lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 4 Aug 2015 21:45:56 +0200
From:	Nico Schümann <nico.schuemann@...il.com>
To:	linux-kernel@...r.kernel.org
Subject: Re: Unable to handle kernel paging request in ipv6_gso_pull_exthdrs+0x36/0xd0

... in order to provide some more detailed information, the crashing
line translates to

net/ipv6/ip6_offload.c:44

which is
 43                 opth = (void *)skb->data;
 44                 len = ipv6_optlen(opth);

(Thanks, Gmail, for submitting)

I assume skb (a struct sk_buff *) to be stale, but how come?

Nico

2015-08-04 21:45 GMT+02:00 Nico Schümann <nico.schuemann@...il.com>:
> ... in order to provide some more detailed information, the crashing
> line translates to
>
> net/ipv6/ip6_offload.c:44
>
> which is
>
>
>
>
> 2015-08-04 20:16 GMT+02:00 Nico Schümann <nico.schuemann@...il.com>:
>> Hello LKML,
>>
>> I am a bit lost with a kernel crash that has appeared out of the blue
>> and now occurs regularly.
>>
>> I do not know whether this is a hardware-related issue or a kernel
>> bug. I have already disabled gso, gre offloading, ipv6 checksum
>> offloading and tcpv6 offloading via ethtool, but the system still
>> crashes. I have attached the crash dump below and would be happy for
>> any pointer what is going wrong.
>>
>> Thanks in advance
>> Nico Schümann
>>
>> ===
>> [   76.047187] BUG: unable to handle kernel paging request at ffff8800773e1001
>> [   76.068072] IP: [<ffffffff814f1646>] ipv6_gso_pull_exthdrs+0x36/0xd0
>> [   76.087128] PGD 1814067 PUD 1b0f067 PMD 7fc45067 PTE 0
>> [   76.102597] Oops: 0000 [#1] SMP
>> [   76.112294] Modules linked in: xt_physdev xen_netback xen_blkback
>> xen_gntdev xen_evtchn xenfs xen_privcmd bridge stp llc xt_tcpudp
>> nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables
>> nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack
>> iptable_filter ip_tables x_tables nls_utf8 nls_cp437 vfat fat xfs
>> libcrc32c x86_pkg_temp_thermal intel_powerclamp intel_rapl coretemp
>> xen_acpi_processor mii bonding crc32_pclmul ghash_clmulni_intel loop
>> ast ttm drm_kms_helper iTCO_wdt iTCO_vendor_support drm joydev pcspkr
>> i2c_i801 aesni_intel aes_x86_64 evdev lrw gf128mul glue_helper
>> ablk_helper cryptd lpc_ich mfd_core ipmi_watchdog tpm_tis button video
>> battery processor tpm shpchp ipmi_si ipmi_poweroff ipmi_devintf
>> ipmi_msghandler autofs4 hid_generic usbhid hid ext4 crc16 mbcache jbd2
>> dm_mod raid1 md_mod sg sd_mod crc_t10dif crct10dif_generic
>> crct10dif_pclmul crct10dif_common crc32c_intel ahci libahci libata igb
>> i2c_algo_bit i2c_core scsi_mod dca ptp pps_core ehci_pci xhci_hcd
>> ehci_hcd usbcore usb_common fan thermal thermal_sys
>> [   76.386550] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
>> 3.16.0-4-amd64 #1 Debian 3.16.7-ckt11-1+deb8u2
>> [   76.413875] Hardware name: bluechip Computer AG  /X10SLA-F, BIOS
>> 3.0 06/04/2015
>> [   76.435739] task: ffffffff8181a460 ti: ffffffff81800000 task.ti:
>> ffffffff81800000
>> [   76.458123] RIP: e030:[<ffffffff814f1646>]  [<ffffffff814f1646>]
>> ipv6_gso_pull_exthdrs+0x36/0xd0
>> [   76.484434] RSP: e02b:ffff88007f603ae8  EFLAGS: 00010282
>> [   76.500320] RAX: 0000000000000000 RBX: ffff880002a14900 RCX: 00000000ffff05a6
>> [   76.521665] RDX: 00000000fffefaae RSI: 0000000000000000 RDI: 0000000000000af8
>> [   76.543010] RBP: 0000000000000008 R08: 0000000000000140 R09: ffff8800773d0a00
>> [   76.564355] R10: 000000000000ffff R11: 0000000000000040 R12: ffff8800773e1000
>> [   76.585701] R13: 0000000000000000 R14: 0000000000000008 R15: ffffffffffffff9a
>> [   76.607050] FS:  0000000000000000(0000) GS:ffff88007f600000(0000)
>> knlGS:ffff88007f600000
>> [   76.631251] CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [   76.648435] CR2: ffff8800773e1001 CR3: 00000000773f9000 CR4: 0000000000042660
>> [   76.669781] Stack:
>> [   76.675786]  ffff880002a14900 0000000000000001 0000000000000001
>> 0000000000000001
>> [   76.698017]  0000000000000001 ffffffff814f1b50 ffff88007522c3b8
>> ffff88007f692f78
>> [   76.720246]  ffffffff8109dfef ffffffff818ec880 ffff880002a14900
>> 0000000000000001
>> [   76.742473] Call Trace:
>> [   76.749779]  <IRQ>
>> [   76.755527]  [<ffffffff814f1b50>] ? ipv6_gso_segment+0xb0/0x2b0
>> [   76.773804]  [<ffffffff8109dfef>] ? enqueue_task_fair+0x2cf/0xe20
>> [   76.792032]  [<ffffffff8141e384>] ? skb_mac_gso_segment+0x94/0x170
>> [   76.810516]  [<ffffffff8149b474>] ? gre_gso_segment+0x134/0x3e0
>> [   76.828223]  [<ffffffff8148c474>] ? inet_gso_segment+0x134/0x360
>> [   76.846187]  [<ffffffff8141e384>] ? skb_mac_gso_segment+0x94/0x170
>> [   76.864671]  [<ffffffff8141e81a>] ? dev_hard_start_xmit+0x16a/0x560
>> [   76.883416]  [<ffffffff8143ee29>] ? sch_direct_xmit+0xc9/0x1a0
>> [   76.900862]  [<ffffffff8141ee04>] ? __dev_queue_xmit+0x1f4/0x4c0
>> [   76.918828]  [<ffffffffa05a6988>] ? br_dev_queue_push_xmit+0x68/0xa0 [bridge]
>> [   76.940174]  [<ffffffffa05a7e09>] ?
>> br_handle_frame_finish+0x139/0x3c0 [bridge]
>> [   76.962038]  [<ffffffffa05a81d7>] ? br_handle_frame+0x147/0x240 [bridge]
>> [   76.982083]  [<ffffffff8141c9d4>] ? __netif_receive_skb_core+0x1b4/0x750
>> [   77.002129]  [<ffffffff81009f2c>] ? xen_clocksource_get_cycles+0x1c/0x20
>> [   77.022179]  [<ffffffff8141cfef>] ? netif_receive_skb_internal+0x1f/0x90
>> [   77.042244]  [<ffffffff8141d1e5>] ? napi_gro_flush+0x65/0x80
>> [   77.059168]  [<ffffffff8141d219>] ? napi_complete+0x19/0x40
>> [   77.075843]  [<ffffffffa01274e7>] ? igb_poll+0xa17/0xfb0 [igb]
>> [   77.093308]  [<ffffffff8141d380>] ? net_rx_action+0x140/0x240
>> [   77.110491]  [<ffffffff8106c641>] ? __do_softirq+0xf1/0x290
>> [   77.127157]  [<ffffffff8106ca15>] ? irq_exit+0x95/0xa0
>> [   77.142524]  [<ffffffff81358495>] ? xen_evtchn_do_upcall+0x35/0x50
>> [   77.161038]  [<ffffffff8151321e>] ? xen_do_hypervisor_callback+0x1e/0x30
>> [   77.181076]  <EOI>
>> [   77.186822]  [<ffffffff810013aa>] ? xen_hypercall_sched_op+0xa/0x20
>> [   77.206146]  [<ffffffff810013aa>] ? xen_hypercall_sched_op+0xa/0x20
>> [   77.224956]  [<ffffffff81009e0c>] ? xen_safe_halt+0xc/0x20
>> [   77.241360]  [<ffffffff8101ca49>] ? default_idle+0x19/0xb0
>> [   77.257767]  [<ffffffff810a7ff0>] ? cpu_startup_entry+0x340/0x400
>> [   77.275993]  [<ffffffff81903071>] ? start_kernel+0x492/0x49d
>> [   77.292916]  [<ffffffff81902a04>] ? set_init_arg+0x4e/0x4e
>> [   77.309322]  [<ffffffff81904f64>] ? xen_start_kernel+0x569/0x573
>> [   77.327286] Code: 00 00 41 55 41 89 f5 41 54 55 53 48 89 fb eb 44
>> 0f 1f 44 00 00 8b 4b 68 8b 7b 6c 89 ca 29 fa 83 fa 07 76 57 4c 8b a3
>> d8 00 00 00 <41> 0f b6 44 24 01 8d 2c c5 08 00 00 00 39 d5 77 67 29 e9
>> 45 0f
>> [   77.385444] RIP  [<ffffffff814f1646>] ipv6_gso_pull_exthdrs+0x36/0xd0
>> [   77.404737]  RSP <ffff88007f603ae8>
>> [   77.415164] CR2: ffff8800773e1001
>> [   77.425070] ---[ end trace 143743e46af54558 ]---
>> [   77.501130] Kernel panic - not syncing: Fatal exception in interrupt
>> [   77.520191] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation
>> range: 0xffffffff80000000-0xffffffff9fffffff)
>> [   77.550668] drm_kms_helper: panic occurred, switching back to text console
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ