| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <121dc065-89ba-98ab-68ff-e86f1a636b06@redhat.com>
Date: Wed, 13 Dec 2017 09:10:36 -0800
From: Laura Abbott <labbott@...hat.com>
To: Tejun Heo <tj@...nel.org>
Cc: Zefan Li <lizefan@...wei.com>, linux-kernel@...r.kernel.org,
regressions@...mhuis.info
Subject: Re: Crash in cgroup_procs_show
On 12/13/2017 07:29 AM, Tejun Heo wrote:
> Hello, Laura.
>
> On Tue, Dec 12, 2017 at 04:38:33PM -0800, Laura Abbott wrote:
>> Hi,
>>
>> Fedora got a bug report on 4.14.4 of a crash on
>> reboot https://bugzilla.redhat.com/show_bug.cgi?id=1525279
>>
>> BUG: unable to handle kernel NULL pointer dereference at 0000000000000254
>> IP: __task_pid_nr_ns+0xc7/0xf0
>
> Any chance you can map this back to the source line with addr2line?
>
> Thanks.
>
annotated with decode_stacktrace.sh
IP: __task_pid_nr_ns (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/kernel/pid.c:506 /usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/kernel/pid.c:535)
cgroup_procs_show (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/kernel/cgroup/cgroup.c:4240)
cgroup_seqfile_show (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/kernel/cgroup/cgroup.c:3413)
kernfs_seq_show (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/kernfs/file.c:169)
seq_read (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/seq_file.c:269)
kernfs_fop_read (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/kernfs/file.c:252)
__vfs_read (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/read_write.c:416)
? security_file_permission (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/include/linux/fsnotify.h:56 /usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/security/security.c:867)
vfs_read (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/read_write.c:448)
SyS_read (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/read_write.c:574 /usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/read_write.c:566)
entry_SYSCALL_64_fastpath (/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/arch/x86/entry/entry_64.S:206)
All code
========
0: 04 74 add $0x74,%al
2: 0e (bad)
3: 89 f6 mov %esi,%esi
5: 48 8d 04 76 lea (%rsi,%rsi,2),%rax
9: 48 8d 04 c5 f0 05 00 lea 0x5f0(,%rax,8),%rax
10: 00
11: 48 8b bf b8 05 00 00 mov 0x5b8(%rdi),%rdi
18: 48 01 c7 add %rax,%rdi
1b: 31 c0 xor %eax,%eax
1d: 48 8b 0f mov (%rdi),%rcx
20: 48 85 c9 test %rcx,%rcx
23: 74 18 je 0x3d
25: 8b b2 30 08 00 00 mov 0x830(%rdx),%esi
2b:* 3b 71 04 cmp 0x4(%rcx),%esi <-- trapping instruction
2e: 77 0d ja 0x3d
30: 48 c1 e6 05 shl $0x5,%rsi
34: 48 01 f1 add %rsi,%rcx
37: 48 3b 51 38 cmp 0x38(%rcx),%rdx
3b: 74 09 je 0x46
3d: 5d pop %rbp
3e: c3 retq
3f: 8b .byte 0x8b
Code starting with the faulting instruction
===========================================
0: 3b 71 04 cmp 0x4(%rcx),%esi
3: 77 0d ja 0x12
5: 48 c1 e6 05 shl $0x5,%rsi
9: 48 01 f1 add %rsi,%rcx
c: 48 3b 51 38 cmp 0x38(%rcx),%rdx
10: 74 09 je 0x1b
12: 5d pop %rbp
13: c3 retq
14: 8b .byte 0x8b
Powered by blists - more mailing lists