Re: [3.4-rc1 crash]: NULL pointer deref in fs/sysfs/group.c:create_files -- sysctl related?

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Bruno Prémont" <bonbons@linux-vserver.org>
To: linux-kernel@vger.kernel.org
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
	Greg KH <gregkh@linuxfoundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [3.4-rc1 crash]: NULL pointer deref in fs/sysfs/group.c:create_files -- sysctl related?
Date: Mon, 2 Apr 2012 16:50:36 +0200	[thread overview]
Message-ID: <20120402165036.2bc987ad@pluto.restena.lu> (raw)
In-Reply-To: <20120402162716.4c93bfd3@pluto.restena.lu>

On Mon, 2 Apr 2012 16:27:16 Bruno Prémont wrote:
> Trying to boot a freshly built 3.4-rc1 (x86_64) kernel I'm getting the following
> trace (server is HP Proliant G4):
> 
> [    0.986317] BUG: unable to handle kernel NULL pointer dereference at           (null)
> [    0.990542] IP: [<ffffffff81152673>] internal_create_group+0x83/0x1a0
> [    0.993693] PGD 0 
> [    0.994682] Oops: 0000 [#1] SMP 
> [    0.996198] CPU 0 
> [    0.996198] Modules linked in:
> [    0.996198] 
> [    0.996198] Pid: 1, comm: swapper/0 Not tainted 3.4.0-rc1-x86_64 #3 HP ProLiant DL360 G4
> [    0.996198] RIP: 0010:[<ffffffff81152673>]  [<ffffffff81152673>] internal_create_group+0x83/0x1a0
> [    0.996198] RSP: 0018:ffff88019485fd70  EFLAGS: 00010202
> [    0.996198] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000001
> [    0.996198] RDX: ffff880192e99908 RSI: ffff880192e99630 RDI: ffffffff81a26c60
> [    0.996198] RBP: ffff88019485fdc0 R08: 0000000000000000 R09: 0000000000000000
> [    0.996198] R10: ffff880192e99908 R11: 0000000000000000 R12: ffffffff81a16a00
> [    0.996198] R13: ffff880192e99908 R14: ffffffff81a16900 R15: 0000000000000000
> [    0.996198] FS:  0000000000000000(0000) GS:ffff88019bc00000(0000) knlGS:0000000000000000
> [    0.996198] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [    0.996198] CR2: 0000000000000000 CR3: 0000000001a0c000 CR4: 00000000000007f0
> [    0.996198] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [    0.996198] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [    0.996198] Process swapper/0 (pid: 1, threadinfo ffff88019485e000, task ffff880194878000)
> [    0.996198] Stack:
> [    0.996198]  ffff88019485fdd0 ffff880192da9d60 0000000000000000 ffff880192e99908
> [    0.996198]  ffff880192e995d8 0000000000000001 ffffffff81a16a00 ffff880192da9d60
> [    0.996198]  0000000000000000 0000000000000000 ffff88019485fdd0 ffffffff811527be
> [    0.996198] Call Trace:
> [    0.996198]  [<ffffffff811527be>] sysfs_create_group+0xe/0x10
> [    0.996198]  [<ffffffff81376ca6>] device_add_groups+0x46/0x80
> [    0.996198]  [<ffffffff81377d3d>] device_add+0x46d/0x6a0
> [    0.996198]  [<ffffffff81377891>] ? device_private_init+0x51/0x90
> [    0.996198]  [<ffffffff81a98975>] ? utsname_sysctl_init+0x14/0x14
> [    0.996198]  [<ffffffff810a7228>] pmu_dev_alloc+0x98/0xe0
> [    0.996198]  [<ffffffff81a98975>] ? utsname_sysctl_init+0x14/0x14
> [    0.996198]  [<ffffffff81a989c0>] perf_event_sysfs_init+0x4b/0x9a
> [    0.996198]  [<ffffffff810002ad>] do_one_initcall+0x3d/0x170
> [    0.996198]  [<ffffffff81a85cbd>] kernel_init+0x12d/0x1be
> [    0.996198]  [<ffffffff81a85505>] ? rdinit_setup+0x28/0x28
> [    0.996198]  [<ffffffff815f3714>] kernel_thread_helper+0x4/0x10
> [    0.996198]  [<ffffffff81a85b90>] ? start_kernel+0x373/0x373
> [    0.996198]  [<ffffffff815f3710>] ? gs_change+0xb/0xb
> [    0.996198] Code: ff 85 c0 0f 85 bc 00 00 00 4c 8b 6d c8 4d 85 ed 74 15 41 8b 45 00 85 c0 0f 84 0b 01 00 00 f0 41 ff 45 00 4c 8b 6d c8 49 8b 5e 10 <48> 8b 03 48 85 c0 74 71 45 31 e4 eb 44 49 8b 46 08 48 85 c0 74 
> [    0.996198] RIP  [<ffffffff81152673>] internal_create_group+0x83/0x1a0
> [    0.996198]  RSP <ffff88019485fd70>
> [    0.996198] CR2: 0000000000000000
> [    1.131357] ---[ end trace 319c95c486d7d9cd ]---
> [    1.133676] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
> [    1.133677] 

The patch below works around it and leaves exactly one trace for WARN_ON() matching
above BUG.
With it, system boots to userspace.

Thanks,
Bruno

---
diff --git a/fs/sysfs/group.c b/fs/sysfs/group.c
index dd1701c..0040ff2 100644
--- a/fs/sysfs/group.c
+++ b/fs/sysfs/group.c
@@ -32,7 +32,8 @@ static int create_files(struct sysfs_dirent *dir_sd, struct kobject *kobj,
 	struct attribute *const* attr;
 	int error = 0, i;
 
-	for (i = 0, attr = grp->attrs; *attr && !error; i++, attr++) {
+	WARN_ON(!grp->attrs);
+	for (i = 0, attr = grp->attrs; attr && *attr && !error; i++, attr++) {
 		umode_t mode = 0;
 
 		/* in update mode, we're changing the permissions or

next prev parent reply	other threads:[~2012-04-03  8:03 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-04-02 14:27 [3.4-rc1 crash]: NULL pointer deref in fs/sysfs/group.c:create_files -- sysctl related? Bruno Prémont
2012-04-02 14:50 ` Bruno Prémont [this message]
2012-04-02 19:01   ` Eric W. Biederman
2012-04-02 19:34     ` Bruno Prémont
2012-04-02 20:04       ` David Ahern
2012-04-03  8:30         ` Jiri Olsa
2012-04-02 21:24       ` Peter Zijlstra
2012-04-02 21:46         ` Peter Zijlstra
2012-04-03  5:38           ` Bruno Prémont
2012-04-03  6:02           ` Ingo Molnar
2012-04-03  6:17             ` [PATCH] Prevent crash on missing sysfs attribute group Bruno Prémont
2012-04-03  6:31               ` Ingo Molnar
2012-04-03  7:11               ` Eric W. Biederman
2012-04-03  7:15                 ` Ingo Molnar
2012-04-03  7:41                   ` [PATCH v2] Prevent crash on unset sysfs group attributes Bruno Prémont
2012-04-03  7:51                     ` Eric W. Biederman
2012-04-03  7:53                     ` Ingo Molnar
2012-04-03  7:59                     ` [PATCH v2a] sysfs: " Bruno Prémont
2012-04-03  8:06                       ` Ingo Molnar
2012-04-03  7:50                   ` [PATCH] Prevent crash on missing sysfs attribute group Eric W. Biederman
2012-04-03  8:04                     ` Ingo Molnar
2012-04-03  8:52                       ` Eric W. Biederman
2012-04-03 10:16                         ` Ingo Molnar
2012-04-03 10:46                           ` Eric W. Biederman
2012-04-03 22:34                             ` Ingo Molnar
2012-04-03 14:27                     ` Peter Zijlstra
2012-04-03 23:22                       ` Eric W. Biederman
2012-04-03 23:26                         ` Greg KH

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:dd1701c dfblob:0040ff2 )
 OR (
bs:"Re: [3.4-rc1 crash]: NULL pointer deref in fs/sysfs/group.c:create_files -- sysctl related?" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120402165036.2bc987ad@pluto.restena.lu \
    --to=bonbons@linux-vserver.org \
    --cc=ebiederm@xmission.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).