lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46F79AC4.9010308@linux.vnet.ibm.com>
Date:	Mon, 24 Sep 2007 16:38:52 +0530
From:	Balbir Singh <balbir@...ux.vnet.ibm.com>
To:	Valdis.Kletnieks@...edu
CC:	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, Dave Hansen <haveblue@...ibm.com>
Subject: Re: 2.6.23-rc7-mm1 - 'touch' command causes Oops.

Valdis.Kletnieks@...edu wrote:
> On Mon, 24 Sep 2007 02:17:16 PDT, Andrew Morton said:
> 
>> ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.23-rc7/2.6.23-rc7-mm1/
> 
> It lived fast, it died young, it didn't leave a pretty corpse...
> 
> Something in the startup scripts did a 'touch', and ker-blam.
> 
> [   15.668000] Unable to handle kernel NULL pointer dereference at 0000000000000252 RIP: 
> [   15.668000]  [<ffffffff802a1dd1>] __mnt_is_readonly+0x9/0x1e
> [   15.668000] PGD 52be067 PUD 5645067 PMD 0 
> [   15.668000] Oops: 0000 [1] PREEMPT SMP 
> [   15.668000] last sysfs file: /block/dm-13/dev
> [   15.668000] CPU 0 
> [   15.668000] Modules linked in: rtc
> [   15.668000] Pid: 528, comm: touch Not tainted 2.6.23-rc7-mm1 #1
> [   15.668000] RIP: 0010:[<ffffffff802a1dd1>]  [<ffffffff802a1dd1>] __mnt_is_readonly+0x9/0x1e
> [   15.668000] RSP: 0018:ffff8100045fddd8  EFLAGS: 00010202
> [   15.668000] RAX: 0000000000000001 RBX: ffff810002c10680 RCX: 0000000000000001
> [   15.668000] RDX: ffff810082504000 RSI: ffff810005243168 RDI: 0000000000000202
> [   15.668000] RBP: ffff8100045fddd8 R08: 0000000000000001 R09: 0000000000000002
> [   15.668000] R10: 0000000000000000 R11: ffff8100045fde68 R12: 0000000000000202
> [   15.668000] R13: 00000000ffffffe2 R14: ffff8100052c1d80 R15: ffff8100039aa8a0
> [   15.668000] FS:  00007f9527f596f0(0000) GS:ffffffff806b6000(0000) knlGS:0000000000000000
> [   15.668000] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [   15.668000] CR2: 0000000000000252 CR3: 00000000052cb000 CR4: 00000000000006e0
> [   15.668000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [   15.668000] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [   15.668000] Process touch (pid: 528, threadinfo ffff8100045fc000, task ffff8100047517e0)
> [   15.668000] last branch before last exception/interrupt
> [   15.668000]  from  [<ffffffff802a4d1b>] mnt_want_write+0x44/0xb5
> [   15.668000]  to  [<ffffffff802a1dc8>] __mnt_is_readonly+0x0/0x1e
> [   15.668000] Stack:  ffff8100045fde08 ffffffff802a4d20 ffff8100045fddf8 0000000000000000
> [   15.668000]  00000000fffffff7 ffff810005243140 ffff8100045fdf28 ffffffff802ad288
> [   15.668000]  ffff8100045fde58 0000000000000202 ffff8100045fde58 ffffffff8035437b
> [   15.668000] Call Trace:
> [   15.668000]  [<ffffffff802a4d20>] mnt_want_write+0x49/0xb5
> [   15.668000]  [<ffffffff802ad288>] do_utimes+0xd0/0x220
> [   15.668000]  [<ffffffff8035437b>] __up_read+0x7a/0x83
> [   15.668000]  [<ffffffff8024b1af>] up_read+0x9/0xb
> [   15.668000]  [<ffffffff8051977c>] do_page_fault+0x421/0x7d0
> [   15.668000]  [<ffffffff8028b370>] do_filp_open+0x36/0x46
> [   15.668000]  [<ffffffff802ad519>] sys_utimensat+0x8b/0xa5
> [   15.668000]  [<ffffffff80517a4d>] error_exit+0x0/0x84
> [   15.668000]  [<ffffffff8020c10e>] system_call+0x7e/0x83
> [   15.668000] 
> [   15.668000] 
> [   15.668000] Code: f6 47 50 40 75 0d 48 8b 47 28 8a 40 58 83 e0 01 0f b6 c0 c9 
> [   15.668000] RIP  [<ffffffff802a1dd1>] __mnt_is_readonly+0x9/0x1e
> [   15.668000]  RSP <ffff8100045fddd8>
> [   15.668000] CR2: 0000000000000252
> 

CC'ing Dave, he might be interested in looking into this. Do you know
which file was touched. I suspect either mnt or mnt_sb is NULL in
__mnt_is_readonly(). mnt is extracted from the nameidata structure.
It's interesting to see utimenstat in the stack, I suspect that
the filename was probably NULL and dfd was something other than
AT_FDCWD (Just a wild guess). I'll try to reproduce your problem.

-- 
	Warm Regards,
	Balbir Singh
	Linux Technology Center
	IBM, ISTL
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ