lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 9 Oct 2017 10:47:23 +0800
From:   kernel test robot <xiaolong.ye@...el.com>
To:     Tim Hansen <devtimhansen@...il.com>
Cc:     Tim Hansen <devtimhansen@...il.com>,
        "David S. Miller" <davem@...emloft.net>,
        "open list:NETWORKING [GENERAL]" <netdev@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>, lkp@...org
Subject: [lkp-robot] [net/ipv4]  6daf5023a0: BUG:unable_to_handle_kernel


FYI, we noticed the following commit (built with gcc-6):

commit: 6daf5023a081d8db36c2397f605f3e4152477465 ("net/ipv4: Update sk_for_each_entry_offset_rcu macro to utilize rcu methods hlist_next_rcu. This fixes the warnings thrown by sparse regarding net/ipv4/udp.c on line 1974.")
url: https://github.com/0day-ci/linux/commits/Tim-Hansen/net-ipv4-Update-sk_for_each_entry_offset_rcu-macro-to-utilize-rcu-methods-hlist_next_rcu-This-fixes-the-warnings-thrown-by-sparse-regarding-net-ipv4-udp-c-on-line-1974/20170929-180151


in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -smp 2 -m 512M

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------------+------------+------------+
|                                                       | 14a0d032f4 | 6daf5023a0 |
+-------------------------------------------------------+------------+------------+
| boot_successes                                        | 16         | 6          |
| boot_failures                                         | 4          | 14         |
| BUG:kernel_hang_in_test_stage                         | 4          |            |
| BUG:unable_to_handle_kernel                           | 0          | 14         |
| Oops:#[##]                                            | 0          | 14         |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0          | 14         |
+-------------------------------------------------------+------------+------------+



[   12.177063] BUG: unable to handle kernel NULL pointer dereference at           (null)
[   12.177076] IP: __udp4_lib_rcv+0x39e/0x6a7
[   12.177078] PGD 0 P4D 0 
[   12.177083] Oops: 0000 [#1] SMP
[   12.177086] Modules linked in:
[   12.177092] CPU: 0 PID: 7 Comm: ksoftirqd/0 Not tainted 4.14.0-rc1-00610-g6daf502 #171
[   12.177093] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[   12.177096] task: ffff8dcb7d5381c0 task.stack: ffffa81c801c4000
[   12.177100] RIP: 0010:__udp4_lib_rcv+0x39e/0x6a7
[   12.177101] RSP: 0018:ffffa81c801c7a80 EFLAGS: 00010297
[   12.177104] RAX: 0000000000000000 RBX: ffffffff886367c0 RCX: 0000000000000044
[   12.177106] RDX: 0000000000000000 RSI: ffff8dcb76c34000 RDI: 0000000000000008
[   12.177108] RBP: ffffa81c801c7ae0 R08: ffff8dcb7d5381c0 R09: 0000000000000000
[   12.177110] R10: 000000000202000a R11: ffffffff88c43ea0 R12: ffff8dcb7092f8e2
[   12.177112] R13: 0000000000000000 R14: 00000000000001ff R15: ffff8dcb71506700
[   12.177115] FS:  0000000000000000(0000) GS:ffff8dcb7e000000(0000) knlGS:0000000000000000
[   12.177117] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   12.177119] CR2: 0000000000000000 CR3: 000000003528f000 CR4: 00000000000006f0
[   12.177125] Call Trace:
[   12.177129]  ? __lock_is_held+0x47/0x7a
[   12.177140]  udp_rcv+0x1a/0x1c
[   12.177147]  ip_local_deliver_finish+0x121/0x19e
[   12.177153]  ip_local_deliver+0x63/0x7f
[   12.177157]  ip_rcv_finish+0x32f/0x38f
[   12.177163]  ip_rcv+0x2c3/0x2f8
[   12.177172]  __netif_receive_skb_core+0x3ee/0x6e9
[   12.177179]  ? lock_acquire+0x145/0x1be
[   12.177186]  __netif_receive_skb+0x59/0x5e
[   12.177189]  ? __netif_receive_skb+0x59/0x5e
[   12.177197]  netif_receive_skb_internal+0x5d/0x12a
[   12.177203]  napi_gro_receive+0x109/0x19d
[   12.177210]  e1000_clean_rx_irq+0x33b/0x3ad
[   12.177219]  e1000_clean+0x51d/0x6a3
[   12.177226]  net_rx_action+0x100/0x260
[   12.177236]  __do_softirq+0x1ba/0x432
[   12.177246]  ? cpumask_check+0x12/0x12
[   12.177251]  run_ksoftirqd+0x23/0x5c
[   12.177254]  smpboot_thread_fn+0x1ab/0x1c2
[   12.177262]  kthread+0x141/0x149
[   12.177266]  ? __list_del_entry+0x22/0x22
[   12.177275]  ret_from_fork+0x2a/0x40
[   12.177285] Code: 89 df 89 45 d0 89 ca e8 0b c1 ff ff 44 21 f0 89 45 c8 8b 45 c8 48 8b 7d c0 c7 45 b4 18 00 00 00 48 6b c0 60 48 03 47 08 48 8b 00 <4c> 8b 30 0f b7 45 ba 89 45 a8 4d 85 f6 0f 85 01 01 00 00 8b 7d 
[   12.177351] RIP: __udp4_lib_rcv+0x39e/0x6a7 RSP: ffffa81c801c7a80
[   12.177352] CR2: 0000000000000000
[   12.177359] ---[ end trace 64d907c1299b8d40 ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script  # job-script is attached in this email



Thanks,
Xiaolong

View attachment "config-4.14.0-rc1-00610-g6daf502" of type "text/plain" (163080 bytes)

View attachment "job-script" of type "text/plain" (4113 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (26324 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ