| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130307132819.GA31162@localhost>
Date: Thu, 7 Mar 2013 21:28:19 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Rakib Mullick <rakib.mullick@...il.com>,
linux-kernel@...r.kernel.org
Subject: [nsproxy] BUG: unable to handle kernel NULL pointer dereference at
0000000000000024
Greetings,
I got the below oops and the first bad commit is
commit 98a271e459b8088fdc42a4a11c08570d2539cae0
Author: Rakib Mullick <rakib.mullick@...il.com>
Date: Thu Mar 7 14:52:20 2013 +0600
nsproxy: Fix ->nsproxy counting problem in copy_namespace.
In copy_namespace(), get_nsproxy() (which increments nsproxy->count)
is called before checking namespace related flags. Therefore, task's
nsproxy->count could have improper value, which could lead to calling
free_nsproxy unnecessarily. Also, incrementing nsproxy->count is an
atomic operation (which is expensive than normal increment operation),
so before doing it - it's better we make sure namespace related flags
are set.
Cc: stable@...r.kernel.org
Reviewed-by: "Eric W. Biederman" <ebiederm@...ssion.com>
Signed-off-by: Rakib Mullick <rakib.mullick@...il.com>
Signed-off-by: Eric W. Biederman <ebiederm@...ssion.com>
[ 26.782766] Scanning for low memory corruption every 60 seconds
[ 26.814208] cryptomgr_test (18) used greatest stack depth: 6208 bytes left
[ 26.839604] BUG: unable to handle kernel NULL pointer dereference at 0000000000000024
[ 26.841460] IP: [<ffffffff81196e77>] ida_remove+0x97/0xe0
[ 26.841460] PGD 0
[ 26.841460] Oops: 0000 [#1] SMP
[ 26.841460] CPU 0
[ 26.841460] Pid: 18, comm: cryptomgr_test Not tainted 3.9.0-rc1-00004-g98a271e #301 Bochs Bochs
[ 26.841460] RIP: 0010:[<ffffffff81196e77>] [<ffffffff81196e77>] ida_remove+0x97/0xe0
[ 26.841460] RSP: 0000:ffff88000d221cb8 EFLAGS: 00000046
[ 26.841460] RAX: 00000000000000ff RBX: 0000000000000000 RCX: 0000000000000044
[ 26.841460] RDX: 0000000000000044 RSI: 00000000ffffffff RDI: ffff88000d09b188
[ 26.841460] RBP: ffff88000d221cc8 R08: ffff88000d09b180 R09: ffffffffffffffff
[ 26.841460] R10: 0000000044444444 R11: 0000000000000000 R12: ffffffff81acec00
[ 26.841460] R13: 0000000000000000 R14: ffff88000d221b58 R15: ffff88000d19c2d0
[ 26.841460] FS: 0000000000000000(0000) GS:ffff88000de00000(0000) knlGS:0000000000000000
[ 26.841460] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 26.841460] CR2: 0000000000000024 CR3: 0000000001aa3000 CR4: 00000000000006f0
[ 26.841460] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 26.841460] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
[ 26.841460] Process cryptomgr_test (pid: 18, threadinfo ffff88000d220000, task ffff88000d19c2e0)
[ 26.841460] Stack:
[ 26.841460] 00000000efffffff 0000000000000282 ffff88000d221ce8 ffffffff81147eb3
[ 26.841460] ffffffff81ad0260 ffff88000d19c2e0 ffff88000d221d08 ffffffff81159794
[ 26.841460] ffffffff81ac73e0 ffffffff81ac73e0 ffff88000d221d28 ffffffff81080b48
[ 26.841460] Call Trace:
[ 26.841460] [<ffffffff81147eb3>] proc_free_inum+0x33/0x50
[ 26.841460] [<ffffffff81159794>] put_ipc_ns+0x64/0x80
[ 26.841460] [<ffffffff81080b48>] free_nsproxy+0x28/0x50
[ 26.841460] [<ffffffff81080dae>] switch_task_namespaces+0x5e/0x70
[ 26.841460] [<ffffffff81080dcb>] exit_task_namespaces+0xb/0x10
[ 26.841460] [<ffffffff8106468c>] do_exit+0x52c/0x9e0
[ 26.841460] [<ffffffff8176620d>] ? __schedule+0x39d/0x760
[ 26.841460] [<ffffffff8116e640>] ? cryptomgr_probe+0xb0/0xb0
[ 26.841460] [<ffffffff8116e670>] cryptomgr_test+0x30/0x50
[ 26.841460] [<ffffffff8107c4e6>] kthread+0xd6/0xe0
[ 26.841460] [<ffffffff811b1ddd>] ? do_raw_spin_unlock+0x5d/0xb0
[ 26.841460] [<ffffffff81087453>] ? complete+0x23/0x60
[ 26.841460] [<ffffffff8107c410>] ? insert_kthread_work+0x80/0x80
[ 26.841460] [<ffffffff817696bc>] ret_from_fork+0x7c/0xb0
[ 26.841460] [<ffffffff8107c410>] ? insert_kthread_work+0x80/0x80
[ 26.841460] Code: 48 08 4d 63 c9 83 e9 08 4f 8b 44 c8 28 4d 85 c0 75 da 4d 85 c0 74 4b 0f b6 d2 49 8d 78 08 41 0f b3 50 08 48 63 ca 49 8b 5c c8 28 <0f> a3 43 08 19 c9 85 c9 74 2d 0f b3 43 08 48 83 2b 01 74 05 5b
[ 26.841460] RIP [<ffffffff81196e77>] ida_remove+0x97/0xe0
[ 26.841460] RSP <ffff88000d221cb8>
[ 26.841460] CR2: 0000000000000024
[ 26.841460] ---[ end trace f89a34cf0d9f599e ]---
git bisect start 98a271e459b8088fdc42a4a11c08570d2539cae0 6dbe51c251a327e012439c4772097a13df43c5b8 --
git bisect good 7f78e0351394052e1a6293e175825eb5c7869507 # 10 2013-03-07 20:26:53 fs: Limit sys_mount to only request filesystem modules.
git bisect good 9141770548d529b9d32d5b08d59b65ee65afe0d4 # 11 2013-03-07 20:38:47 fs: Limit sys_mount to only request filesystem modules (Part 2).
git bisect good 9141770548d529b9d32d5b08d59b65ee65afe0d4 # 31 2013-03-07 20:50:11 fs: Limit sys_mount to only request filesystem modules (Part 2).
git bisect bad 98a271e459b8088fdc42a4a11c08570d2539cae0 # 0 2013-03-07 20:51:48 nsproxy: Fix ->nsproxy counting problem in copy_namespace.
git bisect good 687c18a83e1a31c15cd1fb93eab4a4b250d533cd # 35 2013-03-07 20:55:35 Revert "nsproxy: Fix ->nsproxy counting problem in copy_namespace."
git bisect good 9edbffb58ae00067e264ef70d5141c1d85049029 # 31 2013-03-07 21:19:44 Add linux-next specific files for 20130307
Thanks,
Fengguang
View attachment "dmesg-kvm-ant-6810-2013-03-07-18-37-02-3.9.0-rc1-00004-g98a271e-301" of type "text/plain" (31374 bytes)
View attachment "98a271e459b8088fdc42a4a11c08570d2539cae0-bisect.log" of type "text/plain" (3751 bytes)
View attachment ".config-bisect" of type "text/plain" (68559 bytes)
Powered by blists - more mailing lists