| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Jan 2023 20:21:46 +0000
From: bugzilla-daemon@...nel.org
To: linux-ext4@...r.kernel.org
Subject: [Bug 216953] BUG: kernel NULL pointer dereference, address:
0000000000000008
https://bugzilla.kernel.org/show_bug.cgi?id=216953
Theodore Tso (tytso@....edu) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tytso@....edu
--- Comment #5 from Theodore Tso (tytso@....edu) ---
To save trouble from people who might need to download and read the attachment,
here it is:
Jan 19 08:25:35 serv209 kernel: RIP: 0010:selinux_inode_free_security+0x5b/0x90
Jan 19 08:25:35 serv209 kernel: Code: 8b 43 08 4c 8d 63 08 48 03 aa 70 03 00 00
49 39 c4 74 2f 48 83 c5
40 48 89 ef e8 20 53 7c 00 48 8b 53 08 48 8b 43 10 48 89 ef <48> 89 42 08 48
89 10 4c 89 63 08 4c 89 6
3 10 5b 5d 41 5c e9 6d 54
Jan 19 08:25:35 serv209 kernel: RSP: 0018:ffffb45c404e7ac0 EFLAGS: 00010246
Jan 19 08:25:35 serv209 kernel: RAX: 0000000000000000 RBX: ffff9e7e98002da0
RCX: 0000000000000000
Jan 19 08:25:35 serv209 kernel: RDX: 0000000000000000 RSI: 0000000000000000
RDI: ffff9e7c8af2c400
Jan 19 08:25:35 serv209 kernel: RBP: ffff9e7c8af2c400 R08: 0000000000000000
R09: 0000000000000000
Jan 19 08:25:35 serv209 kernel: R10: 0000000000000000 R11: 0000000000000000
R12: ffff9e7e98002da8
Jan 19 08:25:35 serv209 kernel: R13: ffff9e7c8d7ea800 R14: 0000000000201c2b
R15: 000000008070ac00
Jan 19 08:25:35 serv209 kernel: FS: 0000000000000000(0000)
GS:ffff9e83cf080000(0000) knlGS:00000000000
00000
Jan 19 08:25:35 serv209 kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Jan 19 08:25:35 serv209 kernel: CR2: 0000000000000008 CR3: 000000083b610006
CR4: 00000000003706e0
Jan 19 08:25:35 serv209 kernel: DR0: 0000000000000000 DR1: 0000000000000000
DR2: 0000000000000000
Jan 19 08:25:35 serv209 kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0
DR7: 0000000000000400
Jan 19 08:25:35 serv209 kernel: Call Trace:
Jan 19 08:25:35 serv209 kernel: <TASK>
Jan 19 08:25:35 serv209 kernel: security_inode_free+0x31/0x70
Jan 19 08:25:35 serv209 kernel: __destroy_inode+0x71/0x180
Jan 19 08:25:35 serv209 kernel: destroy_inode+0x2d/0x80
Jan 19 08:25:35 serv209 kernel: prune_icache_sb+0x7c/0xc0
Jan 19 08:25:35 serv209 kernel: super_cache_scan+0x15e/0x1f0
Jan 19 08:25:35 serv209 kernel: do_shrink_slab+0x13e/0x2f0
Jan 19 08:25:35 serv209 kernel: shrink_slab+0x1f8/0x2a0
Jan 19 08:25:35 serv209 kernel: shrink_node+0x21c/0x720
Jan 19 08:25:35 serv209 kernel: balance_pgdat+0x313/0xa70
Jan 19 08:25:35 serv209 kernel: ? __schedule+0x37f/0x1290
Jan 19 08:25:35 serv209 kernel: ? get_nohz_timer_target+0x1c/0x1a0
Jan 19 08:25:35 serv209 kernel: kswapd+0x1fb/0x3c0
Jan 19 08:25:35 serv209 kernel: ? destroy_sched_domains_rcu+0x30/0x30
Jan 19 08:25:35 serv209 kernel: ? balance_pgdat+0xa70/0xa70
Jan 19 08:25:35 serv209 kernel: kthread+0xed/0x120
Jan 19 08:25:35 serv209 kernel: ? kthread_complete_and_exit+0x20/0x20
Jan 19 08:25:35 serv209 kernel: ret_from_fork+0x1f/0x30
Jan 19 08:25:35 serv209 kernel: </TASK>
If selinux is not being used, it's... strange that we could have ended up in
this path, since it requires inode->i_security being set and the LSM code
deciding that selinux was enabled (and so it called
selinux_inode_free_security).
In any case, this is very clearly not an ext4 bug, so I'm going to pass this
off to the linux-security-module list for them to investigate. Without a
reliable reproducer, though, there may not be much that any of us can do...
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists