REDHAT-BUG-529227: Null Pointer Dereference
First published: Thu Oct 15 2009(Updated: )
Hi, Description of problem: execution of a particular program from the Arachne suite reliably causes a kernel panic due to a NULL-pointer dereference in nfs4_proc_lock(). Version-Release number of selected component (if applicable): 2.6.18-164.2.1.el5 How reproducible: always on NFSv4 mounted directories Steps to Reproduce: 1. wget <a href="http://www.genoscope.cns.fr/externe/redhat/XMLMissingField">http://www.genoscope.cns.fr/externe/redhat/XMLMissingField</a> 2. Save a copy on an NFSv4-mounted directory 3. Execute it Actual results: Kernel panic Expected results: No panic Additional info: Console output: Unable to handle kernel NULL pointer dereference at 0000000000000030 RIP: [<ffffffff8837b210>] :nfs:nfs4_proc_lock+0x21f/0x3ad PGD 1026eec067 PUD 1026f2f067 PMD 0 Oops: 0000 [1] SMP last sysfs file: /block/dm-1/range CPU 0 Modules linked in: ipmi_devintf ipmi_si ipmi_msghandler nfs lockd fscache nfs_acl sunrpc bonding ipv6 xfrm_nalgo crypto_api video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac joydev sg shpchp i2c_nforce2 i2c_core forcedeth dm_snapshot dm_zero dm_mod sata_nv libata mptsas mptscsih mptbase scsi_transport_sas sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 4070, comm: XMLMissingField Not tainted 2.6.18-164.2.1.el5 #1 RIP: 0010:[<ffffffff8837b210>] [<ffffffff8837b210>] :nfs:nfs4_proc_lock+0x21f/0x3ad RSP: 0018:ffff810819bdbdd8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffff810827c52088 RSI: 0000000000000006 RDI: ffff810819bdbe38 RBP: ffff81081a6dfdc0 R08: 0000000000000001 R09: ffff810819bdbd68 R10: ffff810819bdbd68 R11: 00000000000000d0 R12: ffff810827c52088 R13: 0000000000000000 R14: ffff810819a9b930 R15: 0000000000000006 FS: 00002b97d31fc7b0(0000) GS:ffffffff803c1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000030 CR3: 00000010268cb000 CR4: 00000000000006e0 Process XMLMissingField (pid: 4070, threadinfo ffff810819bda000, task ffff810827d6a7e0) Stack: 00000000000003e8 0000000000000000 ffff810819a9b930 ffffffff88373e4f 0000000000000000 0000000000000000 0000000000000000 0000000019a9ba40 ffff810819bdbe18 ffff810819bdbe18 0000000000000000 0000000000000000 Call Trace: [<ffffffff88373e4f>] :nfs:nfs_sync_inode_wait+0x116/0x1db [<ffffffff8836a226>] :nfs:do_setlk+0x55/0x8c [<ffffffff80039e72>] fcntl_setlk+0x11e/0x273 [<ffffffff800b66fa>] audit_syscall_entry+0x180/0x1b3 [<ffffffff8002e5bb>] sys_fcntl+0x269/0x2dc [<ffffffff8005d28d>] tracesys+0xd5/0xe0 Code: 49 8b 45 30 4c 89 e6 4c 89 ef 45 8a 74 24 58 48 8b 40 18 48 RIP [<ffffffff8837b210>] :nfs:nfs4_proc_lock+0x21f/0x3ad RSP <ffff810819bdbdd8> CR2: 0000000000000030 <0>Kernel panic - not syncing: Fatal exception Also see <a href="http://www.spinics.net/linux/lists/linux-nfs/msg03357.html">http://www.spinics.net/linux/lists/linux-nfs/msg03357.html</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Linux | =2.6.18-164.2.1.el5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.genoscope.cns.fr/externe/redhat/XMLMissingField
- http://www.spinics.net/linux/lists/linux-nfs/msg03357.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=367124&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=367124&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=529227
- http://people.redhat.com/jlayton
- http://git.kernel.org/linus/d953126a28f97ec965d23c69fd5795854c048f30
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=529227#c3
- http://kbase.redhat.com/faq/docs/DOC-20536
- https://rhn.redhat.com/errata/RHSA-2009-1635.html
- https://rhn.redhat.com/errata/RHSA-2009-1670.html
- https://rhn.redhat.com/errata/RHSA-2010-0474.html
- https://bugzilla.redhat.com/show_bug.cgi?id=529227
Frequently Asked Questions
What is the severity of REDHAT-BUG-529227?
The severity of REDHAT-BUG-529227 is critical due to its ability to cause kernel panic.
How do I fix REDHAT-BUG-529227?
To fix REDHAT-BUG-529227, it is recommended to update to the latest kernel version that addresses this issue.
What impact does REDHAT-BUG-529227 have on system performance?
REDHAT-BUG-529227 can lead to system instability and crashes, significantly impacting performance due to kernel panic.
Which versions are affected by REDHAT-BUG-529227?
REDHAT-BUG-529227 specifically affects the Red Hat Linux Kernel version 2.6.18-164.2.1.el5.
How can I reproduce the issue in REDHAT-BUG-529227?
The issue in REDHAT-BUG-529227 can be consistently reproduced by executing a particular program from the Arachne suite on an NFSv4 mounted file system.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-3726
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat linux