| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <469BBE07.2010606@namesys.com> Date: Mon, 16 Jul 2007 22:50:47 +0400 From: Edward Shishkin <edward@...esys.com> To: Andrew Morton <akpm@...ux-foundation.org>, Zan Lynx <zlynx@....org> CC: ReiserFS Mailing List <reiserfs-devel@...r.kernel.org>, Linux kernel mailing list <linux-kernel@...r.kernel.org> Subject: [patch 0/3] reiser4 fixups Zan Lynx wrote: ... >Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP: > [<ffffffff8033d324>] reiser4_tree_by_page+0x4/0x20 >PGD 17594067 PUD d025067 PMD 0 >Oops: 0000 [1] PREEMPT SMP >CPU 0 >Modules linked in: nls_iso8859_1 isofs nls_base snd_pcm_oss snd_mixer_oss netconsole ipv6 usbhid hid snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_timer psmouse serio_raw evdev snd snd_page_alloc ohci_hcd ehci_hcd usbcore sg >Pid: 469720, comm: rhythmbox Not tainted 2.6.22-rc6-mm1 #4 >RIP: 0010:[<ffffffff8033d324>] [<ffffffff8033d324>] reiser4_tree_by_page+0x4/0x20 >RSP: 0018:ffff81000ba03940 EFLAGS: 00010296 >RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000c >RDX: 0000000000000559 RSI: 0000000000000000 RDI: ffff810001433a88 >RBP: ffff810001433a88 R08: 0000000000000000 R09: 0000000000000001 >R10: 0000000000000000 R11: ffffffff8035a350 R12: ffff810001433a88 >R13: ffff81000ba03a90 R14: ffff8100125e0224 R15: ffff8100125e0224 >FS: 0000000043806940(0063) GS:ffffffff8075b000(0000) knlGS:00000000f7cd76b0 >CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b >CR2: 0000000000000000 CR3: 0000000004b9e000 CR4: 00000000000006e0 >DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 >DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 >Process rhythmbox (pid: 469720, threadinfo ffff81000ba02000, task ffff810013c4edd0) >Stack: ffffffff8032649a ffff81000ba03a90 0000000000000000 ffff810001433a88 > ffff81000ba03a58 ffff81000ba03a90 ffff8100125e0224 ffff8100125e0224 > ffffffff8034db75 ffff810000000002 ffff810000000002 ffff810000000002 >Call Trace: > [<ffffffff8032649a>] jnode_of_page+0x2a/0x2c0 > [<ffffffff8034db75>] uf_readpages_filler+0x235/0x300 > [<ffffffff8034d940>] uf_readpages_filler+0x0/0x300 > [<ffffffff8028a586>] read_cache_pages+0x96/0xc0 > [<ffffffff8034dc96>] readpages_unix_file+0x56/0xc0 > [<ffffffff8028a381>] __do_page_cache_readahead+0x1e1/0x2c0 > [<ffffffff8028a66b>] ondemand_readahead+0xbb/0x120 > [<ffffffff80282bc6>] do_generic_mapping_read+0x1b6/0x4b0 > [<ffffffff80281fb0>] file_read_actor+0x0/0x1b0 > [<ffffffff80284f46>] generic_file_aio_read+0x106/0x1c0 > [<ffffffff802ad019>] do_sync_read+0xd9/0x120 > [<ffffffff802a723b>] check_bytes_and_report+0x4b/0x100 > [<ffffffff802a7704>] check_object+0x224/0x260 > [<ffffffff80254580>] autoremove_wake_function+0x0/0x30 > [<ffffffff8052e669>] _spin_unlock+0x29/0x50 > [<ffffffff80330e2c>] reiser4_grab+0x8c/0xd0 > [<ffffffff8034cf9f>] read_unix_file+0x49f/0x4c0 > [<ffffffff802ad995>] vfs_read+0xc5/0x180 > [<ffffffff802ade93>] sys_read+0x53/0x90 > [<ffffffff8020c1de>] system_call+0x7e/0x83 > > > This is bug in Zam's new file_read: unlocked page was reclaimed, then reiser4_tree_by_page() looks at page->mapping->host. The patch #3 fixes this problem. Andrew, please apply the following series. Thanks, Edward. >INFO: lockdep is turned off. > >Code: 48 8b 00 48 8b 80 d0 01 00 00 48 8b 80 18 04 00 00 48 83 c0 >RIP [<ffffffff8033d324>] reiser4_tree_by_page+0x4/0x20 > RSP <ffff81000ba03940> >CR2: 0000000000000000 > > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists