Re: null dereference in binfmt misc

From: Santosh Sivaraj
Date: Tue Oct 10 2017 - 03:00:10 EST

Next message: Mark Brown: "linux-next: build failure after merge of the drm-intel-fixes tree"
Previous message: Johan Hovold: "Re: [PATCH 1/1] driver:garmin gps: use setup_timer"
In reply to: Tycho Andersen: "null dereference in binfmt misc"
Next in thread: Oleg Nesterov: "Re: null dereference in binfmt misc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Tycho Andersen <tycho@xxxxxxxx> wrote (on 2017-10-09 21:19:40 +0000):

> Hi,
>
> It looks like eb23aa031 ("exec: binfmt_misc: remove the confusing
> e->interp_file != NULL checks") uncovered a bug for me (see the trace below,
> which I'm afraid isn't very helpful).
>

I too can reproduce this issue. From 4.14-rc3 the panic happens during every
reboot.

Thanks,
Santosh

> I have a fairly reliable reproducer, but before I dig in, I figured I'd ping
> and see if anyone has any pointers on where to look.
>
> Cheers,
>
> Tycho
>
> Oct 9 20:46:06 criu kernel: [ 35.418432] BUG: unable to handle kernel NULL pointer dereference at 0000000000000013
> Oct 9 20:46:06 criu kernel: [ 35.419751] IP: bm_evict_inode+0x11/0x40
> Oct 9 20:46:06 criu kernel: [ 35.420361] PGD 0 P4D 0
> Oct 9 20:46:06 criu kernel: [ 35.420763] Oops: 0000 [#1] SMP
> Oct 9 20:46:06 criu kernel: [ 35.421258] Modules linked in: xt_mark fuse
> Oct 9 20:46:06 criu kernel: [ 35.421957] CPU: 3 PID: 1902 Comm: zdtm_ct Not tainted 4.14.0-rc4+ #35
> Oct 9 20:46:06 criu kernel: [ 35.422963] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.1-1ubuntu1 04/01/2014
> Oct 9 20:46:06 criu kernel: [ 35.424356] task: ffff880133093200 task.stack: ffffc90000abc000
> Oct 9 20:46:06 criu kernel: [ 35.425312] RIP: 0010:bm_evict_inode+0x11/0x40
> Oct 9 20:46:06 criu kernel: [ 35.426003] RSP: 0018:ffffc90000abfc58 EFLAGS: 00010282
> Oct 9 20:46:06 criu kernel: [ 35.426813] RAX: ffffffff81211740 RBX: 0000000000000000 RCX: 0000000000000000
> Oct 9 20:46:06 criu kernel: [ 35.427916] RDX: 0000000000000001 RSI: 000000000000006b RDI: ffff880129955240
> Oct 9 20:46:06 criu kernel: [ 35.429012] RBP: ffffc90000abfc68 R08: ffff8801344ba330 R09: 00000001820001c5
> Oct 9 20:46:06 criu kernel: [ 35.430147] R10: ffffc90000abfdd0 R11: 0000000000001300 R12: ffff880129955240
> Oct 9 20:46:06 criu kernel: [ 35.431242] R13: ffffffff81820fa0 R14: ffff8801299552c8 R15: ffff8801299e6958
> Oct 9 20:46:06 criu kernel: [ 35.432345] FS: 00007f69f2b03700(0000) GS:ffff880139d80000(0000) knlGS:0000000000000000
> Oct 9 20:46:06 criu kernel: [ 35.433621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> Oct 9 20:46:06 criu kernel: [ 35.434505] CR2: 0000000000000013 CR3: 0000000129220000 CR4: 00000000000006e0
> Oct 9 20:46:06 criu kernel: [ 35.435619] Call Trace:
> Oct 9 20:46:06 criu kernel: [ 35.435998] evict+0xc2/0x190
> Oct 9 20:46:06 criu kernel: [ 35.436450] iput+0x1de/0x230
> Oct 9 20:46:06 criu kernel: [ 35.436901] dentry_unlink_inode+0xbd/0x160
> Oct 9 20:46:06 criu kernel: [ 35.437562] __dentry_kill+0xba/0x160
> Oct 9 20:46:06 criu kernel: [ 35.438114] shrink_dentry_list+0x114/0x2f0
> Oct 9 20:46:06 criu kernel: [ 35.438739] shrink_dcache_parent+0x25/0x80
> Oct 9 20:46:06 criu kernel: [ 35.439365] do_one_tree+0xd/0x50
> Oct 9 20:46:06 criu kernel: [ 35.439874] shrink_dcache_for_umount+0x28/0x80
> Oct 9 20:46:06 criu kernel: [ 35.440551] generic_shutdown_super+0x1a/0x110
> Oct 9 20:46:06 criu kernel: [ 35.441252] kill_litter_super+0x24/0x40
> Oct 9 20:46:06 criu kernel: [ 35.441867] deactivate_locked_super+0x39/0x70
> Oct 9 20:46:06 criu kernel: [ 35.442531] deactivate_super+0x49/0x50
> Oct 9 20:46:06 criu kernel: [ 35.443105] cleanup_mnt+0x3a/0x70
> Oct 9 20:46:06 criu kernel: [ 35.443626] __cleanup_mnt+0xd/0x10
> Oct 9 20:46:06 criu kernel: [ 35.444151] task_work_run+0x9a/0xd0
> Oct 9 20:46:06 criu kernel: [ 35.444690] do_exit+0x313/0xc10
> Oct 9 20:46:06 criu kernel: [ 35.445215] do_group_exit+0x42/0xc0
> Oct 9 20:46:06 criu kernel: [ 35.445751] SyS_exit_group+0xf/0x10
> Oct 9 20:46:06 criu kernel: [ 35.446289] entry_SYSCALL_64_fastpath+0x1a/0xa5
> Oct 9 20:46:06 criu kernel: [ 35.446979] RIP: 0033:0x7f69f25ed748
> Oct 9 20:46:06 criu kernel: [ 35.447530] RSP: 002b:00007fffc9953b08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
> Oct 9 20:46:06 criu kernel: [ 35.448611] RAX: ffffffffffffffda RBX: 00007f69f28e6540 RCX: 00007f69f25ed748
> Oct 9 20:46:06 criu kernel: [ 35.449667] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
> Oct 9 20:46:06 criu kernel: [ 35.450678] RBP: 0000000000000000 R08: 00000000000000e7 R09: ffffffffffffff98
> Oct 9 20:46:06 criu kernel: [ 35.451696] R10: 00007fffc9953a58 R11: 0000000000000246 R12: 00007f69f2b03700
> Oct 9 20:46:06 criu kernel: [ 35.452745] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
> Oct 9 20:46:06 criu kernel: [ 35.453761] Code: 2f fd ff 85 c0 75 08 48 c7 43 30 a0 0f 82 81 5b 5d c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 54 53 48 8b 9f 38 02 00 00 49 89 fc <f6> 43 13 10 74 0b 48 8b 7b 48 31 f6 e8 9e 58 fa ff 4c 89 e7 e8
> Oct 9 20:46:06 criu kernel: [ 35.456484] RIP: bm_evict_inode+0x11/0x40 RSP: ffffc90000abfc58
> Oct 9 20:46:06 criu kernel: [ 35.457326] CR2: 0000000000000013
> Oct 9 20:46:06 criu kernel: [ 35.457807] ---[ end trace 773951adf548e79e ]---

--

Next message: Mark Brown: "linux-next: build failure after merge of the drm-intel-fixes tree"
Previous message: Johan Hovold: "Re: [PATCH 1/1] driver:garmin gps: use setup_timer"
In reply to: Tycho Andersen: "null dereference in binfmt misc"
Next in thread: Oleg Nesterov: "Re: null dereference in binfmt misc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]