I discovered the following lines in /var/log/kern.log: Feb 9 09:11:09 histor2 ----------- [cut here ] --------- [please bite here ] --------- Feb 9 09:11:09 histor2 Kernel BUG at mm/mmap.c:2200 Feb 9 09:11:09 histor2 invalid opcode: 0000 [1] PREEMPT SMP Feb 9 09:11:09 histor2 CPU 1 Feb 9 09:11:09 histor2 Modules linked in: gspca via82cxxx ide_cd ide_core via drm it87 hwmon_vid i2c_isa snd_usb_audio snd_usb_lib k8temp snd_hwdep pcspkr i2c_viapro parport_pc parport snd_via82$ Feb 9 09:11:09 histor2 Pid: 1331, comm: kcmshell Not tainted 2.6.19-hardened-r5 #1 Feb 9 09:11:09 histor2 RIP: 0010:[<ffffffff80234924>] [<ffffffff80234924>] Feb 9 09:11:09 histor2 RSP: 0018:ffff8100111bdeb8 EFLAGS: 00010206 Feb 9 09:11:09 histor2 RAX: 0000000000000000 RBX: ffff810003865440 RCX: 00000000000008ac Feb 9 09:11:09 histor2 RDX: 000000000000004a RSI: 0000000000005000 RDI: ffff8100b7ed3cc0 Feb 9 09:11:09 histor2 RBP: 0000000000000000 R08: 0000000000005000 R09: 0000000000005000 Feb 9 09:11:09 histor2 R10: 0000000000005000 R11: 0000000000005000 R12: ffff810026708780 Feb 9 09:11:09 histor2 R13: 0000000000000001 R14: 000000000000fd00 R15: 000075f35c918720 Feb 9 09:11:09 histor2 FS: 00003093fa1f3790(0000) GS:ffff810037ffb540(0000) knlGS:0000000000000000 Feb 9 09:11:09 histor2 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b Feb 9 09:11:09 histor2 CR2: 000039bf09944020 CR3: 0000000000201000 CR4: 00000000000006e0 Feb 9 09:11:09 histor2 Process kcmshell (pid: 1331, threadinfo ffff8100111bc000, task ffff8100a58ca780) Feb 9 09:11:09 histor2 Stack: ffff810003865440 00000000000045e6 ffff810026708780 ffff810026708808 Feb 9 09:11:09 histor2 ffff8100a58ca780 ffffffff80236cea ffff8100267087f0 ffff8100b7b4c600 Feb 9 09:11:09 histor2 000000000000fd00 ffffffff80212e25 000075f35c918498 ffffffff8023e4b2 Feb 9 09:11:09 histor2 Call Trace: Feb 9 09:11:09 histor2 [<ffffffff80236cea>] Feb 9 09:11:09 histor2 [<ffffffff80212e25>] Feb 9 09:11:09 histor2 [<ffffffff8023e4b2>] Feb 9 09:11:09 histor2 [<ffffffff80244055>] Feb 9 09:11:09 histor2 [<ffffffff80257bbe>] Feb 9 09:11:09 histor2 Feb 9 09:11:09 histor2 Feb 9 09:11:09 histor2 Code: 0f 0b 68 3b c9 59 80 c2 98 08 41 5b 5b 5b 5d 41 5c c3 53 48 Feb 9 09:11:09 histor2 RIP [<ffffffff80234924>] Feb 9 09:11:09 histor2 RSP <ffff8100111bdeb8> Feb 9 09:11:09 histor2 <1>Fixing recursive fault but reboot is needed! Reproducible: Didn't try Steps to Reproduce: 1. 2. 3. histor2 ~ # emerge --info Portage 2.1.1-r2 (hardened/amd64, gcc-3.4.6, glibc-2.3.6-r5, 2.6.19-hardened-r5 x86_64) ================================================================= System uname: 2.6.19-hardened-r5 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Gentoo Base System release 1.12.8 Last Sync: Fri, 09 Feb 2007 19:00:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -msse3 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=athlon64 -O2 -msse3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect confcache distlocks metadata-transfer parallel-fetch sandbox sfperms strict userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="de_DE@euro" LC_ALL="de_DE@euro" LINGUAS="de en en_GB en_US pt pt_BR" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac acpi alsa alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol amd64 arts avi bash-completion berkdb bitmap-fonts bzip2 cairo cddb cdr cli cracklib crypt cups cvs dbus dga dlloader dri dvd dvdr dvdread eds elibc_glibc emacs emboss encode erandom exif fam ffmpeg firefox flac foomaticdb ftp gdbm gif gphoto2 gpm gstreamer gtk gtk2 hal hardened hardenedphp ieee1394 ifp imagemagick imlib input_devices_evdev input_devices_keyboard input_devices_mouse input_devices_void ipod isdnlog jabber jpeg jpeg2k justify kde kdeenablefinal kdepim kernel_linux lcd_devices_bayrad lcd_devices_cfontz lcd_devices_cfontz633 lcd_devices_glk lcd_devices_hd44780 lcd_devices_lb216 lcd_devices_lcdm001 lcd_devices_mtxorb lcd_devices_ncurses lcd_devices_text ldap libg++ linguas_de linguas_en linguas_en_GB linguas_en_US linguas_pt linguas_pt_BR lm_sensors logitech-mouse lzo lzw mad matroska midi mikmod mng mp3 mp4 mpeg mtp musepack musicbrainz mysql nas ncurses njb nls nptl nptlonly offensive ogg on-the-fly-crypt openexr opengl pam pcre pdf perl pic png ppds pppd python qt3 qt4 quicktime readline reflection samba scanner sdl session sndfile snmp speex spell spl sse sse2 ssl subversion svg tcpd theora tiff truetype truetype-fonts type1-fonts udev unicode usb userland_GNU v4l v4l2 vcd video_cards_dummy video_cards_fbdev video_cards_v4l video_cards_vesa video_cards_via vorbis xine xml xorg xv xvid xvmc yaz zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS
1. unlikely it matters for this bug, but in general, i wouldn't use PREEMPT with PaX, i haven't verified that everything works fine with it. 2. is this BUG reproducible at will? 3. is it reproducible with the latest grsec patch alone? with latest PaX patch alone? i'd also need the kernel .config. 4. is it reproducible without all the grsec related patches (>=4450)? 5. CONFIG_KALLSYMS=y would be nice to enable as it gives a better stack trace. in general, this BUG is triggered much later after something else went wrong in the kernel, so without reproducibility, we can't do much about it.
> 2. is this BUG reproducible at will? no, i've got no idea how to reproduce it. It showed up in my logs only one time since i emerged hardened-sources-2.6.19-r5 which was on Jan 24th.
Created attachment 109874 [details] kernel .config attached
one thing that might be the problem is SANITIZE, i fixed a bug in it not long ago, in particular, the grsec patch in -r5 doesn't have it. so -hardened-sources should move to 2.6.19.3 and the corresponding grsec at least. other than this, i'm afraid i can't do much without reproducing it.
(In reply to comment #4) > one thing that might be the problem is SANITIZE, i fixed a bug in it not long > ago, in particular, the grsec patch in -r5 doesn't have it. so > -hardened-sources should move to 2.6.19.3 and the corresponding grsec at least. > other than this, i'm afraid i can't do much without reproducing it. OK, as you requested I bumped hardened-sources-2.6.19, so it includes Brad's latest grsecurity patch. (In reply to comment #0) > I discovered the following lines in /var/log/kern.log: Jens, could you please test the new version and see if the BUG still occurs ? Feel free to reopen this bug if it's still an issue.
(In reply to comment #5) > (In reply to comment #4) > > one thing that might be the problem is SANITIZE, i fixed a bug in it not long > > ago, in particular, the grsec patch in -r5 doesn't have it. so > > -hardened-sources should move to 2.6.19.3 and the corresponding grsec at least. > > other than this, i'm afraid i can't do much without reproducing it. never mind. thanks. > (In reply to comment #0) > > I discovered the following lines in /var/log/kern.log: > > Jens, could you please test the new version and see if the BUG still occurs ? > Feel free to reopen this bug if it's still an issue. I just booted hardened-sources-2.6.19-r6 with the old .config. Do you think this problem is specific for x86_64? I've got a spare dual xeon i686 machine around. Are there any stress test tools i could run on that machine to try to reproduce the bug?
(In reply to comment #6) > Do you think this problem is specific for x86_64? I've got a spare dual xeon > i686 machine around. Are there any stress test tools i could run on that > machine to try to reproduce the bug? it's not arch specific because SANITIZE itself and its implementation is not arch specific either. other people who ran across that bug would observe it at random, because what triggered it was that the kernel was in the middle of freeing/sanitizing a page when an interrupt and context switch occured and the incoming context attempted the same and when it returned to the interrupted code, the still running sanitize would oops. so what would exercise it is any userland activity that triggers lots of kernel page allocation/freeing.
