Oops with 2.6.18.2: load_elf_binary

From: Sebastian Kärgel
Date: Tue Nov 28 2006 - 01:19:32 EST


Hi,

1. Oops while running 'lunar update' (system update)

2. unable to reproduce

4. 2.6.18.2 without any patches

6. See attachment
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000244
printing eip:
c016ac6f
*pde = 00000000
Oops: 0002 [#1]
Modules linked in:
CPU: 0
EIP: 0060:[<c016ac6f>] Not tainted VLI
EFLAGS: 00210293 (2.6.18.2 #1)
EIP is at load_elf_binary+0x22a/0xc22
eax: 00000008 ebx: c196c320 ecx: f7866be8 edx: 00000008
esi: c04494a8 edi: fffffffe ebp: 00000100 esp: ebdcbef0
ds: 007b es: 007b ss: 0068
Process lin (pid: 19375, ti=ebdca000 task=f1995030 task.ti=ebdca000)
Stack: c04494a8 f6a71cc0 c196c320 00000000 00000000 00000000 00000000 00000000
ffffffff ff000000 00000003 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 c014e681 eb140958 c014e6c5 c1562800
Call Trace:
[<c014e681>] copy_strings+0x19b/0x1ea
[<c014e6c5>] copy_strings+0x1df/0x1ea
[<c014f31d>] search_binary_handler+0x53/0x1b1
[<c014f5be>] do_execve+0x143/0x1af
[<c0101a22>] sys_execve+0x2a/0x58
[<c0102acb>] syscall_call+0x7/0xb
Code: 00 00 00 00 c7 44 24 18 00 00 00 00 c7 44 24 14 00 00 00 00 c7 44 24 24 00 00 00 00 0f b7 53 2c 8b 74 24 04 0f b7 c2 39 44 24 38 <0f> 8d 44 01 00 00 83 3e 03 0f 85 28 01 00 00 8b 56 10 bb f8 ff
EIP: [<c016ac6f>] load_elf_binary+0x22a/0xc22 SS:ESP 0068:ebdcbef0
<1>BUG: unable to handle kernel paging request at virtual address 46a5c5de
printing eip:
c016ac74
*pde = 00000000
Oops: 0002 [#2]
Modules linked in:
CPU: 0
EIP: 0060:[<c016ac74>] Not tainted VLI
EFLAGS: 00210293 (2.6.18.2 #1)
EIP is at load_elf_binary+0x22f/0xc22
eax: c18f2b10 ebx: c196c1a0 ecx: c18f2b08 edx: 00000008
esi: c8bc80c0 edi: fffffffe ebp: 00000100 esp: ca4cbeec
ds: 007b es: 007b ss: 0068
Process lunar (pid: 1520, ti=ca4ca000 task=df7f6a70 task.ti=ca4ca000)
Stack: c8bc80c0 c04494a8 c4c8bc80 c196c1a0 00000000 00000000 04000000 00000000
00000000 00ffffff 0f000000 00000003 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 c014e681 c446f9f7 c014e6c5
Call Trace:
[<c014e681>] copy_strings+0x19b/0x1ea
[<c014e6c5>] copy_strings+0x1df/0x1ea
[<c014f31d>] search_binary_handler+0x53/0x1b1
[<c014f5be>] do_execve+0x143/0x1af
[<c0101a22>] sys_execve+0x2a/0x58
[<c0102acb>] syscall_call+0x7/0xb
Code: 44 24 18 00 00 00 00 c7 44 24 14 00 00 00 00 c7 44 24 24 00 00 00 00 0f b7 53 2c 8b 74 24 04 0f b7 c2 39 44 24 38 0f 8d 44 01 00 <00> 83 3e 03 0f 85 28 01 00 00 8b 56 10 bb f8 ff ff ff 8d 42 fe
EIP: [<c016ac74>] load_elf_binary+0x22f/0xc22 SS:ESP 0068:ca4cbeec
<1>BUG: unable to handle kernel paging request at virtual address 46a5d35e
printing eip:
c016ac74
*pde = 00000000
Oops: 0002 [#3]
Modules linked in:
CPU: 0
EIP: 0060:[<c016ac74>] Not tainted VLI
EFLAGS: 00210293 (2.6.18.2 #1)
EIP is at load_elf_binary+0x22f/0xc22
eax: c2800b65 ebx: c196cf20 ecx: c2800b60 edx: 00000005
esi: 96c3e0c0 edi: fffffffe ebp: 000000a0 esp: d69b5eec
ds: 007b es: 007b ss: 0068
Process ldd (pid: 24701, ti=d69b4000 task=c191eab0 task.ti=d69b4000)
Stack: 96c3e0c0 c04494a8 c196c3e0 c196cf20 00000000 00000000 04000000 00000000
00000000 00ffffff 0f000000 00000003 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 c014e681 f7fb8899 c014e6c5
Call Trace:
[<c014e681>] copy_strings+0x19b/0x1ea
[<c014e6c5>] copy_strings+0x1df/0x1ea
[<c014f31d>] search_binary_handler+0x53/0x1b1
[<c014f5be>] do_execve+0x143/0x1af
[<c0101a22>] sys_execve+0x2a/0x58
[<c0102acb>] syscall_call+0x7/0xb
Code: 44 24 18 00 00 00 00 c7 44 24 14 00 00 00 00 c7 44 24 24 00 00 00 00 0f b7 53 2c 8b 74 24 04 0f b7 c2 39 44 24 38 0f 8d 44 01 00 <00> 83 3e 03 0f 85 28 01 00 00 8b 56 10 bb f8 ff ff ff 8d 42 fe
EIP: [<c016ac74>] load_elf_binary+0x22f/0xc22 SS:ESP 0068:d69b5eec
<1>BUG: unable to handle kernel NULL pointer dereference at virtual address 00000244
printing eip:
c016ac6f
*pde = 00000000
Oops: 0002 [#4]
Modules linked in:
CPU: 0
EIP: 0060:[<c016ac6f>] Not tainted VLI
EFLAGS: 00210293 (2.6.18.2 #1)
EIP is at load_elf_binary+0x22a/0xc22
eax: 00000008 ebx: c196c620 ecx: e34334e0 edx: 00000008
esi: c04494a8 edi: fffffffe ebp: 00000100 esp: f1919ef0
ds: 007b es: 007b ss: 0068
Process sh (pid: 25384, ti=f1918000 task=e8741a70 task.ti=f1918000)
Stack: c04494a8 c60e11e0 c196c620 00000000 00000000 00000000 00000000 00000000
ffffffff ff000000 00000003 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 c014e681 cadbd6f8 c014e6c5 c115b7a0
Call Trace:
[<c014e681>] copy_strings+0x19b/0x1ea
[<c014e6c5>] copy_strings+0x1df/0x1ea
[<c014f31d>] search_binary_handler+0x53/0x1b1
[<c014f5be>] do_execve+0x143/0x1af
[<c0101a22>] sys_execve+0x2a/0x58
[<c0102acb>] syscall_call+0x7/0xb
Code: 00 00 00 00 c7 44 24 18 00 00 00 00 c7 44 24 14 00 00 00 00 c7 44 24 24 00 00 00 00 0f b7 53 2c 8b 74 24 04 0f b7 c2 39 44 24 38 <0f> 8d 44 01 00 00 83 3e 03 0f 85 28 01 00 00 8b 56 10 bb f8 ff
EIP: [<c016ac6f>] load_elf_binary+0x22a/0xc22 SS:ESP 0068:f1919ef0
<1>BUG: unable to handle kernel NULL pointer dereference at virtual address 00000224
printing eip:
c016ac6f
*pde = 00000000
Oops: 0002 [#5]
Modules linked in:
CPU: 0
EIP: 0060:[<c016ac6f>] Not tainted VLI
EFLAGS: 00210297 (2.6.18.2 #1)
EIP is at load_elf_binary+0x22a/0xc22
eax: 00000007 ebx: c196c560 ecx: f7c30aa8 edx: 00000007
esi: c04494a8 edi: fffffffe ebp: 000000e0 esp: cd8d1ef0
ds: 007b es: 007b ss: 0068
Process sh (pid: 18019, ti=cd8d0000 task=d9edca70 task.ti=cd8d0000)
Stack: c04494a8 cdf75b80 c196c560 00000000 00000000 00000000 00000000 00000000
ffffffff ff000000 00000003 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 c014e681 e987d6d1 c014e6c5 c1530fa0
Call Trace:
[<c014e681>] copy_strings+0x19b/0x1ea
[<c014e6c5>] copy_strings+0x1df/0x1ea
[<c014f31d>] search_binary_handler+0x53/0x1b1
[<c014f5be>] do_execve+0x143/0x1af
[<c0101a22>] sys_execve+0x2a/0x58
[<c0102acb>] syscall_call+0x7/0xb
Code: 00 00 00 00 c7 44 24 18 00 00 00 00 c7 44 24 14 00 00 00 00 c7 44 24 24 00 00 00 00 0f b7 53 2c 8b 74 24 04 0f b7 c2 39 44 24 38 <0f> 8d 44 01 00 00 83 3e 03 0f 85 28 01 00 00 8b 56 10 bb f8 ff
EIP: [<c016ac6f>] load_elf_binary+0x22a/0xc22 SS:ESP 0068:cd8d1ef0
<1>BUG: unable to handle kernel NULL pointer dereference at virtual address 00000224
printing eip:
c016ac6f
*pde = 00000000
Oops: 0002 [#6]
Modules linked in:
CPU: 0
EIP: 0060:[<c016ac6f>] Not tainted VLI
EFLAGS: 00210297 (2.6.18.2 #1)
EIP is at load_elf_binary+0x22a/0xc22
eax: 00000007 ebx: c196c6e0 ecx: f7c30928 edx: 00000007
esi: c04494a8 edi: fffffffe ebp: 000000e0 esp: d8281ef0
ds: 007b es: 007b ss: 0068
Process sh (pid: 28651, ti=d8280000 task=f1297570 task.ti=d8280000)
Stack: c04494a8 d346d560 c196c6e0 00000000 00000000 00000000 00000000 00000000
ffffffff ff000000 00000003 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 c014e681 dc84372e c014e6c5 c1390860
Call Trace:
[<c014e681>] copy_strings+0x19b/0x1ea
[<c014e6c5>] copy_strings+0x1df/0x1ea
[<c014f31d>] search_binary_handler+0x53/0x1b1
[<c014f5be>] do_execve+0x143/0x1af
[<c0101a22>] sys_execve+0x2a/0x58
[<c0102acb>] syscall_call+0x7/0xb
Code: 00 00 00 00 c7 44 24 18 00 00 00 00 c7 44 24 14 00 00 00 00 c7 44 24 24 00 00 00 00 0f b7 53 2c 8b 74 24 04 0f b7 c2 39 44 24 38 <0f> 8d 44 01 00 00 83 3e 03 0f 85 28 01 00 00 8b 56 10 bb f8 ff
EIP: [<c016ac6f>] load_elf_binary+0x22a/0xc22 SS:ESP 0068:d8281ef0
<1>BUG: unable to handle kernel paging request at virtual address 46a5cc9e
printing eip:
c016ac74
*pde = 00000000
Oops: 0002 [#7]
Modules linked in:
CPU: 0
EIP: 0060:[<c016ac74>] Not tainted VLI
EFLAGS: 00210293 (2.6.18.2 #1)
EIP is at load_elf_binary+0x22f/0xc22
eax: f7c30cf0 ebx: c196c860 ecx: f7c30ce8 edx: 00000008
esi: fd6dc000 edi: fffffffe ebp: 00000100 esp: c4e15eec
ds: 007b es: 007b ss: 0068
Process lunar (pid: 6315, ti=c4e14000 task=da8c4a70 task.ti=c4e14000)
Stack: fd6dc000 00000ff2 c8fd6dc0 c196c860 00000000 00000000 04000000 00000000
00000000 00ffffff 0f000000 00000003 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 c014e681 e31089fd c014e6c5
Call Trace:
[<c014e681>] copy_strings+0x19b/0x1ea
[<c014e6c5>] copy_strings+0x1df/0x1ea
[<c014f31d>] search_binary_handler+0x53/0x1b1
[<c014f5be>] do_execve+0x143/0x1af
[<c0101a22>] sys_execve+0x2a/0x58
[<c0102acb>] syscall_call+0x7/0xb
Code: 44 24 18 00 00 00 00 c7 44 24 14 00 00 00 00 c7 44 24 24 00 00 00 00 0f b7 53 2c 8b 74 24 04 0f b7 c2 39 44 24 38 0f 8d 44 01 00 <00> 83 3e 03 0f 85 28 01 00 00 8b 56 10 bb f8 ff ff ff 8d 42 fe
EIP: [<c016ac74>] load_elf_binary+0x22f/0xc22 SS:ESP 0068:c4e15eec