[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEXW_YS7LAin-Buw6PiG4fwCAtO19aWKNqxBkkqFWFuXkZi=_w@mail.gmail.com>
Date: Mon, 27 Feb 2023 10:13:41 -0500
From: Joel Fernandes <joel@...lfernandes.org>
To: Zhouyi Zhou <zhouzhouyi@...il.com>
Cc: Sanan Hasanov <sanan.hasanov@...ghts.ucf.edu>, paulmck@...nel.org,
frederic@...nel.org, quic_neeraju@...cinc.com,
josh@...htriplett.org, rostedt@...dmis.org,
mathieu.desnoyers@...icios.com, jiangshanlai@...il.com,
rcu@...r.kernel.org, linux-kernel@...r.kernel.org,
syzkaller@...glegroups.com, contact@...zz.com
Subject: Re: BUG: unable to handle kernel NULL pointer dereference in rcu_core
On Mon, Feb 27, 2023 at 8:15 AM Joel Fernandes <joel@...lfernandes.org> wrote:
[..]
> >> RSP: 0018:ffffc900003f8e48 EFLAGS: 00010246
> >>
> >> RAX: 0000000000000000 RBX: ffff888100833900 RCX: 00000000b9582f6c
> >> RDX: 1ffff11020106853 RSI: ffffffff816b2769 RDI: ffff888043f64708
> >> RBP: 000000000000000c R08: 0000000000000000 R09: ffffffff900b895f
> >> R10: fffffbfff201712b R11: 000000000008e001 R12: dffffc0000000000
> >> R13: ffffc900003f8ec8 R14: ffff888043f64708 R15: 000000000000000b
> >> FS: 0000000000000000(0000) GS:ffff888119f80000(0000) knlGS:0000000000000000
> >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> >> CR2: ffffffffffffffd6 CR3: 0000000054e64000 CR4: 0000000000350ee0
> >> ----------------
> >> Code disassembly (best guess):
> >> 0: 89 07 mov %eax,(%rdi)
> >> 2: 49 c7 c0 08 00 00 00 mov $0x8,%r8
> >> 9: 4d 29 c8 sub %r9,%r8
> >> c: 4c 01 c7 add %r8,%rdi
> >> f: 4c 29 c2 sub %r8,%rdx
> >> 12: e9 76 ff ff ff jmp 0xffffff8d
> >> 17: cc int3
> >> 18: cc int3
> >> 19: cc int3
> >> 1a: cc int3
> >> 1b: f3 0f 1e fa endbr64
> >> 1f: eb 07 jmp 0x28
> >> 21: 0f 00 2d e3 8a 34 00 verw 0x348ae3(%rip) # 0x348b0b
> >> 28: fb sti
> >> 29: f4 hlt
> >> * 2a: fa cli <-- trapping instruction
>
> This probably happened before the crash and it is likely unrelated IMO. cli just means interrupts were enabled, the actual problem happened after softirq fired (likely at the tail end of the interrupt).
>
And just to correct myself for completeness, CLI clears the IF flag,
which ends up *disabling maskable interrupts*, not enabling. Still, I
can't see that as a possible reason for the crash.
- Joel
Powered by blists - more mailing lists