[LU-1925] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) Created: 13/Sep/12  Updated: 28/Sep/12  Resolved: 14/Sep/12

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.3.0
Fix Version/s: None

Type: Bug Priority: Blocker
Reporter: Maloo Assignee: WC Triage
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
duplicates LU-1881 sanity test 116 soft lockup Resolved
Severity: 3
Rank (Obsolete): 6328

 Description   

This issue was created by maloo for yujian <yujian@whamcloud.com>

This issue relates to the following test suite run: https://maloo.whamcloud.com/test_sets/36c52fde-fd74-11e1-a1b4-52540035b04c.

Info required for matching: parallel-scale compilebench

Lustre Build: http://build.whamcloud.com/job/lustre-b2_3/17

Console log on MDS (fat-intel-2):

Lustre: DEBUG MARKER: == parallel-scale test compilebench: compilebench == 23:53:48 (1347519228)
Lustre: ctl-lustre-MDT0000: super-sequence allocation rc = 0 [0x0000000200000400-0x0000000240000400):0:mdt
Lustre: DEBUG MARKER: /usr/sbin/lctl mark .\/compilebench -D \/mnt\/lustre\/d0.compilebench -i 4         -r 4 --makej
Lustre: DEBUG MARKER: ./compilebench -D /mnt/lustre/d0.compilebench -i 4 -r 4 --makej
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at ffffc90016c0e810
IP: [<ffffc90016c0e810>] 0xffffc90016c0e810
PGD 63fc15067 PUD 33feb9067 PMD 62f5cb067 PTE 800000063099d163
Oops: 0011 [#1] SMP 
last sysfs file: /sys/devices/system/cpu/cpu23/cache/index2/shared_cpu_map
CPU 15 
Modules linked in: cmm(U) osd_ldiskfs(U) mdt(U) mdd(U) mds(U) fsfilt_ldiskfs(U) mgs(U) mgc(U) ldiskfs(U) jbd2 nfs fscache lustre(U) lquota(U) lov(U) osc(U) mdc(U) fid(U) fld(U) ksocklnd(U) ptlrpc(U) obdclass(U) lnet(U) lvfs(U) sha512_generic sha256_generic libcfs(U) nfsd lockd nfs_acl auth_rpcgss exportfs autofs4 sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm ib_addr ipv6 ib_sa mlx4_ib ib_mad ib_core mlx4_en mlx4_core e1000e microcode serio_raw i2c_i801 i2c_core sg iTCO_wdt iTCO_vendor_support ioatdma dca i7core_edac edac_core shpchp ext3 jbd mbcache sd_mod crc_t10dif ahci dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]

Pid: 8286, comm: mdt01_001 Not tainted 2.6.32-279.5.1.el6_lustre.g634f764.x86_64 #1 Supermicro X8DTT-H/X8DTT-H
RIP: 0010:[<ffffc90016c0e810>]  [<ffffc90016c0e810>] 0xffffc90016c0e810
RSP: 0018:ffff880028323e78  EFLAGS: 00010282
RAX: 0000000000000009 RBX: ffff880028331960 RCX: 0000000000000000
RDX: ffff8802e389e120 RSI: ffff8802e682f180 RDI: ffff8802e389e120
RBP: ffff880028323ec0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff81aa5700
R13: 0000000000000000 R14: ffff8802e389e120 R15: ffff880028331990
FS:  00007fb58c42c700(0000) GS:ffff880028320000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffffc90016c0e810 CR3: 0000000001a85000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process mdt01_001 (pid: 8286, threadinfo ffff880311c9a000, task ffff880311c99500)
Stack:
 ffffffff810e12fd ffffffff81012bd9 ffff880300000009 ffff880028323e90
<d> 0000000000000001 ffffffff81a830c8 0000000000000048 0000000000000100
<d> 0000000000000009 ffff880028323ed0 ffffffff810e154b ffff880028323f40
Call Trace:
 <IRQ> 
 [<ffffffff810e12fd>] ? __rcu_process_callbacks+0x10d/0x330
 [<ffffffff81012bd9>] ? read_tsc+0x9/0x20
 [<ffffffff810e154b>] rcu_process_callbacks+0x2b/0x50
 [<ffffffff81073ec1>] __do_softirq+0xc1/0x1e0
 [<ffffffff81096c50>] ? hrtimer_interrupt+0x140/0x250
 [<ffffffff8100c24c>] call_softirq+0x1c/0x30
 [<ffffffff8100de85>] do_softirq+0x65/0xa0
 [<ffffffff81073ca5>] irq_exit+0x85/0x90
 [<ffffffff81506050>] smp_apic_timer_interrupt+0x70/0x9b
 [<ffffffff8100bc13>] apic_timer_interrupt+0x13/0x20
 <EOI> 
 [<ffffffff8127e661>] ? memmove+0x51/0x1a0
 [<ffffffffa0eba648>] ? iam_insert_key+0x68/0xb0 [osd_ldiskfs]
 [<ffffffffa0eba6d0>] iam_insert_key_lock+0x40/0x50 [osd_ldiskfs]
 [<ffffffffa0ebda3d>] iam_lfix_split+0x12d/0x150 [osd_ldiskfs]
 [<ffffffffa0ebcedd>] iam_it_rec_insert+0x20d/0x300 [osd_ldiskfs]
 [<ffffffffa0ebd071>] iam_insert+0xa1/0xb0 [osd_ldiskfs]
 [<ffffffffa0eb8717>] osd_oi_insert+0x1e7/0x5b0 [osd_ldiskfs]
 [<ffffffffa0eac0e5>] __osd_oi_insert+0x145/0x1e0 [osd_ldiskfs]
 [<ffffffffa0eb0f68>] osd_object_ea_create+0x1d8/0x460 [osd_ldiskfs]
 [<ffffffffa0d7b28c>] mdd_object_create_internal+0x13c/0x2a0 [mdd]
 [<ffffffffa0d9c2fa>] mdd_create+0x16ba/0x20c0 [mdd]
 [<ffffffffa0eaef8f>] ? osd_xattr_get+0x9f/0x360 [osd_ldiskfs]
 [<ffffffffa0f19637>] cml_create+0x97/0x250 [cmm]
 [<ffffffffa0e1eddf>] ? mdt_version_get_save+0x8f/0xd0 [mdt]
 [<ffffffffa0e32b9f>] mdt_reint_open+0x108f/0x18a0 [mdt]
 [<ffffffffa0da200e>] ? md_ucred+0x1e/0x60 [mdd]
 [<ffffffffa0e00235>] ? mdt_ucred+0x15/0x20 [mdt]
 [<ffffffffa0e1c151>] mdt_reint_rec+0x41/0xe0 [mdt]
 [<ffffffffa0e159aa>] mdt_reint_internal+0x50a/0x810 [mdt]
 [<ffffffffa0e15f7d>] mdt_intent_reint+0x1ed/0x500 [mdt]
 [<ffffffffa0e12191>] mdt_intent_policy+0x371/0x6a0 [mdt]
 [<ffffffffa062a881>] ldlm_lock_enqueue+0x361/0x8f0 [ptlrpc]
 [<ffffffffa06529ef>] ldlm_handle_enqueue0+0x48f/0xf70 [ptlrpc]
 [<ffffffffa0e12506>] mdt_enqueue+0x46/0x130 [mdt]
 [<ffffffffa0e09802>] mdt_handle_common+0x922/0x1740 [mdt]
 [<ffffffffa0e0a6f5>] mdt_regular_handle+0x15/0x20 [mdt]
 [<ffffffffa06829cd>] ptlrpc_server_handle_request+0x40d/0xea0 [ptlrpc]
 [<ffffffffa038c65e>] ? cfs_timer_arm+0xe/0x10 [libcfs]
 [<ffffffffa0679f67>] ? ptlrpc_wait_event+0xa7/0x2a0 [ptlrpc]
 [<ffffffff810533f3>] ? __wake_up+0x53/0x70
 [<ffffffffa0683fb9>] ptlrpc_main+0xb59/0x1860 [ptlrpc]
 [<ffffffffa0683460>] ? ptlrpc_main+0x0/0x1860 [ptlrpc]
 [<ffffffff8100c14a>] child_rip+0xa/0x20
 [<ffffffffa0683460>] ? ptlrpc_main+0x0/0x1860 [ptlrpc]
 [<ffffffffa0683460>] ? ptlrpc_main+0x0/0x1860 [ptlrpc]
 [<ffffffff8100c140>] ? child_rip+0x0/0x20
Code: c9 ff ff e0 e7 c0 16 00 c9 ff ff 0a 00 0a 00 00 00 00 00 f8 e7 c0 16 00 c9 ff ff f8 e7 c0 16 00 c9 ff ff 0a 00 0a 00 00 00 00 00 <10> e8 c0 16 00 c9 ff ff 10 e8 c0 16 00 c9 ff ff 0a 00 0a 00 00 
RIP  [<ffffc90016c0e810>] 0xffffc90016c0e810
 RSP <ffff880028323e78>
CR2: ffffc90016c0e810


 Comments   
Comment by Lai Siyao [ 13/Sep/12 ]

This looks to be duplicate of LU-1881, could you patch fix for 1881 and test again?

Comment by Jian Yu [ 13/Sep/12 ]

This looks to be duplicate of LU-1881, could you patch fix for 1881 and test again?

Sure, let me do this. Thanks.

Comment by Jian Yu [ 13/Sep/12 ]

I applied the LU-1881 patch http://review.whamcloud.com/3931 on Lustre b2_3 build #17 in http://review.whamcloud.com/3976. The build has not been started yet.

Comment by Jian Yu [ 14/Sep/12 ]

I applied the LU-1881 patch http://review.whamcloud.com/3931 on Lustre b2_3 build #17 in http://review.whamcloud.com/3976. The build has not been started yet.

Test passed.

This is fixed in LU-1881.

Lustre Build: http://build.whamcloud.com/job/lustre-b2_3/19

parallel-scale test passed: https://maloo.whamcloud.com/test_sets/0a6f8e9a-fe44-11e1-b4cd-52540035b04c

Generated at Sat Feb 10 01:20:53 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.