lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bug-216953-13602-DfRjiRDwj1@https.bugzilla.kernel.org/>
Date:   Thu, 19 Jan 2023 20:21:46 +0000
From:   bugzilla-daemon@...nel.org
To:     linux-ext4@...r.kernel.org
Subject: [Bug 216953] BUG: kernel NULL pointer dereference, address:
 0000000000000008

https://bugzilla.kernel.org/show_bug.cgi?id=216953

Theodore Tso (tytso@....edu) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |tytso@....edu

--- Comment #5 from Theodore Tso (tytso@....edu) ---
To save trouble from people who might need to download and read the attachment,
here it is:

Jan 19 08:25:35 serv209 kernel: RIP: 0010:selinux_inode_free_security+0x5b/0x90
Jan 19 08:25:35 serv209 kernel: Code: 8b 43 08 4c 8d 63 08 48 03 aa 70 03 00 00
49 39 c4 74 2f 48 83 c5
 40 48 89 ef e8 20 53 7c 00 48 8b 53 08 48 8b 43 10 48 89 ef <48> 89 42 08 48
89 10 4c 89 63 08 4c 89 6
3 10 5b 5d 41 5c e9 6d 54
Jan 19 08:25:35 serv209 kernel: RSP: 0018:ffffb45c404e7ac0 EFLAGS: 00010246
Jan 19 08:25:35 serv209 kernel: RAX: 0000000000000000 RBX: ffff9e7e98002da0
RCX: 0000000000000000
Jan 19 08:25:35 serv209 kernel: RDX: 0000000000000000 RSI: 0000000000000000
RDI: ffff9e7c8af2c400
Jan 19 08:25:35 serv209 kernel: RBP: ffff9e7c8af2c400 R08: 0000000000000000
R09: 0000000000000000
Jan 19 08:25:35 serv209 kernel: R10: 0000000000000000 R11: 0000000000000000
R12: ffff9e7e98002da8
Jan 19 08:25:35 serv209 kernel: R13: ffff9e7c8d7ea800 R14: 0000000000201c2b
R15: 000000008070ac00
Jan 19 08:25:35 serv209 kernel: FS:  0000000000000000(0000)
GS:ffff9e83cf080000(0000) knlGS:00000000000
00000
Jan 19 08:25:35 serv209 kernel: CS:  0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Jan 19 08:25:35 serv209 kernel: CR2: 0000000000000008 CR3: 000000083b610006
CR4: 00000000003706e0
Jan 19 08:25:35 serv209 kernel: DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
Jan 19 08:25:35 serv209 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400
Jan 19 08:25:35 serv209 kernel: Call Trace:
Jan 19 08:25:35 serv209 kernel:  <TASK>
Jan 19 08:25:35 serv209 kernel:  security_inode_free+0x31/0x70
Jan 19 08:25:35 serv209 kernel:  __destroy_inode+0x71/0x180
Jan 19 08:25:35 serv209 kernel:  destroy_inode+0x2d/0x80
Jan 19 08:25:35 serv209 kernel:  prune_icache_sb+0x7c/0xc0
Jan 19 08:25:35 serv209 kernel:  super_cache_scan+0x15e/0x1f0
Jan 19 08:25:35 serv209 kernel:  do_shrink_slab+0x13e/0x2f0
Jan 19 08:25:35 serv209 kernel:  shrink_slab+0x1f8/0x2a0
Jan 19 08:25:35 serv209 kernel:  shrink_node+0x21c/0x720
Jan 19 08:25:35 serv209 kernel:  balance_pgdat+0x313/0xa70
Jan 19 08:25:35 serv209 kernel:  ? __schedule+0x37f/0x1290
Jan 19 08:25:35 serv209 kernel:  ? get_nohz_timer_target+0x1c/0x1a0
Jan 19 08:25:35 serv209 kernel:  kswapd+0x1fb/0x3c0
Jan 19 08:25:35 serv209 kernel:  ? destroy_sched_domains_rcu+0x30/0x30
Jan 19 08:25:35 serv209 kernel:  ? balance_pgdat+0xa70/0xa70
Jan 19 08:25:35 serv209 kernel:  kthread+0xed/0x120
Jan 19 08:25:35 serv209 kernel:  ? kthread_complete_and_exit+0x20/0x20
Jan 19 08:25:35 serv209 kernel:  ret_from_fork+0x1f/0x30
Jan 19 08:25:35 serv209 kernel:  </TASK>

If selinux is not being used, it's... strange that we could have ended up in
this path, since it requires inode->i_security being set and the LSM code
deciding that selinux was enabled (and so it called
selinux_inode_free_security).

In any case, this is very clearly not an ext4 bug, so I'm going to pass this
off to the linux-security-module list for them to investigate.  Without a
reliable reproducer, though, there may not be much that any of us can do...

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ