| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Nov 2017 11:35:34 +0000
From: Jon Maloy <jon.maloy@...csson.com>
To: Tommi Rantala <tommi.t.rantala@...ia.com>,
Ying Xue <ying.xue@...driver.com>,
"David S. Miller" <davem@...emloft.net>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"tipc-discussion@...ts.sourceforge.net"
<tipc-discussion@...ts.sourceforge.net>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: tipc_udp_send_msg oops in 4.4 when setting link tolerance
> -----Original Message-----
> From: netdev-owner@...r.kernel.org [mailto:netdev-
> owner@...r.kernel.org] On Behalf Of Tommi Rantala
> Sent: Tuesday, November 14, 2017 05:16
> To: Jon Maloy <jon.maloy@...csson.com>; Ying Xue
> <ying.xue@...driver.com>; David S. Miller <davem@...emloft.net>;
> netdev@...r.kernel.org; tipc-discussion@...ts.sourceforge.net; linux-
> kernel@...r.kernel.org
> Subject: Re: tipc_udp_send_msg oops in 4.4 when setting link tolerance
>
> On 13.11.2017 23:25, Jon Maloy wrote:
> > Hi Tommi,
> > I am not sure, but is seems like the following patch is what you need:
> > commit 9b3009604b8e ("tipc: add net device to skb before UDP xmit") >
> This was applied in tipc 4.5.
>
> Found it, the missing patch is this one (9b3009604b8e does not help):
>
> commit d01332f1acacc0cb43a61f4244dd2b846d4cd585
> Author: Richard Alpe <richard.alpe@...csson.com>
> Date: Mon Feb 1 08:19:56 2016 +0100
>
> tipc: fix link attribute propagation bug
>
>
> It does not apply as-is to 4.4, so backported it, see below.
> Does it look good? I can send it forward to Greg for inclusion in 4.4.
Yes. I would be very grateful if you do.
>
>
> But with this patch included, I can easily reproduce the "BUG: Bad page state
> in process git" issue also in 4.4 like this:
>
> $ tipc link set tolerance 100 link $LINKNAME $ cd /tmp && git clone
> /path/to/linux-stable
>
> I can try to debug that a bit more to see if I can figure it out.
I would appreciate that. If this turns out to also be an already fixed bug (most likely) you can send that directly to GKH too.
If you find a bug that requires a new patch send it to tipc-discussion for review first.
Finally, I want to say that I very much appreciate users like you, who try solving the problems themselves and contribute to the code.
We are right now in an upgrade phase of TIPC, where we have been/are adding new features to TIPC (overlapping ring neighbor monitoring, group communication, new addressing model, performance improvements...) which inevitably entail some new bugs, but I expect the frequency of these changes/improvements to TIPC go down in a few months, and with that the number of fixes needed.
BR
///jon
>
> -Tommi
>
>
>
> From e1857e6c60355296fd1cbe6e376d8a7265c2b289 Mon Sep 17 00:00:00
> 2001
> From: Richard Alpe <richard.alpe@...csson.com>
> Date: Tue, 14 Nov 2017 11:09:50 +0200
> Subject: [PATCH] tipc: fix link attribute propagation bug
>
> commit d01332f1acacc0cb43a61f4244dd2b846d4cd585 upstream.
>
> [backported to 4.4 by Tommi Rantala]
>
> Changing certain link attributes (link tolerance and link priority) from the TIPC
> management tool is supposed to automatically take effect at both endpoints
> of the affected link.
>
> Currently the media address is not instantiated for the link and is used
> uninstantiated when crafting protocol messages designated for the peer
> endpoint. This means that changing a link property currently results in the
> property being changed on the local machine but the protocol message
> designated for the peer gets lost. Resulting in property discrepancy between
> the endpoints.
>
> In this patch we resolve this by using the media address from the link entry
> and using the bearer transmit function to send it. Hence, we can now
> eliminate the redundant function tipc_link_prot_xmit() and the redundant
> field tipc_link::media_addr.
>
> Fixes: 2af5ae372a4b (tipc: clean up unused code and structures)
> Reviewed-by: Jon Maloy <jon.maloy@...csson.com>
> Reported-by: Jason Hu <huzhijiang@...il.com>
> Signed-off-by: Richard Alpe <richard.alpe@...csson.com>
> Signed-off-by: David S. Miller <davem@...emloft.net>
> Signed-off-by: Tommi Rantala <tommi.t.rantala@...ia.com>
> ---
> net/tipc/link.c | 28 ++++++----------------------
> net/tipc/link.h | 1 -
>
> 2 files changed, 6 insertions(+), 23 deletions(-)
>
>
>
> diff --git a/net/tipc/link.c b/net/tipc/link.c
>
> index 72268eac4ec7..736fffb28ab6 100644
>
> --- a/net/tipc/link.c
>
> +++ b/net/tipc/link.c
>
> @@ -1084,25 +1084,6 @@ drop:
>
> return rc;
>
> }
>
>
>
> -/*
>
> - * Send protocol message to the other endpoint.
>
> - */
>
> -void tipc_link_proto_xmit(struct tipc_link *l, u32 msg_typ, int probe_msg,
> - u32 gap, u32 tolerance, u32 priority)
>
> -{
>
> - struct sk_buff *skb = NULL;
>
> - struct sk_buff_head xmitq;
>
> -
>
> - __skb_queue_head_init(&xmitq);
>
> - tipc_link_build_proto_msg(l, msg_typ, probe_msg, gap,
>
> - tolerance, priority, &xmitq);
>
> - skb = __skb_dequeue(&xmitq);
>
> - if (!skb)
>
> - return;
>
> - tipc_bearer_xmit_skb(l->net, l->bearer_id, skb, l->media_addr);
>
> - l->rcv_unacked = 0;
>
> -}
>
> -
>
> static void tipc_link_build_proto_msg(struct tipc_link *l, int mtyp, bool
> probe,
> u16 rcvgap, int tolerance, int priority,
> struct sk_buff_head *xmitq)
>
> @@ -1636,9 +1617,12 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
> genl_info *info)
> char *name;
>
> struct tipc_link *link;
> struct tipc_node *node;
> + struct sk_buff_head xmitq;
> struct nlattr *attrs[TIPC_NLA_LINK_MAX + 1];
> struct net *net = sock_net(skb->sk);
>
> + __skb_queue_head_init(&xmitq);
> +
> if (!info->attrs[TIPC_NLA_LINK])
> return -EINVAL;
>
> @@ -1683,14 +1667,14 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
> genl_info *info)
>
> tol = nla_get_u32(props[TIPC_NLA_PROP_TOL]);
> link->tolerance = tol;
> - tipc_link_proto_xmit(link, STATE_MSG, 0, 0, tol, 0);
> + tipc_link_build_proto_msg(link, STATE_MSG, 0, 0,
> tol, 0, &xmitq);
> }
> if (props[TIPC_NLA_PROP_PRIO]) {
> u32 prio;
>
> prio = nla_get_u32(props[TIPC_NLA_PROP_PRIO]);
> link->priority = prio;
> - tipc_link_proto_xmit(link, STATE_MSG, 0, 0, 0,
> prio);
> + tipc_link_build_proto_msg(link, STATE_MSG, 0, 0,
> 0, prio, &xmitq);
> }
> if (props[TIPC_NLA_PROP_WIN]) {
> u32 win;
> @@ -1702,7 +1686,7 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
> genl_info *info)
>
> out:
> tipc_node_unlock(node);
> -
> + tipc_bearer_xmit(net, bearer_id, &xmitq,
> &node->links[bearer_id].maddr);
> return res;
> }
>
> diff --git a/net/tipc/link.h b/net/tipc/link.h index
> 66d859b66c84..2a0d58671e88 100644
> --- a/net/tipc/link.h
> +++ b/net/tipc/link.h
> @@ -153,7 +153,6 @@ struct tipc_stats {
> struct tipc_link {
> u32 addr;
> char name[TIPC_MAX_LINK_NAME];
> - struct tipc_media_addr *media_addr;
> struct net *net;
>
> /* Management and link supervision data */
> --
> 2.14.2
>
>
>
>
> >> -----Original Message-----
> >> From: netdev-owner@...r.kernel.org [mailto:netdev-
> >> owner@...r.kernel.org] On Behalf Of Tommi Rantala
> >> Sent: Monday, November 13, 2017 11:23
> >> To: Jon Maloy <jon.maloy@...csson.com>; Ying Xue
> >> <ying.xue@...driver.com>; David S. Miller <davem@...emloft.net>;
> >> netdev@...r.kernel.org; tipc-discussion@...ts.sourceforge.net; linux-
> >> kernel@...r.kernel.org
> >> Subject: tipc_udp_send_msg oops in 4.4 when setting link tolerance
> >>
> >> Hi,
> >>
> >> I always get an instant TIPC oops in 4.4, when I try to set the link tolerance
> >> (with LINKNAME != "broadcast-link"):
> >>
> >> $ tipc link set tolerance 1000 link $LINKNAME
> >>
> >> Any idea what's going on? Some tipc patch missing in 4.4?
> >>
> >> In 4.9 the "tipc" command executes just fine, but I've seen a few times
> that
> >> later some random process crashes with "BUG: Bad page state". KASAN
> does
> >> not report anything before it happens.
> >>
> >> 4.14 is OK, could not reproduce these problems with it.
> >>
> >>
> >>
> >>
> >> tipc_udp_send_msg+0x102/0x4f0
> >>
> >> matches to:
> >> tipc_udp_send_msg at linux-stable/net/tipc/udp_media.c:172
> >>
> >> static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb,
> >> struct tipc_bearer *b,
> >> struct tipc_media_addr *dest) {
> >> int ttl, err = 0;
> >> struct udp_bearer *ub;
> >> struct udp_media_addr *dst = (struct udp_media_addr *)&dest-
> >value;
> >> struct udp_media_addr *src = (struct udp_media_addr *)&b-
> >>> addr.value;
> >> struct rtable *rt;
> >>
> >> if (skb_headroom(skb) < UDP_MIN_HEADROOM) {
> >> err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0,
> >> GFP_ATOMIC);
> >> if (err)
> >> goto tx_error;
> >> }
> >>
> >> skb_set_inner_protocol(skb, htons(ETH_P_TIPC));
> >> ub = rcu_dereference_rtnl(b->media_ptr);
> >> if (!ub) {
> >> err = -ENODEV;
> >> goto tx_error;
> >> }
> >> if (dst->proto == htons(ETH_P_IP)) { <------ HERE
> >>
> >>
> >>
> >> [ 111.423647]
> >>
> ==========================================================
> >> ========
> >> [ 111.424826] BUG: KASAN: null-ptr-deref on address (null)
> >> [ 111.425538] Read of size 2 by task tipc/2643 [ 111.426215] CPU: 3 PID:
> 2643
> >> Comm: tipc Not tainted 4.4.97-pc64 #1 [ 111.428081] 0000000000000000
> >> ffff880026327478 ffffffff8248005e
> >> 0000000000000002
> >> [ 111.429476] ffff880047ad5ac0 ffff8800263274f8 ffffffff8227f5af
> >> 0000000265711040
> >> [ 111.430728] 0000000000000000 0000000000000297 ffffffffa0387fd2
> >> 02090220ffffffff [ 111.432051] Call Trace:
> >> [ 111.432472] [<ffffffff8248005e>] dump_stack+0x86/0xc8 [ 111.433208]
> >> [<ffffffff8227f5af>] kasan_report.part.2+0x41f/0x520 [ 111.434040]
> >> [<ffffffffa0387fd2>] ? tipc_udp_send_msg+0x102/0x4f0 [tipc] [
> 111.434908]
> >> [<ffffffff8227f965>] kasan_report+0x25/0x30 [ 111.435647]
> >> [<ffffffff8227e3a6>] __asan_load2+0x66/0x70 [ 111.436391]
> >> [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [
> 111.437334]
> >> [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.438301]
> >> [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.439328]
> >> [<ffffffff8227e04c>] ?
> >> __kmalloc_node_track_caller+0xac/0x230
> >> [ 111.440493] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> >> 111.441479] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
> >> 111.442628] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> 111.443598]
> >> [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.444610]
> >> [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.445539]
> [<ffffffff8275fab3>]
> >> ? __alloc_skb+0x2b3/0x310 [ 111.446560] [<ffffffff8275f800>] ?
> >> skb_complete_tx_timestamp+0x110/0x110
> >> [ 111.447695] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0
> [
> >> 111.448735] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.449608]
> >> [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.450524]
> >> [<ffffffffa03665e8>] ?
> >> tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.451946]
> >> [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [
> 111.453078]
> >> [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [
> 111.454218]
> >> [<ffffffffa036a4f0>] ?
> >> tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.455542]
> >> [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.456659]
> >> [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
> >> 111.457831] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
> >> 111.458884] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
> >> 111.459931] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.460892]
> >> [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.461948]
> >> [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [
> 111.463107]
> >> [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.463987]
> >> [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> >> [ 111.465048] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
> >> 111.465986] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> >> [ 111.467045] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
> >> 111.468067] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [
> 111.468994]
> >> [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.469939]
> >> [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.470954]
> >> [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.471798]
> [<ffffffff827d0a27>]
> >> netlink_unicast+0x2e7/0x3a0 [ 111.472806] [<ffffffff827d0740>] ?
> >> netlink_attachskb+0x330/0x330 [ 111.473845] [<ffffffff8249b731>] ?
> >> copy_from_iter+0xf1/0x3b0 [ 111.474847] [<ffffffff827d0f8d>]
> >> netlink_sendmsg+0x4ad/0x620 [ 111.475788] [<ffffffff827d0ae0>] ?
> >> netlink_unicast+0x3a0/0x3a0 [ 111.476793] [<ffffffff822c0683>] ?
> >> __fdget+0x13/0x20 [ 111.477723] [<ffffffff82751575>] ?
> >> sockfd_lookup_light+0x95/0xb0 [ 111.478773] [<ffffffff827538fc>]
> >> SYSC_sendto+0x1bc/0x290 [ 111.479659] [<ffffffff82753740>] ?
> >> sock_write_iter+0x200/0x200 [ 111.480692] [<ffffffff822c0683>] ?
> >> __fdget+0x13/0x20 [ 111.481559] [<ffffffff82751575>] ?
> >> sockfd_lookup_light+0x95/0xb0 [ 111.482591] [<ffffffff827caf71>] ?
> >> netlink_getname+0xb1/0x110 [ 111.483570] [<ffffffff82750b0c>] ?
> >> move_addr_to_user+0x5c/0x70 [ 111.484539] [<ffffffff82751706>] ?
> >> SYSC_getsockname+0x176/0x190 [ 111.485540] [<ffffffff82751590>] ?
> >> sockfd_lookup_light+0xb0/0xb0 [ 111.486558] [<ffffffff82753225>] ?
> >> SYSC_bind+0xe5/0x180 [ 111.487548] [<ffffffff82753140>] ?
> >> __sock_recv_ts_and_drops+0x260/0x260
> >> [ 111.488700] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.489596]
> >> [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.490553]
> >> [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.491437]
> >> [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.492505]
> >> [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.493557]
> >> [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.494629]
> >> [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.495588]
> >> [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
> >> [ 111.496697]
> >>
> ==========================================================
> >> ========
> >> [ 111.498005] Disabling lock debugging due to kernel taint [ 111.499059]
> >> BUG: unable to handle kernel NULL pointer dereference at
> >> (null)
> >> [ 111.500698] IP: [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0
> >> [tipc] [ 111.502027] PGD 4b01c067 PUD 1f0a5067 PMD 0 [ 111.503053]
> Oops:
> >> 0000 [#1] SMP KASAN [ 111.503980] Modules linked in: ip6table_mangle
> >> ip6_tables iptable_mangle iptable_filter ip_tables x_tables tipc
> >> ip6_udp_tunnel udp_tunnel fuse isofs aesni_intel aes_x86_64
> glue_helper
> >> lrw gf128mul ablk_helper cryptd ata_piix i6300esb sch_fq_codel
> >> nf_conntrack_proto_sctp nf_conntrack autofs4
> >> [ 111.509927] CPU: 3 PID: 2643 Comm: tipc Tainted: G B
> >> 4.4.97-pc64 #1
> >> [ 111.511249] Hardware name: Fedora Project OpenStack Nova, BIOS
> >> seabios-1.7.5-11.el7.tis.1 04/01/2014
> >> [ 111.512935] task: ffff880047ad5ac0 ti: ffff880026320000 task.ti:
> >> ffff880026320000
> >> [ 111.514283] RIP: 0010:[<ffffffffa0387fd2>] [<ffffffffa0387fd2>]
> >> tipc_udp_send_msg+0x102/0x4f0 [tipc]
> >> [ 111.515960] RSP: 0018:ffff880026327528 EFLAGS: 00010292 [
> 111.516832]
> >> RAX: ffff880047ad5ac0 RBX: ffff880065711040 RCX:
> >> 0000000000000000
> >> [ 111.517992] RDX: 1ffffffff06b9196 RSI: 0000000000000297 RDI:
> >> 0000000000000297
> >> [ 111.519117] RBP: ffff8800263276f0 R08: 0000000000000000 R09:
> >> fffffbfff069f014
> >> [ 111.520228] R10: dffffc0000000001 R11: ffff88006bc02a00 R12:
> >> 1ffff10004c64eb1
> >> [ 111.521361] R13: ffff88005ad07750 R14: 0000000000000000 R15:
> >> ffff88005154d9e0
> >> [ 111.522538] FS: 00007f467f3ac700(0000) GS:ffff88006c380000(0000)
> >> knlGS:0000000000000000
> >> [ 111.523960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
> >> 111.524947] CR2: 0000000000000000 CR3: 000000001f076000 CR4:
> >> 00000000001406e0
> >> [ 111.526084] Stack:
> >> [ 111.526551] 1ffff1000a2c11d8 ffff880026327550 ffffffff8227eb1e
> >> ffff880051608cc0
> >> [ 111.528272] ffff88006bc02a00 ffff880026327560 ffffffff8227edfd
> >> ffff8800263275b0
> >> [ 111.529886] ffffffff8227e04c ffff880026327590 ffffffff8227eb1e
> >> ffffffff832dfec0
> >> [ 111.531535] Call Trace:
> >> [ 111.532106] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> >> 111.533075] [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [
> 111.534041]
> >> [<ffffffff8227e04c>] ?
> >> __kmalloc_node_track_caller+0xac/0x230
> >> [ 111.535102] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> >> 111.536047] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
> >> 111.537186] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> 111.538139]
> >> [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.539106]
> >> [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.539946]
> [<ffffffff8275fab3>]
> >> ? __alloc_skb+0x2b3/0x310 [ 111.540876] [<ffffffff8275f800>] ?
> >> skb_complete_tx_timestamp+0x110/0x110
> >> [ 111.541954] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0
> [
> >> 111.542978] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.543914]
> >> [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.544817]
> >> [<ffffffffa03665e8>] ?
> >> tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.546199]
> >> [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [
> 111.547355]
> >> [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [
> 111.548482]
> >> [<ffffffffa036a4f0>] ?
> >> tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.549763]
> >> [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.550822]
> >> [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
> >> 111.551921] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
> >> 111.552961] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
> >> 111.554010] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.554906]
> >> [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.555954]
> >> [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [
> 111.557104]
> >> [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.557949]
> >> [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> >> [ 111.559030] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
> >> 111.559983] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> >> [ 111.561058] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
> >> 111.562038] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [
> 111.562966]
> >> [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.563930]
> >> [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.564949]
> >> [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.565818]
> [<ffffffff827d0a27>]
> >> netlink_unicast+0x2e7/0x3a0 [ 111.566759] [<ffffffff827d0740>] ?
> >> netlink_attachskb+0x330/0x330 [ 111.567765] [<ffffffff8249b731>] ?
> >> copy_from_iter+0xf1/0x3b0 [ 111.568707] [<ffffffff827d0f8d>]
> >> netlink_sendmsg+0x4ad/0x620 [ 111.569706] [<ffffffff827d0ae0>] ?
> >> netlink_unicast+0x3a0/0x3a0 [ 111.570658] [<ffffffff822c0683>] ?
> >> __fdget+0x13/0x20 [ 111.571548] [<ffffffff82751575>] ?
> >> sockfd_lookup_light+0x95/0xb0 [ 111.572541] [<ffffffff827538fc>]
> >> SYSC_sendto+0x1bc/0x290 [ 111.573459] [<ffffffff82753740>] ?
> >> sock_write_iter+0x200/0x200 [ 111.574435] [<ffffffff822c0683>] ?
> >> __fdget+0x13/0x20 [ 111.575330] [<ffffffff82751575>] ?
> >> sockfd_lookup_light+0x95/0xb0 [ 111.576354] [<ffffffff827caf71>] ?
> >> netlink_getname+0xb1/0x110 [ 111.577371] [<ffffffff82750b0c>] ?
> >> move_addr_to_user+0x5c/0x70 [ 111.578385] [<ffffffff82751706>] ?
> >> SYSC_getsockname+0x176/0x190 [ 111.579407] [<ffffffff82751590>] ?
> >> sockfd_lookup_light+0xb0/0xb0 [ 111.580431] [<ffffffff82753225>] ?
> >> SYSC_bind+0xe5/0x180 [ 111.581369] [<ffffffff82753140>] ?
> >> __sock_recv_ts_and_drops+0x260/0x260
> >> [ 111.582518] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.583450]
> >> [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.584417]
> >> [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.585353]
> >> [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.586405]
> >> [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.587434]
> >> [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.588511]
> >> [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.589378]
> >> [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
> >> [ 111.590420] Code: 00 00 e8 e2 64 ef e1 4c 89 ef 80 a3 93 00 00 00 f7
> >> e8 43 65 ef e1 4d 8b 7d 00 4d 85 ff 0f 84 db 03 00 00 4c 89 f7 e8 6e 63 ef e1
> >> <66> 41 83 3e 08 0f 84 80 01 00 00 48 8d bc 24 20 01 00 00 31 c0 [
> 111.598579]
> >> RIP [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [
> >> 111.599831] RSP <ffff880026327528> [ 111.600538] CR2:
> 0000000000000000 [
> >> 111.601202] ---[ end trace 827dd66f798de44a ]--- [ 111.602025] Kernel
> panic -
> >> not syncing: Fatal exception in interrupt [ 111.614704] Kernel Offset:
> disabled
> >> [ 111.615249] Rebooting in 60 seconds..
> >>
> >>
> >>
> >>
> >>
> >> [ 31.985039] BUG: Bad page state in process ___ pfn:400c0
> >> [ 31.985680] page:ffffea0001003000 count:0 mapcount:0
> >> mapping:000000000000003c index:0x0
> >> [ 31.986619] flags: 0x10000(mappedtodisk)
> >> [ 31.987081] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag
> set
> >> [ 31.987701] bad because of flags: 0x10000(mappedtodisk)
> >> [ 31.988268] Modules linked in: iptable_filter ip_tables x_tables tipc ...
> >> [ 31.991804] CPU: 3 PID: 2716 Not tainted 4.9.52 #1
> >> [ 31.993608] ffffc90003023b28 ffffffff822ee180 ffffea0001003000
> >> ffffffff827b76c8
> >> [ 31.994792] ffffc90003023b50 ffffffff8215c5e4 0000000000010000
> >> ffffea0001000000
> >> [ 31.995986] 0000000000000009 ffffc90003023b60 ffffffff8215c71f
> >> ffffc90003023c28
> >> [ 31.997380] Call Trace:
> >> [ 31.997780] [<ffffffff822ee180>] dump_stack+0x86/0xc6
> >> [ 31.998460] [<ffffffff8215c5e4>] bad_page+0xc4/0x130
> >> [ 31.999160] [<ffffffff8215c71f>] check_new_page_bad+0x5f/0x70
> >> [ 31.999968] [<ffffffff8215fe5a>] get_page_from_freelist+0x7ca/0xb20
> >> [ 32.000782] [<ffffffff8216123c>] __alloc_pages_nodemask+0xdc/0x220
> >> [ 32.001621] [<ffffffff821a4c18>] alloc_fresh_huge_page+0x68/0xc0
> >> [ 32.002407] [<ffffffff821a590f>] set_max_huge_pages+0x4df/0x530
> >> [ 32.003176] [<ffffffff8230698c>] ? _kstrtoull+0x2c/0x70
> >> [ 32.003841] [<ffffffff821a59ec>]
> nr_hugepages_store_common+0x8c/0xf0
> >> [ 32.004619] [<ffffffff821c2626>] ?
> >> mem_cgroup_commit_charge+0x66/0x430
> >> [ 32.005384] [<ffffffff821a5a83>] nr_hugepages_store+0x13/0x20
> >> [ 32.006176] [<ffffffff822f02bf>] kobj_attr_store+0xf/0x20
> >> [ 32.006838] [<ffffffff82237877>] sysfs_kf_write+0x37/0x40
> >> [ 32.007534] [<ffffffff82236bcc>] kernfs_fop_write+0x11c/0x1b0
> >> [ 32.008258] [<ffffffff821c7068>] __vfs_write+0x28/0x120
> >> [ 32.008931] [<ffffffff820fb23d>] ? __audit_syscall_entry+0xad/0xf0
> >> [ 32.009681] [<ffffffff821c7735>] vfs_write+0xb5/0x1a0
> >> [ 32.010308] [<ffffffff821c8a96>] SyS_write+0x46/0xa0
> >> [ 32.010917] [<ffffffff8204b8fa>] ? trace_do_page_fault+0x5a/0x140
> >> [ 32.011741] [<ffffffff82002bfe>] do_syscall_64+0x7e/0x1a0
> >> [ 32.012476] [<ffffffff825dc0c4>]
> entry_SYSCALL64_slow_path+0x25/0x25
> >> [ 32.013244] Disabling lock debugging due to kernel taint
> >> [ 34.055994] ip6_tables: (C) 2000-2006 Netfilter Core Team
> >>
> >>
> >> -Tommi
Powered by blists - more mailing lists