On Wed, May 25, 2016 at 2:37 AM, Al Viro <v...@zeniv.linux.org.uk> wrote:
> On Tue, May 24, 2016 at 04:59:02PM +0100, Al Viro wrote:
>
>> Umm... Any chance of getting the function names to go with the addresses?
>> I'll try to reproduce it here, but the things would be easier with that
>> information...
>
> See if this fixes your reproducer.
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index b11945e..49b8eab 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -667,6 +667,9 @@ xattr_resolve_name(const struct xattr_handler **handlers,
> const char **name)
> {
> const struct xattr_handler *handler;
>
> + if (!handlers)
> + return NULL;
> +
> if (!*name)
> return NULL;
>
Tried, but doesn't work.
Here's dmesg with symbols ...
[ 35.565534] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000020
[ 35.566200] IP: [<ffffffff811033a1>] generic_getxattr+0x4f/0x5d
[ 35.566828] PGD 409992067 PUD 409993067 PMD 0
[ 35.567469] Oops: 0000 [#1] SMP
[ 35.568082] Modules linked in: usbhid
[ 35.568731] CPU: 1 PID: 1873 Comm: bash Not tainted 4.6.0 #5
[ 35.569339] Hardware name: LENOVO 20F5000RSG/20F5000RSG, BIOS
R02ET44W (1.17 ) 01/25/2016
[ 35.569981] task: ffff88040c3f2580 ti: ffff88040990c000 task.ti:
ffff88040990c000
[ 35.570603] RIP: 0010:[<ffffffff811033a1>] [<ffffffff811033a1>]
generic_getxattr+0x4f/0x5d
[ 35.571246] RSP: 0018:ffff88040990fdd8 EFLAGS: 00010207
[ 35.571843] RAX: 0000000000000000 RBX: ffff88041043d6c0 RCX: ffffffff819e2917
[ 35.572436] RDX: ffff8804104b4310 RSI: ffff88041043d6c0 RDI: 0000000000000000
[ 35.573085] RBP: ffff8804104b4310 R08: ffff88040990fe0c R09: 0000000000000014
[ 35.573673] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88040990fe0c
[ 35.574257] R13: ffff88040e60a6c0 R14: 0000000000000022 R15: 0000000000000000
[ 35.574868] FS: 00007f092f53e700(0000) GS:ffff880421440000(0000)
knlGS:0000000000000000
[ 35.575446] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 35.576013] CR2: 0000000000000020 CR3: 0000000409991000 CR4: 00000000003406e0
[ 35.576621] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.577186] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.577748] Stack:
[ 35.578342] 0000000000000014 ffffffff819e2917 ffff88040990fe3c
0000000000000000
[ 35.578960] ffff8800d25ce600 ffffffff81299993 ffffffff810c75a2
0000000000000000
[ 35.579583] 0000000000000000 ffff88040e607000 ffffffff81299bc1
0000000000000000
[ 35.580172] Call Trace:
[ 35.580749] [<ffffffff81299993>] ? get_vfs_caps_from_disk+0x51/0xcf
[ 35.581365] [<ffffffff810c75a2>] ? __vma_link_rb+0x58/0x73
[ 35.581933] [<ffffffff81299bc1>] ? cap_bprm_set_creds+0x1b0/0x420
[ 35.582504] [<ffffffff810ecddb>] ? prepare_binprm+0xce/0x107
[ 35.583095] [<ffffffff810ed6ed>] ? do_execveat_common.isra.49+0x3d0/0x5b4
[ 35.583657] [<ffffffff810ed8eb>] ? do_execve+0x1a/0x1c
[ 35.584248] [<ffffffff810edae3>] ? SyS_execve+0x23/0x2a
[ 35.584801] [<ffffffff81001066>] ? do_syscall_64+0x51/0x89
[ 35.585345] [<ffffffff816c1c80>] ? entry_SYSCALL64_slow_path+0x25/0x25
[ 35.585882] Code: 8b b8 a0 00 00 00 e8 6c fc ff ff 4c 8b 04 24 48
3d 00 f0 ff ff 77 19 4d 89 c1 48 8b 4c 24 08 4d 89 e0 48 89 ea 48 89
de 48 89 c7 <ff> 50 20 48 98 48 83 c4 10 5b 5d 41 5c c3 41 54 48 c7 c0
18 4e
[ 35.587155] RIP [<ffffffff811033a1>] generic_getxattr+0x4f/0x5d
[ 35.587776] RSP <ffff88040990fdd8>
[ 35.588351] CR2: 0000000000000020
[ 35.588974] ---[ end trace 1ac6eb2a9a9b2964 ]---
Thanks,
Jeff
