63471 – gethostbyname causes kernel NULL pointer

Bug 63471 - gethostbyname causes kernel NULL pointer

Summary: gethostbyname causes kernel NULL pointer

Status:	CLOSED WORKSFORME
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	kernel
Sub Component:	(Show other bugs)
Version:	7.2
Hardware:	i386 Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Arjan van de Ven
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:	63987
TreeView+	depends on / blocked

Reported:	2002-04-14 12:14 UTC by Need Real Name
Modified:	2007-04-18 16:41 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2003-06-08 16:44:54 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Need Real Name 2002-04-14 12:14:17 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)

Description of problem:
Cught this error in my syslog file. System did not crash.
Not clear how this problem happened.
Syslog reported:
Apr 14 06:05:05 mibcentral rpc.statd[673]: gethostbyname error for 
^XC7C?B?^XC7C?B?^YC7C?B?^YC7C?B?^ZC7C?B?^ZC7C?B?^[C7C?B?^[C7C?B?%8x%8x%8x%8x%8x%
8x%8x%8x%
Apr 14 06:35:00 mibcentral kernel: Unable to handle kernel NULL pointer 
dereference at virtual address 00000020
Apr 14 06:35:00 mibcentral kernel:  printing eip:
Apr 14 06:35:00 mibcentral kernel: c01379c7
Apr 14 06:35:00 mibcentral kernel: *pde = 00000000
Apr 14 06:35:00 mibcentral kernel: Oops: 0002
Apr 14 06:35:00 mibcentral kernel: CPU:    0
Apr 14 06:35:00 mibcentral kernel: EIP:    0010:
[__remove_from_lru_list+23/112]    Not tainted
Apr 14 06:35:00 mibcentral kernel: EIP:    0010:[<c01379c7>]    Not tainted
Apr 14 06:35:00 mibcentral kernel: EFLAGS: 00010202
Apr 14 06:35:00 mibcentral kernel: EIP is at __remove_from_lru_list [kernel] 
0x17
Apr 14 06:35:00 mibcentral kernel: eax: 00000004   ebx: d09dbf20   ecx: 
d09dbf80   edx: 00000000
Apr 14 06:35:00 mibcentral kernel: esi: d09dbf80   edi: cfb3d0c0   ebp: 
00000000   esp: dfeddf5c
Apr 14 06:35:00 mibcentral kernel: ds: 0018   es: 0018   ss: 0018
Apr 14 06:35:00 mibcentral kernel: Process kswapd (pid: 5, stackpage=dfedd000)
Apr 14 06:35:00 mibcentral kernel: Stack: c0137aad d09dbf80 00000000 c013a620 
d09dbf80 00000001 c1c0e800 c1467f6c
Apr 14 06:35:00 mibcentral kernel:        00000080 c0138b3a 00000000 c1467f6c 
00000000 00000007 c012eba4 c1467f6c
Apr 14 06:35:00 mibcentral kernel:        00000080 00000000 00000000 00002bc5 
00007227 00000000 00000000 000000c0
Apr 14 06:35:00 mibcentral kernel: Call Trace: [__remove_from_queues+45/48] 
__remove_from_queues [kernel] 0x2d
Apr 14 06:35:00 mibcentral kernel: Call Trace: [<c0137aad>] 
__remove_from_queues [kernel] 0x2d
Apr 14 06:35:00 mibcentral kernel: [try_to_free_buffers+112/272] 
try_to_free_buffers [kernel] 0x70
Apr 14 06:35:00 mibcentral kernel: [<c013a620>] try_to_free_buffers [kernel] 
0x70
Apr 14 06:35:00 mibcentral kernel: [try_to_release_page+58/96] 
try_to_release_page [kernel] 0x3a
Apr 14 06:35:00 mibcentral kernel: [<c0138b3a>] try_to_release_page [kernel] 
0x3a
Apr 14 06:35:00 mibcentral kernel: [page_launder+1108/2368] page_launder 
[kernel] 0x454
Apr 14 06:35:00 mibcentral kernel: [<c012eba4>] page_launder [kernel] 0x454
Apr 14 06:35:00 mibcentral kernel: [do_try_to_free_pages+17/80] 
do_try_to_free_pages [kernel] 0x11
Apr 14 06:35:00 mibcentral kernel: [<c012f411>] do_try_to_free_pages [kernel] 
0x11
Apr 14 06:35:00 mibcentral kernel: [kswapd+85/240] kswapd [kernel] 0x55
Apr 14 06:35:00 mibcentral kernel: [<c012f4a5>] kswapd [kernel] 0x55
Apr 14 06:35:00 mibcentral kernel: [rest_init+0/48] stext [kernel] 0x0
Apr 14 06:35:00 mibcentral kernel: [<c0105000>] stext [kernel] 0x0
Apr 14 06:35:00 mibcentral kernel: [kernel_thread+38/48] kernel_thread [kernel] 
0x26
Apr 14 06:35:00 mibcentral kernel: [<c0105726>] kernel_thread [kernel] 0x26
Apr 14 06:35:00 mibcentral kernel: [kswapd+0/240] kswapd [kernel] 0x0
Apr 14 06:35:00 mibcentral kernel: [<c012f450>] kswapd [kernel] 0x0
Apr 14 06:35:00 mibcentral kernel:
Apr 14 06:35:00 mibcentral kernel:
Apr 14 06:35:00 mibcentral kernel: Code: 89 42 20 8b 41 20 8b 51 24 89 50 24 8b 
44 24 08 8d 14 85 00

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:

Comment 1 Arjan van de Ven 2002-04-14 12:17:04 UTC

 Apr 14 06:05:05 mibcentral rpc.statd[673]: gethostbyname error for 

^XC7C?B?^XC7C?B?^YC7C?B?^YC7C?B?^ZC7C?B?^ZC7C?B?^[C7C?B?^[C7C?B?%8x%8x%8x%8x%8x%
 8x%8x%8x%

is someone trying to hack your system.

Which exact kernel version is this ?

Comment 2 Need Real Name 2002-04-14 19:09:24 UTC

Yes, it looks like it might be a hack attack. Regardless, it looks like the 
kernel gets hit since it logs this error, and I am not sure what the side-
effects might be.
The kernel version is 2.4.9-21.

Comment 3 Need Real Name 2002-04-23 08:43:18 UTC

Is there a fix to avoid the kernel NULL pointer from happening?

Comment 4 Arjan van de Ven 2002-04-23 08:51:00 UTC

Not sure what causes this; you could try upgrading to 2.4.9-31 (there's some
cornercase bugs fixed); however if some hack attack succeeded it could be that
the attackers installed a kernel module; some automated attacks do this ;(

Comment 5 Alan Cox 2003-06-08 16:44:54 UTC

Idle for over a year, many errata released closing..

Note You need to log in before you can comment on or make changes to this bug.