NULL pointer dereference bug in 2.6.18-rc6-CITI_NFS4_ALL-1
Bryce Harrington
bryce at osdl.org
Thu Sep 14 19:01:08 EDT 2006
Strace included below...
On Thu, Sep 14, 2006 at 03:55:40PM -0700, Bryce Harrington wrote:
> Jason noticed that in the latest CITI patch the kernel hits a bug during
> the LTP run with a krb5p mount. There's also some interesting looking
> console output during the LTP runs with the other security flavors as
> well.
------------------------------------------------------------------------
Hey,
Sometimes can mount ok, sometimes it doesn't. Occurs with sys, and krb5 sec. Not sure if its useful, but here is an strace of a bad mount (w/ krb5i):
# strace mount /mnt/nfs4
--- snip ---
execve("/bin/mount", ["mount", "/mnt/nfs4"], [/* 24 vars */]) = 0
uname({sys="Linux", node="nfsxx.osdl.org", ...}) = 0
brk(0) = 0x805d000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=13293, ...}) = 0
mmap2(NULL, 13293, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f9a000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240T\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1220000, ...}) = 0
mmap2(NULL, 1158452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e7f000
mmap2(0xb7f94000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x115) = 0xb7f94000
mmap2(0xb7f98000, 7476, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f98000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e7e000
mprotect(0xb7f94000, 4096, PROT_READ) = 0
mprotect(0xb7fb2000, 4096, PROT_READ) = 0
munmap(0xb7f9a000, 13293) = 0
open("/dev/urandom", O_RDONLY) = 3
read(3, "KRG_", 4) = 4
close(3) = 0
brk(0) = 0x805d000
brk(0x807e000) = 0x807e000
umask(033) = 022
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
close(3) = 0
getuid32() = 0
geteuid32() = 0
lstat64("/etc/mtab", {st_mode=S_IFREG|0644, st_size=399, ...}) = 0
readlink("/mnt", 0xbf8c2a70, 4096) = -1 EINVAL (Invalid argument)
readlink("/mnt/nfs4", 0xbf8c2a70, 4096) = -1 EINVAL (Invalid argument)
umask(077) = 033
open("/etc/fstab", O_RDONLY|O_LARGEFILE) = 3
umask(033) = 077
fstat64(3, {st_mode=S_IFREG|0644, st_size=1279, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f9d000
read(3, "# /etc/fstab: static file system"..., 4096) = 1279
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f9d000, 4096) = 0
stat64("/sbin/mount.nfs4", 0xbf8c3950) = -1 ENOENT (No such file or directory)
gettimeofday({1158273444, 489654}, NULL) = 0
getpid() = 10954
open("/etc/resolv.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=40, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f9d000
read(3, "search osdl.org\nnameserver 65.17"..., 4096) = 40
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f9d000, 4096) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=503, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f9d000
read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 503
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f9d000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=13293, ...}) = 0
mmap2(NULL, 13293, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f9a000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\33\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=35288, ...}) = 0
mmap2(NULL, 37516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e74000
mmap2(0xb7e7c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0xb7e7c000
close(3) = 0
munmap(0xb7f9a000, 13293) = 0
open("/etc/host.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1302, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f9d000
read(3, "# /etc/host.conf:\n# $Header: /va"..., 4096) = 1302
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f9d000, 4096) = 0
open("/etc/hosts", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f9d000
read(3, "# /etc/hosts: This file describ"..., 4096) = 780
close(3) = 0
munmap(0xb7f9d000, 4096) = 0
uname({sys="Linux", node="nfsxx.osdl.org", ...}) = 0
open("/etc/hosts", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=780, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f9d000
read(3, "# /etc/hosts: This file describ"..., 4096) = 780
close(3) = 0
munmap(0xb7f9d000, 4096) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
getpid() = 10954
bind(3, {sa_family=AF_INET, sin_port=htons(954), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(2049), sin_addr=inet_addr("65.172.181.230")}, 16) = 0
gettimeofday({1158273444, 524075}, NULL) = 0
write(3, "\200\0\0(j\235#\337\0\0\0\0\0\0\0\2\0\1\206\243\0\0\0\4"..., 44) = 44
poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 20000) = 1
read(3, "\200\0\0\30j\235#\337\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 400) = 28
close(3) = 0
close(3) = -1 EBADF (Bad file descriptor)
mount("nfsxx.osdl.org:/", "/mnt/nfs4", "nfs4", MS_MGC_VAL, "\1"
--- snip ---
--
Jason Neighbors
x1939
More information about the NFSv4
mailing list