lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 8 Apr 2015 15:41:09 +0200 (CEST)
From:	Jan Engelhardt <jengelh@...i.de>
To:	torvalds@...ux-foundation.org
cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: NULL deref around xfs in v4.0-rc1–rc7


Starting somewhere around v4.0-rc1 and persisting through commit 
v4.0-rc7, there is a new NULL deference apparently happening in 
conjunction with xfs. This inhibits this machine's booting,
as xfs is used for the root filesystem.

First bisection points at first-bad commit v4.0-rc1~8, and since that is 
a merge commit, I'll be investigating some more hand-chosen commits (and 
then people to Cc) as we speak.


Boot log of v4.0-rc1~8:

 Fusion MPT base driver 3.04.20
 Copyright (c) 1999-2008 LSI Corporation
 Fusion MPT SAS Host driver 3.04.20
 mptbase: ioc0: Initiating bringup
 ioc0: LSISAS1068 A0: Capabilities={Initiator}
 scsi host0: ioc0: LSISAS1068 A0, FwRev=00000000h, Ports=8, MaxQ=256, IRQ=22
 mptsas: ioc0: attaching ssp device: fw_channel 0, fw_id 1, phy 1, sas_addr 0x1060504030201a0
 scsi 0:0:0:0: Direct-Access     VBOX     HARDDISK         1.0  PQ: 0 ANSI: 5
 scsi 0:0:0:0: Attached scsi generic sg0 type 0
 mptbase: ioc1: Initiating bringup
 ioc1: LSISAS1068 A0: Capabilities={Initiator}
 scsi host1: ioc1: LSISAS1068 A0, FwRev=00000000h, Ports=8, MaxQ=256, IRQ=17
 mptsas: ioc1: attaching ssp device: fw_channel 0, fw_id 0, phy 0, sas_addr 0x60504030201a0
 scsi 1:0:0:0: Direct-Access     VBOX     HARDDISK         1.0  PQ: 0 ANSI: 5
 scsi 1:0:0:0: Attached scsi generic sg1 type 0
 sd 0:0:0:0: [sda] 12582912 512-byte logical blocks: (6.44 GB/6.00 GiB)
 sd 1:0:0:0: [sdb] 16777216 512-byte logical blocks: (8.58 GB/8.00 GiB)
 sd 0:0:0:0: [sda] Write Protect is off
 sd 0:0:0:0: [sda] Incomplete mode parameter data
 sd 0:0:0:0: [sda] Assuming drive cache: write through
 sd 1:0:0:0: [sdb] Write Protect is off
 sd 1:0:0:0: [sdb] Incomplete mode parameter data
 sd 1:0:0:0: [sdb] Assuming drive cache: write through
  sda: sda1 sda2
 sd 0:0:0:0: [sda] Attached SCSI disk
  sdb: sdb1 sdb2
 sd 1:0:0:0: [sdb] Attached SCSI disk
 audit: type=1130 audit(1428456646.877:11): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
.[1;39mPlease enter passphrase for disk HARDDISK (sfroot)! .[0m
 NET: Registered protocol family 38
 audit_printk_skb: 3 callbacks suppressed
 audit: type=1130 audit(1428456653.677:13): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-cryptsetup@...oot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 audit: type=1130 audit(1428456653.941:14): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dracut-initqueue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 audit: type=1130 audit(1428456654.369:15): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-fsck@...-mapper-sfroot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 SGI XFS with ACLs, security attributes, realtime, no debug enabled
 XFS (dm-0): Mounting V5 Filesystem
 XFS (dm-0): Ending clean mount
 audit: type=1130 audit(1428456654.705:16): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=initrd-parse-etc comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 audit: type=1131 audit(1428456654.761:17): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=initrd-parse-etc comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 audit: type=1130 audit(1428456655.077:18): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dracut-pre-pivot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 audit: type=1130 audit(1428456655.157:19): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-ask-password-console comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 audit: type=1131 audit(1428456655.417:20): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-ask-password-console comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 audit: type=1130 audit(1428456655.437:21): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=initrd-cleanup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 audit: type=1131 audit(1428456655.453:22): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=initrd-cleanup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
 systemd-journald[155]: Received SIGTERM from PID 1 (systemd).
 BUG: unable to handle kernel paging request at 0000000000001000
 IP: [<ffffffff812718d0>] scsi_init_cmd_errh+0x26/0x5d
 PGD 0 
 Oops: 0002 [#1] SMP 
 Modules linked in: xfs crc32c_generic libcrc32c dm_crypt xts gf128mul algif_skcipher af_alg sd_mod mptsas scsi_transport_sas mptscsih mptbase dm_mod sg ipv6
 CPU: 0 PID: 447 Comm: systemd-cgroups Not tainted 4.0.0-rc1 #21
 Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
 task: ffff88007acceeb0 ti: ffff88007bcc0000 task.ti: ffff88007bcc0000
 RIP: 0010:[<ffffffff812718d0>]  [<ffffffff812718d0>] scsi_init_cmd_errh+0x26/0x5d
 RSP: 0018:ffff88007bcc3730  EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffff88007b078800 RCX: 0000000000000018
 RDX: ffff88007b02d370 RSI: 0000000000000000 RDI: 0000000000001000
 RBP: ffff88007b02d370 R08: ffff88007bf1a440 R09: 00000000000000fa
 R10: 0000000000000000 R11: ffffea0001eef880 R12: 0000000000000000
 R13: ffff88007b078800 R14: ffff88007bc35000 R15: ffff88007b02d200
 FS:  0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: 0000000000001000 CR3: 000000007cb79000 CR4: 00000000000007f0
 Stack:
  ffffffff812731ac ffff88007acceeb0 ffff88007bc35000 ffff88007b075400
  ffff88007b078968 ffff88007b02d378 ffff88007fc18e88 ffff88007b070f20
  ffff88007bcc37c0 ffff88007b075408 0000000000000000 0000000000000000
 Call Trace:
  [<ffffffff812731ac>] ? scsi_queue_rq+0x2e5/0x3d3
  [<ffffffff8118d833>] ? __blk_mq_run_hw_queue+0x19a/0x29f
  [<ffffffff8118da01>] ? blk_mq_alloc_request+0xc9/0x102
  [<ffffffffa00f774b>] ? __xfs_get_blocks+0x321/0x321 [xfs]
  [<ffffffff8118df7c>] ? blk_mq_run_hw_queue+0x4a/0x93
  [<ffffffff8118ebfa>] ? blk_sq_make_request+0x166/0x171
  [<ffffffff8118638e>] ? generic_make_request+0x8f/0xcc
  [<ffffffff811864ce>] ? submit_bio+0x103/0x121
  [<ffffffff810cc0ae>] ? get_page+0x9/0x25
  [<ffffffff810cc49f>] ? __lru_cache_add+0x1a/0x3a
  [<ffffffff8113629a>] ? mpage_bio_submit+0x1f/0x25
  [<ffffffff81136f07>] ? mpage_readpages+0xe2/0xf6
  [<ffffffffa00f774b>] ? __xfs_get_blocks+0x321/0x321 [xfs]
  [<ffffffff810c8d19>] ? get_page_from_freelist+0x3b3/0x785
  [<ffffffff810f860a>] ? alloc_pages_current+0xad/0xca
  [<ffffffff810cb5f9>] ? __do_page_cache_readahead+0x116/0x1af
  [<ffffffff810c4731>] ? filemap_fault+0x18e/0x393
  [<ffffffff810df31c>] ? __do_fault+0x3b/0x8f
  [<ffffffff810e2033>] ? handle_mm_fault+0x50e/0xfc9
  [<ffffffff810daf1c>] ? vma_interval_tree_insert+0x1f/0x82
  [<ffffffff810e5909>] ? vma_set_page_prot+0x33/0x52
  [<ffffffff81034345>] ? __do_page_fault+0x212/0x3ba
  [<ffffffff81337de8>] ? page_fault+0x28/0x30
  [<ffffffff811adf85>] ? __clear_user+0x1c/0x3d
  [<ffffffff811455f9>] ? padzero+0x1b/0x28
  [<ffffffff81147144>] ? load_elf_binary+0x7d5/0x1009
  [<ffffffff811135dc>] ? search_binary_handler+0x6b/0x170
  [<ffffffff81114780>] ? do_execveat_common.isra.31+0x45a/0x5dd
  [<ffffffff81114926>] ? do_execve+0x23/0x28
  [<ffffffff8104d4f7>] ? ____call_usermodehelper+0x100/0x128
  [<ffffffff8104d3f7>] ? call_usermodehelper+0x47/0x47
  [<ffffffff8133637c>] ? ret_from_fork+0x7c/0xb0
  [<ffffffff8104d3f7>] ? call_usermodehelper+0x47/0x47
 Code: c2 89 d0 5b c3 48 c7 87 b0 00 00 00 00 00 00 00 c7 87 f4 00 00 00 00 00 00 00 48 89 fa 48 8b bf 10 01 00 00 31 c0 b9 18 00 00 00 <f3> ab 66 83 ba cc 00 00 00 00 75 2a 48 8b 8a d8 00 00 00 8a 01 
 RIP  [<ffffffff812718d0>] scsi_init_cmd_errh+0x26/0x5d
  RSP <ffff88007bcc3730>
 CR2: 0000000000001000
 ---[ end trace ef687cac676b43b0 ]---
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ