Re: Crash in cgroup_procs_show

[Laura Abbott]

On 12/13/2017 07:29 AM, Tejun Heo wrote:

Hello, Laura.

On Tue, Dec 12, 2017 at 04:38:33PM -0800, Laura Abbott wrote:

Hi,

Fedora got a bug report on 4.14.4 of a crash on
reboot https://bugzilla.redhat.com/show_bug.cgi?id=1525279

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000254
  IP: __task_pid_nr_ns+0xc7/0xf0

Any chance you can map this back to the source line with addr2line?

Thanks.

annotated with decode_stacktrace.sh


IP: __task_pid_nr_ns 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/kernel/pid.c:506 
/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/kernel/pid.c:535)

cgroup_procs_show 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/kernel/cgroup/cgroup.c:4240)
cgroup_seqfile_show 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/kernel/cgroup/cgroup.c:3413)
kernfs_seq_show 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/kernfs/file.c:169)
seq_read 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/seq_file.c:269)
kernfs_fop_read 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/kernfs/file.c:252)
__vfs_read 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/read_write.c:416)
? security_file_permission 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/include/linux/fsnotify.h:56
 
/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/security/security.c:867)
vfs_read 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/read_write.c:448)
SyS_read 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/read_write.c:574
 
/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/fs/read_write.c:566)
entry_SYSCALL_64_fastpath 
(/usr/src/debug/kernel-4.14.fc26/linux-4.14.4-200.fc26.x86_64/arch/x86/entry/entry_64.S:206)

All code
========
   0:   04 74                   add    $0x74,%al
   2:   0e                      (bad)
   3:   89 f6                   mov    %esi,%esi
   5:   48 8d 04 76             lea    (%rsi,%rsi,2),%rax
   9:   48 8d 04 c5 f0 05 00    lea    0x5f0(,%rax,8),%rax
  10:   00
  11:   48 8b bf b8 05 00 00    mov    0x5b8(%rdi),%rdi
  18:   48 01 c7                add    %rax,%rdi
  1b:   31 c0                   xor    %eax,%eax
  1d:   48 8b 0f                mov    (%rdi),%rcx
  20:   48 85 c9                test   %rcx,%rcx
  23:   74 18                   je     0x3d
  25:   8b b2 30 08 00 00       mov    0x830(%rdx),%esi
  2b:*  3b 71 04                cmp    0x4(%rcx),%esi           <-- trapping 
instruction
  2e:   77 0d                   ja     0x3d
  30:   48 c1 e6 05             shl    $0x5,%rsi
  34:   48 01 f1                add    %rsi,%rcx
  37:   48 3b 51 38             cmp    0x38(%rcx),%rdx
  3b:   74 09                   je     0x46
  3d:   5d                      pop    %rbp
  3e:   c3                      retq
  3f:   8b                      .byte 0x8b

Code starting with the faulting instruction
===========================================
   0:   3b 71 04                cmp    0x4(%rcx),%esi
   3:   77 0d                   ja     0x12
   5:   48 c1 e6 05             shl    $0x5,%rsi
   9:   48 01 f1                add    %rsi,%rcx
   c:   48 3b 51 38             cmp    0x38(%rcx),%rdx
  10:   74 09                   je     0x1b
  12:   5d                      pop    %rbp
  13:   c3                      retq
  14:   8b                      .byte 0x8b