lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGKO+35+H3MmkaN1m_PfHi0XhbRvtnSBqm3PDmOhs5YBmAZ1jg@mail.gmail.com>
Date:	Wed, 24 Sep 2014 18:44:08 +0200
From:	Marcin Gibula <m.gibula@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: 3.16.1 - general protection fault

Hi,

I've been playing with 3.16 kernel on my test machine as a KVM
hypervisor and encountered the following crash twice (almost identical
backtraces).

Sep 24 09:39:31 dev4 kernel: general protection fault: 0000 [#1] SMP
Sep 24 09:39:31 dev4 kernel: Modules linked in: ip6table_filter
ip6_tables iptable_filter ebt_arp act_police cls_u32 sch_ingress
cls_fw sch_sfq sch_htb ebt_dnat ebt_ip ebtable_nat ebtables
iptable_raw xt_CT x86_pkg_temp_thermal mpt2sas raid_cla
ss scsi_transport_sas i2c_i801 igb i2c_algo_bit megaraid_sas
Sep 24 09:39:31 dev4 kernel: CPU: 7 PID: 1892 Comm: kworker/7:1 Not
tainted 3.16.1-gentoo #2
Sep 24 09:39:31 dev4 kernel: Hardware name: Supermicro
X9DRW-7TPF+/X9DRW-7TPF+, BIOS 3.0 07/24/2013
Sep 24 09:39:31 dev4 kernel: Workqueue: rpciod rpc_async_schedule
Sep 24 09:39:31 dev4 kernel: task: ffff88102865de80 ti:
ffff88102456c000 task.ti: ffff88102456c000
Sep 24 09:39:31 dev4 kernel: RIP: 0010:[<ffffffff8113421c>]
[<ffffffff8113421c>] __kmalloc_node_track_caller+0xac/0x100
Sep 24 09:39:31 dev4 kernel: RSP: 0018:ffff88102456f958  EFLAGS: 00010246
Sep 24 09:39:31 dev4 kernel: RAX: 0000000000000000 RBX:
ffff8804fa153600 RCX: 000000000040471f
Sep 24 09:39:31 dev4 kernel: RDX: 000000000040471e RSI:
0000000000000000 RDI: 00000000000147c0
Sep 24 09:39:31 dev4 kernel: RBP: ffff88102456f988 R08:
ffff88103fcf47c0 R09: ffffffff8151d1c9
Sep 24 09:39:31 dev4 kernel: R10: ffff88102456fc70 R11:
0000000000000000 R12: 002560400038002c
Sep 24 09:39:31 dev4 kernel: R13: ffff88103f803400 R14:
00000000ffffffff R15: 0000000000010220
Sep 24 09:39:31 dev4 kernel: FS:  0000000000000000(0000)
GS:ffff88103fce0000(0000) knlGS:0000000000000000
Sep 24 09:39:31 dev4 kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Sep 24 09:39:31 dev4 kernel: CR2: 00007fcdf3508000 CR3:
0000001d41163000 CR4: 00000000001427e0
Sep 24 09:39:31 dev4 kernel: Stack:
Sep 24 09:39:31 dev4 kernel: ffffffff8151d1f9 ffff8804fa153600
ffff88102456f9e7 0000000000000020
Sep 24 09:39:31 dev4 kernel: 0000000000000800 00000000ffffffff
ffff88102456f9c8 ffffffff8151d11c
Sep 24 09:39:31 dev4 kernel: ffff88103fcf4790 ffff8804fa153600
0000000000000020 00000000ffffffff
Sep 24 09:39:31 dev4 kernel: Call Trace:
Sep 24 09:39:31 dev4 kernel: [<ffffffff8151d1f9>] ? __alloc_skb+0x79/0x1c0
Sep 24 09:39:31 dev4 kernel: [<ffffffff8151d11c>]
__kmalloc_reserve.isra.41+0x2c/0x90
Sep 24 09:39:31 dev4 kernel: [<ffffffff8151d1f9>] __alloc_skb+0x79/0x1c0
Sep 24 09:39:31 dev4 kernel: [<ffffffff81589fb4>] sk_stream_alloc_skb+0x34/0x100
Sep 24 09:39:31 dev4 kernel: [<ffffffff8158ad07>] tcp_sendmsg+0x667/0xd20
Sep 24 09:39:31 dev4 kernel: [<ffffffff815b11c2>] inet_sendmsg+0x42/0xb0
Sep 24 09:39:31 dev4 kernel: [<ffffffff81513380>] sock_sendmsg+0xa0/0xc0
Sep 24 09:39:31 dev4 kernel: [<ffffffff810a6f31>] ? load_balance+0x151/0x850
Sep 24 09:39:31 dev4 kernel: [<ffffffff815133d2>] kernel_sendmsg+0x32/0x40
Sep 24 09:39:31 dev4 kernel: [<ffffffff81622a09>] xs_send_kvec+0x89/0xa0
Sep 24 09:39:31 dev4 kernel: [<ffffffff81622e5e>] xs_sendpages+0x5e/0x1f0
Sep 24 09:39:31 dev4 kernel: [<ffffffff81623057>] xs_tcp_send_request+0x67/0x120
Sep 24 09:39:31 dev4 kernel: [<ffffffff81620cd0>] xprt_transmit+0x50/0x260
Sep 24 09:39:31 dev4 kernel: [<ffffffff8161dfb8>] call_transmit+0x1a8/0x250
Sep 24 09:39:31 dev4 kernel: [<ffffffff816255a6>] __rpc_execute+0x56/0x280
Sep 24 09:39:31 dev4 kernel: [<ffffffff8108a208>] ?
pwq_activate_delayed_work+0x28/0x40
Sep 24 09:39:31 dev4 kernel: [<ffffffff816257f1>] rpc_async_schedule+0x21/0x30
Sep 24 09:39:31 dev4 kernel: [<ffffffff8108c81b>] process_one_work+0x13b/0x390
Sep 24 09:39:31 dev4 kernel: [<ffffffff8108d17b>] worker_thread+0x11b/0x510
Sep 24 09:39:31 dev4 kernel: [<ffffffff8108d060>] ?
cancel_delayed_work_sync+0x10/0x10
Sep 24 09:39:31 dev4 kernel: [<ffffffff81092b44>] kthread+0xc4/0xe0
Sep 24 09:39:31 dev4 kernel: [<ffffffff81092a80>] ?
kthread_create_on_node+0x170/0x170

This machine is serving as NFS client and KVM hypervisor. I'm still
not sure how to trigger it reliably (right now, I just have to run
ubuntu instalation in VM guest multiple times and sometimes it
triggers).

Attaching .config, slub.s and disassembled __kmalloc_node_track_caller function.

-- 
mg

View attachment "slub-disassembly.txt" of type "text/plain" (4451 bytes)

Download attachment "kernel.config" of type "application/octet-stream" (80364 bytes)

Download attachment "slub.s" of type "application/octet-stream" (273721 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ