lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 9 Oct 2013 15:39:10 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Dave Chinner <dchinner@...hat.com>
Cc:	Ben Myers <bpm@....com>, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [XFS on bad superblock] BUG: unable to handle kernel NULL pointer
 dereference at 00000003

Greetings,

I got the below dmesg and the first bad commit is

commit 98021821a502db347bd9c7671beeee6e8ce07ea6
Author: Dave Chinner <dchinner@...hat.com>
Date:   Mon Nov 12 22:54:03 2012 +1100

    xfs: verify superblocks as they are read from disk
    
    Add a superblock verify callback function and pass it into the
    buffer read functions. Remove the now redundant verification code
    that is currently in use.
    
    Adding verification shows that secondary superblocks never have
    their "sb_inprogress" flag cleared by mkfs.xfs, so when validating
    the secondary superblocks during a grow operation we have to avoid
    checking this field. Even if we fix mkfs, we will still have to
    ignore this field for verification purposes unless a version of mkfs
    that does not have this bug was used.
    
    Signed-off-by: Dave Chinner <dchinner@...hat.com>
    Reviewed-by: Phil White <pwhite@....com>
    Signed-off-by: Ben Myers <bpm@....com>

It's an old commit, however the problem still remains in current
upstream and linux-next.

[    4.607918] gfs2: error -5 reading superblock
[    4.609575] block nbd7: Attempted send on closed socket
[    4.611643] BUG: unable to handle kernel NULL pointer dereference at 00000003
[    4.614242] IP: [<c10334dd>] move_linked_works+0x1d/0x50
[    4.614724] *pdpt = 000000000cead001 *pde = 0000000000000000 
[    4.614724] Oops: 0002 [#1] 
[    4.614724] CPU: 0 PID: 662 Comm: kworker/0:1H Not tainted 3.12.0-rc1-00279-ga0c7d83 #138
[    4.614724] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[    4.614724] task: ccab0a20 ti: ccf26000 task.ti: ccf26000
[    4.614724] EIP: 0060:[<c10334dd>] EFLAGS: 00010086 CPU: 0
[    4.614724] EIP is at move_linked_works+0x1d/0x50
[    4.614724] EAX: ccae5858 EBX: fffffffb ECX: 00000000 EDX: cc8b2eb8
[    4.614724] ESI: 00000000 EDI: ffffffff EBP: ccf27f54 ESP: ccf27f44
[    4.614724]  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[    4.614724] CR0: 8005003b CR2: 0000005c CR3: 0cc66000 CR4: 000006b0
[    4.614724] Stack:
[    4.614724]  ccae585c cc8b2ea0 c1a81d50 cc8b2eb8 ccf27f70 c1034d34 ccab0a20 c1a81d60
[    4.614724]  cec55ed0 cc8b2ea0 c1034c02 ccf27fac c10388f7 ccf27f94 00000000 00000000
[    4.614724]  cc8b2ea0 00000000 ccf27f8c ccf27f8c 00000000 ccf27f98 ccf27f98 ccab0a20
[    4.614724] Call Trace:
[    4.614724]  [<c1034d34>] worker_thread+0x132/0x1bd
[    4.614724]  [<c1034c02>] ? rescuer_thread+0x1df/0x1df
[    4.614724]  [<c10388f7>] kthread+0x6d/0x72
[    4.614724]  [<c175f837>] ret_from_kernel_thread+0x1b/0x28
[    4.614724]  [<c103888a>] ? init_completion+0x1d/0x1d
[    4.614724] Code: 74 0a 8b 00 85 c0 75 ed eb 02 31 c0 5d c3 55 89 e5 57 56 53 53 8b 58 04 83 eb 04 89 c6 83 c6 04 89 75 f0 74 21 8b 78 04 8b 70 08 <89> 77 04 89 3e 8b 72 04 8b 7d f0 89 7a 04 89 50 04 89 70 08 89
[    4.614724] EIP: [<c10334dd>] move_linked_works+0x1d/0x50 SS:ESP 0068:ccf27f44
[    4.614724] CR2: 0000000000000003
[    4.614724] ---[ end trace 346f0648092682e5 ]---

The bisect has been verified manually: disable CONFIG_XFS_FS and the
problem disappears.

It's a kvm based boot test. As you may see in the attached dmesg log,
there are some errors in the superblock reading and the other file
systems complained, too.

git bisect start v3.8 v3.7 --
git bisect  bad dadfab4873256d2145640c0ce468fcbfb48977fe  # 17:26      0-  Merge tag 'firewire-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
git bisect  bad 2989950cea13711f0cc573c26cde8fe08a36be03  # 17:26      0-  Merge tag 'fixes-non-critical' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
git bisect good 7bcb57cde66c19df378f3468ea342166a8a4504d  # 21:07  10000+  Merge tag 'iio-for-3.8f' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-next
git bisect good c6bd5bcc4983f1a2d2f87a3769bf309482ee8c04  # 04:35  10000+  Merge tag 'tty-3.8-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
git bisect good 090f8ccba37034cec5a5972a70abeaae7eb0222b  # 11:09  10000+  Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good fef3ff2eb777e76cfa5ae67591982d902c17139c  # 17:17  10000+    658  Merge branch 'for-3.8' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
git bisect  bad 3f1c64f410e4394ecefadd7a597a7c20368a65fc  # 17:18      0-    307  Merge tag 'for-linus-v3.8-rc1' of git://oss.sgi.com/xfs/xfs
git bisect  bad ef9d873344ff9f5084eacb9f3735982314dfda9e  # 17:18      0-    148  xfs: byte range granularity for XFS_IOC_ZERO_RANGE
git bisect good 07428d7f0ca46087f7f1efa895322bb9dc1ac21d  # 19:00   1325+    179  xfs: fix attr tree double split corruption
git bisect  bad 3d3e6f64e22c94115d47de670611bcd3ecda3796  # 19:00      0-   1198  xfs: verify btree blocks as they are read from disk
git bisect good 95eacf0f71b7682a05b8242c49c68e8e4bb673e3  # 20:33   1000+     81  xfs: remove xfs_wait_on_pages()
git bisect  bad 98021821a502db347bd9c7671beeee6e8ce07ea6  # 20:33      0-   2443  xfs: verify superblocks as they are read from disk
git bisect good fb59581404ab7ec5075299065c22cb211a9262a9  # 21:56   1000+     22  xfs: remove xfs_flushinval_pages
git bisect good eab4e63368b4cfa597dbdac66d1a7a836a693b7d  # 01:12   1000+     35  xfs: uncached buffer reads need to return an error
git bisect good eab4e63368b4cfa597dbdac66d1a7a836a693b7d  # 04:48   3000+    184  xfs: uncached buffer reads need to return an error
git bisect  bad a0c7d83322521880caf8c9c1ef20a2a1cd5cb955  # 04:49      0-     23  can: sja1000: remove unnecessary pci_set_drvdata()
git bisect  bad fd848319e751739a93aa9fc8182e57e87c5a0df1  # 04:53      1-      9  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
git bisect  bad a0cf1abc25ac197dd97b857c0f6341066a8cb1cf  # 04:57      0-     13  Add linux-next specific files for 20130927

Thanks,
Fengguang

View attachment "dmesg-yocto-lkp-tt02-16:20130921131144:3.12.0-rc1-00279-ga0c7d83:138" of type "text/plain" (195519 bytes)

Download attachment "bisect-a0c7d83322521880caf8c9c1ef20a2a1cd5cb955-i386-randconfig-c4-0920-BUG:-unable-to-handle-kernel-NULL-pointer-dereference-121615.log" of type "application/octet-stream" (137100 bytes)

View attachment "config-3.12.0-rc1-00279-ga0c7d83" of type "text/plain" (85131 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ