lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 31 May 2015 16:52:59 -0700
From:	Jeremiah Mahler <jmmahler@...il.com>
To:	Miklos Szeredi <miklos@...redi.hu>,
	fuse-devel@...ts.sourceforge.net
Cc:	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: BUG: update-grub, unable to handle kernel NULL pointer
 dereference

Miklos, all,

On Sat, May 30, 2015 at 01:03:24AM -0700, Jeremiah Mahler wrote:
> all,
> 
> When running update-grub on a system with a Windows partition the kernel
> will oops with a "BUG: unable to handle kernel NULL pointer dereference"
> message.  It does this during the call to os-prober.  After the oops
> the system locks and requires a hard reset to get it running again.
> 
> This bug is present in the current linux-next (20150529) and as far
> back as 20150522 and possibly earlier.  That last working kernel I
> have is tagged 4.1.0-rc1+.
> 
> Below is a snippet from the back trace.  The full log is attached.
> 
>   ...
>   May 29 10:57:03 hudson 50mounted-tests[3413]: debug: running subtest /usr/lib/os-probes/mounted/20microsoft
>   May 29 10:57:03 hudson 20microsoft[3416]: debug: /dev/sda1 is a NTFS partition
>   May 29 10:57:03 hudson 20microsoft[3431]: result: /dev/sda1:Windows 7 (loader):Windows:chain
>   May 29 10:57:03 hudson 50mounted-tests[3432]: debug: os found by subtest /usr/lib/os-probes/mounted/20microsoft
>   May 29 10:57:03 hudson kernel: BUG: unable to handle kernel NULL pointer dereference at           (null)
>   May 29 10:57:03 hudson kernel: IP: [<          (null)>]           (null)
>   May 29 10:57:03 hudson kernel: PGD c9e43067 PUD c7b4a067 PMD 0 
>   May 29 10:57:03 hudson kernel: Oops: 0010 [#1] SMP 
>   May 29 10:57:03 hudson kernel: Modules linked in: vfat msdos fat dm_mod cpufreq_conservative cpufreq_stats cpufreq_userspace cpufreq_powersave binfmt_misc nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc joydev arc4 iwldvm mac80211 x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm i915 iTCO_wdt crct10dif_pclmul iTCO_vendor_support iwlwifi snd_hda_codec_hdmi crc32_pclmul snd_hda_codec_realtek crc32c_intel snd_hda_codec_generic cfg80211 snd_hda_intel snd_hda_codec ghash_clmulni_intel i2c_algo_bit aesni_intel drm_kms_helper aes_x86_64 snd_hwdep glue_helper lrw psmouse snd_hda_core gf128mul ablk_helper cryptd evdev mei_me tpm_tis drm snd_pcm serio_raw mei pcspkr tpm thinkpad_acpi wmi i2c_i801 shpchp snd_timer nvram snd battery rfkill lpc_ich ac video intel_smartconnect i2c_core soundcore
>   May 29 10:57:03 hudson kernel:  button mfd_core processor loop fuse autofs4 ext4 crc16 mbcache jbd2 sg sd_mod ahci libahci libata sdhci_pci scsi_mod xhci_pci ehci_pci sdhci ehci_hcd xhci_hcd mmc_core usbcore thermal usb_common thermal_sys
>   May 29 10:57:03 hudson kernel: CPU: 3 PID: 3433 Comm: umount Not tainted 4.1.0-rc4-next-20150522 #404
>   May 29 10:57:03 hudson kernel: Hardware name: LENOVO 3443CTO/3443CTO, BIOS G6ET59WW (2.03 ) 09/11/2012
>   May 29 10:57:03 hudson kernel: task: ffff880036bbd4d0 ti: ffff880118fd4000 task.ti: ffff880118fd4000
>   May 29 10:57:03 hudson kernel: RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
>   May 29 10:57:03 hudson kernel: RSP: 0018:ffff880118fd7ea0  EFLAGS: 00010246
>   May 29 10:57:03 hudson kernel: RAX: 0000000000000000 RBX: ffff8800c95b6000 RCX: ffff8800355c9000
>   May 29 10:57:03 hudson kernel: RDX: 0000000000000001 RSI: 0000000000000286 RDI: ffff88003652c800
>   May 29 10:57:03 hudson kernel: RBP: ffff8800c95b60c0 R08: 000800010000feb4 R09: 0000fead0000fea5
>   May 29 10:57:03 hudson kernel: R10: 0000fead0000fea5 R11: 0000fe9d0000fe95 R12: ffffffffa0241b40
>   May 29 10:57:03 hudson kernel: R13: ffff880036bbd4d0 R14: 0000000000000000 R15: 0000000000000000
>   May 29 10:57:03 hudson kernel: FS:  00007f8d586b8840(0000) GS:ffff88011e380000(0000) knlGS:0000000000000000
>   May 29 10:57:03 hudson kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>   May 29 10:57:03 hudson kernel: CR2: 0000000000000000 CR3: 0000000036b7e000 CR4: 00000000001407e0
>   May 29 10:57:03 hudson kernel: Stack:
>   May 29 10:57:03 hudson kernel:  ffffffff811ae1fe 0000000000000028 ffffffffa02430c0 ffff880036bbdb28
>   May 29 10:57:03 hudson kernel:  ffffffff811ae4de ffff8800c95b6000 ffffffff811ae86c ffff8800c95b6000
>   May 29 10:57:03 hudson kernel:  ffff8801182fd200 ffffffff81a81400 ffffffff811ca15b 0000000000000000
>   May 29 10:57:03 hudson kernel: Call Trace:
>   May 29 10:57:03 hudson kernel:  [<ffffffff811ae1fe>] ? generic_shutdown_super+0x6e/0xf0
>   May 29 10:57:03 hudson kernel:  [<ffffffff811ae4de>] ? kill_anon_super+0xe/0x20
>   May 29 10:57:03 hudson kernel:  [<ffffffff811ae86c>] ? deactivate_locked_super+0x3c/0x70
>   May 29 10:57:03 hudson kernel:  [<ffffffff811ca15b>] ? cleanup_mnt+0x3b/0x80
>   May 29 10:57:03 hudson kernel:  [<ffffffff81080d3a>] ? task_work_run+0x9a/0xc0
>   May 29 10:57:03 hudson kernel:  [<ffffffff81012d5f>] ? do_notify_resume+0x5f/0x80
>   May 29 10:57:03 hudson kernel:  [<ffffffff81519e84>] ? int_signal+0x12/0x17
>   May 29 10:57:03 hudson kernel: Code:  Bad RIP value.
>   May 29 10:57:03 hudson kernel: RIP  [<          (null)>]           (null)
>   May 29 10:57:03 hudson kernel:  RSP <ffff880118fd7ea0>
>   May 29 10:57:03 hudson kernel: CR2: 0000000000000000
>   May 29 10:57:03 hudson kernel: ---[ end trace f8d3aacb091ee378 ]---
>   May 29 10:57:03 hudson 50mounted-tests[3434]: warning: failed to umount /var/lib/os-prober/mount
>   May 29 10:57:03 hudson os-prober[3436]: debug: os detected by /usr/lib/os-probes/50mounted-tests
>   May 29 10:57:03 hudson os-prober[3442]: debug: running /usr/lib/os-probes/50mounted-tests on /dev/sda2
>   ...
> 
> Any help diagnosing this bug would be appreciated.
> 
> -- 
> - Jeremiah Mahler

I found the patch that introduced the bug.  It was a two line change to
fuse back in 4.1.0-rc3.

  From daccc092d1a24fc8e4be5dfd462703631fd8c199 Mon Sep 17 00:00:00 2001
  From: Miklos Szeredi <mszeredi@...e.cz>
  Date: Wed, 20 May 2015 15:18:58 +0200
  Subject: [PATCH] fuse: initialize fc->release before calling it
  
  fc->release is called from fuse_conn_put() which was used in the error
  cleanup before fc->release was initialized.
  
  Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
  Fixes: a325f9b92273 ("fuse: update fuse_conn_init() and separate out fuse_conn_kill()")
  Cc: <stable@...r.kernel.org> #v2.6.31+
  ---
   fs/fuse/inode.c | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)
  
  diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
  index 082ac1c..4a57f3e 100644
  --- a/fs/fuse/inode.c
  +++ b/fs/fuse/inode.c
  @@ -1025,6 +1025,7 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
   	if (!fc)
   		goto err_fput;
   
  +	fc->release = fuse_free_conn;
   	fuse_conn_init(fc);
   
   	fc->dev = sb->s_dev;
  @@ -1040,7 +1041,6 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
   		fc->dont_mask = 1;
   	sb->s_flags |= MS_POSIXACL;
   
  -	fc->release = fuse_free_conn;
   	fc->flags = d.flags;
   	fc->user_id = d.user_id;
   	fc->group_id = d.group_id;
  -- 
  2.1.4

-- 
- Jeremiah Mahler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ