Bug#444961: starting a domU kills the system
Package: linux-image-2.6.18-5-xen-amd64
Version: 2.6.18.dfsg.1-13etch2
Severity: critical
Hi,
after starting a domU with linux-image-2.6.18-xen-3.1-1-amd64, version
2.6.18.dfsg.1-15+xen.1 (from
http://194.39.182.225/debian/linux-2.6/xen-extra/ as told by waldi),
the host system and all domUs suddenly stop with this error:
Oct 2 01:42:23 urd kernel: ----------- [cut here ] --------- [please bite here ] ---------
Oct 2 01:42:23 urd kernel: CPU 1
Oct 2 01:42:23 urd kernel: Modules linked in: xt_physdev xfs iptable_filter ip_tables x_tables ipv6 bridge loop floppy shpchp pci_hotplug serial
_core pcspkr serio_raw psmouse i2c_nforce2 i2c_core evdev joydev ext3 jbd mbcache dm_mirror dm_snapshot dm_mod raid456 xor raid1 md_mod ide_gener
ic ide_cd cdrom sd_mod usb_storage usbhid sata_nv libata scsi_mod e1000 amd74xx forcedeth ohci_hcd generic ide_core ehci_hcd fan
Oct 2 01:42:23 urd kernel: Pid: 21, comm: xenwatch Not tainted 2.6.18-5-xen-amd64 #1
Oct 2 01:42:23 urd kernel: RIP: e030:[<ffffffff80360ee3>] [<ffffffff80360ee3>] retrigger+0x26/0x3e
Oct 2 01:42:23 urd kernel: RSP: e02b:ffff8800f2917d88 EFLAGS: 00010046
Oct 2 01:42:23 urd kernel: RAX: 0000000000000000 RBX: 0000000000008980 RCX: ffffffffff578000
Oct 2 01:42:23 urd kernel: RDX: 0000000000000024 RSI: ffff8800f2917d30 RDI: 0000000000000113
Oct 2 01:42:23 urd kernel: RBP: ffffffff804cde00 R08: ffff8800f284cbf0 R09: ffff88000a36fd00
Oct 2 01:42:23 urd kernel: R10: ffff88000a36f800 R11: ffffffff80360ebd R12: 0000000000000113
Oct 2 01:42:23 urd kernel: R13: ffffffff804cde3c R14: 0000000000000000 R15: 0000000000000008
Oct 2 01:42:23 urd kernel: FS: 00002b6951249ae0(0000) GS:ffffffff804c4080(0000) knlGS:0000000000000000
Oct 2 01:42:23 urd kernel: CS: e033 DS: 0000 ES: 0000
Oct 2 01:42:23 urd kernel: Process xenwatch (pid: 21, threadinfo ffff8800f2916000, task ffff8800f28f5080)
Oct 2 01:42:23 urd kernel: Stack: ffffffff802a0646 ffff88000a36fd00 ffff88000a36fd00 0000000000000000
Oct 2 01:42:23 urd kernel: ffff8800f2917de0 000000000000020b ffffffff8036da4e 0000000000000000
Oct 2 01:42:23 urd kernel: ffffffff8036dec6 ffff8800f2917ea4
Oct 2 01:42:23 urd kernel: Call Trace:
Oct 2 01:42:23 urd kernel: [<ffffffff802a0646>] enable_irq+0x9d/0xbc
Oct 2 01:42:23 urd kernel: [<ffffffff8036da4e>] __netif_up+0xc/0x15
Oct 2 01:42:23 urd kernel: [<ffffffff8036dec6>] netif_map+0x2a6/0x2d8
Oct 2 01:42:23 urd kernel: [<ffffffff8035c227>] bus_for_each_dev+0x61/0x6e
Oct 2 01:42:23 urd kernel: [<ffffffff803666d0>] xenwatch_thread+0x0/0x145
Oct 2 01:42:23 urd kernel: [<ffffffff803666d0>] xenwatch_thread+0x0/0x145
Oct 2 01:42:23 urd kernel: [<ffffffff80368210>] frontend_changed+0x2ba/0x4f9
Oct 2 01:42:23 urd kernel: [<ffffffff803666d0>] xenwatch_thread+0x0/0x145
Oct 2 01:42:23 urd kernel: [<ffffffff8028f837>] keventd_create_kthread+0x0/0x61
Oct 2 01:42:23 urd kernel: [<ffffffff80365ade>] xenwatch_handle_callback+0x15/0x48
Oct 2 01:42:23 urd kernel: [<ffffffff803667fd>] xenwatch_thread+0x12d/0x145
Oct 2 01:42:23 urd kernel: [<ffffffff8028f9fa>] autoremove_wake_function+0x0/0x2e
Oct 2 01:42:23 urd kernel: [<ffffffff8028f837>] keventd_create_kthread+0x0/0x61
Oct 2 01:42:23 urd kernel: [<ffffffff803666d0>] xenwatch_thread+0x0/0x145
Oct 2 01:42:23 urd kernel: [<ffffffff802334da>] kthread+0xd4/0x107
Oct 2 01:42:23 urd kernel: [<ffffffff8025c7d8>] child_rip+0xa/0x12
Oct 2 01:42:23 urd kernel: [<ffffffff8028f837>] keventd_create_kthread+0x0/0x61
Oct 2 01:42:23 urd kernel: [<ffffffff80233406>] kthread+0x0/0x107
Oct 2 01:42:23 urd kernel: [<ffffffff8025c7ce>] child_rip+0x0/0x12
The host (and all domUs) run etch, with the only exception being the
newer kernel.
Setting this bug report to critical as crashing the whole machine by
starting a new guest sounds to me like an exploitable issue in the xen
handlers. (This could of course be wrong, so feel free to adjust the
severity.)
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
Reply to: