The kernel tries to dereference a NULL pointer while running gcc 3.4.4 (Gentoo Hardened 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8). The RBAC system is _not_ enabled. # dmesg Unable to handle kernel NULL pointer dereference at virtual address 00000000 printing eip: 0006c502 *pgd = 0 *pmd = 0 Oops: 0000 [#1] Modules linked in: nfsd exportfs lockd sunrpc ipt_stealth ipt_recent snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd soundcore snd_page_alloc ip_conntrack_ftp ohci_hcd CPU: 0 EIP: 0060:[<0006c502>] Not tainted VLI EFLAGS: 00010282 (2.6.14-hardened-r1) eax: 00006932 ebx: 00000000 ecx: 00000011 edx: c140c140 esi: dca9abc4 edi: c23eb001 ebp: d76c7e6c esp: d76c7e00 ds: 007b es: 007b ss: 0068 Process i686-pc-linux-g (pid: 1029, threadinfo=d76c6000 task=d9aa20b0) Stack: 0024a603 00061ce2 00000000 c23eb001 00000003 d76c7e6c c1573d50 0024a603 d76c7e64 d76c7f04 d76c7e6c 00061cc6 dffe4240 0024a603 d76c7e6c c23eb001 c23eb004 0006259a 0003b850 000eced8 00000001 0003bd9c 00000000 dfc0ece4 Call Trace: [<00061ce2>] [<00000000>] [<00000003>] [<00061cc6>] [<0006259a>] [<0003b850>] [<000eced8>] [<00000001>] [<0003bd9c>] [<00000000>] [<00000000>] [<00000003>] [<0003c17f>] [<00000000>] [<00062c1c>] [<00000001>] [<00000000>] [<00000001>] [<00000000>] [<00000000>] [<00062f74>] [<0006318f>] [<0005d6ca>] [<00000001>] [<00000000>] [<00000001>] [<00000000>] [<0005dd1f>] [<00000000>] [<00000000>] [<00030002>] [<00000001>] [<00000006>] [<00000006>] [<0000000e>] [<0000000b>] [<00209cd0>] [<00002fa9>] [<000000c4>] [<0000007b>] [<0000007b>] [<000000c4>] [<00000073>] [<00000202>] [<0000007b>] [<00000073>] [<00000202>] [<0000007b>] Code: 00 00 00 89 c2 81 f2 01 00 37 9e 89 7c 24 0c d3 ea 31 d0 23 05 c8 7e c4 c0 8b 15 d0 7e c4 c0 8b 34 82 85 f6 74 1a 8d 76 00 8b 1e <0f> 18 03 90 8d 6e f4 8b 04 24 39 45 18 74 12 89 de 85 f6 75 e9 Reproducible: Always Steps to Reproduce: 1. 2. 3. # emerge info Portage 2.0.51.22-r3 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r2, 2.6.14-hardened-r1 i686)=================================================================System uname: 2.6.14-hardened-r1 i686 AMD Athlon(tm) XP 1800+Gentoo Base System version 1.6.13distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]dev-lang/python: 2.4.2sys-apps/sandbox: 1.2.12sys-devel/autoconf: 2.13, 2.59-r6sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1sys-devel/binutils: 2.16.1sys-devel/libtool: 1.5.20virtual/os-headers: 2.6.11-r2ACCEPT_KEYWORDS="x86"AUTOCLEAN="yes"CBUILD="i686-pc-linux-gnu"CFLAGS="-march=athlon-xp -mtune=athlon-xp -O2 -pipe -fomit-frame-pointer -mmmx -m3dnow -msse"CHOST="i686-pc-linux-gnu"CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control"CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"CXXFLAGS="-march=athlon-xp -mtune=athlon-xp -O2 -pipe -fomit-frame-pointer -mmmx -m3dnow -msse"DISTDIR="/usr/portage/distfiles"FEATURES="autoconfig distcc distlocks sandbox sfperms strict"GENTOO_MIRRORS="http://pandemonium.tiscali.de/pub/gentoo"MAKEOPTS="-j3"PKGDIR="/usr/portage/packages"PORTAGE_TMPDIR="/var/tmp"PORTDIR="/usr/portage"PORTDIR_OVERLAY="/usr/myportage"SYNC="rsync://rsync.gentoo.org/gentoo-portage"USE="x86 3dnow alsa apm atm avi berkdb bzip2 crypt cups eds emboss encode expat foomaticdb gd gif gstreamer gtk2 hardened innodb jpeg libg++ libwww mikmod mmx motif mp3 ncurses no_wxgtk1 nptl nptlonly ogg oss pam pcre pdflib pic png python qt quicktime readline samba sse ssl truetype truetype-fonts type1-fonts udev unicode vorbis xml2 zlib userland_GNU kernel_linux elibc_glibc"Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Created attachment 74313 [details] System.map for the running kernel
Created attachment 74314 [details] Configuration of the running kernel.
Steps to reproduce is missing.
(In reply to comment #3) > Steps to reproduce is missing. I get that kind of error at random intervals whenever I'm running gcc. The first time I noticed it, I was in the middle of an 'emerge -e system'; later I got another NULL pointer while compiling the kernel itself. Initially I suspected an hardware-related problem, but I can't reproduce the error while I'm using hardened-sources-2.6.11-r15, no matter how hard I load the system (with multiple copies of gcc running in parallel).
I think I've been able to track down the problem to a single PAX feature. If I _disable_ CONFIG_PAX_KERNEXEC (enforce non-executable kernel pages) I don't get NULL pointers any longer.
(In reply to comment #5) > I think I've been able to track down the problem to a single PAX feature. > If I _disable_ CONFIG_PAX_KERNEXEC (enforce non-executable kernel pages) I don't > get NULL pointers any longer. can you reproduce it with frame pointers enabled (it should give better debug trace)? from a quick look it's a NULL deref in path lookup code, the only related module is NFS stuff, so i'm wondering if gcc accessed something on a NFS volume maybe? not that it helped me find the bug directly, just wondering about how to trigger it here. you could also do a binary search in that you compile in modules statically and see when the problem disappears, this way we can quickly figure out at least the culprit module.
(In reply to comment #6) > from a quick look it's a NULL deref in path lookup code, the only > related module is NFS stuff, so i'm wondering if gcc accessed something on a NFS > volume maybe? it's likely an lstat64 call, if you can reproduce it reliably, then you can just strace -f gcc and see the last lstat syscall that fails/triggers the oops. i still don't know how it can trigger a NULL deref though...
the bug turned out to be somewhere else, i missed the AMD prefetch bug workaround that used EIP and needed special handling under KERNEXEC, latest test patch should fix it.
(In reply to comment #8) > the bug turned out to be somewhere else, i missed the AMD prefetch bug > workaround that used EIP and needed special handling under KERNEXEC, latest test > patch should fix it. I tested the patch on my system: the problem disappeared.
Can you confirm working with hardened-sources-2.6.14-r3 please?
(In reply to comment #10) > Can you confirm working with hardened-sources-2.6.14-r3 please? I've been running the new kernel for two days and got no sign of NULL pointers.
Solved in -r3. reopen if needed