lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <16362151-a014-ea55-6df7-6f8ffae1c93e@ee.oulu.fi>
Date:   Thu, 4 May 2017 20:44:48 +0300
From:   Pekka Pietikäinen <pp@...oulu.fi>
To:     Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org
Subject: [TRACING] NULL pointer dereference shmem_recalc_inode+0x32 from
 free_trace_uprobe+0x41

Trying out latest bcc git, noticing it worked in funny ways and trying 
out the test suite resulted in some failures followed by a nice null 
dereference.

This is on Fedora's 4.10.13-200.fc25.x86_64, which for some reason has " 
** trace_printk() being used. Allocating extra 
memory.                          **
** This means that this is a DEBUG kernel and it is     **
** unsafe for production use."

[78764.996871] eth0: renamed from py_call1_c.in
[78765.094079] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[78765.184680] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[78810.283364] VFS: Busy inodes after unmount of tmpfs. Self-destruct in 
5 seconds.  Have a nice day...
[78811.475428] BUG: unable to handle kernel NULL pointer dereference 
at           (null)
[78811.475478] IP: shmem_recalc_inode+0x32/0xa0
[78811.475496] PGD 0

[78811.475515] Oops: 0000 [#1] SMP
[78811.475529] Modules linked in: cls_bpf xt_nat veth xt_addrtype 
br_netfilter 8021q garp mrp bridge stp llc cmac bnep xt_socket 
nf_socket_ipv4 nf_socket_ipv6 xt_mark iptable_mangle ipt_MASQUERADE 
nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat libcrc32c 
nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack vfat fat arc4 
b43 mac80211 intel_rapl cfg80211 x86_pkg_temp_thermal intel_powerclamp 
coretemp kvm_intel kvm btrfs irqbypass ssb crct10dif_pclmul crc32_pclmul 
mmc_core btusb ghash_clmulni_intel btrtl btbcm intel_cstate btintel 
bluetooth snd_hda_codec_hdmi iTCO_wdt iTCO_vendor_support raid1 
eeepc_wmi asus_wmi sparse_keymap intel_uncore xor mxm_wmi 
snd_hda_codec_realtek snd_hda_codec_generic rfkill snd_hda_intel 
snd_hda_codec intel_rapl_perf snd_hda_core snd_hwdep snd_seq 
snd_seq_device bcma
[78811.480716]  snd_pcm i2c_i801 lpc_ich raid6_pq snd_timer snd mei_me 
soundcore mei ie31200_edac edac_core shpchp tpm_tis tpm_tis_core wmi tpm 
nfsd auth_rpcgss nfs_acl lockd grace sunrpc binfmt_misc 
hid_logitech_hidpp hid_logitech_dj i915 i2c_algo_bit drm_kms_helper 
crc32c_intel drm r8169 mpt3sas e1000e mii raid_class ptp 
scsi_transport_sas pps_core fjes video analog gameport joydev
[78811.483642] CPU: 1 PID: 32313 Comm: python Not tainted 
4.10.13-200.fc25.x86_64 #1
[78811.485120] Hardware name: System manufacturer System Product 
Name/P8Z77-V DELUXE, BIOS 2104 08/13/2013
[78811.486631] task: ffff9218c7404b00 task.stack: ffffb65449318000
[78811.488157] RIP: 0010:shmem_recalc_inode+0x32/0xa0
[78811.489679] RSP: 0018:ffffb6544931ba58 EFLAGS: 00010006
[78811.491187] RAX: 0000000000000017 RBX: ffff9218c8418320 RCX: 
ffffb6544931bb68
[78811.492725] RDX: ffff92190c0a1800 RSI: ffffb6544931ba10 RDI: 
0000000000000000
[78811.494269] RBP: ffffb6544931ba68 R08: ffffb6544931bae8 R09: 
0000000000000001
[78811.495827] R10: ffffb6544931bb68 R11: 0000000000000000 R12: 
0000000000000017
[78811.497411] R13: 0000000000000009 R14: 0000000000000017 R15: 
0000000000000000
[78811.498980] FS:  00007f89743b8700(0000) GS:ffff92191fa40000(0000) 
knlGS:0000000000000000
[78811.500588] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[78811.502213] CR2: 0000000000000000 CR3: 00000002f4650000 CR4: 
00000000001406e0
[78811.503866] Call Trace:
[78811.505528]  shmem_undo_range+0x639/0xc20
[78811.507201]  ? call_rcu_sched+0x1d/0x20
[78811.508895]  shmem_truncate_range+0x14/0x40
[78811.510579]  shmem_evict_inode+0xb1/0x190
[78811.512290]  evict+0xbb/0x1c0
[78811.513986]  iput+0x1b0/0x230
[78811.515683]  free_trace_uprobe+0x41/0x80
[78811.517373]  unregister_trace_uprobe+0x79/0x90
[78811.519057]  create_trace_uprobe+0x22e/0x920
[78811.520771]  ? path_openat+0x6e5/0x1420
[78811.522452]  ? __kmalloc_track_caller+0x120/0x210
[78811.524163]  ? __kmalloc+0x168/0x1f0
[78811.525832]  ? argv_split+0x8b/0x130
[78811.527513]  ? trace_uprobe_register+0x240/0x240
[78811.529193]  traceprobe_command+0x72/0x90
[78811.530855]  traceprobe_probes_write+0x77/0x140

[78811.532560]  ? trace_uprobe_register+0x240/0x240
[78811.534229]  probes_write+0x10/0x20
[78811.535921]  __vfs_write+0x37/0x160
[78811.537566]  ? selinux_file_permission+0xd7/0x110
[78811.539206]  ? security_file_permission+0x3b/0xc0
[78811.540845]  vfs_write+0xb5/0x1a0
[78811.542446]  SyS_write+0x55/0xc0
[78811.544067]  entry_SYSCALL_64_fastpath+0x1a/0xa9
[78811.545659] RIP: 0033:0x7f8973be75c0
[78811.547270] RSP: 002b:00007ffde7187868 EFLAGS: 00000246 ORIG_RAX: 
0000000000000001
[78811.548862] RAX: ffffffffffffffda RBX: 0000556973189830 RCX: 
00007f8973be75c0
[78811.550457] RDX: 000000000000002b RSI: 00007ffde7187870 RDI: 
0000000000000006
[78811.552077] RBP: 00007ffde71879a0 R08: 0000000000000001 R09: 
000000000000002b
[78811.553658] R10: 0000000000000064 R11: 0000000000000246 R12: 
0000000000000000
[78811.555320] R13: 0000000000000002 R14: 00007ffde7187aa0 R15: 
00007ffde7187ac0
[78811.556909] Code: 89 e5 41 54 53 48 8b 47 a8 48 8b 57 30 49 89 c4 4c 
2b 67 b0 4c 2b 62 50 4d 85 e4 7e 30 48 8b 57 28 48 89 fb 48 8b ba 30 04 
00 00 <48> 83 3f 00 75 3e 4c 29 e0 48 89 43 a8 4a 8d 04 e5 00 00 00 00
[78811.558629] RIP: shmem_recalc_inode+0x32/0xa0 RSP: ffffb6544931ba58
[78811.560371] CR2: 0000000000000000
[78811.571515] ---[ end trace 6587169c5c1a1a42 ]---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ