lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20070602095009.32d85075.randy.dunlap@oracle.com>
Date:	Sat, 2 Jun 2007 09:50:09 -0700
From:	Randy Dunlap <randy.dunlap@...cle.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Alex Riesen <raa.lkml@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: OOPS (NULL pointer dereference) in v2.6.22-rc3

On Sat, 2 Jun 2007 01:35:02 -0700 Andrew Morton wrote:

> On Sat, 2 Jun 2007 00:15:15 +0200 Alex Riesen <raa.lkml@...il.com> wrote:
> 
> > Ubuntu 7.04, P4, SMT, hyperthreading active. Not reproducable, context unknown,
> > seen only two times :(
> > 
> > kernel: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
> > kernel:  printing eip:
> > kernel: 00000000
> > kernel: *pde = 00000000
> > kernel: Oops: 0000 [#1]
> > kernel: SMP 
> > kernel: Modules linked in: binfmt_misc fan button firmware_class it87 hwmon_vid hwmon i2c_isa p4_clockmod speedstep_lib ipv6 snd_intel8x0 snd_ac97_codec sr_mod cdrom ac97_bus usb_storage snd_pcm_oss sg piix snd_pcm snd_mixer_oss snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq snd_timer snd_seq_device snd e100 floppy generic ehci_hcd uhci_hcd soundcore snd_page_alloc intel_agp agpgart ide_core evdev
> > kernel: CPU:    1
> > kernel: EIP:    0060:[<00000000>]    Not tainted VLI
> > kernel: EFLAGS: 00210246   (2.6.22-rc3-t #74)
> > kernel: EIP is at 0x0
> > kernel: eax: f635b040   ebx: c02df2e0   ecx: 00005403   edx: d2b798c0
> > kernel: esi: d2b798c0   edi: bfca8f48   ebp: e9df5f6c   esp: e9df5f54
> > kernel: ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
> > kernel: Process watch (pid: 24035, ti=e9df5000 task=e2ed8030 task.ti=e9df5000)
> > kernel: Stack: c0164f04 bfca8f48 00005403 d2b798c0 d2b798c0 bfca8f48 e9df5f98 c016514d 
> > kernel:        00000001 e9fb8f49 00000644 00010612 e2ed8140 c1817980 d2b798c0 fffffff7 
> > kernel:        b7e95ff4 e9df5fb0 c0165191 bfca8f48 00000000 00000001 bfca8f48 e9df5000 
> > kernel: Call Trace:
> > kernel:  [show_trace_log_lvl+26/47] show_trace_log_lvl+0x1a/0x2f
> > kernel:  [show_stack_log_lvl+157/165] show_stack_log_lvl+0x9d/0xa5
> > kernel:  [show_registers+441/651] show_registers+0x1b9/0x28b
> > kernel:  [die+273/530] die+0x111/0x212
> > kernel:  [do_page_fault+1060/1266] do_page_fault+0x424/0x4f2
> > kernel:  [error_code+114/120] error_code+0x72/0x78
> > kernel:  [vfs_ioctl+562/581] vfs_ioctl+0x232/0x245
> > kernel:  [sys_ioctl+49/72] sys_ioctl+0x31/0x48
> > kernel:  [sysenter_past_esp+95/133] sysenter_past_esp+0x5f/0x85
> > kernel:  =======================
> > kernel: Code:  Bad EIP value.
> > kernel: EIP: [<00000000>] 0x0 SS:ESP 0068:e9df5f54
> > gconfd (raa-2316): Exiting
> > init: tty4 main process (1607) killed by TERM signal
> > init: tty5 main process (1608) killed by TERM signal
> > init: tty2 main process (1610) killed by TERM signal
> > init: tty3 main process (1613) killed by TERM signal
> > init: tty1 main process (1614) killed by TERM signal
> > init: tty6 main process (1615) killed by TERM signal
> > gdm[1950]: GDM detected a halt or restart in progress.
> > kernel: mtrr: no MTRR for ec000000,4000000 found
> > kernel: mtrr: no MTRR for e8000000,4000000 found
> > postfix/master[2041]: terminating on signal 15
> > exiting on signal 15
> > 
> 
> I think we've seen a report of that before.  Do you recall what the system
> was doing at the time?

That's http://bugzilla.kernel.org/show_bug.cgi?id=8473


> Anyway, please add this, which might catch it:
> 
> --- a/fs/ioctl.c~a
> +++ a/fs/ioctl.c
> @@ -20,6 +20,7 @@ static long do_ioctl(struct file *filp, 
>  		unsigned long arg)
>  {
>  	int error = -ENOTTY;
> +	void *f;
>  
>  	if (!filp->f_op)
>  		goto out;
> @@ -29,10 +30,15 @@ static long do_ioctl(struct file *filp, 
>  		if (error == -ENOIOCTLCMD)
>  			error = -EINVAL;
>  		goto out;
> -	} else if (filp->f_op->ioctl) {
> +	} else if ((f = filp->f_op->ioctl)) {
>  		lock_kernel();
> -		error = filp->f_op->ioctl(filp->f_path.dentry->d_inode,
> -					  filp, cmd, arg);
> +		if (!filp->f_op->ioctl) {
> +			printk("%s: ioctl %p disappeared\n", __FUNCTION__, f);
> +			error = 0;
> +		} else {
> +			error = filp->f_op->ioctl(filp->f_path.dentry->d_inode,
> +						  filp, cmd, arg);
> +		}
>  		unlock_kernel();
>  	}
>  
> _
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 


---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ