linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* 2.4.23: postfix oopses on mmap?
@ 2003-12-04 22:38 Thilo Schulz
  0 siblings, 0 replies; only message in thread
From: Thilo Schulz @ 2003-12-04 22:38 UTC (permalink / raw)
  To: linux-kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I have installed the new kernel 2.4.23 in order to fix the brk() bug that 
appeared recently.
After about 2 and a half days of uptime the following errors appeared in 
/var/log/syslog:

Dec  4 21:56:08 server master[1371]: about to exec /usr/cyrus/bin/pop3d
Dec  4 21:56:08 server pop3[1371]: executed
Dec  4 21:56:08 server pop3d[1371]: accepted connection
Dec  4 21:56:09 server pop3d[1371]: mystore: starting txn 2147483781
Dec  4 21:56:09 server pop3d[1371]: mystore: committing txn 2147483781
Dec  4 21:56:09 server pop3d[1371]: starttls: TLSv1 with cipher RC4-MD5 
(128/128 bits new) no authentication
Dec  4 21:56:09 server kernel: kernel BUG at page_alloc.c:103!
Dec  4 21:56:09 server kernel: invalid operand: 0000
Dec  4 21:56:09 server kernel: CPU:    0
Dec  4 21:56:09 server kernel: EIP:    0010:[__free_pages_ok+54/672]    Not 
tainted
Dec  4 21:56:09 server kernel: EFLAGS: 00010286
Dec  4 21:56:09 server kernel: eax: 0100000c   ebx: c153fa3c   ecx: c153fa3c   
edx: 00000000
Dec  4 21:56:09 server kernel: esi: 00000000   edi: cc089f40   ebp: dcb63200   
esp: d02c9e94
Dec  4 21:56:09 server kernel: ds: 0018   es: 0018   ss: 0018
Dec  4 21:56:09 server kernel: Process saslauthd (pid: 1367, 
stackpage=d02c9000)
Dec  4 21:56:09 server kernel: Stack: c153fa3c c119a8a8 cc089f40 dcb63200 
dcb63200 cc089f40 c0284b7f c153fa3c
Dec  4 21:56:09 server kernel:        c119a8a8 c0284ce9 c9549000 de898000 
c01240bc c012dedb c01240c8 401aef3c
Dec  4 21:56:09 server kernel:        dcb63200 00000001 cc089f40 c0124182 
dcb63200 cc089f40 401aef3c 00000001
Dec  4 21:56:09 server kernel: Call Trace:    [fast_copy_page+15/224] 
[mmx_copy_page+41/48] [do_no_page+252/368] [__free_pages+27/32] 
[do_no_page+264/368]
Dec  4 21:56:09 server kernel:   [handle_mm_fault+82/176] 
[do_page_fault+355/1156] [do_page_fault+0/1156] [schedule+758/800] 
[syscall_trace+61/96] [error_code+52/60]
Dec  4 21:56:09 server kernel:
Dec  4 21:56:09 server kernel: Code: 0f 0b 67 00 f3 4d 29 c0 83 7b 08 00 74 08 
0f 0b 69 00 f3 4d

These errors appear when postfix starts some of its programs it uses like qmgr 
or pickup, or when cyrus checks for a correct password with saslauthd. I was 
able to strace the saslauthd process that caused the error report in 
/var/log/syslog.

Following is the result:

open("/lib/libnsl.so.1", O_RDONLY)      = 11
read(11, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 ;\0\000"..., 1024) = 
1024
fstat64(11, {st_mode=S_IFREG|0644, st_size=69472, ...}) = 0
old_mmap(NULL, 80988, PROT_READ|PROT_EXEC, MAP_PRIVATE, 11, 0) = 0x401cd000
mprotect(0x401de000, 11356, PROT_NONE)  = 0
old_mmap(0x401de000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 11, 
0x10000) = 0x401de000
old_mmap(0x401df000, 7260, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401df000
close(11)                               = 0
open("/lib/libm.so.6", O_RDONLY)        = 11
read(11, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\2007\0"..., 1024) = 
1024
fstat64(11, {st_mode=S_IFREG|0644, st_size=130088, ...}) = 0
old_mmap(NULL, 132708, PROT_READ|PROT_EXEC, MAP_PRIVATE, 11, 0) = 0x401e1000
mprotect(0x40201000, 1636, PROT_NONE)   = 0
old_mmap(0x40201000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 11, 
0x1f000) = 0x40201000
close(11)                               = 0
+++ killed by SIGSEGV +++

What could be causing this? I thought about the possibility, that the server 
could have been compromised, but so far, there is no evidence of that. 
chkrootkit did not bring back anything, and comparing the md5sums in /sbin/ , 
/bin/   and  /lib/   did not return any suspicious results.
Meanwhile, even debsums seems to crash. Here the corresponding syslog entries:

Dec  4 22:14:05 server kernel: kernel BUG at page_alloc.c:103!
Dec  4 22:14:05 server kernel: invalid operand: 0000
Dec  4 22:14:05 server kernel: CPU:    0
Dec  4 22:14:05 server kernel: EIP:    0010:[__free_pages_ok+54/672]    Not 
tainted
Dec  4 22:14:05 server kernel: EFLAGS: 00010286
Dec  4 22:14:05 server kernel: eax: 0100000c   ebx: c153fa3c   ecx: c153fa3c   
edx: 00000000
Dec  4 22:14:05 server kernel: esi: 00000000   edi: 00000000   ebp: de8f5144   
esp: cd03dee8
Dec  4 22:14:05 server kernel: ds: 0018   es: 0018   ss: 0018
Dec  4 22:14:05 server kernel: Process debsums (pid: 1517, stackpage=cd03d000)
Dec  4 22:14:05 server kernel: Stack: c153fa3c 00001000 00000000 de8f5144 
00000000 cd03c000 c0126588 c14044ac
Dec  4 22:14:05 server kernel:        c153fa3c c153fa3c c15fc118 00000000 
de8f5144 c012dedb c0126bd5 cd03df8c
Dec  4 22:14:05 server kernel:        c153fa3c 00000000 00001000 00000000 
dcd388c0 ffffffea 00001000 00001000
Dec  4 22:14:05 server kernel: Call Trace:    [__lock_page+184/192] 
[__free_pages+27/32] [do_generic_file_read+517/1088] 
[generic_file_read+147/400] [file_read_actor+0/144]
Dec  4 22:14:05 server kernel:   [sys_read+150/240] [system_call+51/56]
Dec  4 22:14:05 server kernel:
Dec  4 22:14:05 server kernel: Code: 0f 0b 67 00 f3 4d 29 c0 83 7b 08 00 74 08 
0f 0b 69 00 f3 4d

Please include me in the CC, as I am not subscribed to this list.

- --
 - Thilo Schulz

My public GnuPG key is available at http://home.bawue.de/~arny/public_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/z7d+Zx4hBtWQhl4RAh8lAJ9inRQA7jKyedggi8XR35gZXyudLACfSh3V
T/8XLKKaAJh5IAVLtZ6kIyU=
=boNd
-----END PGP SIGNATURE-----


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2003-12-04 23:13 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-12-04 22:38 2.4.23: postfix oopses on mmap? Thilo Schulz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).