lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 2 Jan 2018 06:43:47 +0800
From:   kernel test robot <fengguang.wu@...el.com>
To:     Denis Drozdov <denisd@...lanox.com>
Cc:     davem@...emloft.net, jgg@...pe.ca, dledford@...hat.com,
        leonro@...lanox.com, linux-rdma@...r.kernel.org,
        netdev@...r.kernel.org, Denis Drozdov <denisd@...lanox.com>,
        lkp@...org
Subject: [rtnl]  b1585bdfb2: kernel_BUG_at_net/core/dev.c

FYI, we noticed the following commit (built with gcc-7):

commit: b1585bdfb20476e31f11c3fd44faac770325b8c1 ("rtnl: device allocation/free via rtnl_link_ops")
url: https://github.com/0day-ci/linux/commits/Denis-Drozdov/rtnl-device-allocation-free-via-rtnl_link_ops/20180102-043933


in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -m 512M

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------------------+------------+------------+
|                                          | ead68f2161 | b1585bdfb2 |
+------------------------------------------+------------+------------+
| boot_successes                           | 260        | 2          |
| boot_failures                            | 4          | 13         |
| BUG:kernel_hang_in_boot_stage            | 3          |            |
| BUG:kernel_hang_in_test_stage            | 1          |            |
| kernel_BUG_at_net/core/dev.c             | 0          | 13         |
| invalid_opcode:#[##]                     | 0          | 13         |
| RIP:free_netdev                          | 0          | 13         |
| general_protection_fault:#[##]           | 0          | 9          |
| RIP:put_page                             | 0          | 9          |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 13         |
+------------------------------------------+------------+------------+



[   35.401334] kernel BUG at net/core/dev.c:8231!
[   35.402342] invalid opcode: 0000 [#1] SMP
[   35.403055] Modules linked in:
[   35.403636] CPU: 0 PID: 134 Comm: kworker/u2:2 Not tainted 4.15.0-rc4-00203-gb1585bd #74
[   35.404979] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   35.407023] Workqueue: netns cleanup_net
[   35.407760] RIP: 0010:free_netdev+0xde/0xf7
[   35.408491] RSP: 0018:ffffa49a00af7d48 EFLAGS: 00010202
[   35.409356] RAX: 0000000000000004 RBX: ffff8b8ca7856000 RCX: 0000000000000001
[   35.410473] RDX: 0000000000000001 RSI: ffffffff8e0e7e00 RDI: 0000000000000000
[   35.411597] RBP: ffff8b8ca7855fd8 R08: 0000000000000080 R09: 0000000000000004
[   35.412722] R10: 00000000ffffffd2 R11: 0000000000000000 R12: ffff8b8ca7856060
[   35.413847] R13: 00000000fffefd9a R14: 00000000fffefd9a R15: dead000000000100
[   35.414976] FS:  0000000000000000(0000) GS:ffff8b8cbf400000(0000) knlGS:0000000000000000
[   35.416305] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.417242] CR2: 000000000325de08 CR3: 0000000034559000 CR4: 00000000000006f0
[   35.418347] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.419455] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.420576] Call Trace:
[   35.421081]  netdev_run_todo+0x247/0x290
[   35.421770]  ip6_tnl_exit_batch_net+0x150/0x15f
[   35.422549]  cleanup_net+0x19b/0x234
[   35.423195]  process_one_work+0x2b3/0x4c3
[   35.423894]  ? worker_thread+0x1e0/0x25b
[   35.424574]  ? rescuer_thread+0x27a/0x27a
[   35.425274]  worker_thread+0x1a3/0x25b
[   35.425940]  ? rescuer_thread+0x27a/0x27a
[   35.426631]  kthread+0xf5/0xfa
[   35.427199]  ? kthread_create_worker_on_cpu+0x43/0x43
[   35.428056]  ? call_usermodehelper_exec_async+0x118/0x11f
[   35.428954]  ? do_group_exit+0xb2/0xb2
[   35.429618]  ret_from_fork+0x24/0x30
[   35.430266] Code: 00 00 00 74 0c 48 c7 c7 d0 a6 4b 8e e8 4e 5f ff ff 8a 83 80 05 00 00 84 c0 75 0c 48 89 df 5b 5d 41 5c e9 12 ff ff ff 3c 03 74 02 <0f> 0b c6 83 80 05 00 00 04 48 8d bb b0 05 00 00 5b 5d 41 5c e9 
[   35.433215] RIP: free_netdev+0xde/0xf7 RSP: ffffa49a00af7d48
[   35.434198] ---[ end trace def93e3513cf4702 ]---


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script  # job-script is attached in this email



Thanks,
lkp

View attachment "config-4.15.0-rc4-00203-gb1585bd" of type "text/plain" (164659 bytes)

View attachment "job-script" of type "text/plain" (4004 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (27824 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ