2.6.37-rc5: NULL pointer oops in selinux_socket_unix_stream_connect

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Jeremy Fitzhardinge <jeremy@goop.org>
To: James Morris <jmorris@namei.org>, Stephen Smalley <sds@tycho.nsa.gov>
Cc: NetDev <netdev@vger.kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: 2.6.37-rc5: NULL pointer oops in selinux_socket_unix_stream_connect
Date: Wed, 08 Dec 2010 13:09:07 -0800	[thread overview]
Message-ID: <4CFFF3F3.90100@goop.org> (raw)

I just got this oops in a freshly booted 2.6.37-rc5 Xen domain, while
sitting idle at the login prompt:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000210
IP: [<ffffffff811d55d4>] selinux_socket_unix_stream_connect+0x29/0xa0
PGD 1c99d067 PUD 1cb03067 PMD 0 
Oops: 0000 [#1] SMP 
last sysfs file: /sys/devices/system/cpu/sched_mc_power_savings
CPU 0 
Modules linked in: sunrpc dm_mirror dm_region_hash dm_log [last unloaded: scsi_wait_scan]

Pid: 2297, comm: at-spi-registry Not tainted 2.6.37-rc5+ #293 /
RIP: e030:[<ffffffff811d55d4>]  [<ffffffff811d55d4>] selinux_socket_unix_stream_connect+0x29/0xa0
RSP: e02b:ffff880006e7dd68  EFLAGS: 00010292
RAX: ffff88001d1ed8c0 RBX: ffff88001d06d9a0 RCX: 0000000000000022
RDX: ffff88001d1ed580 RSI: 0000000000000000 RDI: ffff88001b7d6ac0
RBP: ffff880006e7de18 R08: 00000000ffff0201 R09: ffff88001e78c968
R10: 000000001f47e9c2 R11: ffff88001fbf4400 R12: ffff88001d1ed8c0
R13: ffff88001d1ed580 R14: ffff88001ca00cc0 R15: 0000000000000000
FS:  00007fa643031920(0000) GS:ffff88001ff85000(0000) knlGS:0000000000000000
CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000210 CR3: 000000001d78a000 CR4: 0000000000002660
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process at-spi-registry (pid: 2297, threadinfo ffff880006e7c000, task ffff88001cdd1140)
Stack:
 ffff88001d4c0bc0 000000004cffecc5 ffff880006e7ddc8 ffffffff81028dc5
 ffff8800ffffffff 0001628b2ec3fe22 ffff880006e7dde8 ffff88001d1edb80
 0000000000000001 0000936a4da34099 0000000000000000 00000000000000fa
Call Trace:
 [<ffffffff81028dc5>] ? pvclock_clocksource_read+0x48/0xb1
 [<ffffffff810074ab>] ? xen_clocksource_read+0x20/0x22
 [<ffffffff81008fd9>] ? xen_spin_lock+0xc6/0xd9
 [<ffffffff811d1d1e>] security_unix_stream_connect+0x16/0x18
 [<ffffffff81484366>] unix_stream_connect+0x215/0x3ff
 [<ffffffff813f351d>] sys_connect+0x7a/0xa0
 [<ffffffff8108cd9d>] ? audit_syscall_entry+0x1c2/0x1ee
 [<ffffffff8100bb42>] system_call_fastpath+0x16/0x1b
Code: c9 c3 55 48 89 e5 41 55 41 54 53 48 81 ec 98 00 00 00 0f 1f 44 00 00 b9 22 00 00 00 48 8b 47 20 48 8b 76 20 48 8b 98 10 02 00 00 <4c> 8b a6 10 02 00 00 31 c0 4c 8b aa 10 02 00 00 4c 8d 85 50 ff 
RIP  [<ffffffff811d55d4>] selinux_socket_unix_stream_connect+0x29/0xa0
 RSP <ffff880006e7dd68>
CR2: 0000000000000210
---[ end trace 50030b578c1ee27e ]---

This corresponds to:

(gdb) list *0xffffffff811d55d4
0xffffffff811d55d4 is in selinux_socket_unix_stream_connect (/home/jeremy/git/upstream/security/selinux/hooks.c:3929).
3924	static int selinux_socket_unix_stream_connect(struct socket *sock,
3925						      struct socket *other,
3926						      struct sock *newsk)
3927	{
3928		struct sk_security_struct *sksec_sock = sock->sk->sk_security;
3929		struct sk_security_struct *sksec_other = other->sk->sk_security;
3930		struct sk_security_struct *sksec_new = newsk->sk_security;
3931		struct common_audit_data ad;
3932		int err;
3933	


The system is a somewhat out of date Fedora 13 with
selinux-policy-3.7.19-73.fc13.noarch and
selinux-policy-targeted-3.7.19-73.fc13.noarch installed.

I'm not sure what at-spi-registry is or what it is trying to do here.
The crash seems non-deterministic; I rebooted the domain without any issues.

Thanks,
    J

next             reply	other threads:[~2010-12-08 21:09 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-08 21:09 Jeremy Fitzhardinge [this message]
2010-12-09 19:42 ` 2.6.37-rc5: NULL pointer oops in selinux_socket_unix_stream_connect Paul Moore
2010-12-09 20:49   ` Paul Moore
2010-12-09 21:07     ` Jeremy Fitzhardinge

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4CFFF3F3.90100@goop.org \
    --to=jeremy@goop.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox