lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 7 Dec 2016 20:15:08 +0900
From:   Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:     bigeasy@...utronix.de
Cc:     tglx@...utronix.de, hpa@...or.com, mingo@...nel.org,
        linux-kernel@...r.kernel.org, rostedt@...dmis.org
Subject: [linux-next] tracing/rb: NULL pointer dereference at
 trace_rb_cpu_prepare()

Hello.

----------
[    1.909018] NMI watchdog: disabled (cpu0): hardware events not enabled
[    1.911813] smp: Bringing up secondary CPUs ...
[    1.913965] NMI watchdog: Shutting down hard lockup detector on all cpus
[    1.917208] x86: Booting SMP configuration:
[    1.919148] .... node  #0, CPUs:        #1[    1.921275] Disabled fast string operations
[    1.922792] mce: CPU supports 0 MCE banks
[    1.925033] BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
[    1.928636] IP: trace_rb_cpu_prepare+0xc5/0x170
[    1.930601] PGD 0 [    1.931313]
[    1.932289] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[    1.934234] Modules linked in:
[    1.935721] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.0-rc8-next-20161207 #5
[    1.939107] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[    1.943443] task: ffff88022cff8040 task.stack: ffffc9000000c000
[    1.945860] RIP: 0010:trace_rb_cpu_prepare+0xc5/0x170
[    1.947991] RSP: 0000:ffffc9000000fd20 EFLAGS: 00010202
[    1.950246] RAX: 0000000000000001 RBX: 0000000000000002 RCX: ffff88022e019738
[    1.953094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88022e077dd8
[    1.955911] RBP: ffffc9000000fd50 R08: 0000000000000040 R09: 0000000000000000
[    1.958711] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000002
[    1.961586] R13: ffff88022e01ead0 R14: 0000000000000002 R15: 0000000000000001
[    1.964426] FS:  0000000000000000(0000) GS:ffff88022e600000(0000) knlGS:0000000000000000
[    1.967988] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.970350] CR2: 0000000000000068 CR3: 0000000001c0c000 CR4: 00000000001406f0
[    1.973206] Call Trace:
[    1.974461]  cpuhp_invoke_callback+0x45f/0x9e0
[    1.976422]  ? ring_buffer_record_is_on+0x20/0x20
[    1.978424]  cpuhp_up_callbacks+0x37/0xb0
[    1.980239]  _cpu_up+0x89/0xf0
[    1.981705]  do_cpu_up+0x85/0xb0
[    1.983230]  cpu_up+0x13/0x20
[    1.984645]  smp_init+0x6b/0xcc
[    1.986157]  kernel_init_freeable+0x17d/0x2b1
[    1.988065]  ? kernel_init+0xe/0x110
[    1.989687]  ? _raw_spin_unlock_irq+0x2c/0x40
[    1.991578]  ? rest_init+0x140/0x140
[    1.993215]  kernel_init+0xe/0x110
[    1.994815]  ret_from_fork+0x2a/0x40
[    1.996482] Code: b9 80 3d 20 7d b2 00 00 75 b0 48 89 7d d0 e8 ec 7e 04 00 44 8b 05 30 76 c1 00 48 8b 7d d0 eb 9a 49 8b 4d f8 48 63 f0 48 8b 34 f1 <4c> 39 76 68 74 bf be 02 00 00 00 4e 8d 3c e1 49 8d bd 38 ff ff
[    2.006837] RIP: trace_rb_cpu_prepare+0xc5/0x170 RSP: ffffc9000000fd20
[    2.009441] CR2: 0000000000000068
[    2.011025] ---[ end trace 7da8119e80594e4e ]---
[    2.013058] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[    2.013058]
[    2.027641] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[    2.027641]
----------

----------
    4db8:       eb 9a                   jmp    4d54 <trace_rb_cpu_prepare+0x54>
                /* fill in the size from first enabled cpu */
                if (nr_pages == 0)
                        nr_pages = buffer->buffers[cpu_i]->nr_pages;
                if (nr_pages != buffer->buffers[cpu_i]->nr_pages) {
    4dba:       49 8b 4d f8             mov    -0x8(%r13),%rcx
    4dbe:       48 63 f0                movslq %eax,%rsi
    4dc1:       48 8b 34 f1             mov    (%rcx,%rsi,8),%rsi
    4dc5:       4c 39 76 68             cmp    %r14,0x68(%rsi)                    // trace_rb_cpu_prepare+0xc5 is here.
    4dc9:       74 bf                   je     4d8a <trace_rb_cpu_prepare+0x8a>
    4dcb:       be 02 00 00 00          mov    $0x2,%esi
                }
        }
        /* allocate minimum pages, user can later expand it */
----------

Kernel config is at http://I-love.SAKURA.ne.jp/tmp/config-4.9-rc8-next-20161207
and console log is at http://I-love.SAKURA.ne.jp/tmp/serial-20161207.txt.xz .

Regards.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ