lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 16 May 2022 22:01:14 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Eric Dumazet <edumazet@...gle.com>
Cc:     lkp@...ts.01.org, lkp@...el.com,
        LKML <linux-kernel@...r.kernel.org>
Subject: [llc]  a70a667736: dmesg.kernel_BUG_at_net/core/skbuff.c



Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: a70a667736ede10bbb28121a4ea20eeadbb2af13 ("llc: make sure applications use ARPHRD_ETHER")
https://git.kernel.org/cgit/linux/kernel/git/sj/linux.git damon/for-v5.4.158

in testcase: trinity
version: trinity-static-i386-x86_64-1c734c75-1_2020-01-06
with following parameters:

	runtime: 300s
	group: group-00

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+-------------------------------------------------------+------------+------------+
|                                                       | 73e42f4d2d | a70a667736 |
+-------------------------------------------------------+------------+------------+
| boot_successes                                        | 200        | 120        |
| boot_failures                                         | 0          | 65         |
| kernel_BUG_at_net/core/skbuff.c                       | 0          | 65         |
| invalid_opcode:#[##]                                  | 0          | 65         |
| EIP:pskb_expand_head                                  | 0          | 65         |
| Kernel_panic-not_syncing:Fatal_exception_in_interrupt | 0          | 65         |
+-------------------------------------------------------+------------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[  125.275326][ T3969] ------------[ cut here ]------------
[  125.281867][ T3969] kernel BUG at net/core/skbuff.c:1622!
[  125.297360][ T3969] invalid opcode: 0000 [#1] SMP PTI
[  125.303514][ T3969] CPU: 1 PID: 3969 Comm: trinity-c1 Tainted: G            E     5.4.52-00011-ga70a667736ede #1
[  125.311197][ T3969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[  125.318417][ T3969] EIP: pskb_expand_head+0x288/0x300
[  125.324417][ T3969] Code: 1e fc b3 ff 59 89 45 f0 85 c0 0f 85 11 fe ff ff eb cc e8 4b dd b3 ff e9 8c fe ff ff 8d b6 00 00 00 00 0f 0b 8d b6 00 00 00 00 <
0f> 0b 8d b6 00 00 00 00 a8 01 75 0c 81 38 80 8b 73 d0 0f 84 00 ff
[  125.337732][ T3969] EAX: 00000002 EBX: f629ba80 ECX: ffffff3c EDX: 00000000
[  125.344673][ T3969] ESI: ffffff7b EDI: 00000001 EBP: f622fcc0 ESP: f622fc9c
[  125.351158][ T3969] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202
[  125.357838][ T3969] CR0: 80050033 CR2: b6d21000 CR3: 35aa0000 CR4: 000406f0
[  125.364405][ T3969] Call Trace:
[  125.370219][ T3969]  ? __sock_queue_rcv_skb+0x114/0x200
[  125.376144][ T3969]  __skb_pad+0x5b/0x100
[  125.382169][ T3969]  e1000_xmit_frame+0x4d5/0x840
[  125.388227][ T3969]  ? dev_queue_xmit_nit+0x205/0x240
[  125.394078][ T3969]  dev_hard_start_xmit+0x7a/0x200
[  125.400428][ T3969]  sch_direct_xmit+0x100/0x300
[  125.406239][ T3969]  __qdisc_run+0x5f/0xc0
[  125.411978][ T3969]  ? pfifo_fast_change_tx_queue_len+0x80/0x80
[  125.419050][ T3969]  __dev_xmit_skb+0x14f/0x340
[  125.425163][ T3969]  __dev_queue_xmit+0x2c6/0x4c0
[  125.430854][ T3969]  ? llc_mac_hdr_init+0x47/0x80 [llc]
[  125.436616][ T3969]  dev_queue_xmit+0xf/0x40
[  125.441940][ T3969]  llc_sap_action_send_test_c+0x7b/0x80 [llc2]
[  125.447043][ T3969]  llc_sap_state_process+0x8a/0x100 [llc2]
[  125.451768][ T3969]  llc_build_and_send_test_pkt+0x4c/0x80 [llc2]
[  125.454603][ T3969]  llc_ui_sendmsg+0x2a9/0x300 [llc2]
[  125.457390][ T3969]  ? llc_ui_connect+0x2c0/0x2c0 [llc2]
[  125.460618][ T3969]  sock_sendmsg+0x5c/0x80
[  125.464027][ T3969]  __sys_sendto+0xe6/0x140
[  125.467419][ T3969]  ? syscall_trace_enter+0x218/0x240
[  125.471231][ T3969]  ? sys_alarm+0x47/0x80
[  125.475617][ T3969]  sys_sendto+0x1f/0x40
[  125.478677][ T3969]  do_fast_syscall_32+0x8a/0x1ca
[  125.481733][ T3969]  entry_SYSENTER_32+0xa2/0xf5
[  125.484613][ T3969] EIP: 0xb7fb6b5d
[  125.486916][ T3969] Code: 26 00 00 00 00 b8 00 09 3d 00 eb b5 8b 04 24 c3 8b 14 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <
5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
[  125.494780][ T3969] EAX: ffffffda EBX: 00000199 ECX: 0a958c68 EDX: 00000001
[  125.498580][ T3969] ESI: 04012284 EDI: 0a9e8ef8 EBP: 00000058 ESP: bfb8f5ec
[  125.501907][ T3969] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000292
[  125.505460][ T3969] Modules linked in: af_alg(E) fcrypt(E) pcbc(E) rxrpc(E) crypto_user(E) scsi_transport_iscsi(E) xfrm_user(E) llc2(E) llc(E) sctp(E) libcrc32c(E) crc32c_generic(E) uvesafb(E) intel_rapl_msr(E) intel_rapl_common(E) crc32_pclmul(E) crc32c_intel(E) aesni_intel(E) crypto_simd(E) cryptd(E) rapl(E) ppdev(E) bochs_drm(E) drm_vram_helper(E) ttm(E) evdev(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) fb_sys_fops(E) psmouse(E) ata_generic(E) serio_raw(E) drm(E) qemu_fw_cfg(E) ata_piix(E) parport_pc(E) floppy(E) parport(E) i2c_piix4(E) libata(E) button(E)
[  125.522548][ T3969] ---[ end trace b20f6a7c9adb62cd ]---
[  125.526153][ T3969] EIP: pskb_expand_head+0x288/0x300
[  125.526157][ T3969] Code: 1e fc b3 ff 59 89 45 f0 85 c0 0f 85 11 fe ff ff eb cc e8 4b dd b3 ff e9 8c fe ff ff 8d b6 00 00 00 00 0f 0b 8d b6 00 00 00 00 <0f> 0b 8d b6 00 00 00 00 a8 01 75 0c 81 38 80 8b 73 d0 0f 84 00 ff
[  125.526159][ T3969] EAX: 00000002 EBX: f629ba80 ECX: ffffff3c EDX: 00000000
[  125.526160][ T3969] ESI: ffffff7b EDI: 00000001 EBP: f622fcc0 ESP: f622fc9c
[  125.526163][ T3969] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202
[  125.526169][ T3969] CR0: 80050033 CR2: b6d21000 CR3: 35aa0000 CR4: 000406f0
[  125.557025][ T3969] Kernel panic - not syncing: Fatal exception in interrupt
[  125.560710][ T3969] Kernel Offset: 0xf000000 from 0xc1000000 (relocation range: 0xc0000000-0xf6ffdfff)



To reproduce:

        # build kernel
	cd linux
	cp config-5.4.52-00011-ga70a667736ede .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp



View attachment "config-5.4.52-00011-ga70a667736ede" of type "text/plain" (127789 bytes)

View attachment "job-script" of type "text/plain" (4344 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (15468 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ