lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LFD.0.999.0709060923340.26804@enigma.security.iitk.ac.in> Date: Thu, 6 Sep 2007 10:32:33 +0530 (IST) From: Satyam Sharma <satyam@...radead.org> To: Florian Lohoff <flo@...822.org> cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Netdev <netdev@...r.kernel.org>, linux-wireless@...r.kernel.org, Michal Piotrowski <michal.k.k.piotrowski@...il.com>, Herbert Xu <herbert@...dor.apana.org.au>, ipw3945-devel@...ts.sourceforge.net, yi.zhu@...el.com Subject: Re: BUG: scheduling while atomic: ifconfig/0x00000002/4170 Hi, > On 02/09/07, Florian Lohoff <flo@...822.org> wrote: > > > > Hi, > > with current git i got this when "ifconfig eth1" down. eth1 had a mac > > address which looked really like an eth1394 ethernet although the module > > was not loaded. Something is really broken in 2.6.23-currentgit. I always get the -currentgit would be -rc5 right? > > sysfs rename issues which are discussed to be an udev issue. Then i see > > a eth1394 mac address on an interface which typically shouldn exist > > (udev should rename the wireless to eth1) and when issueing an > > ifconfig eth1 down i get a > > > > BUG: scheduling while atomic: ifconfig/0x00000002/4170 Is this reproducible? Also, please send your .config. BTW the calltrace below shows that eth1 was the wireless interface when you tried to "down" it. > > On the next boot i see the eth1394 mac address on the wireless interface > > wmaster0_rename whereas eth1 is active (the wireless) and has the correct > > ip address. I don't think the "scheduling while atomic" bug you saw is related to the other problem you're seeing ... these are probably a bunch of all different issues, but I'm not sure if eth1394 is involved at all. > > I dont get it - this all looks really messed up. udev is > > debian sid 114-2. True, messed up it indeed is. > > eth0 Link encap:Ethernet HWaddr 00:17:42:13:45:8C > > UP BROADCAST MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > Interrupt:19 > > > > eth1 Link encap:Ethernet HWaddr 00:18:DE:63:F0:B3 > > inet addr:195.71.97.208 Bcast:195.71.97.223 Mask:255.255.255.224 > > inet6 addr: fe80::218:deff:fe63:f0b3/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:2079 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:2220 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:508959 (497.0 KiB) TX bytes:261123 (255.0 KiB) > > > > wmaster0_ Link encap:UNSPEC HWaddr 00-18-DE-63-F0-B3-30-3A-00-00-00-00-00-00-00-00 > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > > > > > [ 14.300736] VFS: Mounted root (ext3 filesystem) readonly. > > [ 14.300902] Freeing unused kernel memory: 216k freed > > [ 17.618804] irda_init() > > [ 17.618817] NET: Registered protocol family 23 > > [ 17.636399] ACPI: PCI Interrupt 0000:02:00.0[A] -> GSI 16 (level, low) -> IRQ 19 > > [ 17.636588] PCI: Setting latency timer of device 0000:02:00.0 to 64 > > [ 17.636619] sky2 0000:02:00.0: v1.17 addr 0xf0000000 irq 19 Yukon-EC Ultra (0xb4) rev 2 > > [ 17.648081] parport_pc 00:0c: reported by Plug and Play ACPI > > [ 17.648206] parport0: PC-style at 0x378, irq 7 [PCSPP,TRISTATE,EPP] > > [ 17.653652] sky2 eth0: addr 00:17:42:13:45:8c > > [ 17.680848] input: Video Bus as /class/input/input6 > > [ 17.680961] ACPI: Video Device [GFX0] (multi-head: yes rom: no post: no) > > [ 17.757019] usbcore: registered new interface driver usbfs > > [ 17.757139] usbcore: registered new interface driver hub > > [ 17.757264] usbcore: registered new device driver usb > > [ 17.824819] Yenta: CardBus bridge found at 0000:08:03.0 [10cf:131e] > > [ 17.824941] Yenta O2: res at 0x94/0xD4: 00/ea > > [ 17.825034] Yenta O2: enabling read prefetch/write burst > > [ 17.828363] hda: ATAPI 24X DVD-ROM DVD-R CD-R/RW drive, 2048kB Cache, UDMA(33) > > [ 17.828838] Uniform CD-ROM driver Revision: 3.20 > > [ 17.891481] USB Universal Host Controller Interface driver v3.0 > > [ 17.891650] ACPI: PCI Interrupt 0000:00:1d.0[A] -> GSI 23 (level, low) -> IRQ 22 > > [ 17.891840] PCI: Setting latency timer of device 0000:00:1d.0 to 64 > > [ 17.891844] uhci_hcd 0000:00:1d.0: UHCI Host Controller > > [ 17.892155] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1 > > [ 17.892327] uhci_hcd 0000:00:1d.0: irq 22, io base 0x00001820 > > [ 17.892571] usb usb1: configuration #1 chosen from 1 choice > > [ 17.892689] hub 1-0:1.0: USB hub found > > [ 17.892784] hub 1-0:1.0: 2 ports detected > > [ 17.924265] found SMC SuperIO Chip (devid=0x7a rev=00 base=0x002e): LPC47N227 > > [ 17.924390] smsc_superio_flat(): fir: 0x6e8, sir: 0x2e8, dma: 03, irq: 3, mode: 0x0e > > [ 17.924526] smsc_ircc_present: can't get sir_base of 0x2e8 > > [ 17.954918] Yenta: ISA IRQ mask 0x0c38, PCI irq 19 > > [ 17.955009] Socket status: 30000006 > > [ 17.955094] Yenta: Raising subordinate bus# of parent bus (#08) from #09 to #0c > > [ 17.955225] pcmcia: parent PCI bridge I/O window: 0x3000 - 0x3fff > > [ 17.955315] cs: IO port probe 0x3000-0x3fff: clean. > > [ 17.955773] pcmcia: parent PCI bridge Memory window: 0xf0200000 - 0xf02fffff > > [ 17.955864] pcmcia: parent PCI bridge Memory window: 0x30000000 - 0x37ffffff > > [ 17.956497] Yenta: CardBus bridge found at 0000:08:03.1 [10cf:131e] > > [ 17.981605] iwl3945: Intel(R) PRO/Wireless 3945ABG/BG Network Connection driver for Linux, 0.1.14 > > [ 17.981752] iwl3945: Copyright(c) 2003-2007 Intel Corporation Cc'ing ipw3945 ... > > [ 17.983847] sdhci: Secure Digital Host Controller Interface driver > > [ 17.983940] sdhci: Copyright(c) Pierre Ossman > > [ 17.998087] ACPI: PCI Interrupt 0000:00:1d.1[B] -> GSI 20 (level, low) -> IRQ 18 > > [ 17.998299] PCI: Setting latency timer of device 0000:00:1d.1 to 64 > > [ 17.998303] uhci_hcd 0000:00:1d.1: UHCI Host Controller > > [ 17.998428] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2 > > [ 17.998601] uhci_hcd 0000:00:1d.1: irq 18, io base 0x00001840 > > [ 17.998811] usb usb2: configuration #1 chosen from 1 choice > > [ 17.998933] hub 2-0:1.0: USB hub found > > [ 17.999023] hub 2-0:1.0: 2 ports detected > > [ 18.082862] Yenta: ISA IRQ mask 0x0438, PCI irq 19 > > [ 18.082956] Socket status: 30000410 > > [ 18.083041] Yenta: Raising subordinate bus# of parent bus (#08) from #0c to #10 > > [ 18.083169] pcmcia: parent PCI bridge I/O window: 0x3000 - 0x3fff > > [ 18.083255] cs: IO port probe 0x3000-0x3fff: clean. > > [ 18.083710] pcmcia: parent PCI bridge Memory window: 0xf0200000 - 0xf02fffff > > [ 18.083798] pcmcia: parent PCI bridge Memory window: 0x30000000 - 0x37ffffff > > [ 18.105897] ACPI: PCI Interrupt 0000:00:1d.2[C] -> GSI 18 (level, low) -> IRQ 20 > > [ 18.106097] PCI: Setting latency timer of device 0000:00:1d.2 to 64 > > [ 18.106101] uhci_hcd 0000:00:1d.2: UHCI Host Controller > > [ 18.106218] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3 > > [ 18.106385] uhci_hcd 0000:00:1d.2: irq 20, io base 0x00001860 > > [ 18.106594] usb usb3: configuration #1 chosen from 1 choice > > [ 18.106709] hub 3-0:1.0: USB hub found > > [ 18.106799] hub 3-0:1.0: 2 ports detected > > [ 18.213730] ACPI: PCI Interrupt 0000:00:1d.3[D] -> GSI 16 (level, low) -> IRQ 19 > > [ 18.213932] PCI: Setting latency timer of device 0000:00:1d.3 to 64 > > [ 18.213938] uhci_hcd 0000:00:1d.3: UHCI Host Controller > > [ 18.214052] uhci_hcd 0000:00:1d.3: new USB bus registered, assigned bus number 4 > > [ 18.214210] uhci_hcd 0000:00:1d.3: irq 19, io base 0x00001880 > > [ 18.214414] usb usb4: configuration #1 chosen from 1 choice > > [ 18.214529] hub 4-0:1.0: USB hub found > > [ 18.214620] hub 4-0:1.0: 2 ports detected > > [ 18.318020] ACPI: PCI Interrupt 0000:00:1d.7[A] -> GSI 23 (level, low) -> IRQ 22 > > [ 18.324538] PCI: Setting latency timer of device 0000:00:1d.7 to 64 > > [ 18.324544] ehci_hcd 0000:00:1d.7: EHCI Host Controller > > [ 18.324687] ehci_hcd 0000:00:1d.7: new USB bus registered, assigned bus number 5 > > [ 18.324857] ehci_hcd 0000:00:1d.7: debug port 1 > > [ 18.324951] PCI: cache line size of 32 is not supported by device 0000:00:1d.7 > > [ 18.324959] ehci_hcd 0000:00:1d.7: irq 22, io mem 0xf0644000 > > [ 18.328914] ehci_hcd 0000:00:1d.7: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004 > > [ 18.329163] usb usb5: configuration #1 chosen from 1 choice > > [ 18.329282] hub 5-0:1.0: USB hub found > > [ 18.329374] hub 5-0:1.0: 8 ports detected > > [ 18.429643] ACPI: PCI Interrupt 0000:08:03.4[A] -> GSI 16 (level, low) -> IRQ 19 > > [ 18.480534] ohci1394: fw-host0: OHCI-1394 1.1 (PCI): IRQ=[19] MMIO=[f0201000-f02017ff] Max Packet=[2048] IR/IT contexts=[8/8] > > [ 18.483902] ACPI: PCI Interrupt 0000:05:00.0[A] -> GSI 18 (level, low) -> IRQ 20 > > [ 18.484135] PCI: Setting latency timer of device 0000:05:00.0 to 64 > > [ 18.484153] iwl3945: Detected Intel PRO/Wireless 3945ABG Network Connection > > [ 18.595000] sdhci: SDHCI controller found at 0000:08:03.2 [1217:7120] (rev 1) > > [ 18.595114] ACPI: PCI Interrupt 0000:08:03.2[A] -> GSI 16 (level, low) -> IRQ 19 > > [ 18.595299] sdhci:slot0: Unknown controller version (16). You may experience problems. > > [ 18.595581] mmc0: SDHCI at 0xf0202800 irq 19 PIO > > [ 18.614800] ACPI: PCI Interrupt 0000:00:1b.0[A] -> GSI 17 (level, low) -> IRQ 23 > > [ 18.614990] PCI: Setting latency timer of device 0000:00:1b.0 to 64 > > [ 18.700659] iwl3945: Tunable channels: 13 802.11bg, 23 802.11a channels > > [ 18.701906] wmaster0: Selected rate control algorithm 'iwl-3945-rs' iwl3945 is wmaster0 > > [ 18.721016] pccard: PCMCIA card inserted into slot 1 > > [ 18.721131] cs: memory probe 0xf0200000-0xf02fffff: excluding 0xf0200000-0xf020ffff > > [ 18.739151] pcmcia: registering new device pcmcia1.0 > > [ 18.740929] net eth1: device_rename: sysfs_create_symlink failed (-17) > > [ 18.741075] net wlan0_rename: device_rename: sysfs_create_symlink failed (-17) These look like interesting bits here ... sysfs_create_symlink() failed with the infamous -EEXIST. Those were actually two different calls to dev_change_name()->device_rename()->sysfs_create_symlink() it appears. If this is reproducible, please rebuild with a kernel with debugging config options enabled and reproduce. > > [ 18.741625] udev: renamed network interface wmaster0 to eth1 But did this wmaster0 -> eth1 actually succeed, is the question. > > [ 18.779425] cs: IO port probe 0x100-0x3af:<3>si3054: cannot initialize. EXT MID = 0000 > > [ 18.783468] clean. > > [ 18.783592] cs: IO port probe 0x3e0-0x4ff: excluding 0x4d0-0x4d7 > > [ 18.784668] cs: IO port probe 0x820-0x8ff: clean. > > [ 18.785521] cs: IO port probe 0xc00-0xcf7: clean. > > [ 18.786456] cs: IO port probe 0xa00-0xaff: clean. > > [ 18.837550] cs: IO port probe 0x100-0x3af: clean. > > [ 18.839641] cs: IO port probe 0x3e0-0x4ff: excluding 0x4d0-0x4d7 > > [ 18.840664] cs: IO port probe 0x820-0x8ff: clean. > > [ 18.841501] cs: IO port probe 0xc00-0xcf7: clean. > > [ 18.842426] cs: IO port probe 0xa00-0xaff: clean. > > [ 18.964571] usb 4-2: new full speed USB device using uhci_hcd and address 2 > > [ 19.141976] usb 4-2: configuration #1 chosen from 1 choice > > [ 19.214394] Bluetooth: Core ver 2.11 > > [ 19.214546] NET: Registered protocol family 31 > > [ 19.214640] Bluetooth: HCI device and connection manager initialized > > [ 19.214737] Bluetooth: HCI socket layer initialized > > [ 19.257180] Bluetooth: HCI USB driver ver 2.9 > > [ 19.257349] usbcore: registered new interface driver hci_usb > > [ 19.751313] ieee1394: Host added: ID:BUS[0-00:1023] GUID[00000e10036532e4] > > [ 50.113619] Adding 979924k swap on /dev/sda5. Priority:-1 extents:1 across:979924k > > [ 50.163229] EXT3 FS on sda6, internal journal > > [ 64.870417] NET: Registered protocol family 10 > > [ 64.870613] lo: Disabled Privacy Extensions > > [ 71.028607] Bluetooth: L2CAP ver 2.8 > > [ 71.028615] Bluetooth: L2CAP socket layer initialized > > [ 71.168926] Bluetooth: RFCOMM socket layer initialized > > [ 71.169019] Bluetooth: RFCOMM TTY layer initialized > > [ 71.169054] Bluetooth: RFCOMM ver 1.8 > > [ 71.539346] ADDRCONF(NETDEV_UP): wlan0_rename: link is not ready > > [ 71.737809] sky2 eth0: enabling interface > > [ 71.740794] sky2 eth0: ram buffer 0K > > [ 71.741733] ADDRCONF(NETDEV_UP): eth0: link is not ready > > [ 142.968449] wlan0_rename: Initial auth_alg=0 > > [ 142.968461] wlan0_rename: authenticate with AP 00:0c:41:de:12:e1 > > [ 142.976883] wlan0_rename: RX authentication from 00:0c:41:de:12:e1 (alg=0 transaction=2 status=0) > > [ 142.976891] wlan0_rename: authenticated > > [ 142.976895] wlan0_rename: associate with AP 00:0c:41:de:12:e1 > > [ 142.979389] wlan0_rename: authentication frame received from 00:0c:41:de:12:e1, but not in authenticate state - ignored > > [ 142.980404] wlan0_rename: RX AssocResp from 00:0c:41:de:12:e1 (capab=0x401 status=0 aid=1) > > [ 142.980412] wlan0_rename: associated > > [ 142.982914] ADDRCONF(NETDEV_CHANGE): wlan0_rename: link becomes ready > > [ 148.291754] ICMPv6 NA: someone advertises our address on wlan0_rename! > > [ 151.386585] wlan0_rename: duplicate address detected! > > [ 382.517007] BUG: scheduling while atomic: ifconfig/0x00000002/4170 > > [ 382.517029] [<c032bf5c>] __sched_text_start+0x84/0x71c > > [ 382.517047] [<c032c5da>] __sched_text_start+0x702/0x71c > > [ 382.517065] [<c0174a6c>] link_path_walk+0xa9/0xb3 > > [ 382.517079] [<c032c6ad>] wait_for_completion+0x65/0x9b > > [ 382.517090] [<c011f0a2>] default_wake_function+0x0/0xc > > [ 382.517103] [<c01334cf>] synchronize_rcu+0x2a/0x2f > > [ 382.517115] [<c0133091>] wakeme_after_rcu+0x0/0x8 > > [ 382.517127] [<c02d5f4f>] dev_deactivate+0x89/0x9c > > [ 382.517138] [<c02c8abc>] dev_close+0x24/0x67 > > [ 382.517150] [<e01f402b>] ieee80211_master_stop+0x4a/0x6d [mac80211] > > [ 382.517176] [<c02c8ae3>] dev_close+0x4b/0x67 > > [ 382.517183] [<c02c7f47>] dev_change_flags+0x9d/0x14e > > [ 382.517193] [<c03058c8>] devinet_ioctl+0x224/0x532 > > [ 382.517201] [<c02c9589>] dev_ifsioc+0x113/0x396 > > [ 382.517208] [<c02c8d59>] dev_load+0x24/0x4b > > [ 382.517214] [<c02be61d>] sock_ioctl+0x0/0x1be > > [ 382.517233] [<c02be7bc>] sock_ioctl+0x19f/0x1be > > [ 382.517239] [<c011a993>] do_page_fault+0x269/0x58e > > [ 382.517246] [<c02be61d>] sock_ioctl+0x0/0x1be > > [ 382.517254] [<c0176787>] do_ioctl+0x1f/0x62 > > [ 382.517263] [<c0176a01>] vfs_ioctl+0x237/0x249 > > [ 382.517270] [<c016b7d8>] do_sys_open+0xbb/0xc5 > > [ 382.517280] [<c0176a46>] sys_ioctl+0x33/0x4d > > [ 382.517288] [<c0103e52>] sysenter_past_esp+0x5f/0x85 > > [ 382.517303] ======================= > > [ 382.528958] BUG: scheduling while atomic: ifconfig/0x00000002/4170 > > [ 382.528972] [<c032bf5c>] __sched_text_start+0x84/0x71c > > [ 382.528996] [<c032c6ad>] wait_for_completion+0x65/0x9b > > [ 382.529005] [<c011f0a2>] default_wake_function+0x0/0xc > > [ 382.529014] [<c01334cf>] synchronize_rcu+0x2a/0x2f > > [ 382.529021] [<c0133091>] wakeme_after_rcu+0x0/0x8 > > [ 382.529031] [<c02d5f4f>] dev_deactivate+0x89/0x9c Probably tangential, but Herbert, is the call to synchronize_rcu() in dev_deactivate() really correct? I saw that you put it in commit d4828d85d188dc70 about a year back and it's supposed to ensure that all outstanding transmissions from dev_queue_xmit() are over before proceeding. However, I think it may not serve that purpose -- as the comment before synchronize_rcu() and its use of call_rcu() [and not of call_rcu_bh()] indicate, synchronize_rcu() is used to synchronize with all outstanding rcu_read_lock() uses. OTOH, dev_queue_xmit() uses rcu_read_lock_*bh*() which isn't really the same -- bh / non-bh RCU callbacks have separate lists in the RCU implementation, so I don't really see anything preventing old transmissions to remain outstanding even after the synchronize_rcu() call in dev_deactivate (?) Whether that has anything to do with this particular bug or not, I have no idea ... > > [ 382.529041] [<c02c8abc>] dev_close+0x24/0x67 > > [ 382.529052] [<e01f402b>] ieee80211_master_stop+0x4a/0x6d [mac80211] > > [ 382.529077] [<c02c8ae3>] dev_close+0x4b/0x67 > > [ 382.529088] [<c02c7f47>] dev_change_flags+0x9d/0x14e > > [ 382.529101] [<c03058c8>] devinet_ioctl+0x224/0x532 > > [ 382.529111] [<c02c9589>] dev_ifsioc+0x113/0x396 > > [ 382.529122] [<c02c8d59>] dev_load+0x24/0x4b > > [ 382.529132] [<c02be61d>] sock_ioctl+0x0/0x1be > > [ 382.529153] [<c02be7bc>] sock_ioctl+0x19f/0x1be > > [ 382.529164] [<c011a993>] do_page_fault+0x269/0x58e > > [ 382.529174] [<c02be61d>] sock_ioctl+0x0/0x1be > > [ 382.529187] [<c0176787>] do_ioctl+0x1f/0x62 > > [ 382.529201] [<c0176a01>] vfs_ioctl+0x237/0x249 > > [ 382.529211] [<c016b7d8>] do_sys_open+0xbb/0xc5 > > [ 382.529224] [<c0176a46>] sys_ioctl+0x33/0x4d > > [ 382.529235] [<c0103e52>] sysenter_past_esp+0x5f/0x85 > > [ 382.529253] ======================= > > [ 382.530962] Freeing alive inet6 address cd98f600 Unrelated, but I also wish the "BUG: scheduling while atomic" was the more instructive show_regs() trace and not a dump_stack() ... I'll make such a patch today itself. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists