| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Mar 2017 20:54:26 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: netdev@...r.kernel.org
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Daniel Borkmann <daniel@...earbox.net>,
LKML <linux-kernel@...r.kernel.org>, LKP <lkp@...org>
Subject: [net/bpf] 3051bf36c2 BUG: unable to handle kernel paging request at
0000a7cf
Hi all,
Is it BPF triggering BUGs all over the places?
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 3051bf36c25d5153051704291782f8d44e744d36
Merge: 1e74a2e 005c349
Author: Linus Torvalds <torvalds@...ux-foundation.org>
AuthorDate: Wed Feb 22 10:15:09 2017 -0800
Commit: Linus Torvalds <torvalds@...ux-foundation.org>
CommitDate: Wed Feb 22 10:15:09 2017 -0800
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
Pull networking updates from David Miller:
"Highlights:
1) Support TX_RING in AF_PACKET TPACKET_V3 mode, from Sowmini
Varadhan.
2) Simplify classifier state on sk_buff in order to shrink it a bit.
From Willem de Bruijn.
3) Introduce SIPHASH and it's usage for secure sequence numbers and
syncookies. From Jason A. Donenfeld.
4) Reduce CPU usage for ICMP replies we are going to limit or
suppress, from Jesper Dangaard Brouer.
5) Introduce Shared Memory Communications socket layer, from Ursula
Braun.
6) Add RACK loss detection and allow it to actually trigger fast
recovery instead of just assisting after other algorithms have
triggered it. From Yuchung Cheng.
7) Add xmit_more and BQL support to mvneta driver, from Simon Guinot.
8) skb_cow_data avoidance in esp4 and esp6, from Steffen Klassert.
9) Export MPLS packet stats via netlink, from Robert Shearman.
10) Significantly improve inet port bind conflict handling, especially
when an application is restarted and changes it's setting of
reuseport. From Josef Bacik.
11) Implement TX batching in vhost_net, from Jason Wang.
12) Extend the dummy device so that VF (virtual function) features,
such as configuration, can be more easily tested. From Phil
Sutter.
13) Avoid two atomic ops per page on x86 in bnx2x driver, from Eric
Dumazet.
14) Add new bpf MAP, implementing a longest prefix match trie. From
Daniel Mack.
15) Packet sample offloading support in mlxsw driver, from Yotam Gigi.
16) Add new aquantia driver, from David VomLehn.
17) Add bpf tracepoints, from Daniel Borkmann.
18) Add support for port mirroring to b53 and bcm_sf2 drivers, from
Florian Fainelli.
19) Remove custom busy polling in many drivers, it is done in the core
networking since 4.5 times. From Eric Dumazet.
20) Support XDP adjust_head in virtio_net, from John Fastabend.
21) Fix several major holes in neighbour entry confirmation, from
Julian Anastasov.
22) Add XDP support to bnxt_en driver, from Michael Chan.
23) VXLAN offloads for enic driver, from Govindarajulu Varadarajan.
24) Add IPVTAP driver (IP-VLAN based tap driver) from Sainath Grandhi.
25) Support GRO in IPSEC protocols, from Steffen Klassert"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1764 commits)
Revert "ath10k: Search SMBIOS for OEM board file extension"
net: socket: fix recvmmsg not returning error from sock_error
bnxt_en: use eth_hw_addr_random()
bpf: fix unlocking of jited image when module ronx not set
arch: add ARCH_HAS_SET_MEMORY config
net: napi_watchdog() can use napi_schedule_irqoff()
tcp: Revert "tcp: tcp_probe: use spin_lock_bh()"
net/hsr: use eth_hw_addr_random()
net: mvpp2: enable building on 64-bit platforms
net: mvpp2: switch to build_skb() in the RX path
net: mvpp2: simplify MVPP2_PRS_RI_* definitions
net: mvpp2: fix indentation of MVPP2_EXT_GLOBAL_CTRL_DEFAULT
net: mvpp2: remove unused register definitions
net: mvpp2: simplify mvpp2_bm_bufs_add()
net: mvpp2: drop useless fields in mvpp2_bm_pool and related code
net: mvpp2: remove unused 'tx_skb' field of 'struct mvpp2_tx_queue'
net: mvpp2: release reference to txq_cpu[] entry after unmapping
net: mvpp2: handle too large value in mvpp2_rx_time_coal_set()
net: mvpp2: handle too large value handling in mvpp2_rx_pkts_coal_set()
net: mvpp2: remove useless arguments in mvpp2_rx_{pkts, time}_coal_set
...
1e74a2eb1f Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
005c3490e9 Revert "ath10k: Search SMBIOS for OEM board file extension"
3051bf36c2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
+-------------------------------------------------------+------------+------------+------------+
| | 1e74a2eb1f | 005c3490e9 | 3051bf36c2 |
+-------------------------------------------------------+------------+------------+------------+
| boot_successes | 1223 | 1098 | 242 |
| boot_failures | 1 | 126 | 72 |
| BUG:unable_to_handle_kernel | 1 | 117 | 69 |
| Oops | 1 | 126 | 72 |
| EIP:perf_callchain_user | 1 | | |
| Kernel_panic-not_syncing:Fatal_exception | 1 | 121 | 67 |
| EIP:netlink_release | 0 | 20 | 3 |
| EIP:bpf_prog_free | 0 | 22 | 3 |
| EIP:filp_close | 0 | 64 | 23 |
| EIP:netlink_update_listeners | 0 | 10 | 9 |
| EIP:security_inode_getattr | 0 | 2 | |
| EIP:__lock_acquire | 0 | 1 | 11 |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 5 | 4 |
| EIP:__rcu_process_callbacks | 0 | 2 | |
| EIP:__fget_light | 0 | 1 | |
| EIP:__unix_remove_socket | 0 | 0 | 13 |
| INFO:trying_to_register_non-static_key | 0 | 0 | 2 |
| EIP:mnt_want_write_file | 0 | 0 | 1 |
| EIP:skb_dequeue | 0 | 0 | 1 |
| EIP:strlen | 0 | 0 | 1 |
| EIP:__netlink_lookup | 0 | 0 | 2 |
| EIP:vfs_fsync_range | 0 | 0 | 1 |
| EIP:__unix_find_socket_byname | 0 | 0 | 1 |
| EIP:release_sock | 0 | 0 | 1 |
+-------------------------------------------------------+------------+------------+------------+
DANGER: RUNNING AS ROOT.
Unless you are running in a virtual machine, this could cause serious problems such as overwriting CMOS
or similar which could potentially make this machine unbootable without a firmware reset.
ctrl-c now unless you really know what you are doing.
[ 32.906310] BUG: unable to handle kernel paging request at 0000a7cf
[ 32.907583] IP: __unix_remove_socket+0x10/0x50
[ 32.908465] *pde = 00000000
[ 32.908466]
[ 32.909350] Oops: 0002 [#1] DEBUG_PAGEALLOC
[ 32.910011] CPU: 0 PID: 436 Comm: trinity-main Not tainted 4.10.0-04456-g3051bf3 #1
[ 32.910011] task: 4f024000 task.stack: 4fb5c000
[ 32.910011] EIP: __unix_remove_socket+0x10/0x50
[ 32.910011] EFLAGS: 00010206 CPU: 0
[ 32.910011] EAX: 4f255400 EBX: 4f255400 ECX: 0bf2a7cc EDX: 0000a7cf
[ 32.910011] ESI: 4f25577c EDI: 4f255638 EBP: 4fb5de68 ESP: 4fb5de64
[ 32.910011] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[ 32.910011] CR0: 80050033 CR2: 0000a7cf CR3: 0f02a000 CR4: 00000610
[ 32.910011] Call Trace:
[ 32.910011] unix_release_sock+0x2b/0x330
[ 32.910011] ? umount_tree+0x2d0/0x2d0
[ 32.910011] unix_release+0x16/0x30
[ 32.910011] sock_release+0x13/0x70
[ 32.910011] sock_close+0xb/0x10
[ 32.910011] __fput+0xa3/0x1e0
[ 32.910011] ____fput+0x8/0x10
[ 32.910011] task_work_run+0x6f/0xa0
[ 32.910011] do_exit+0x219/0xac0
[ 32.910011] do_group_exit+0x29/0x90
[ 32.910011] SyS_exit_group+0x11/0x20
[ 32.910011] do_fast_syscall_32+0x99/0x220
[ 32.910011] entry_SYSENTER_32+0x4c/0x7b
[ 32.910011] EIP: 0x377c6cc5
[ 32.910011] EFLAGS: 00000216 CPU: 0
[ 32.910011] EAX: ffffffda EBX: 00000000 ECX: 0000002d EDX: 377bd8ac
[ 32.910011] ESI: 00000000 EDI: 00000001 EBP: 3fedfb88 ESP: 3fedfa9c
[ 32.910011] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 007b
[ 32.910011] Code: 5c 24 04 c7 04 24 e8 e1 00 4c e8 e6 49 41 ff e9 7e ff ff ff 8d b4 26 00 00 00 00 8b 50 38 85 d2 74 26 55 89 e5 53 8b 48 34 85 c9 <89> 0a 74 03 89 51 04 89 c3 c7 40 38 00 00 00 00 8b 40 44 83 f8
[ 32.910011] EIP: __unix_remove_socket+0x10/0x50 SS:ESP: 0068:4fb5de64
[ 32.910011] CR2: 000000000000a7cf
[ 32.910011] ---[ end trace 940cd213af55418c ]---
[ 32.910011] Kernel panic - not syncing: Fatal exception
git bisect start d689555ceaa8b31008bda1c5e7a718e7db730148 c470abd4fde40ea6a0846a2beab642a578c0b8cd --
git bisect bad e45cee90c1347f9effa3ba4daa4508716a6bae88 # 02:35 4- 5 Merge 'hp-parisc/for-next' into devel-spot-201702262250
git bisect bad 9540e6d53b057fa1c95ded9fb80c331e4d0faa0a # 02:55 2- 4 Merge 'sound/topic/dollar-cove-ti' into devel-spot-201702262250
git bisect bad 349ed729f948dc7791353cc369b2de59b8e7ed11 # 03:13 27- 9 Merge 'jss-tpmdd/tabrm-v3' into devel-spot-201702262250
git bisect bad 00262ffd474b61eb4a9980751fd8179ffd7447db # 03:47 62- 6 Merge 'linux-review/Julian-Anastasov/ipv4-add-missing-initialization-for-flowi4_uid/20170226-222651' into devel-spot-201702262250
git bisect good b71a4e6d93e06fdcd652d82997c463fac31a58d3 # 04:56 305+ 0 0day base guard for 'devel-spot-201702262250'
git bisect bad 9c4713701c01e4cef6e2315c2818abc919ffb0de # 05:14 5- 4 bpf: Fix bpf_xdp_event_output
git bisect good ff58d005cd10fcd372787cceac547e11cf706ff6 # 06:58 301+ 0 Merge tag 'media/v4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
git bisect good fcdc103dac5bdabddd626a4dfe7e5aa5673a61c4 # 07:57 302+ 0 Merge tag 'linux-can-next-for-4.11-20170206' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next
git bisect good 3105dfb2a99f52c67cd40ec092373081f022ec28 # 09:19 304+ 0 Merge tag 'wireless-drivers-next-for-davem-2017-02-16' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next
git bisect bad ff47d8c05019d6e7753cef270d6399cb5a33be57 # 09:31 2- 3 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
git bisect good 32cc1bb3cdac937d8199013512c79ead259e4b63 # 11:14 303+ 0 Merge branch 'mvpp2-next'
git bisect good 7bb033829ef3ecfc491c0ed0197966e8f197fbdc # 12:28 300+ 0 Merge tag 'rodata-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect good 72a01d0b6afb5862998d84c19ddc9e1c39a9588c # 13:28 303+ 0 s390/qdio: fix up tiqdio_thinint_handler() kerneldoc
git bisect good 549f2bf594782faa440055255831c9a51940a651 # 13:59 310+ 0 s390/mm: add cond_resched call to kernel page table dumper
git bisect good 005c3490e9db23738d91e02788606c0fe4734723 # 14:50 303+ 32 Revert "ath10k: Search SMBIOS for OEM board file extension"
git bisect good 1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3 # 15:37 310+ 0 Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect good 50a0d46c98b72cde3c6945f066c0adf31e4e8590 # 16:34 301+ 1 s390/zcrypt: make ap_bus explicitly non-modular
git bisect good d24b98e3a9c66b16ed029e1b2bcdf3c90e9d82d9 # 17:24 304+ 0 s390/syscall: fix single stepped system calls
git bisect bad 3051bf36c25d5153051704291782f8d44e744d36 # 17:36 22- 8 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
# first bad commit: [3051bf36c25d5153051704291782f8d44e744d36] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
git bisect good 1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3 # 18:33 906+ 1 Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect good 005c3490e9db23738d91e02788606c0fe4734723 # 19:14 905+ 126 Revert "ath10k: Search SMBIOS for OEM board file extension"
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad 3051bf36c25d5153051704291782f8d44e744d36 # 19:22 11- 8 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
# extra tests on HEAD of linux-devel/devel-spot-201702262250
git bisect bad d689555ceaa8b31008bda1c5e7a718e7db730148 # 19:22 0- 6 0day head guard for 'devel-spot-201702262250'
# extra tests on tree/branch linus/master
git bisect bad 2d6be4abf514fc26c83d239c7f31da1f95e4a31d # 19:36 20- 5 Merge tag 'for-linus-4.11' of git://git.code.sf.net/p/openipmi/linux-ipmi
# extra tests on tree/branch linux-next/master
git bisect bad 8d01c069486aca75b8f6018a759215b0ed0c91f0 # 19:47 13- 3 Add linux-next specific files for 20170228
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-quantal-ivb41-127:20170301175555:i386-randconfig-b0-02262304:4.10.0-04456-g3051bf3:1.gz" of type "application/gzip" (18599 bytes)
Download attachment "dmesg-quantal-ivb41-78:20170301182742:i386-randconfig-b0-02262304:4.10.0-02518-g1e74a2e:1.gz" of type "application/gzip" (21082 bytes)
Download attachment "dmesg-quantal-ivb41-100:20170301190328:i386-randconfig-b0-02262304:4.10.0-rc8-02021-g005c349:1.gz" of type "application/gzip" (18811 bytes)
View attachment "reproduce-quantal-ivb41-127:20170301175555:i386-randconfig-b0-02262304:4.10.0-04456-g3051bf3:1" of type "text/plain" (886 bytes)
View attachment "config-4.10.0-04456-g3051bf3" of type "text/plain" (97136 bytes)
Powered by blists - more mailing lists