lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 3 Aug 2008 21:24:20 +0200 (CEST) From: Sven Wegener <sven.wegener@...aler.net> To: "Denis V. Lunev" <den@...nvz.org> cc: Marcin Slusarz <marcin.slusarz@...il.com>, LKML <linux-kernel@...r.kernel.org>, netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net> Subject: Re: oops in rt_cache_invalidate (2.6.27-rc1-2b12a4c) On Sun, 3 Aug 2008, Denis V. Lunev wrote: > On Sun, 2008-08-03 at 19:02 +0200, Marcin Slusarz wrote: > > [ 21.035097] Adding 1020112k swap on /dev/sda2. Priority:-1 extents:1 across:1020112k > > [ 22.340292] BUG: unable to handle kernel NULL pointer dereference at 00000000000002c0 > > [ 22.341002] IP: [<ffffffff80442a7e>] rt_cache_invalidate+0x25/0x32 > > [ 22.341002] PGD 3dc7c067 PUD 3d198067 PMD 0 > > [ 22.341002] Oops: 0002 [1] PREEMPT > > [ 22.341002] CPU 0 > > [ 22.341002] Modules linked in: usbhid uhci_hcd tuner tea5767 tda8290 tuner_xc2028 xc5000 tda9887 tuner_simple tuner_types mt20xx tea5761 tda9875 ehci_hcd usbcore bttv ir_common compat_ioctl32 videodev v4l1_compat i2c_algo_bit snd_via82xx snd_ac97_codec v4l2_common ac97_bus snd_pcm videobuf_dma_sg snd_timer snd_page_alloc i2c_viapro videobuf_core btcx_risc snd_mpu401_uart snd_rawmidi tveeprom snd_seq_device snd soundcore > > [ 22.341002] Pid: 2248, comm: sysctl Not tainted 2.6.27-rc1-00507-g75aecb1 #261 > > [ 22.341002] RIP: 0010:[<ffffffff80442a7e>] [<ffffffff80442a7e>] rt_cache_invalidate+0x25/0x32 > > [ 22.341002] RSP: 0018:ffff88003cd6de08 EFLAGS: 00010202 > > [ 22.341002] RAX: 0000000000000052 RBX: 0000000000000000 RCX: 0000000000000000 > > [ 22.341002] RDX: ffff88003cd6dda8 RSI: ffff88003cd6dda9 RDI: ffff88003cd6ddb2 > > [ 22.341002] RBP: ffff88003cd6de28 R08: 0000000000000000 R09: ffff88003cd6dbb8 > > [ 22.341002] R10: 00000000a94180f7 R11: ffff88003cd6dc0c R12: 0000000000000001 > > [ 22.341002] R13: ffffffff8062a90c R14: 0000000000000000 R15: 0000000000000040 > > [ 22.341002] FS: 00007f0674ee66f0(0000) GS:ffffffff80625200(0000) knlGS:0000000000000000 > > [ 22.341002] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b > > [ 22.341002] CR2: 00000000000002c0 CR3: 000000003d1a3000 CR4: 00000000000006e0 > > [ 22.341002] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > > [ 22.341002] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > > [ 22.341002] Process sysctl (pid: 2248, threadinfo ffff88003cd6c000, task ffff88003d0dd900) > > [ 22.341002] Stack: ffff88003cd6de38 ffffffff80233c93 51ff88003cd6df48 0000000000000000 > > [ 22.341002] ffff88003cd6de58 ffffffff80442c4c ffffffff80620740 0000000000000001 > > [ 22.341002] ffffffff8062a90c 0000000000000000 ffff88003cd6de98 ffffffff8046a63b > > [ 22.341002] Call Trace: > > [ 22.341002] [<ffffffff80233c93>] ? do_proc_dointvec+0x3d/0x3f > > [ 22.341002] [<ffffffff80442c4c>] rt_cache_flush+0x17/0xe2 > > [ 22.341002] [<ffffffff8046a63b>] ipv4_doint_and_flush+0x42/0x52 > > [ 22.341002] [<ffffffff802d263b>] proc_sys_call_handler+0x96/0xbb > > [ 22.341002] [<ffffffff802d2674>] proc_sys_write+0x14/0x16 > > [ 22.341002] [<ffffffff8028f8fd>] vfs_write+0xb3/0x13c > > [ 22.341002] [<ffffffff8028fdd0>] sys_write+0x4c/0x74 > > [ 22.341002] [<ffffffff8020b3fb>] system_call_fastpath+0x16/0x1b > > [ 22.341002] > > [ 22.341002] > > [ 22.341002] Code: 18 01 00 00 c9 c3 55 48 89 e5 53 48 83 ec 18 66 66 90 66 90 be 01 00 00 00 48 89 fb 48 8d 7d f7 e8 a3 fd f5 ff 0f b6 45 f7 ff c0 <01> 83 c0 02 00 00 48 83 c4 18 5b c9 c3 55 48 89 e5 53 48 83 ec > > [ 22.341002] RIP [<ffffffff80442a7e>] rt_cache_invalidate+0x25/0x32 > > [ 22.341002] RSP <ffff88003cd6de08> > > [ 22.341002] CR2: 00000000000002c0 > > [ 23.182975] ---[ end trace cc508a4cd3aa37ce ]--- > > [ 33.359352] NET: Registered protocol family 17 > > [ 36.346255] Marking TSC unstable due to cpufreq changes > > [ 40.893522] Clocksource tsc unstable (delta = -221374484 ns) > > > > It's 2b12a4c524812fb3f6ee590a02e65b95c8c32229 + some unreleated trivial patches. > > Could you send you .config? No need to, the issue can be triggered by sysctl net.ipv4.ip_default_ttl=1 when 76e6ebfb40a2455c18234dcb0f9df37533215461 is applied. ipv4_doint_and_flush and ipv4_doint_and_flush_strategy access the member extra2 of the ctl_table, but it is never set to a meaningful value. Don't know if it's just the following that is missing or if we need another namespace. net: Add missing extra2 prameter for ip_default_ttl sysctl Commit 76e6ebfb40a2455c18234dcb0f9df37533215461 needs the extra2 parameter set to init_net, else we'll oops when setting the ip_default_ttl sysctl. Signed-off-by: Sven Wegener <sven.wegener@...aler.net> --- net/ipv4/sysctl_net_ipv4.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 770d827..e0689fd 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -232,6 +232,7 @@ static struct ctl_table ipv4_table[] = { .mode = 0644, .proc_handler = &ipv4_doint_and_flush, .strategy = &ipv4_doint_and_flush_strategy, + .extra2 = &init_net, }, { .ctl_name = NET_IPV4_NO_PMTU_DISC, -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists