lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 24 Jul 2012 22:02:23 +0000
From:	"Allan, Bruce W" <bruce.w.allan@...el.com>
To:	Ben Greear <greearb@...delatech.com>,
	e1000-devel list <e1000-devel@...ts.sourceforge.net>,
	netdev <netdev@...r.kernel.org>
Subject: RE: Crash in e1000e, 3.3.8+ (tainted)

> -----Original Message-----
> From: netdev-owner@...r.kernel.org [mailto:netdev-
> owner@...r.kernel.org] On Behalf Of Ben Greear
> Sent: Tuesday, July 24, 2012 2:46 PM
> To: e1000-devel list; netdev
> Subject: Crash in e1000e, 3.3.8+ (tainted)
> 
> We have a somewhat reproducible crash using a 6-port NIC
> with 3.3.8+ kernel.  This kernel is tainted with a proprietary
> module, but the module is not in use.
> 
> The rx-all and related patches that were later accepted
> upstream have been applied to this kernel.
> 
> It seems that buffer_info is NULL in the code below?
> 
> 
> (gdb) list e1000_alloc_rx_buffers+0x5b
> Junk at end of line specification.
> (gdb) list *(e1000_alloc_rx_buffers+0x5b)
> 0x15822 is in e1000_alloc_rx_buffers (/home/greearb/git/linux-
> 3.3.dev.y/drivers/net/ethernet/intel/e1000e/netdev.c:611).
> 606
> 607		i = rx_ring->next_to_use;
> 608		buffer_info = &rx_ring->buffer_info[i];
> 609
> 610		while (cleaned_count--) {
> 611			skb = buffer_info->skb;
> 612			if (skb) {
> 613				skb_trim(skb, 0);
> 614				goto map_skb;
> 615			}
> (gdb)
> 
> 
> 
> ADDRCONF(NETDEV_UP): rddVR1-p: link is not ready
> ADDRCONF(NETDEV_UP): eth16: link is not ready
> 8021q: adding VLAN 0 to HW filter on device eth16
> e1000e: eth17 NIC Link is Down
> e1000e 0000:04:00.1: eth17: Reset adapter
> ------------[ cut here ]------------
> WARNING: at /home/greearb/git/linux-
> 3.3.dev.y/drivers/net/ethernet/intel/e1000e/netdev.c:3937
> e1000_close+0x38/0x134 [e1000e]()
> Hardware name: To be filled by O.E.M.
> Modules linked in: veth 8021q garp stp llc fuse macvlan wanlink(PO) pktgen
> sbs sbshc f71882fg coretemp hwmon sunrpc ipv6 uinput
> snd_hda_codec_realtek
> snd_hda_intel ath9k snd_hda_codec mac80211 joydev snd_hwdep snd_seq
> ath9k_common ath9k_hw snd_seq_device snd_pcm ath snd_timer e1000e
> snd mei(C) microcode
> cfg80211 ppdev i2c_i801 soundcore serio_raw pcspkr snd_page_alloc
> iTCO_wdt iTCO_vendor_support parport_pc parport i915 drm_kms_helper
> drm i2c_algo_bit i2c_core
> video [last unloaded: scsi_wait_scan]
> Pid: 2360, comm: ip Tainted: P         C O 3.3.8+ #51
> Call Trace:
>   [<ffffffff81055bd1>] warn_slowpath_common+0x80/0x98
>   [<ffffffff81055bfe>] warn_slowpath_null+0x15/0x17
>   [<ffffffffa0199f49>] e1000_close+0x38/0x134 [e1000e]
>   [<ffffffff8141239f>] __dev_close_many+0x88/0xb9
>   [<ffffffff81412401>] __dev_close+0x31/0x42
>   [<ffffffff8140fd39>] __dev_change_flags+0xb9/0x13c
>   [<ffffffff81412d48>] dev_change_flags+0x1c/0x52
>   [<ffffffff8141dfac>] do_setlink+0x2b8/0x7ca
>   [<ffffffff8141cfd7>] ? rtnl_fill_ifinfo+0x9f1/0xab1
>   [<ffffffff8141e7f3>] rtnl_newlink+0x266/0x4b7
>   [<ffffffff8141e630>] ? rtnl_newlink+0xa3/0x4b7
>   [<ffffffff8141db55>] ? rtnl_dump_ifinfo+0x134/0x15d
>   [<ffffffff81077243>] ? get_parent_ip+0x11/0x42
>   [<ffffffff814c9382>] ? sub_preempt_count+0x92/0xa5
>   [<ffffffff811d7328>] ? security_capable+0x13/0x15
>   [<ffffffff8141d78b>] rtnetlink_rcv_msg+0x21e/0x23b
>   [<ffffffff8141d56d>] ? rtnetlink_rcv+0x28/0x28
>   [<ffffffff8142fbb6>] netlink_rcv_skb+0x3e/0x8f
>   [<ffffffff8141d566>] rtnetlink_rcv+0x21/0x28
>   [<ffffffff8142f991>] netlink_unicast+0xe9/0x152
>   [<ffffffff814300ea>] netlink_sendmsg+0x1f8/0x216
>   [<ffffffff813fed37>] __sock_sendmsg_nosec+0x5f/0x6a
>   [<ffffffff813fed7f>] __sock_sendmsg+0x3d/0x48
>   [<ffffffff813ff61f>] sock_sendmsg+0xa3/0xbc
>   [<ffffffff81077243>] ? get_parent_ip+0x11/0x42
>   [<ffffffff814c9382>] ? sub_preempt_count+0x92/0xa5
>   [<ffffffff814c623b>] ? _raw_spin_unlock+0x28/0x33
>   [<ffffffff810e73ae>] ? do_wp_page+0x548/0x5af
>   [<ffffffff813fe77d>] ? copy_from_user+0x9/0xb
>   [<ffffffff813ff2c7>] ? move_addr_to_kernel+0x2b/0x65
>   [<ffffffff814099b1>] ? copy_from_user+0x9/0xb
>   [<ffffffff81409cfe>] ? verify_iovec+0x4f/0xa3
>   [<ffffffff813ffd81>] __sys_sendmsg+0x20f/0x29c
>   [<ffffffff810e8241>] ? handle_mm_fault+0x1ac/0x1c4
>   [<ffffffff814c9195>] ? do_page_fault+0x2de/0x350
>   [<ffffffff810ebdd3>] ? do_brk+0x2b8/0x31a
>   [<ffffffff813fff6b>] sys_sendmsg+0x3d/0x5b
>   [<ffffffff814cb0f9>] system_call_fastpath+0x16/0x1b
> ---[ end trace 059af067cdc81b69 ]---
> BUG: unable to handle kernel NULL pointer dereference at
> 0000000000000008
> IP: [<ffffffffa019a7fe>] e1000_alloc_rx_buffers+0x5b/0x162 [e1000e]
> PGD 0
> Oops: 0000 [#1] PREEMPT SMP
> CPU 2
> Modules linked in: veth 8021q garp stp llc fuse macvlan wanlink(PO) pktgen
> sbs sbshc f71882fg coretemp hwmon sunrpc ipv6 uinput
> snd_hda_codec_realtek
> snd_hda_intel ath9k snd_hda_codec mac80211 joydev snd_hwdep snd_seq
> ath9k_common ath9k_hw snd_seq_device snd_pcm ath snd_timer e1000e
> snd mei(C) microcode
> cfg80211 ppdev i2c_i801 soundcore serio_raw pcspkr snd_page_alloc
> iTCO_wdt iTCO_vendor_support parport_pc parport i915 drm_kms_helper
> drm i2c_algo_bit i2c_core
> video [last unloaded: scsi_wait_scan]
> 
> Pid: 140, comm: kworker/2:1 Tainted: P        WC O 3.3.8+ #51 To be filled by
> O.E.M. To be filled by O.E.M./To be filled by O.E.M.
> RIP: 0010:[<ffffffffa019a7fe>]  [<ffffffffa019a7fe>]
> e1000_alloc_rx_buffers+0x5b/0x162 [e1000e]
> RSP: 0018:ffff88021e185cc0  EFLAGS: 00010206
> RAX: ffff8802203ae090 RBX: 0000000000000000 RCX: 0000000000000000
> RDX: 00000000000000d0 RSI: 00000000000000ff RDI: ffff88021e8a4800
> RBP: ffff88021e185d20 R08: ffff88021e184000 R09: ffffffff81a8f658
> R10: ffff88021e185be0 R11: ffff88021e185fd8 R12: ffff88021e8a4800
> R13: 0000000000000000 R14: ffff88021dda2360 R15: 00000000000000ff
> FS:  0000000000000000(0000) GS:ffff88022bd00000(0000)
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 0000000000000008 CR3: 0000000001a05000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process kworker/2:1 (pid: 140, threadinfo ffff88021e184000, task
> ffff88021fc0dd00)
> Stack:
>   0000000000000000 ffffffffa0194ea7 000000d01e185d00 ffff88021e8a4000
>   000005f21dda2360 ffff8802203ae090 ffff88021e185d00 ffff88021e8a4800
>   ffff88021dda2360 0000000000001000 0000000004008002 ffff88021dda2960
> Call Trace:
>   [<ffffffffa0194ea7>] ? e1000e_set_rx_mode+0xbc/0x260 [e1000e]
>   [<ffffffffa0195a6d>] e1000_configure+0x51c/0x525 [e1000e]
>   [<ffffffffa019934c>] ? e1000_set_features+0x8e/0x8e [e1000e]
>   [<ffffffffa0195a87>] e1000e_up+0x11/0xbc [e1000e]
>   [<ffffffffa01992b1>] e1000e_reinit_locked+0x3f/0x4c [e1000e]
>   [<ffffffffa0199a29>] e1000_reset_task+0x6dd/0x6ec [e1000e]
>   [<ffffffff81069df7>] ? schedule_work+0x13/0x15
>   [<ffffffff81077243>] ? get_parent_ip+0x11/0x42
>   [<ffffffff81077243>] ? get_parent_ip+0x11/0x42
>   [<ffffffffa019934c>] ? e1000_set_features+0x8e/0x8e [e1000e]
>   [<ffffffff8106837e>] process_one_work+0x1a6/0x278
>   [<ffffffff8106a3d1>] worker_thread+0x136/0x255
>   [<ffffffff8106a29b>] ? manage_workers+0x190/0x190
>   [<ffffffff8106da7d>] kthread+0x84/0x8c
>   [<ffffffff814cc4a4>] kernel_thread_helper+0x4/0x10
>   [<ffffffff8106d9f9>] ? __init_kthread_worker+0x37/0x37
>   [<ffffffff814cc4a0>] ? gs_change+0x13/0x13
> Code: 00 00 89 45 c4 41 0f b7 5e 18 48 8b 87 a8 04 00 00 41 89 dd 48 05 90 00 00
> 00 4d 6b ed 28 4d 03 6e 20 48 89 45 c8 e9 ea 00 00 00 <49> 8b 45 08 48 85 c0 74
> 14 48 89 c7 31 f6 48 89 45 a8 e8 76 b1
> RIP  [<ffffffffa019a7fe>] e1000_alloc_rx_buffers+0x5b/0x162 [e1000e]
>   RSP <ffff88021e185cc0>
> CR2: 0000000000000008
> ---[ end trace 059af067cdc81b6a ]---
> BUG: unable to handle kernel paging request at fffffffffffffff8
> IP: [<ffffffff8106d618>] kthread_data+0xb/0x11
> PGD 1a07067 PUD 1a08067 PMD 0
> Oops: 0000 [#2] PREEMPT SMP
> CPU 2
> Modules linked in: veth 8021q garp stp llc fuse macvlan wanlink(PO) pktgen
> sbs sbshc f71882fg coretemp hwmon sunrpc ipv6 uinput
> snd_hda_codec_realtek
> snd_hda_intel ath9k snd_hda_codec mac80211 joydev snd_hwdep snd_seq
> ath9k_common ath9k_hw snd_seq_device snd_pcm ath snd_timer e1000e
> snd mei(C) microcode
> cfg80211 ppdev i2c_i801 soundcore serio_raw pcspkr snd_page_alloc
> iTCO_wdt iTCO_vendor_support parport_pc parport i915 drm_kms_helper
> drm i2c_algo_bit i2c_core
> video [last unloaded: scsi_wait_scan]
> 
> Pid: 140, comm: kworker/2:1 Tainted: P      D WC O 3.3.8+ #51 To be filled by
> O.E.M. To be filled by O.E.M./To be filled by O.E.M.
> RIP: 0010:[<ffffffff8106d618>]  [<ffffffff8106d618>] kthread_data+0xb/0x11
> RSP: 0018:ffff88021e1858b8  EFLAGS: 00010092
> RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000002
> RDX: ffffffff81bee730 RSI: 0000000000000002 RDI: ffff88021fc0dd00
> RBP: ffff88021e1858b8 R08: 0000000000000400 R09: ffff88021fc0e0b8
> R10: ffff88021e185978 R11: 0000000000000000 R12: ffff88021fc0e0b8
> R13: ffff88021e1859b8 R14: 0000000000000002 R15: 0000000000000001
> FS:  0000000000000000(0000) GS:ffff88022bd00000(0000)
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: fffffffffffffff8 CR3: 0000000001a05000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process kworker/2:1 (pid: 140, threadinfo ffff88021e184000, task
> ffff88021fc0dd00)
> Stack:
>   ffff88021e1858d8 ffffffff81069e8f ffff88021e1858d8 ffff88022bd12340
>   ffff88021e185978 ffffffff814c5041 ffff88021e185918 0000000000000246
>   ffff88021e184010 ffff88021fc0dd00 ffff88021e185fd8 0000000000012340
> Call Trace:
>   [<ffffffff81069e8f>] wq_worker_sleeping+0x10/0x8a
>   [<ffffffff814c5041>] __schedule+0x17f/0x562
>   [<ffffffff814c54c9>] schedule+0x55/0x57
>   [<ffffffff81059b09>] do_exit+0x73e/0x742
>   [<ffffffff814c73c7>] oops_end+0xba/0xc2
>   [<ffffffff8102df05>] no_context+0x25a/0x269
>   [<ffffffff8107cee0>] ? load_balance+0x98/0x6b0
>   [<ffffffff8102e0db>] __bad_area_nosemaphore+0x1c7/0x1e7
>   [<ffffffff8102e109>] bad_area_nosemaphore+0xe/0x10
>   [<ffffffff814c902d>] do_page_fault+0x176/0x350
>   [<ffffffff81009785>] ? __switch_to+0x1cd/0x37c
>   [<ffffffff814c62bc>] ? _raw_spin_unlock_irq+0x2f/0x3a
>   [<ffffffff81077243>] ? get_parent_ip+0x11/0x42
>   [<ffffffff81077243>] ? get_parent_ip+0x11/0x42
>   [<ffffffff814c9382>] ? sub_preempt_count+0x92/0xa5
>   [<ffffffff814c6925>] page_fault+0x25/0x30
>   [<ffffffffa019a7fe>] ? e1000_alloc_rx_buffers+0x5b/0x162 [e1000e]
>   [<ffffffffa0194ea7>] ? e1000e_set_rx_mode+0xbc/0x260 [e1000e]
>   [<ffffffffa0195a6d>] e1000_configure+0x51c/0x525 [e1000e]
>   [<ffffffffa019934c>] ? e1000_set_features+0x8e/0x8e [e1000e]
>   [<ffffffffa0195a87>] e1000e_up+0x11/0xbc [e1000e]
>   [<ffffffffa01992b1>] e1000e_reinit_locked+0x3f/0x4c [e1000e]
>   [<ffffffffa0199a29>] e1000_reset_task+0x6dd/0x6ec [e1000e]
>   [<ffffffff81069df7>] ? schedule_work+0x13/0x15
>   [<ffffffff81077243>] ? get_parent_ip+0x11/0x42
>   [<ffffffff81077243>] ? get_parent_ip+0x11/0x42
>   [<ffffffffa019934c>] ? e1000_set_features+0x8e/0x8e [e1000e]
>   [<ffffffff8106837e>] process_one_work+0x1a6/0x278
>   [<ffffffff8106a3d1>] worker_thread+0x136/0x255
>   [<ffffffff8106a29b>] ? manage_workers+0x190/0x190
>   [<ffffffff8106da7d>] kthread+0x84/0x8c
>   [<ffffffff814cc4a4>] kernel_thread_helper+0x4/0x10
>   [<ffffffff8106d9f9>] ? __init_kthread_worker+0x37/0x37
>   [<ffffffff814cc4a0>] ? gs_change+0x13/0x13
> Code: ea ff ff ff eb 9d 90 55 65 48 8b 04 25 00 c7 00 00 48 8b 80 60 03 00 00 48
> 89 e5 8b 40 f0 c9 c3 48 8b 87 60 03 00 00 55 48 89 e5 <48> 8b 40 f8 c9 c3 48 3b
> 3d 7b 10 b8 00 55 48 89 e5 75 09 0f bf
> RIP  [<ffffffff8106d618>] kthread_data+0xb/0x11
>   RSP <ffff88021e1858b8>
> CR2: fffffffffffffff8
> ---[ end trace 059af067cdc81b6b ]---
> Fixing recursive fault but reboot is needed!

I believe this has already been fixed in 3.4 via commit bb9e44d0.  Please try patching
your kernel with that and let us know so we can have it back-ported to stable.

Thanks,
Bruce.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ