Bug 63471

Summary: gethostbyname causes kernel NULL pointer
Product: [Retired] Red Hat Linux Reporter: Need Real Name <gberthet>
Component: kernelAssignee: Arjan van de Ven <arjanv>
Status: CLOSED WORKSFORME QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.2CC: alan, sct
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-06-08 16:44:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 63987    

Description Need Real Name 2002-04-14 12:14:17 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)

Description of problem:
Cught this error in my syslog file. System did not crash.
Not clear how this problem happened.
Syslog reported:
Apr 14 06:05:05 mibcentral rpc.statd[673]: gethostbyname error for 
^XC7C?B?^XC7C?B?^YC7C?B?^YC7C?B?^ZC7C?B?^ZC7C?B?^[C7C?B?^[C7C?B?%8x%8x%8x%8x%8x%
8x%8x%8x%
Apr 14 06:35:00 mibcentral kernel: Unable to handle kernel NULL pointer 
dereference at virtual address 00000020
Apr 14 06:35:00 mibcentral kernel:  printing eip:
Apr 14 06:35:00 mibcentral kernel: c01379c7
Apr 14 06:35:00 mibcentral kernel: *pde = 00000000
Apr 14 06:35:00 mibcentral kernel: Oops: 0002
Apr 14 06:35:00 mibcentral kernel: CPU:    0
Apr 14 06:35:00 mibcentral kernel: EIP:    0010:
[__remove_from_lru_list+23/112]    Not tainted
Apr 14 06:35:00 mibcentral kernel: EIP:    0010:[<c01379c7>]    Not tainted
Apr 14 06:35:00 mibcentral kernel: EFLAGS: 00010202
Apr 14 06:35:00 mibcentral kernel: EIP is at __remove_from_lru_list [kernel] 
0x17
Apr 14 06:35:00 mibcentral kernel: eax: 00000004   ebx: d09dbf20   ecx: 
d09dbf80   edx: 00000000
Apr 14 06:35:00 mibcentral kernel: esi: d09dbf80   edi: cfb3d0c0   ebp: 
00000000   esp: dfeddf5c
Apr 14 06:35:00 mibcentral kernel: ds: 0018   es: 0018   ss: 0018
Apr 14 06:35:00 mibcentral kernel: Process kswapd (pid: 5, stackpage=dfedd000)
Apr 14 06:35:00 mibcentral kernel: Stack: c0137aad d09dbf80 00000000 c013a620 
d09dbf80 00000001 c1c0e800 c1467f6c
Apr 14 06:35:00 mibcentral kernel:        00000080 c0138b3a 00000000 c1467f6c 
00000000 00000007 c012eba4 c1467f6c
Apr 14 06:35:00 mibcentral kernel:        00000080 00000000 00000000 00002bc5 
00007227 00000000 00000000 000000c0
Apr 14 06:35:00 mibcentral kernel: Call Trace: [__remove_from_queues+45/48] 
__remove_from_queues [kernel] 0x2d
Apr 14 06:35:00 mibcentral kernel: Call Trace: [<c0137aad>] 
__remove_from_queues [kernel] 0x2d
Apr 14 06:35:00 mibcentral kernel: [try_to_free_buffers+112/272] 
try_to_free_buffers [kernel] 0x70
Apr 14 06:35:00 mibcentral kernel: [<c013a620>] try_to_free_buffers [kernel] 
0x70
Apr 14 06:35:00 mibcentral kernel: [try_to_release_page+58/96] 
try_to_release_page [kernel] 0x3a
Apr 14 06:35:00 mibcentral kernel: [<c0138b3a>] try_to_release_page [kernel] 
0x3a
Apr 14 06:35:00 mibcentral kernel: [page_launder+1108/2368] page_launder 
[kernel] 0x454
Apr 14 06:35:00 mibcentral kernel: [<c012eba4>] page_launder [kernel] 0x454
Apr 14 06:35:00 mibcentral kernel: [do_try_to_free_pages+17/80] 
do_try_to_free_pages [kernel] 0x11
Apr 14 06:35:00 mibcentral kernel: [<c012f411>] do_try_to_free_pages [kernel] 
0x11
Apr 14 06:35:00 mibcentral kernel: [kswapd+85/240] kswapd [kernel] 0x55
Apr 14 06:35:00 mibcentral kernel: [<c012f4a5>] kswapd [kernel] 0x55
Apr 14 06:35:00 mibcentral kernel: [rest_init+0/48] stext [kernel] 0x0
Apr 14 06:35:00 mibcentral kernel: [<c0105000>] stext [kernel] 0x0
Apr 14 06:35:00 mibcentral kernel: [kernel_thread+38/48] kernel_thread [kernel] 
0x26
Apr 14 06:35:00 mibcentral kernel: [<c0105726>] kernel_thread [kernel] 0x26
Apr 14 06:35:00 mibcentral kernel: [kswapd+0/240] kswapd [kernel] 0x0
Apr 14 06:35:00 mibcentral kernel: [<c012f450>] kswapd [kernel] 0x0
Apr 14 06:35:00 mibcentral kernel:
Apr 14 06:35:00 mibcentral kernel:
Apr 14 06:35:00 mibcentral kernel: Code: 89 42 20 8b 41 20 8b 51 24 89 50 24 8b 
44 24 08 8d 14 85 00

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Arjan van de Ven 2002-04-14 12:17:04 UTC 
 Apr 14 06:05:05 mibcentral rpc.statd[673]: gethostbyname error for 

^XC7C?B?^XC7C?B?^YC7C?B?^YC7C?B?^ZC7C?B?^ZC7C?B?^[C7C?B?^[C7C?B?%8x%8x%8x%8x%8x%
 8x%8x%8x%

is someone trying to hack your system.

Which exact kernel version is this ?
Comment 2 Need Real Name 2002-04-14 19:09:24 UTC 
Yes, it looks like it might be a hack attack. Regardless, it looks like the 
kernel gets hit since it logs this error, and I am not sure what the side-
effects might be.
The kernel version is 2.4.9-21.
Comment 3 Need Real Name 2002-04-23 08:43:18 UTC 
Is there a fix to avoid the kernel NULL pointer from happening?
Comment 4 Arjan van de Ven 2002-04-23 08:51:00 UTC 
Not sure what causes this; you could try upgrading to 2.4.9-31 (there's some
cornercase bugs fixed); however if some hack attack succeeded it could be that
the attackers installed a kernel module; some automated attacks do this ;(
Comment 5 Alan Cox 2003-06-08 16:44:54 UTC 
Idle for over a year, many errata released closing..