínez Cabezón <tazok.id0@×××××.com>: |
11 |
> Hi all |
12 |
> |
13 |
> I'm with this several months and I still without knowing if it was mistake |
14 |
> from me while patching PaX with rsbac at hand or is a kernel bug, or it's |
15 |
> from VirtualBox (the behaviour is horrible, sorry): |
16 |
> |
17 |
> After the bug hits system guest gets unusable, hard reset is required, |
18 |
> every command executed gets segfaulted from there. |
19 |
> |
20 |
> I can reproduce it easily, using backup_all (a shell script that makes the |
21 |
> sec policy backup (as in this case)) or with ./configure when compiling (as |
22 |
> emerge does something), so emerge usually does seg fault. The EIP is always |
23 |
> at the same, strnlen+0x6/0x18 |
24 |
> |
25 |
> Jul 13 22:50:02 orion kernel: BUG: unable to handle kernel paging request |
26 |
> at 00001033 |
27 |
> Jul 13 22:50:02 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18 |
28 |
> Jul 13 22:50:02 orion kernel: *pdpt = 000000000e965001 *pde = |
29 |
> 0000000000000000 |
30 |
> Jul 13 22:50:02 orion kernel: Oops: 0000 [#1] |
31 |
> Jul 13 22:50:02 orion kernel: |
32 |
> Jul 13 22:50:02 orion kernel: Pid: 4147, comm: bash Not tainted 3.4.0-rsbac |
33 |
> #9 innotek GmbH VirtualBox |
34 |
> Jul 13 22:50:02 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU: |
35 |
> 0 |
36 |
> Jul 13 22:50:02 orion kernel: EIP is at strnlen+0x6/0x18 |
37 |
> Jul 13 22:50:02 orion kernel: EAX: 00001033 EBX: ce9c0069 ECX: 00001033 |
38 |
> EDX: 0000000e |
39 |
> Jul 13 22:50:02 orion kernel: ESI: 00001033 EDI: ce9c0069 EBP: ce9c07f5 |
40 |
> ESP: c66d3b38 |
41 |
> Jul 13 22:50:02 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068 |
42 |
> Jul 13 22:50:02 orion kernel: CR0: 8005003b CR2: 00001033 CR3: 01415000 |
43 |
> CR4: 000006f0 |
44 |
> Jul 13 22:50:02 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000 |
45 |
> DR3: 00000000 |
46 |
> Jul 13 22:50:02 orion kernel: DR6: ffff0ff0 DR7: 00000400 |
47 |
> Jul 13 22:50:02 orion kernel: Process bash (pid: 4147, ti=e738ee3c |
48 |
> task=e738ebd0 task.ti=e738ee3c) |
49 |
> Jul 13 22:50:02 orion kernel: Stack: |
50 |
> Jul 13 22:50:02 orion kernel: 001a884b c66d3bb4 c66d3bb0 c66d3bb4 ce9c0069 |
51 |
> ce9c0069 001a916e 000fff00 |
52 |
> Jul 13 22:50:02 orion kernel: 000fffff 0000000f ce9c07f5 ce9c000b c1514bcb |
53 |
> 000007ea ff0a0004 000fffff |
54 |
> Jul 13 22:50:02 orion kernel: ce9c0000 c66d3bdc c66d3bac c66d3bdc 0004dfc6 |
55 |
> c66d3ba8 e702a4c0 c66d3bdc |
56 |
> Jul 13 22:50:02 orion kernel: Call Trace: |
57 |
> Jul 13 22:50:02 orion kernel: [<001a884b>] ? string.isra.1+0x25/0x8c |
58 |
> Jul 13 22:50:02 orion kernel: [<001a916e>] ? vsnprintf+0x139/0x257 |
59 |
> Jul 13 22:50:02 orion kernel: [<000fff00>] ? bio_map_user+0x13/0x25 |
60 |
> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9 |
61 |
> Jul 13 22:50:02 orion kernel: [<000fffff>] ? bio_map_kern+0xb0/0xd9 |
62 |
> Jul 13 22:50:02 orion kernel: [<0004dfc6>] ? rsbac_printk+0x52/0x18e |
63 |
> Jul 13 22:50:02 orion kernel: [<0007d3ee>] ? |
64 |
> rsbac_adf_set_attr_cap+0x680/0x9a6 |
65 |
> Jul 13 22:50:02 orion kernel: [<00038a00>] ? |
66 |
> smp_apic_timer_interrupt+0x62/0x6a |
67 |
> Jul 13 22:50:02 orion kernel: [<00407f91>] ? resume_userspace_sig+0x1b/0x2a |
68 |
> Jul 13 22:50:02 orion kernel: [<0007148e>] ? |
69 |
> rsbac_adf_set_attr+0x45f/0x12b3 |
70 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
71 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
72 |
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a |
73 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
74 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
75 |
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
76 |
> Jul 13 22:50:02 orion kernel: [<0002cc9e>] ? free_thread_xstate+0x17/0x23 |
77 |
> Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf |
78 |
> Jul 13 22:50:02 orion kernel: [<00110c60>] ? load_elf_binary+0xf05/0xfbf |
79 |
> Jul 13 22:50:02 orion kernel: [<00030502>] ? x86_pmu_event_init+0x23c/0x2d1 |
80 |
> Jul 13 22:50:02 orion kernel: [<000e2f53>] ? do_execve_common+0x363/0x45e |
81 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
82 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
83 |
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a |
84 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
85 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
86 |
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
87 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
88 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
89 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
90 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
91 |
> Jul 13 22:50:02 orion kernel: [<000e85ec>] ? do_path_lookup+0x17/0x4a |
92 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
93 |
> Jul 13 22:50:02 orion kernel: [<000e8963>] ? user_path_at_empty+0x4b/0x69 |
94 |
> Jul 13 22:50:02 orion kernel: [<00800001>] ? 0x800000 |
95 |
> Jul 13 22:50:02 orion kernel: [<0009fa4f>] ? do_adjtimex+0x2ab/0x550 |
96 |
> Jul 13 22:50:02 orion kernel: [<000c6a52>] ? __do_fault+0x357/0x389 |
97 |
> Jul 13 22:50:02 orion kernel: [<000e626c>] ? getname_flags+0x1b/0xbf |
98 |
> Jul 13 22:50:02 orion kernel: [<000e3057>] ? do_execve+0x9/0xb |
99 |
> Jul 13 22:50:02 orion kernel: [<0002d0f1>] ? sys_execve+0x2c/0x50 |
100 |
> Jul 13 22:50:02 orion kernel: [<004087f2>] ? ptregs_execve+0x12/0x20 |
101 |
> Jul 13 22:50:02 orion kernel: [<00408009>] ? syscall_call+0x7/0xb |
102 |
> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7 |
103 |
> Jul 13 22:50:02 orion kernel: [<000290d5>] ? math_state_restore+0x96/0x96 |
104 |
> Jul 13 22:50:02 orion kernel: [<00010206>] ? |
105 |
> kvm_arch_vcpu_ioctl_run+0x79a/0xbdc |
106 |
> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1 |
107 |
> Jul 13 22:50:02 orion kernel: [<00408024>] ? restore_all_pax+0x7/0x7 |
108 |
> Jul 13 22:50:02 orion kernel: [<0040007b>] ? pcnet32_remove_one+0x22/0xe3 |
109 |
> Jul 13 22:50:02 orion kernel: [<0001007b>] ? |
110 |
> kvm_arch_vcpu_ioctl_run+0x60f/0xbdc |
111 |
> Jul 13 22:50:02 orion kernel: [<0003c0a9>] ? vmalloc_sync_all+0x1/0x1 |
112 |
> Jul 13 22:50:02 orion kernel: [<00010287>] ? |
113 |
> kvm_arch_vcpu_ioctl_run+0x81b/0xbdc |
114 |
> Jul 13 22:50:02 orion kernel: Code: d0 f2 ae 74 05 bf 01 00 00 00 4f eb 02 |
115 |
> 31 ff 89 f8 5f c3 85 c9 57 89 c7 74 07 89 d0 f2 ae 75 01 4f 89 f8 5f c3 89 |
116 |
> c1 89 c8 eb 06 <80> 38 00 74 07 40 4a 83 fa ff 75 f4 29 c8 c3 90 90 90 57 |
117 |
> 83 c9 |
118 |
> Jul 13 22:50:02 orion kernel: EIP: [<001aa8e2>] strnlen+0x6/0x18 SS:ESP |
119 |
> 0068:c66d3b38 |
120 |
> Jul 13 22:50:02 orion kernel: CR2: 0000000000001033 |
121 |
> Jul 13 22:50:02 orion kernel: ---[ end trace 4a7d8fa933a5d5dd ]--- |
122 |
> |
123 |
> Jul 13 22:59:01 orion kernel: BUG: unable to handle kernel paging request |
124 |
> at 000010a1 |
125 |
> Jul 13 22:59:01 orion kernel: IP: [<001aa8e2>] strnlen+0x6/0x18 |
126 |
> Jul 13 22:59:01 orion kernel: *pdpt = 000000000df00001 *pde = |
127 |
> 0000000000000000 |
128 |
> Jul 13 22:59:01 orion kernel: Oops: 0000 [#2] |
129 |
> Jul 13 22:59:01 orion kernel: |
130 |
> Jul 13 22:59:01 orion kernel: Pid: 4257, comm: bash Tainted: G D |
131 |
> 3.4.0-rsbac #9 innotek GmbH VirtualBox |
132 |
> Jul 13 22:59:01 orion kernel: EIP: 0060:[<001aa8e2>] EFLAGS: 00010217 CPU: |
133 |
> 0 |
134 |
> Jul 13 22:59:01 orion kernel: EIP is at strnlen+0x6/0x18 |
135 |
> Jul 13 22:59:01 orion kernel: EAX: 000010a1 EBX: ce9c0869 ECX: 000010a1 |
136 |
> EDX: 0000000e |
137 |
> Jul 13 22:59:01 orion kernel: ESI: 000010a1 EDI: ce9c0869 EBP: ce9c0ff5 |
138 |
> ESP: c66cfb48 |
139 |
> Jul 13 22:59:01 orion kernel: DS: 0068 ES: 0068 FS: 0000 GS: 0000 SS: 0068 |
140 |
> Jul 13 22:59:01 orion kernel: CR0: 8005003b CR2: 000010a1 CR3: 01415000 |
141 |
> CR4: 000006f0 |
142 |
> Jul 13 22:59:01 orion kernel: DR0: 00000000 DR1: 00000000 DR2: 00000000 |
143 |
> DR3: 00000000 |
144 |
> Jul 13 22:59:01 orion kernel: DR6: ffff0ff0 DR7: 00000400 |
145 |
> Jul 13 22:59:01 orion kernel: Process bash (pid: 4257, ti=e738ee3c |
146 |
> task=e738ebd0 task.ti=e738ee3c) |
147 |
> |