lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 4 Dec 2012 05:48:27 -0800
From:	"Bill Huey (hui)" <bill.huey@...il.com>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Cc:	ebiederm@...ssion.com
Subject: BUG: wait_task_zombie NULL dereference

I'm hitting this under a heavy scheduler test load with SCHED_RR tasks
exiting normally after completion and the parent exiting with some of
the pthreads still running:

(gdb) bt
#0  no_context (regs=0xffff880018c55d58, error_code=0, address=4,
signal=signal@...ry=11,
    si_code=si_code@...ry=196609) at arch/x86/mm/fault.c:630
#1  0xffffffff816a02fe in __bad_area_nosemaphore
(regs=regs@...ry=0xffff880018c55d58,
    error_code=error_code@...ry=0, address=address@...ry=4,
si_code=si_code@...ry=196609)
    at arch/x86/mm/fault.c:767
#2  0xffffffff816a0565 in __bad_area (si_code=196609, address=4,
error_code=0, regs=0xffff880018c55d58)
    at arch/x86/mm/fault.c:789
#3  bad_area (regs=regs@...ry=0xffff880018c55d58,
error_code=error_code@...ry=0, address=address@...ry=4)
    at arch/x86/mm/fault.c:795
#4  0xffffffff816b381c in do_page_fault
(regs=regs@...ry=0xffff880018c55d58, error_code=error_code@...ry=0)
    at arch/x86/mm/fault.c:1159
#5  0xffffffff816b2ff5 in do_async_page_fault
(regs=0xffff880018c55d58, error_code=0) at arch/x86/kernel/kvm.c:246
#6  <signal handler called>
#7  wait_task_zombie (p=0xffff88003a034500, wo=0xffff880018c55f00) at
kernel/exit.c:1224
#8  wait_consider_task (p=0xffff88003a034500, ptrace=0,
wo=0xffff880018c55f00) at kernel/exit.c:1591
#9  wait_consider_task (wo=0xffff880018c55f00, ptrace=0,
p=0xffff88003a034500) at kernel/exit.c:1544
#10 0xffffffff8105a910 in do_wait_thread (tsk=0xffff88002f510000,
wo=0xffff880018c55f00) at kernel/exit.c:1666
#11 do_wait (wo=wo@...ry=0xffff880018c55f00) at kernel/exit.c:1735
#12 0xffffffff8105bd45 in sys_wait4 (upid=<optimized out>,
stat_addr=0x7fff40f4168c, options=<optimized out>,
    ru=0x0 <irq_stack_union>) at kernel/exit.c:1865
#13 <signal handler called>
#14 0x00007f58c4d7f4ea in ?? ()
#15 0xffff88000000001b in ?? ()
#16 0xdead4ead001e001e in ?? ()
#17 0x00000000ffffffff in ?? ()
#18 0xffffffffffffffff in ?? ()
#19 0xffffffff8280e5e8 in __key.30461 ()
#20 0xffffffff8205f850 in lock_classes ()
#21 0x0000000000000000 in ?? ()



(gdb) down
#7  wait_task_zombie (p=0xffff88003a034500, wo=0xffff880018c55f00) at
kernel/exit.c:1224
1224            kuid_t two= task_uid(p);


[   23.324284] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000004
[   23.324284] IP: [<ffffffff8105a1a0>] wait_consider_task+0x5b0/0xc20
[   23.324284] PGD 2fa48067 PUD 39ff4067 PMD 0
[   23.324284] Oops: 0000 [#1] SMP

......

It crashes at that point with a NULL dereference it looks like. I
expanded out the arguments for from_kuid_munged() so that gdb can get
at a specific line.

bill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ