190160 – hardened-sources-2.6.23 - kernel oops when fuser -c *

Bug 190160 - hardened-sources-2.6.23 - kernel oops when fuser -c *

Summary: hardened-sources-2.6.23 - kernel oops when fuser -c *

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	x86 Linux

Importance:	High major (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-08-25 09:56 UTC by Jerzy Kołosowski
Modified:	2007-10-01 17:02 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
My kernel config (config-2.6.22-hardened-r2,44.59 KB, text/plain) 2007-08-25 09:56 UTC, Jerzy Kołosowski	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jerzy Kołosowski 2007-08-25 09:56:15 UTC

if i try fuser -c /usr i got kerenl oops:
EIP: [<c041045f>] SS:ESP 0068:ed1dfe80	
Code: 04 24 8b 44 24 0c e8 b2 95 ff ff 8b 4c 24 0c 8b 44 24 10 83 c4 1c 5b 5e 5f 89 ea 5d e9 6b ca 19 00 90 90 90 8b 08 8b 50 04 31 c0 <3b> 91 7c 01 00 00 ba d7 b0 76 c0 0f 44 c2 c3 8b 90 98 00 00 00 	
[<c0482a42>] <0> [<c046b696>] <0> [<c046b4f5>] <0> [<c045582a>] <0> [<c0455c02>] <0> [<c0403e8d>] <0> =======================	
Call Trace:	
00000000 00000070 fffff000 dfb45a90 00000000 00000000 00000000 00000028 	
00000070 00000000 00000000 00000000 00000000 ed1dfedc 00000000 ed72c260 	
Stack: c0482a42 ed72c260 c0770a5f ffffe000 fffff000 00000072 0000002d 00000078 	
Process fuser (pid: 18602, ti=ed1de000 task=f6f18580 task.ti=ed1de000)	
ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068	
esi: 00000000 edi: c082300c ebp: 00000078 esp: ed1dfe80	
eax: 00000000 ebx: ffffe000 ecx: 00000000 edx: ffffe000	
EFLAGS: 00010246 (2.6.22-hardened-r2 #1)	
EIP: 0060:[<c041045f>] Tainted: PF VLI	
CPU: 0	
SMP 	
Oops: 0000 [#15]	
*pde = 00000000	
printing eip:	
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000017c



Reproducible: Always

Steps to Reproduce:
1. Running system with >=hardened-sources-2.6.22
2. Try the fuser -c /usr (fuser (PSmisc) 22.5)

Comment 1 Jerzy Kołosowski 2007-08-25 09:56:54 UTC

Created attachment 129135 [details]
My kernel config

Comment 2 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure

2007-08-25 13:52:51 UTC

This is not a userrel bug and does not need to be restricted.

Comment 3 Christian Heim (RETIRED) gentoo-dev

2007-08-26 14:59:07 UTC

(In reply to comment #0)
> if i try fuser -c /usr i got kerenl oops:
> EIP: [<c041045f>] SS:ESP 0068:ed1dfe80  
> Code: 04 24 8b 44 24 0c e8 b2 95 ff ff 8b 4c 24 0c 8b 44 24 10 83 c4 1c 5b 5e
> 5f 89 ea 5d e9 6b ca 19 00 90 90 90 8b 08 8b 50 04 31 c0 <3b> 91 7c 01 00 00 ba
> d7 b0 76 c0 0f 44 c2 c3 8b 90 98 00 00 00         
> [<c0482a42>] <0> [<c046b696>] <0> [<c046b4f5>] <0> [<c045582a>] <0>
> [<c0455c02>] <0> [<c0403e8d>] <0> =======================   
> Call Trace:     
> 00000000 00000070 fffff000 dfb45a90 00000000 00000000 00000000 00000028         
> 00000070 00000000 00000000 00000000 00000000 ed1dfedc 00000000 ed72c260         
> Stack: c0482a42 ed72c260 c0770a5f ffffe000 fffff000 00000072 0000002d 00000078  
> Process fuser (pid: 18602, ti=ed1de000 task=f6f18580 task.ti=ed1de000)  
> ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068    
> esi: 00000000 edi: c082300c ebp: 00000078 esp: ed1dfe80 
> eax: 00000000 ebx: ffffe000 ecx: 00000000 edx: ffffe000 
> EFLAGS: 00010246 (2.6.22-hardened-r2 #1)        
> EIP: 0060:[<c041045f>] Tainted: PF VLI  
> CPU: 0  
> SMP     
> Oops: 0000 [#15]        
> *pde = 00000000 
> printing eip:   
> BUG: unable to handle kernel NULL pointer dereference at virtual address
> 0000017c

Try upgrading to hardened-sources-2.6.22-r3.

Comment 4 Jerzy Kołosowski 2007-09-15 19:34:35 UTC

I tried with 2.6.22-hardened-r3 version and it's the same. The same error is also when I try 'cat /proc/pid/maps' or 'cat /proc/pid/smaps'. For example:

hell ~ # cat /proc/1/maps
BUG: unable to handle kernel NULL pointer dereference at virtual address 0000017c
 printing eip:
c0410517
*pde = 00000000
Oops: 0000 [#3]
SMP
Modules linked in: w83627hf eeprom w83781d hwmon_vid wlan_ccmp wlan_xauth ipv6 ipt_MASQUERADE ipt_REDIRECT iptable_nat nf_nat iptable_mangle ipt_REJECT ipt_ipp2p nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables ndiswrapper wlan_scan_ap ath_rate_sample(F) ath_pci(F) wlan ath_hal(P) i2c_amd756 amd_rng rng_core rtc
CPU:    0
EIP:    0060:[<c0410517>]    Tainted: PF      VLI
EFLAGS: 00010246   (2.6.22-hardened-r3 #2)
eax: 00000000   ebx: 00000078   ecx: 00000000   edx: ffffe000
esi: 00000070   edi: 00000001   ebp: c0809010   esp: cc833e64
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process cat (pid: 20133, ti=cc832000 task=ea3c0a90 task.ti=cc832000)
Stack: c04829f5 d0da2220 c075b30d ffffe000 fffff000 00000072 0000002d 00000078
       00000070 00000000 00000000 00000000 00000000 cc833ebc 00000000 d0da2220
       00000000 c2179a90 00000000 00000000 00000000 00000000 00000028 c07cbf20
Call Trace:
 [<c04829f5>] <0> [<c046b6aa>] <0> [<c046b509>] <0> [<c04557ee>] <0> [<c0455bc6>] <0> [<c0403e8d>] <0> =======================
Code: 04 24 8b 44 24 0c e8 fa 94 ff ff 8b 4c 24 0c 8b 44 24 10 83 c4 1c 5b 5e 5f 89 ea 5d e9 53 c7 19 00 90 90 90 8b 08 8b 50 04 31 c0 <3b> 91 7c 01 00 00 ba 96 59 75 c0 0f 44 c2 c3 8b 90 98 00 00 00
EIP: [<c0410517>]  SS:ESP 0068:cc833e64
Segmentation fault. 

I tried to run kernel with and without options: 'Remove addresses from /proc/<pid>/[smaps|maps|stat]', but there is no difference.  

I will try with vanilla sources.

I think that is a kernel's bug.

Comment 5 Jerzy Kołosowski 2007-09-16 13:04:12 UTC

On vanilla sources I haven't error. Mayby it's grsecurity bug. I will try fix it.

Comment 6 Christian Heim (RETIRED) gentoo-dev

2007-10-01 17:02:11 UTC

(In reply to comment #4)
> I tried with 2.6.22-hardened-r3 version and it's the same. The same error is
> also when I try 'cat /proc/pid/maps' or 'cat /proc/pid/smaps'. For example:
> 
> hell ~ # cat /proc/1/maps
> BUG: unable to handle kernel NULL pointer dereference at virtual address
> 0000017c
>  printing eip:
> c0410517
> *pde = 00000000
> Oops: 0000 [#3]
> SMP
> Modules linked in: w83627hf eeprom w83781d hwmon_vid wlan_ccmp wlan_xauth ipv6
> ipt_MASQUERADE ipt_REDIRECT iptable_nat nf_nat iptable_mangle ipt_REJECT
> ipt_ipp2p nf_conntrack_ipv4 xt_state nf_conntrack iptable_filter ip_tables
> ndiswrapper wlan_scan_ap ath_rate_sample(F) ath_pci(F) wlan ath_hal(P)
> i2c_amd756 amd_rng rng_core rtc
> CPU:    0
> EIP:    0060:[<c0410517>]    Tainted: PF      VLI
> EFLAGS: 00010246   (2.6.22-hardened-r3 #2)
> eax: 00000000   ebx: 00000078   ecx: 00000000   edx: ffffe000
> esi: 00000070   edi: 00000001   ebp: c0809010   esp: cc833e64
> ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
> Process cat (pid: 20133, ti=cc832000 task=ea3c0a90 task.ti=cc832000)
> Stack: c04829f5 d0da2220 c075b30d ffffe000 fffff000 00000072 0000002d 00000078
>        00000070 00000000 00000000 00000000 00000000 cc833ebc 00000000 d0da2220
>        00000000 c2179a90 00000000 00000000 00000000 00000000 00000028 c07cbf20
> Call Trace:
>  [<c04829f5>] <0> [<c046b6aa>] <0> [<c046b509>] <0> [<c04557ee>] <0>
> [<c0455bc6>] <0> [<c0403e8d>] <0> =======================
> Code: 04 24 8b 44 24 0c e8 fa 94 ff ff 8b 4c 24 0c 8b 44 24 10 83 c4 1c 5b 5e
> 5f 89 ea 5d e9 53 c7 19 00 90 90 90 8b 08 8b 50 04 31 c0 <3b> 91 7c 01 00 00 ba
> 96 59 75 c0 0f 44 c2 c3 8b 90 98 00 00 00
> EIP: [<c0410517>]  SS:ESP 0068:cc833e64
> Segmentation fault. 

Apparently this is related to #194276, so I'd like to advise you to go and test hardened-sources-2.6.22-r7. Please reopen the bug if that isn't fixing your problem/issue.