Bug 1075220 - NULL pointer dereference in pids_free on nspawn exit
NULL pointer dereference in pids_free on nspawn exit
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Kernel
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: E-mail List
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-09 17:51 UTC by James Oakley
Modified: 2018-02-08 14:28 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description James Oakley 2018-01-09 17:51:44 UTC
With 4.14.11 I get this crash when exiting a systemd-nspawn container using the ^]^]^] sequence:

[ 4948.471557] BUG: unable to handle kernel NULL pointer dereference at 00000000000000b0
[ 4948.471592] IP: pids_free+0x11/0x40
[ 4948.471599] PGD 0 P4D 0 
[ 4948.471609] Oops: 0000 [#1] PREEMPT SMP PTI
[ 4948.471615] Modules linked in: xt_policy netconsole configfs fuse iptable_filter xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c arptable_filter arp_tables tun veth 8021q garp mrp sch_htb ifb xt_CHECKSUM xt_tcpudp iptable_mangle ip_tables af_packet bridge stp llc iscsi_ibft iscsi_boot_sysfs msr nls_iso8859_1 nls_cp437 snd_hda_codec_realtek vfat snd_hda_codec_generic fat snd_hda_codec_hdmi snd_usb_audio snd_usbmidi_lib snd_hda_intel snd_rawmidi edac_mce_amd snd_seq_device snd_hda_codec snd_hda_core snd_hwdep kvm_amd wmi_bmof snd_pcm kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc pl2303 snd_timer usbserial snd sp5100_tco joydev aesni_intel aes_x86_64 crypto_simd i2c_piix4 pcspkr glue_helper
[ 4948.471686]  cryptd ccp soundcore shpchp wmi tpm_infineon tpm_tis tpm_tis_core gpio_amdpt gpio_generic tpm button acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc hid_generic btrfs xor zstd_decompress zstd_compress xxhash hid_logitech_hidpp hid_logitech_dj usbhid raid6_pq amdkfd amd_iommu_v2 crc32c_intel amdgpu i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm e1000e ptp r8169 xhci_pci pps_core mii xhci_hcd nvme usbcore nvme_core sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua ebtables x_tables efivarfs
[ 4948.471822] CPU: 14 PID: 1 Comm: systemd Tainted: G        W       4.14.11-1-default #1
[ 4948.471835] Hardware name: Gigabyte Technology Co., Ltd. AB350-Gaming/AB350-Gaming-CF, BIOS F5c 06/05/2017
[ 4948.471847] task: ffff97e704b8c040 task.stack: ffffa8f903154000
[ 4948.471859] RIP: 0010:pids_free+0x11/0x40
[ 4948.471866] RSP: 0018:ffffa8f903157d90 EFLAGS: 00010297
[ 4948.471876] RAX: ffff97e9cc7b89f0 RBX: 0000000000000000 RCX: 000000000000000b
[ 4948.471887] RDX: 000000000000000b RSI: 000000000000000d RDI: ffff97ea01343ba8
[ 4948.471896] RBP: ffff97ea01343ba8 R08: 0000000000001000 R09: 0000000000000014
[ 4948.471905] R10: 000055af58f96b10 R11: ffff97ed79dde013 R12: ffffffff9a071f20
[ 4948.471910] R13: ffff97e9cc7b89f0 R14: ffff97ea01343ba8 R15: ffff97ec9fd39980
[ 4948.471922] FS:  00007f57d8a01940(0000) GS:ffff97ed9ef80000(0000) knlGS:0000000000000000
[ 4948.471932] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4948.471941] CR2: 00000000000000b0 CR3: 00000007f95aa000 CR4: 00000000003406e0
[ 4948.471947] Call Trace:
[ 4948.471958]  cgroup_free+0x4c/0xb0
[ 4948.471968]  __put_task_struct+0x3d/0x150
[ 4948.471977]  css_task_iter_next+0x66/0x70
[ 4948.471987]  kernfs_seq_next+0x23/0x50
[ 4948.471994]  ? cgroup_procs_show+0x26/0x30
[ 4948.472002]  seq_read+0x2d8/0x3e0
[ 4948.472012]  __vfs_read+0x23/0x140
[ 4948.472021]  vfs_read+0x89/0x130
[ 4948.472028]  SyS_read+0x42/0x90
[ 4948.472037]  entry_SYSCALL_64_fastpath+0x1e/0x81
[ 4948.472045] Code: df e8 94 fd ff ff 48 8b 9b b0 00 00 00 48 83 bb b0 00 00 00 00 75 e7 5b c3 90 0f 1f 44 00 00 53 48 8b 87 e8 08 00 00 48 8b 58 58 <48> 83 bb b0 00 00 00 00 74 19 48 89 df e8 5d fd ff ff 48 8b 9b 
[ 4948.472112] RIP: pids_free+0x11/0x40 RSP: ffffa8f903157d90
[ 4948.472117] CR2: 00000000000000b0
[ 4948.472131] ---[ end trace 0af43351051abecf ]---
[ 4948.567833] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
Comment 1 Jiri Slaby 2018-02-08 14:28:00 UTC
This should be fixed in 4.14.14 or 4.15, right?