| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200724142703.GE1850@shao2-debian>
Date: Fri, 24 Jul 2020 22:27:03 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: Christoph Hellwig <hch@....de>
Cc: "David S. Miller" <davem@...emloft.net>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
ltp@...ts.linux.it
Subject: [sctp] ebb25defdc: kernel_BUG_at_mm/slub.c
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: ebb25defdc17b594715418f1aa99eeb9a217cf1f ("sctp: pass a kernel pointer to sctp_setsockopt_delayed_ack")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: ltp
with following parameters:
test: net.sctp
test-description: The LTP testsuite contains a collection of tools for testing the Linux kernel and related features.
test-url: http://linux-test-project.github.io/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------------+------------+------------+
| | 9b7b0d1a39 | ebb25defdc |
+-------------------------------------------------------+------------+------------+
| boot_successes | 252 | 203 |
| boot_failures | 2 | 45 |
| BUG:kernel_reboot-without-warning_in_test_stage | 1 | 2 |
| BUG:kernel_hang_in_boot_stage | 1 | |
| BUG:Bad_page_state_in_process | 0 | 2 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 10 |
| Oops:#[##] | 0 | 10 |
| RIP:aa_get_task_label | 0 | 5 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 7 |
| kernel_BUG_at_mm/slub.c | 0 | 23 |
| invalid_opcode:#[##] | 0 | 23 |
| RIP:kfree | 0 | 23 |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0 | 26 |
| WARNING:at_lib/refcount.c:#refcount_warn_saturate | 0 | 8 |
| RIP:refcount_warn_saturate | 0 | 8 |
| RIP:__kmalloc | 0 | 5 |
+-------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>
[ 102.623133] LTP: starting test_sockopt
[ 102.635099] sctp: [Deprecated]: test_sockopt (pid 2761) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 102.635099] Use struct sctp_sack_info instead
[ 102.644079] sctp: [Deprecated]: test_sockopt (pid 2761) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 102.644079] Use struct sctp_sack_info instead
[ 102.654706] sctp: [Deprecated]: test_sockopt (pid 2761) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 102.654706] Use struct sctp_sack_info instead
[ 102.666373] LTP: starting test_sockopt_v6
[ 102.677207] sctp: [Deprecated]: test_sockopt_v6 (pid 2762) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 102.677207] Use struct sctp_sack_info instead
[ 102.708095] sctp: [Deprecated]: test_sockopt_v6 (pid 2762) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 102.708095] Use struct sctp_sack_info instead
[ 102.735645] sctp: [Deprecated]: test_sockopt_v6 (pid 2762) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 102.735645] Use struct sctp_sack_info instead
[ 102.743112] LTP: starting test_tcp_style
[ 102.751817] ------------[ cut here ]------------
[ 102.754011] kernel BUG at mm/slub.c:4045!
[ 102.755765] invalid opcode: 0000 [#1] SMP PTI
[ 102.758006] CPU: 6 PID: 2763 Comm: test_tcp_style Not tainted 5.8.0-rc4-01535-gebb25defdc17b5 #1
[ 102.760594] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 102.764525] RIP: 0010:kfree+0x1a7/0x210
[ 102.766545] Code: 97 fe ff ff 48 8b 45 00 45 31 e4 a9 00 00 01 00 74 05 44 0f b6 65 51 48 8b 45 00 a9 00 00 01 00 75 0a 48 8b 45 08 a8 01 75 02 <0f> 0b 48 8b 45 00 44 89 e1 ba ff ff ff ff be 06 00 00 00 d3 e2 48
[ 102.774951] RSP: 0018:ffffa9dfc01b4a08 EFLAGS: 00010246
[ 102.778264] RAX: fffff93b8b490008 RBX: ffff9a6c00000000 RCX: ffff9a6a07c76000
[ 102.782073] RDX: 0000000000000000 RSI: ffff9a6c89772658 RDI: ffff9a6c00000000
[ 102.785677] RBP: fffff93b8c000000 R08: ffffa9dfc01b49f8 R09: ffff9a6a07d97480
[ 102.789285] R10: ffff9a6a07c06bc0 R11: ffffa9dfc01b4c38 R12: 0000000000000000
[ 102.792764] R13: ffffa9dfc01b4b18 R14: ffff9a6c8977f380 R15: ffff9a6a07c76578
[ 102.796291] FS: 00007f31d004e740(0000) GS:ffff9a6d3fd80000(0000) knlGS:0000000000000000
[ 102.800176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 102.803217] CR2: 0000560c57c86128 CR3: 0000000398a56000 CR4: 00000000000406e0
[ 102.806768] Call Trace:
[ 102.809141] <IRQ>
[ 102.811282] sctp_association_free+0xa8/0x210 [sctp]
[ 102.814136] sctp_cmd_interpreter+0x1385/0x1b90 [sctp]
[ 102.817352] ? sctp_sf_do_5_1B_init+0x2bb/0x3c0 [sctp]
[ 102.820407] sctp_do_sm+0xcf/0x290 [sctp]
[ 102.823092] ? sctp_has_association+0x50/0x50 [sctp]
[ 102.825975] ? sctp_has_association+0x50/0x50 [sctp]
[ 102.828967] ? sctp_packet_transmit+0x207/0x390 [sctp]
[ 102.831932] ? sctp_is_any+0x19/0x50 [sctp]
[ 102.834456] ? sctp_v6_to_addr_param+0x30/0x30 [sctp]
[ 102.837637] ? sctp_inet6_cmp_addr+0x66/0xc0 [sctp]
[ 102.840764] ? __sctp_v6_cmp_addr+0x60/0xd0 [sctp]
[ 102.843751] ? sctp_bind_addr_match+0x46/0x70 [sctp]
[ 102.846904] ? sctp_cmp_addr_exact+0x16/0x40 [sctp]
[ 102.849959] ? sctp_inet_skb_msgname+0x60/0x60 [sctp]
[ 102.852930] ? sctp_bind_addr_match+0x46/0x70 [sctp]
[ 102.855945] ? sctp_addrs_lookup_transport+0x65/0x160 [sctp]
[ 102.859042] sctp_endpoint_bh_rcv+0x110/0x230 [sctp]
[ 102.862218] sctp_rcv+0x413/0xa60 [sctp]
[ 102.864864] ip_protocol_deliver_rcu+0x189/0x1b0
[ 102.867464] ip_local_deliver_finish+0x4b/0x60
[ 102.870027] ip_local_deliver+0x6f/0x110
[ 102.872523] ? ip_rcv_finish+0x66/0xa0
[ 102.874949] ip_rcv+0xd1/0xe0
[ 102.877254] __netif_receive_skb_one_core+0x87/0xa0
[ 102.879744] process_backlog+0x9f/0x150
[ 102.882081] net_rx_action+0x13b/0x3b0
[ 102.884271] __do_softirq+0xe8/0x30f
[ 102.886353] asm_call_on_stack+0x12/0x20
[ 102.888552] </IRQ>
[ 102.890363] do_softirq_own_stack+0x39/0x50
[ 102.892664] do_softirq+0x2b/0x30
[ 102.894808] __local_bh_enable_ip+0x4b/0x50
[ 102.897163] ip_finish_output2+0x1af/0x590
[ 102.899441] ? __ip_finish_output+0x108/0x1e0
[ 102.901778] ip_output+0x76/0x110
[ 102.903769] ? __ip_finish_output+0x1e0/0x1e0
[ 102.905969] __ip_queue_xmit+0x173/0x430
[ 102.908089] ? __alloc_skb+0x96/0x1d0
[ 102.910022] sctp_packet_transmit+0x207/0x390 [sctp]
[ 102.912500] sctp_outq_flush_ctrl+0x19a/0x2b0 [sctp]
[ 102.915129] ? sctp_cmd_interpreter+0xdff/0x1b90 [sctp]
[ 102.917685] sctp_outq_flush+0x66/0x8d0 [sctp]
[ 102.919968] ? lock_timer_base+0x61/0x80
[ 102.922048] sctp_cmd_interpreter+0xdff/0x1b90 [sctp]
[ 102.924475] ? check_preempt_wakeup+0x17f/0x230
[ 102.926698] sctp_do_sm+0xcf/0x290 [sctp]
[ 102.928713] ? sctp_cname+0x90/0x90 [sctp]
[ 102.930834] ? try_to_wake_up+0x21b/0x530
[ 102.932826] ? chacha_block_generic+0x6c/0xb0
[ 102.934899] ? __queue_work+0x14b/0x420
[ 102.937061] ? sctp_hash_transport+0x44b/0x490 [sctp]
[ 102.939425] sctp_primitive_ASSOCIATE+0x2c/0x40 [sctp]
[ 102.941684] __sctp_connect+0x2da/0x320 [sctp]
[ 102.947767] sctp_inet_connect+0x62/0xc0 [sctp]
[ 102.949870] __sys_connect+0x9c/0xd0
[ 102.951614] ? __prepare_exit_to_usermode+0xa4/0x180
[ 102.953791] __x64_sys_connect+0x16/0x20
[ 102.955837] do_syscall_64+0x47/0x80
[ 102.957792] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 102.959969] RIP: 0033:0x7f31d02236d1
[ 102.961733] Code: Bad RIP value.
[ 102.963651] RSP: 002b:00007ffe5d4e0668 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 102.966333] RAX: ffffffffffffffda RBX: 00007ffe5d4e0800 RCX: 00007f31d02236d1
[ 102.971723] RDX: 000000000000001c RSI: 00007ffe5d4e0790 RDI: 000000000000000b
[ 102.974387] RBP: 00007ffe5d4e0790 R08: 0000000000000000 R09: 00007ffe5d4df460
[ 102.977053] R10: 0000560c57c671e3 R11: 0000000000000246 R12: 00007ffe5d4e0818
[ 102.979776] R13: 00007ffe5d4e07f0 R14: 00007ffe5d4e09e8 R15: 00007ffe5d4e07f4
[ 102.982381] Modules linked in: sctp libcrc32c intel_rapl_msr intel_rapl_common crct10dif_pclmul bochs_drm crc32_pclmul drm_vram_helper crc32c_intel sr_mod ghash_clmulni_intel cdrom drm_ttm_helper ttm sg ipmi_devintf drm_kms_helper ipmi_msghandler ata_generic syscopyarea sysfillrect sysimgblt fb_sys_fops ata_piix ppdev joydev serio_raw libata drm parport_pc parport i2c_piix4 ip_tables
[ 102.994549] ---[ end trace 9f015abcd17f7974 ]---
To reproduce:
# build kernel
cd linux
cp config-5.8.0-rc4-01535-gebb25defdc17b5 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
Thanks,
Rong Chen
View attachment "config-5.8.0-rc4-01535-gebb25defdc17b5" of type "text/plain" (158454 bytes)
View attachment "job-script" of type "text/plain" (4824 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (22040 bytes)
Powered by blists - more mailing lists