lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1381485327.2631.18.camel@perseus.fritz.box>
Date:	Fri, 11 Oct 2013 17:55:27 +0800
From:	Ian Kent <raven@...maw.net>
To:	David Ahern <dsahern@...il.com>
Cc:	autofs@...r.kernel.org, viro@...IV.linux.org.uk,
	linux-kernel@...r.kernel.org
Subject: Re: NULL pointer dereference in autofs4_expire_wait

On Fri, 2013-10-11 at 10:06 +0800, Ian Kent wrote:
> On Thu, 2013-10-10 at 17:22 -0600, David Ahern wrote:
> > Running 3.12-rc3 just hit BUG in autofs4_expire_wait
> 
> It doesn't look like this could be due to Al's change to the locking in
> autos4_wait() and that the only change to autofs that I'm aware of.
> 
> Could you do a bisect please?

Of course that assumes it's repeatable.
Is it?

Can you provide any information about the environment and activity that
was happening at the time of the BUG()?
 
> 
> > 
> > [787422.065405] BUG: unable to handle kernel NULL pointer dereference at 
> > 0000000000000010
> > [787422.065567] IP: [<ffffffff812722d8>] autofs4_expire_wait+0x38/0x120
> > [787422.065659] PGD 163bdb067 PUD 163bbc067 PMD 0
> > [787422.065744] Oops: 0000 [#1] SMP
> > [787422.065825] Modules linked in: binfmt_misc nfsv3 rpcsec_gss_krb5 
> > nfsv4 dns_resolver nfs fscache bridge stp llc ipt_MASQUERADE xt_nat 
> > iptable_nat nf_nat_ipv4 nf_nat xt_physdev nf_conntrack_ipv4 
> > nf_defrag_ipv4 xt_state nf_conntrack xt_multiport nfsd lockd nfs_acl 
> > auth_rpcgss sunrpc ipmi_si ipmi_msghandler vhost_net iTCO_wdt macvtap 
> > macvlan vhost iTCO_vendor_support pcspkr i7core_edac lpc_ich mfd_core 
> > tun edac_core bnx2 hpwdt microcode acpi_power_meter oid_registry 
> > kvm_intel kvm usb_storage hpsa ttm drm_kms_helper drm i2c_algo_bit i2c_core
> > [787422.066557] CPU: 10 PID: 20498 Comm: sed Not tainted 3.12.0-rc3+ #8
> > [787422.066640] Hardware name: HP ProLiant DL380 G6, BIOS P62 05/05/2011
> > [787422.066722] task: ffff88030e941790 ti: ffff880182a16000 task.ti: 
> > ffff880182a16000
> > [787422.066872] RIP: 0010:[<ffffffff812722d8>]  [<ffffffff812722d8>] 
> > autofs4_expire_wait+0x38/0x120
> > [787422.067029] RSP: 0000:ffff880182a17aa8  EFLAGS: 00010246
> > [787422.067121] RAX: 00000000b1acb1ac RBX: ffff8802e1056a80 RCX: 
> > 0000000000000010
> > [787422.067270] RDX: 000000000000b1ac RSI: ffffffff81c3e3e0 RDI: 
> > ffff88060e187d98
> > [787422.067457] RBP: ffff880182a17ad8 R08: 0000000000000000 R09: 
> > ffffffff811a5748
> > [787422.067607] R10: ff030306ff030001 R11: ffffffffffffffff R12: 
> > ffff88060e187d00
> > [787422.067758] R13: 0000000000000000 R14: 0000000000637461 R15: 
> > ffff8802e1056a80
> > [787422.067909] FS:  0000000000000000(0000) GS:ffff880313ca0000(0000) 
> > knlGS:0000000000000000
> > [787422.068061] CS:  0010 DS: 002b ES: 002b CR0: 000000008005003b
> > [787422.068141] CR2: 0000000000000010 CR3: 000000010f106000 CR4: 
> > 00000000000027e0
> > [787422.068302] Stack:
> > [787422.068414]  ffff880182a17af8 ffffffff810768fe 0000000000000100 
> > ffff8802e1056a80
> > [787422.068575]  ffff88060e187dc0 ffff88060e187dc0 ffff880182a17b48 
> > ffffffff8126f5fc
> > [787422.068736]  0000000000000000 ffff880192afb890 ffff8802e1056ab8 
> > 0000000392afb890
> > [787422.068896] Call Trace:
> > [787422.068976]  [<ffffffff810768fe>] ? prepare_to_wait+0x5e/0x90
> > [787422.069060]  [<ffffffff8126f5fc>] do_expire_wait+0x17c/0x190
> > [787422.069142]  [<ffffffff8126f9a4>] autofs4_d_manage+0xb4/0x170
> > [787422.069227]  [<ffffffff8119af4d>] follow_managed+0xcd/0x2c0
> > [787422.069323]  [<ffffffff8162a3f3>] lookup_slow+0x7b/0xaa
> > [787422.069441]  [<ffffffff8119c4fa>] link_path_walk+0x34a/0x8d0
> > [787422.069524]  [<ffffffff811a67d1>] ? dput+0x31/0x1f0
> > [787422.069606]  [<ffffffff811aeac9>] ? mntput_no_expire+0x49/0x140
> > [787422.069690]  [<ffffffff8119c0bc>] ? path_init+0x30c/0x400
> > [787422.069772]  [<ffffffff8119cad8>] path_lookupat+0x58/0x740
> > [787422.069856]  [<ffffffff8117a153>] ? kmem_cache_alloc+0x1c3/0x200
> > [787422.069939]  [<ffffffff8117a12d>] ? kmem_cache_alloc+0x19d/0x200
> > [787422.071815]  [<ffffffff8119d1f4>] filename_lookup+0x34/0xc0
> > [787422.071898]  [<ffffffff811a0a59>] user_path_at_empty+0x59/0xa0
> > [787422.071981]  [<ffffffff811a0b73>] ? do_filp_open+0x43/0xa0
> > [787422.072064]  [<ffffffff811a0ab1>] user_path_at+0x11/0x20
> > [787422.072146]  [<ffffffff81195761>] vfs_fstatat+0x51/0xb0
> > [787422.072228]  [<ffffffff8119588b>] vfs_stat+0x1b/0x20
> > [787422.072311]  [<ffffffff8104d6ca>] sys32_stat64+0x1a/0x40
> > [787422.072453]  [<ffffffff8118f74a>] ? do_sys_open+0x1aa/0x220
> > [787422.072539]  [<ffffffff8163cf49>] ia32_do_call+0x13/0x13
> > [787422.072619] Code: 48 89 5d e8 4c 89 65 f0 48 89 fb 4c 89 6d f8 48 8b 
> > 47 68 4c 8b 6f 78 4c 8b a0 00 03 00 00 49 8d bc 24 98 00 00 00 e8 78 0d 
> > 3c 00 <41> f6 45 10 01 74 61 66 41 83 84 24 98 00 00 00 01 f6 05 52 4a
> > [787422.073004] RIP  [<ffffffff812722d8>] autofs4_expire_wait+0x38/0x120
> > [787422.073089]  RSP <ffff880182a17aa8>
> > [787422.073164] CR2: 0000000000000010
> > [787422.073595] ---[ end trace c75e278f6383bf9a ]---
> 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ