Stack corruption happens between redirfs and talpa_vfshook
Issue
- System crashed with the below log.
...
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff8155aafa>] schedule+0x50a/0xcb0
Kernel PGD 0
User PGD 0
Thread overran stack, or stack corrupted
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/system/node/node0/meminfo
CPU 6
Modules linked in:
wdavdaemon[15762]: segfault at ffffffffa02da6da ip 00007f0cc58fb258 sp 00007f0c326fc370 error 4 in libc-2.12.so[7f0cc5881000+18b000]
talpa_pedconnector(U) talpa_pedevice(U) talpa_vfshook(U) talpa_vcdevice(U) talpa_syscall(U) talpa_core(U) talpa_linux(U) talpa_syscallhookprobe(U) talpa_syscallhook(U) redirfs(U) falcon_lsm_pinned_15309(U) falcon_lsm_pinned_15110(U) falcon_lsm_pinned_15003(U) falcon_lsm_pinned_14713(U) falcon_lsm_pinned_14812(U) dcdbas nfs lockd fscache auth_rpcgss nfs_acl autofs4 sunrpc cpufreq_ondemand acpi_cpufreq freq_table mperf bonding ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables ipv6 ext4 jbd2 vfat fat ipmi_si ipmi_msghandler microcode iTCO_wdt iTCO_vendor_support cdc_ether usbnet mii joydev i2c_i801 lpc_ich mfd_core shpchp igb i2c_algo_bit i2c_core ptp pps_core ioatdma dca sg ext3 jbd mbcache sr_mod cdrom sd_mod crc_t10dif ahci megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod [last unloaded: ampavflt]
Pid: 15815, comm: wdavdaemon Tainted: P -- ------------ 2.6.32-754.35.1.el6.x86_64 #1 IBM System x3650 M4 : -[7915UWA]-/00Y8362
RIP: 0010:[<ffffffff8155aafa>] [<ffffffff8155aafa>] schedule+0x50a/0xcb0
RSP: 0000:ffff880100cbba18 EFLAGS: 00010296
RAX: 0000000000000084 RBX: ffff880100cbbb58 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8804344b8040 RDI: ffff880036798c00
RBP: 0000000000000000 R08: ffff880100cb8000 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8803211b1a38
R13: ffff8804345959c0 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f0c9bfff700(0000) GS:ffff880036780000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000388c86000 CR4: 00000000000607e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Process wdavdaemon (pid: 15815, threadinfo ffff880100cb8000, task ffff8804344b8040)
Stack:
ffff880100cbbab8 ffffffff00000037 ffff880100cbba28 ffff880100cbba28
<d> 0000000000000000 0000000000000246 ffff880100cbba78 ffff880285d11240
<d> ffff8803211b1a38 ffff8804345959c0 ffff880285d11254 ffff8803e981afa0
Call Trace:
[<ffffffffa026ee05>] ? talpaOpen+0x125/0x230 [talpa_vfshook]
[<ffffffffa02da6c2>] ? rfs_open+0x212/0x590 [redirfs]
[<ffffffff811bba93>] ? do_sys_poll+0x4b3/0x5e0
[<ffffffffa026ee05>] ? talpaOpen+0x125/0x230 [talpa_vfshook]
[<ffffffffa02da6c2>] ? rfs_open+0x212/0x590 [redirfs]
[<ffffffff811bacc0>] ? pollwake+0x0/0x60
[<ffffffffa026ee05>] ? talpaOpen+0x125/0x230 [talpa_vfshook]
[<ffffffffa02da6c2>] ? rfs_open+0x212/0x590 [redirfs]
[<ffffffff81071b60>] ? wake_up_state+0x10/0x20
[<ffffffff810c008c>] ? wake_futex+0x3c/0x60
[<ffffffff810c08c3>] ? futex_wake+0x93/0x150
[<ffffffffa026ee05>] ? talpaOpen+0x125/0x230 [talpa_vfshook]
[<ffffffffa02da6c2>] ? rfs_open+0x212/0x590 [redirfs]
[<ffffffffa026ee05>] ? talpaOpen+0x125/0x230 [talpa_vfshook]
[<ffffffffa02da6c2>] ? rfs_open+0x212/0x590 [redirfs]
[<ffffffff811bbdb1>] ? sys_poll+0x71/0x100
[<ffffffffa026ee05>] ? talpaOpen+0x125/0x230 [talpa_vfshook]
[<ffffffffa02da6c2>] ? rfs_open+0x212/0x590 [redirfs]
Code: 07 00 00 65 48 8b 04 25 08 fc 00 00 48 8b 80 38 c0 ff ff a8 08 0f 85 3a fb ff ff 48 81 c4 a8 00 00 00 5b 41 5c 41 5d 41 5e 41 5f <c9> c3 0f 1f 40 00 48 8b 55 98 48 83 ba 38 04 00 00 00 0f 85 f5
RIP [<ffffffff8155aafa>] schedule+0x50a/0xcb0
RSP <ffff880100cbba18>
CR2: 0000000000000000
Environment
- Red Hat Enterprise Linux 6
- 3rd party modules loaded
- redirfs
- talpa_vfshook
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
