| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Jan 2015 22:20:08 +0900 From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> To: cwang@...pensource.com Cc: netdev@...r.kernel.org Subject: Re: NULL pointer dereference at skb_queue_tail() Cong Wang wrote: > On Mon, Jan 5, 2015 at 4:50 AM, Tetsuo Handa > <penguin-kernel@...ove.sakura.ne.jp> wrote: > > Tetsuo Handa wrote: > >> I can reproduce below oops when testing Linux 3.18 with memory allocation > >> failure injection module at https://lkml.org/lkml/2014/12/25/64 . > > > > I can reliably reproduce this oops with current linux.git using memory > > allocation failure injection module. There is a possibility of memory > > corruption since this oops always occurs immediately after memory > > allocation failure within GPU/DRM code. I want to check whether > > fields of structures have expected values or not. > > Looks like the skb->prev and/or skb->next in the skb queue is corrupted, > but I don't see why. We do play some magic on these pointers recently, > but it should not be related with unix socket at all. Yes, I saw skb->prev == NULL while skb->next != NULL. And I saw various different oops shown below depending on timing. Is there code which set skb->prev or skb->next to NULL after it was initialized with non-NULL? If there is no such code, this could be memory corruption. > > Is it possible for you to check if this is a regression of recent kernel? > We only have few changes in unix socket recently, and I don't see they > could cause this bug. Would you tell me which versions to test? I confirmed that this problem exists at least since 3.14. I haven't hit this problem with 3.12 because I hit different problem before hitting this problem. So far I didn't hit this problem with 3.10. [ 244.389630] BUG: unable to handle kernel paging request at 00000000bf38b1f5 [ 244.391428] IP: [<ffffffff81646a51>] unix_detach_fds.isra.25+0x21/0x50 [ 244.393050] PGD 7aabf067 PUD 0 [ 244.393865] Oops: 0000 [#1] SMP [ 244.394694] Modules linked in: stap_1d434baec036a3abf082a3f3fc53e337_9804(OE) ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel dm_mirror aesni_intel dm_region_hash dm_log glue_helper dm_mod lrw gf128mul ablk_helper cryptd ppdev vmw_balloon parport_pc microcode pcspkr serio_raw vmw_vmci parport shpchp i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput sd_mod ata_generic pata_acpi e1000 ata_piix mptspi libata scsi_transport_spi mptscsih mptbase floppy [ 244.413886] CPU: 2 PID: 9936 Comm: Xorg Tainted: G W OE 3.19.0-rc3+ #9 [ 244.415807] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013 [ 244.418438] task: ffff88007a7d3d40 ti: ffff88007ab88000 task.ti: ffff88007ab88000 [ 244.420269] RIP: 0010:[<ffffffff81646a51>] [<ffffffff81646a51>] unix_detach_fds.isra.25+0x21/0x50 [ 244.422517] RSP: 0018:ffff88007ab8bb48 EFLAGS: 00010206 [ 244.423823] RAX: 00000000bf38b1f5 RBX: 0000000000000000 RCX: 0000000000000014 [ 244.425580] RDX: 0000000000000004 RSI: ffff88007b4b4800 RDI: ffff88007ab8bbf8 [ 244.427312] RBP: ffff88007ab8bb58 R08: 0000000000000014 R09: ffff88007ae54000 [ 244.429070] R10: ffff88007ae54000 R11: ffff88007a7d3d40 R12: ffff88007ab8bbf8 [ 244.430816] R13: ffff88007b4b4800 R14: ffff88003a806990 R15: ffff88003a806900 [ 244.432555] FS: 00007fe2e1976980(0000) GS:ffff88007fc80000(0000) knlGS:0000000000000000 [ 244.434477] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 244.435859] CR2: 00000000bf38b1f5 CR3: 000000007aa31000 CR4: 00000000000407e0 [ 244.437626] Stack: [ 244.438124] 0000000000000000 0000000000000000 ffff88007ab8bc68 ffffffff816486cb [ 244.439987] dead000000200200 ffff88001db00700 ffff88007a7d3d40 ffff88007ab8bc28 [ 244.441889] ffff88007a7d3d40 ffff88003a806bb0 0000000000000001 ffff88007ae54000 [ 244.443778] Call Trace: [ 244.444376] [<ffffffff816486cb>] unix_stream_recvmsg+0x57b/0x840 [ 244.445850] [<ffffffff811c7530>] ? poll_select_copy_remaining+0x130/0x130 [ 244.447504] [<ffffffff81589c96>] sock_recvmsg+0x76/0x90 [ 244.448777] [<ffffffff8158b8fe>] ? copy_msghdr_from_user+0x15e/0x1f0 [ 244.450331] [<ffffffff8158bd84>] ___sys_recvmsg+0xe4/0x200 [ 244.451660] [<ffffffff81337180>] ? timerqueue_add+0x60/0xb0 [ 244.453018] [<ffffffff810ce4c9>] ? enqueue_hrtimer+0x29/0x90 [ 244.454390] [<ffffffff810cea70>] ? __hrtimer_start_range_ns+0x260/0x360 [ 244.455995] [<ffffffff811d0745>] ? __fget_light+0x25/0x70 [ 244.457313] [<ffffffff8158c762>] __sys_recvmsg+0x42/0x80 [ 244.458625] [<ffffffff8158c7b2>] SyS_recvmsg+0x12/0x20 [ 244.459871] [<ffffffff816a52e9>] system_call_fastpath+0x12/0x17 [ 244.461334] Code: 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 48 8b 46 38 48 89 e5 41 54 49 89 fc 53 48 89 07 48 c7 46 38 00 00 00 00 48 8b 07 <0f> bf 18 83 eb 01 79 0b eb 1e 0f 1f 44 00 00 49 8b 04 24 48 63 [ 244.467598] RIP [<ffffffff81646a51>] unix_detach_fds.isra.25+0x21/0x50 [ 244.469201] RSP <ffff88007ab8bb48> [ 244.470055] CR2: 00000000bf38b1f5 [ 1511.728498] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 1511.730551] IP: [<ffffffff8159342b>] skb_dequeue+0x4b/0x80 [ 1511.731987] PGD 0 [ 1511.732523] Oops: 0002 [#1] SMP [ 1511.733406] Modules linked in: stap_1d434baec036a3abf082a3f3fc53e337_2788(OE) ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul crc32_pclmul crc32c_intel dm_mirror ghash_clmulni_intel dm_region_hash dm_log aesni_intel dm_mod glue_helper lrw gf128mul ablk_helper cryptd vmw_balloon ppdev microcode serio_raw pcspkr parport_pc vmw_vmci parport shpchp i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput sd_mod ata_generic pata_acpi mptspi ata_piix e1000 scsi_transport_spi libata mptscsih mptbase floppy [ 1511.752609] CPU: 2 PID: 2972 Comm: pool Tainted: G W OE 3.19.0-rc3+ #9 [ 1511.754400] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013 [ 1511.757001] task: ffff880036d29180 ti: ffff8800791bc000 task.ti: ffff8800791bc000 [ 1511.758830] RIP: 0010:[<ffffffff8159342b>] [<ffffffff8159342b>] skb_dequeue+0x4b/0x80 [ 1511.760787] RSP: 0018:ffff8800791bfb78 EFLAGS: 00010082 [ 1511.762047] RAX: 0000000000000296 RBX: ffff88007a8d7380 RCX: 0000000000000000 [ 1511.763765] RDX: 0000000000000000 RSI: 0000000000000296 RDI: ffff88007a8d77a4 [ 1511.765583] RBP: ffff8800791bfb98 R08: 0000000000000296 R09: 0000000000000000 [ 1511.767359] R10: ffff8800799cb4b0 R11: ffff88007a22b410 R12: ffff88007a8d7790 [ 1511.769116] R13: ffff88007a8d77a4 R14: ffff88007a8d7790 R15: 0000000000000001 [ 1511.770866] FS: 0000000000000000(0000) GS:ffff88007fc80000(0000) knlGS:0000000000000000 [ 1511.772854] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1511.774239] CR2: 0000000000000008 CR3: 0000000001c14000 CR4: 00000000000407e0 [ 1511.776042] Stack: [ 1511.776558] ffff88007a8d776c ffff88007a8d7700 ffff88007a8d776c ffff88007a8d7a80 [ 1511.778449] ffff8800791bfbf8 ffffffff81648030 0000000100c2e630 ffff880000000000 [ 1511.780372] 0000000000000000 0000000000000000 0000000000000000 ffff8800799cb480 [ 1511.782290] Call Trace: [ 1511.782921] [<ffffffff81648030>] unix_release_sock+0x1d0/0x2b0 [ 1511.784410] [<ffffffff81648131>] unix_release+0x21/0x40 [ 1511.785721] [<ffffffff8158ab8f>] sock_release+0x1f/0x90 [ 1511.787029] [<ffffffff8158ac12>] sock_close+0x12/0x20 [ 1511.788323] [<ffffffff811b531f>] __fput+0xdf/0x1e0 [ 1511.789514] [<ffffffff811b546e>] ____fput+0xe/0x10 [ 1511.790720] [<ffffffff81087dac>] task_work_run+0xcc/0xf0 [ 1511.792072] [<ffffffff8106eae8>] do_exit+0x2d8/0xb40 [ 1511.793290] [<ffffffff810779af>] ? recalc_sigpending+0x1f/0x60 [ 1511.794718] [<ffffffff8106f3df>] do_group_exit+0x3f/0xa0 [ 1511.796074] [<ffffffff8107a6f2>] get_signal+0x1d2/0x6f0 [ 1511.797396] [<ffffffff810134e8>] do_signal+0x28/0x720 [ 1511.798653] [<ffffffff81013c2c>] do_notify_resume+0x4c/0x90 [ 1511.800057] [<ffffffff816a5587>] int_signal+0x12/0x17 [ 1511.801334] Code: 00 49 8b 1c 24 4c 39 e3 74 46 48 85 db 74 23 41 83 6c 24 10 01 48 8b 0b 48 8b 53 08 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 <48> 89 51 08 48 89 0a 48 89 c6 4c 89 ef e8 53 17 11 00 48 83 c4 [ 1511.807711] RIP [<ffffffff8159342b>] skb_dequeue+0x4b/0x80 [ 1511.809118] RSP <ffff8800791bfb78> [ 1511.809995] CR2: 0000000000000008 [ 149.357455] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 149.359965] IP: [<ffffffff8159342b>] skb_dequeue+0x4b/0x80 [ 149.361412] PGD 0 [ 149.361931] Oops: 0002 [#1] SMP [ 149.362787] Modules linked in: stap_1d434baec036a3abf082a3f3fc53e337_2459(OE) ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul crc32_pclmul crc32c_intel dm_mirror ghash_clmulni_intel dm_region_hash dm_log aesni_intel dm_mod glue_helper lrw gf128mul ablk_helper cryptd ppdev vmw_balloon microcode parport_pc pcspkr serio_raw parport vmw_vmci shpchp i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput ata_generic pata_acpi sd_mod ata_piix mptspi e1000 scsi_transport_spi mptscsih libata mptbase floppy [ 149.382152] CPU: 0 PID: 2608 Comm: gnome-shell Tainted: G W OE 3.19.0-rc3+ #9 [ 149.384226] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013 [ 149.386705] task: ffff88007ad5d780 ti: ffff88007a630000 task.ti: ffff88007a630000 [ 149.388606] RIP: 0010:[<ffffffff8159342b>] [<ffffffff8159342b>] skb_dequeue+0x4b/0x80 [ 149.390496] RSP: 0018:ffff88007a633b78 EFLAGS: 00010097 [ 149.391740] RAX: 0000000000000296 RBX: ffff88007ad6ad80 RCX: 0000000000000000 [ 149.393627] RDX: ffff88003a87fae8 RSI: 0000000000000292 RDI: ffff88007ad6e624 [ 149.395312] RBP: ffff88007a633b98 R08: 0000000000000296 R09: 0000000000000000 [ 149.397071] R10: ffff88003eeb4030 R11: ffff88007a2dfc10 R12: ffff88007ad6e610 [ 149.398745] R13: ffff88007ad6e624 R14: ffff88007ad6e610 R15: 0000000000000001 [ 149.400434] FS: 0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000 [ 149.402266] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.403924] CR2: 0000000000000008 CR3: 0000000001c14000 CR4: 00000000000407f0 [ 149.405701] Stack: [ 149.406206] ffff88007ad6e5ec ffff88007ad6e580 ffff88007ad6e5ec ffff88007ad6b480 [ 149.408086] ffff88007a633bf8 ffffffff81647fc4 000000013eeb2dc8 ffff880000000000 [ 149.409863] 0000000000000000 0000000000000000 0000000000000000 ffff88003eeb4000 [ 149.411670] Call Trace: [ 149.412242] [<ffffffff81647fc4>] unix_release_sock+0x164/0x2b0 [ 149.413838] [<ffffffff81648131>] unix_release+0x21/0x40 [ 149.415089] [<ffffffff8158ab8f>] sock_release+0x1f/0x90 [ 149.416382] [<ffffffff8158ac12>] sock_close+0x12/0x20 [ 149.417581] [<ffffffff811b531f>] __fput+0xdf/0x1e0 [ 149.418869] [<ffffffff811b546e>] ____fput+0xe/0x10 [ 149.420026] [<ffffffff81087dac>] task_work_run+0xcc/0xf0 [ 149.421313] [<ffffffff8106eae8>] do_exit+0x2d8/0xb40 [ 149.422495] [<ffffffff810779af>] ? recalc_sigpending+0x1f/0x60 [ 149.423925] [<ffffffff8106f3df>] do_group_exit+0x3f/0xa0 [ 149.425173] [<ffffffff8107a6f2>] get_signal+0x1d2/0x6f0 [ 149.426408] [<ffffffff810134e8>] do_signal+0x28/0x720 [ 149.427573] [<ffffffff8101fe4b>] ? __restore_xstate_sig+0x8b/0x680 [ 149.429030] [<ffffffff81013c2c>] do_notify_resume+0x4c/0x90 [ 149.430351] [<ffffffff816a5587>] int_signal+0x12/0x17 [ 149.431511] Code: 00 49 8b 1c 24 4c 39 e3 74 46 48 85 db 74 23 41 83 6c 24 10 01 48 8b 0b 48 8b 53 08 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 <48> 89 51 08 48 89 0a 48 89 c6 4c 89 ef e8 53 17 11 00 48 83 c4 [ 149.437473] RIP [<ffffffff8159342b>] skb_dequeue+0x4b/0x80 [ 149.438803] RSP <ffff88007a633b78> [ 149.439599] CR2: 0000000000000008 [ 144.274609] BUG: unable to handle kernel NULL pointer dereference at 0000000000000002 [ 144.276557] IP: [<ffffffff81599f40>] skb_copy_datagram_iter+0xe0/0x260 [ 144.278178] PGD 7a26e067 PUD 7a26b067 PMD 0 [ 144.279300] Oops: 0000 [#1] SMP [ 144.280129] Modules linked in: stap_1d434baec036a3abf082a3f3fc53e337_2457(OE) ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel dm_mirror aesni_intel dm_region_hash glue_helper dm_log lrw gf128mul dm_mod ablk_helper cryptd ppdev vmw_balloon microcode parport_pc serio_raw pcspkr vmw_vmci parport shpchp i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput sd_mod ata_generic pata_acpi mptspi scsi_transport_spi e1000 mptscsih ata_piix mptbase libata floppy [ 144.299002] CPU: 2 PID: 2348 Comm: gnome-shell Tainted: G W OE 3.19.0-rc3+ #9 [ 144.300902] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013 [ 144.303443] task: ffff880078008000 ti: ffff88007a298000 task.ti: ffff88007a298000 [ 144.305231] RIP: 0010:[<ffffffff81599f40>] [<ffffffff81599f40>] skb_copy_datagram_iter+0xe0/0x260 [ 144.307397] RSP: 0018:ffff88007a29bbc8 EFLAGS: 00010202 [ 144.308726] RAX: 0000000000000002 RBX: 0000000000001000 RCX: 00000000c698e000 [ 144.310443] RDX: ffff88007a29be78 RSI: 0000000039672000 RDI: ffff88007a139180 [ 144.312144] RBP: ffff88007a29bc18 R08: 0000000000001000 R09: ffff88007b1e0c80 [ 144.313834] R10: 0000000000000000 R11: ffff880078008000 R12: 0000000000000000 [ 144.315559] R13: ffff88007a139180 R14: 0000000039672000 R15: ffff88007a138a80 [ 144.317261] FS: 00007fc870c36a00(0000) GS:ffff88007fc80000(0000) knlGS:0000000000000000 [ 144.319169] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.320562] CR2: 0000000000000002 CR3: 000000007b5f5000 CR4: 00000000000407e0 [ 144.322289] Stack: [ 144.322784] 0000000000000008 ffff88007a151000 00000000c698e000 ffff88007a29be78 [ 144.324668] ffff88007a29bca8 0000000000000000 0000000000000000 ffff88007a139180 [ 144.326564] ffff88007a138b10 ffff88007a138a80 ffff88007a29bd28 ffffffff8164865b [ 144.328422] Call Trace: [ 144.329021] [<ffffffff8164865b>] unix_stream_recvmsg+0x50b/0x840 [ 144.330484] [<ffffffff811c7530>] ? poll_select_copy_remaining+0x130/0x130 [ 144.332121] [<ffffffff81589c96>] sock_recvmsg+0x76/0x90 [ 144.333389] [<ffffffff811d0745>] ? __fget_light+0x25/0x70 [ 144.334714] [<ffffffff811d07a3>] ? __fdget+0x13/0x20 [ 144.335934] [<ffffffff8158a1c7>] ? sockfd_lookup_light+0x17/0x70 [ 144.337383] [<ffffffff8158a860>] SYSC_recvfrom+0xe0/0x160 [ 144.338693] [<ffffffff81103264>] ? __audit_syscall_entry+0xb4/0x110 [ 144.340222] [<ffffffff8102140c>] ? do_audit_syscall_entry+0x6c/0x70 [ 144.341753] [<ffffffff810227b3>] ? syscall_trace_enter_phase1+0x123/0x180 [ 144.343385] [<ffffffff8158c2ee>] SyS_recvfrom+0xe/0x10 [ 144.344651] [<ffffffff816a52e9>] system_call_fastpath+0x12/0x17 [ 144.346100] Code: 83 c7 10 89 da 4c 89 ee ff d1 49 8b 0f 48 85 c9 75 e9 8b 4d c0 85 c9 0f 8f 76 ff ff ff 41 8b 85 cc 00 00 00 49 03 85 d0 00 00 00 <80> 38 00 0f 84 98 00 00 00 45 31 ff 0f 1f 40 00 49 63 d7 48 83 [ 144.352303] RIP [<ffffffff81599f40>] skb_copy_datagram_iter+0xe0/0x260 [ 144.353900] RSP <ffff88007a29bbc8> [ 144.354829] CR2: 0000000000000002 [ 141.981007] BUG: unable to handle kernel paging request at ffff88013b831cc0 [ 141.982931] IP: [<ffffffff81594dd5>] __alloc_skb+0x165/0x2b0 [ 141.984465] PGD 1f2b067 PUD 0 [ 141.985334] Oops: 0002 [#1] SMP [ 141.986357] Modules linked in: stap_1d434baec036a3abf082a3f3fc53e337_4681(OE) ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel dm_mirror glue_helper dm_region_hash dm_log lrw dm_mod gf128mul ablk_helper cryptd ppdev vmw_balloon parport_pc microcode serio_raw vmw_vmci pcspkr parport shpchp i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput ata_generic sd_mod pata_acpi ata_piix libata mptspi e1000 scsi_transport_spi mptscsih mptbase floppy [ 142.006491] CPU: 3 PID: 610 Comm: Xorg Tainted: G W OE 3.19.0-rc3+ #9 [ 142.008230] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013 [ 142.010776] task: ffff880078898000 ti: ffff88007be24000 task.ti: ffff88007be24000 [ 142.012551] RIP: 0010:[<ffffffff81594dd5>] [<ffffffff81594dd5>] __alloc_skb+0x165/0x2b0 [ 142.014522] RSP: 0018:ffff88007be27aa8 EFLAGS: 00010246 [ 142.015810] RAX: 00000000ffffffff RBX: ffff88003b831c00 RCX: 00000000ffffffff [ 142.017512] RDX: ffff88013b831cc0 RSI: 0000000000000000 RDI: ffff88003b831cc8 [ 142.019255] RBP: ffff88007be27af8 R08: 00000000ffffffc0 R09: 0000000000000200 [ 142.020966] R10: ffffffff81594cbe R11: ffff88007f803700 R12: ffff88003b831d00 [ 142.022673] R13: 00000000ffffffff R14: ffff88007f803700 R15: 0000000000000100 [ 142.024378] FS: 00007fae44c35980(0000) GS:ffff88007fcc0000(0000) knlGS:0000000000000000 [ 142.026300] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.027657] CR2: ffff88013b831cc0 CR3: 00000000780ea000 CR4: 00000000000407e0 [ 142.029383] Stack: [ 142.029865] ffff880000000000 0000000000000001 ffff88007b232ec0 0000000000000000 [ 142.031710] ffff8800780483c8 0000000000000003 0000000000000000 ffff88007be27ba8 [ 142.033531] ffff880078f06200 0000000000000000 ffff88007be27b58 ffffffff8159567c [ 142.035344] Call Trace: [ 142.035950] [<ffffffff8159567c>] alloc_skb_with_frags+0x5c/0x1e0 [ 142.037356] [<ffffffff81096440>] ? wake_up_state+0x20/0x20 [ 142.038865] [<ffffffff8158f9d6>] sock_alloc_send_pskb+0x196/0x250 [ 142.040323] [<ffffffff810aaeb4>] ? __wake_up_sync_key+0x54/0x70 [ 142.041769] [<ffffffff8164a237>] ? wait_for_unix_gc+0x27/0xa0 [ 142.043181] [<ffffffff81647aba>] unix_stream_sendmsg+0x2aa/0x430 [ 142.044582] [<ffffffff8158a9e3>] sock_aio_write+0x103/0x140 [ 142.045979] [<ffffffff811b2fbc>] do_sync_readv_writev+0x4c/0x80 [ 142.047370] [<ffffffff811b4965>] do_readv_writev+0x1e5/0x280 [ 142.048756] [<ffffffff810ce4c9>] ? enqueue_hrtimer+0x29/0x90 [ 142.050119] [<ffffffff811d0745>] ? __fget_light+0x25/0x70 [ 142.051432] [<ffffffff81103264>] ? __audit_syscall_entry+0xb4/0x110 [ 142.052891] [<ffffffff811b4a89>] vfs_writev+0x39/0x50 [ 142.054119] [<ffffffff811b4bba>] SyS_writev+0x4a/0xd0 [ 142.055307] [<ffffffff811034f6>] ? __audit_syscall_exit+0x236/0x2e0 [ 142.056821] [<ffffffff816a52e9>] system_call_fastpath+0x12/0x17 [ 142.058259] Code: b6 83 90 00 00 00 83 e0 f7 09 c8 b9 ff ff ff ff 85 f6 88 83 90 00 00 00 b8 ff ff ff ff 66 89 8b c2 00 00 00 66 89 83 c6 00 00 00 <48> c7 02 00 00 00 00 48 c7 42 08 00 00 00 00 48 c7 42 10 00 00 [ 142.064326] RIP [<ffffffff81594dd5>] __alloc_skb+0x165/0x2b0 [ 142.065719] RSP <ffff88007be27aa8> [ 142.066536] CR2: ffff88013b831cc0 [ 202.125577] BUG: unable to handle kernel NULL pointer dereference at (null) [ 202.127781] IP: [<ffffffff81593577>] skb_queue_tail+0x37/0x60 [ 202.129471] PGD 7909a067 PUD 7c0ab067 PMD 0 [ 202.130709] Oops: 0002 [#1] SMP [ 202.131655] Modules linked in: stap_1d434baec036a3abf082a3f3fc53e337_4681(OE) ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul dm_mirror crc32_pclmul crc32c_intel dm_region_hash dm_log ghash_clmulni_intel aesni_intel dm_mod glue_helper lrw gf128mul ablk_helper cryptd ppdev vmw_balloon parport_pc microcode pcspkr vmw_vmci serio_raw parport shpchp i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput sd_mod ata_generic pata_acpi mptspi scsi_transport_spi e1000 mptscsih ata_piix mptbase libata floppy [last unloaded: stap_1d434baec036a3abf082a3f3fc53e337_4681] [ 202.154006] CPU: 0 PID: 2884 Comm: Xorg Tainted: G W OE 3.19.0-rc3+ #9 [ 202.155953] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013 [ 202.158788] task: ffff88004b048000 ti: ffff88007b590000 task.ti: ffff88007b590000 [ 202.160770] RIP: 0010:[<ffffffff81593577>] [<ffffffff81593577>] skb_queue_tail+0x37/0x60 [ 202.162999] RSP: 0018:ffff88007b593bc8 EFLAGS: 00010046 [ 202.164409] RAX: 0000000000000292 RBX: ffff88007a426990 RCX: 0000000000000000 [ 202.166246] RDX: 0000000000000000 RSI: 0000000000000292 RDI: ffff88007a4269a4 [ 202.168089] RBP: ffff88007b593be8 R08: 0000000000000292 R09: 0000000000000300 [ 202.169992] R10: ffffffff81594cbe R11: ffff88007f803600 R12: ffff88007a426990 [ 202.171916] R13: ffff88007a4269a4 R14: 0000000000000000 R15: ffff88007a426900 [ 202.173815] FS: 00007f8233198980(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000 [ 202.175936] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 202.177467] CR2: 0000000000000000 CR3: 000000004eb73000 CR4: 00000000000407f0 [ 202.179411] Stack: [ 202.179967] 0000000000000020 ffff88007a426990 0000000000000020 0000000000000000 [ 202.182006] ffff88007b593ca8 ffffffff816479ed ffff88007a426990 ffff88007b593d10 [ 202.184061] 0000002000000000 ffff88007b593cc8 0000000000000020 ffff88007a426bf8 [ 202.186124] Call Trace: [ 202.186817] [<ffffffff816479ed>] unix_stream_sendmsg+0x1dd/0x430 [ 202.188440] [<ffffffff8158a9e3>] sock_aio_write+0x103/0x140 [ 202.189938] [<ffffffff811b2fbc>] do_sync_readv_writev+0x4c/0x80 [ 202.191531] [<ffffffff811b4965>] do_readv_writev+0x1e5/0x280 [ 202.193053] [<ffffffff811d0745>] ? __fget_light+0x25/0x70 [ 202.194496] [<ffffffff81103264>] ? __audit_syscall_entry+0xb4/0x110 [ 202.196181] [<ffffffff811b4a89>] vfs_writev+0x39/0x50 [ 202.197506] [<ffffffff811b4bba>] SyS_writev+0x4a/0xd0 [ 202.198855] [<ffffffff811034f6>] ? __audit_syscall_exit+0x236/0x2e0 [ 202.200550] [<ffffffff816a52e9>] system_call_fastpath+0x12/0x17 [ 202.202137] Code: 8d 6f 14 41 54 49 89 f4 53 48 89 fb 4c 89 ef 48 83 ec 08 e8 dc 19 11 00 48 8b 53 08 49 89 1c 24 4c 89 ef 48 89 c6 49 89 54 24 08 <4c> 89 22 83 43 10 01 4c 89 63 08 e8 09 16 11 00 48 83 c4 08 5b [ 202.208943] RIP [<ffffffff81593577>] skb_queue_tail+0x37/0x60 [ 202.210471] RSP <ffff88007b593bc8> [ 202.211382] CR2: 0000000000000000 [ 313.016314] BUG: unable to handle kernel NULL pointer dereference at (null) [ 313.018432] IP: [<ffffffff81593577>] skb_queue_tail+0x37/0x60 [ 313.019982] PGD 79fe4067 PUD 7879b067 PMD 0 [ 313.021183] Oops: 0002 [#1] SMP [ 313.022081] Modules linked in: stap_1d434baec036a3abf082a3f3fc53e337_4681(OE) ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul dm_mirror crc32_pclmul dm_region_hash crc32c_intel dm_log ghash_clmulni_intel aesni_intel dm_mod glue_helper lrw gf128mul ablk_helper cryptd ppdev vmw_balloon microcode serio_raw parport_pc pcspkr vmw_vmci shpchp parport i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc uinput sd_mod ata_generic pata_acpi ata_piix libata mptspi scsi_transport_spi mptscsih e1000 mptbase floppy [ 313.041970] CPU: 0 PID: 2928 Comm: Xorg Tainted: G W OE 3.19.0-rc3+ #9 [ 313.043692] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013 [ 313.046200] task: ffff88007a3fa300 ti: ffff880079f08000 task.ti: ffff880079f08000 [ 313.047972] RIP: 0010:[<ffffffff81593577>] [<ffffffff81593577>] skb_queue_tail+0x37/0x60 [ 313.049940] RSP: 0018:ffff880079f0bbc8 EFLAGS: 00010046 [ 313.051209] RAX: 0000000000000292 RBX: ffff88007a0c3510 RCX: 0000000000000000 [ 313.052892] RDX: 0000000000000000 RSI: 0000000000000292 RDI: ffff88007a0c3524 [ 313.054572] RBP: ffff880079f0bbe8 R08: 0000000000000292 R09: 0000000000000300 [ 313.056254] R10: ffffffff81594cbe R11: ffff88007f803600 R12: ffff88007a0c3510 [ 313.057957] R13: ffff88007a0c3524 R14: 0000000000000000 R15: ffff88007a0c3480 [ 313.059642] FS: 00007fa68e9b5980(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000 [ 313.061536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 313.062881] CR2: 0000000000000000 CR3: 000000007c026000 CR4: 00000000000407f0 [ 313.064617] Stack: [ 313.065110] 0000000000000020 ffff88007a0c3510 0000000000000020 0000000000000000 [ 313.066962] ffff880079f0bca8 ffffffff816479ed ffff88007a0c3510 ffff880079f0bd10 [ 313.068809] 0000002000000000 ffff880079f0bcc8 0000000000000020 ffff88007a0c3778 [ 313.070667] Call Trace: [ 313.071263] [<ffffffff816479ed>] unix_stream_sendmsg+0x1dd/0x430 [ 313.072710] [<ffffffff8158a9e3>] sock_aio_write+0x103/0x140 [ 313.074281] [<ffffffff811b2fbc>] do_sync_readv_writev+0x4c/0x80 [ 313.075706] [<ffffffff811b4965>] do_readv_writev+0x1e5/0x280 [ 313.077070] [<ffffffff810ce4c9>] ? enqueue_hrtimer+0x29/0x90 [ 313.078437] [<ffffffff811d0745>] ? __fget_light+0x25/0x70 [ 313.079731] [<ffffffff81103264>] ? __audit_syscall_entry+0xb4/0x110 [ 313.081225] [<ffffffff811b4a89>] vfs_writev+0x39/0x50 [ 313.082450] [<ffffffff811b4bba>] SyS_writev+0x4a/0xd0 [ 313.083680] [<ffffffff811034f6>] ? __audit_syscall_exit+0x236/0x2e0 [ 313.085186] [<ffffffff816a52e9>] system_call_fastpath+0x12/0x17 [ 313.086609] Code: 8d 6f 14 41 54 49 89 f4 53 48 89 fb 4c 89 ef 48 83 ec 08 e8 dc 19 11 00 48 8b 53 08 49 89 1c 24 4c 89 ef 48 89 c6 49 89 54 24 08 <4c> 89 22 83 43 10 01 4c 89 63 08 e8 09 16 11 00 48 83 c4 08 5b [ 313.093012] RIP [<ffffffff81593577>] skb_queue_tail+0x37/0x60 [ 313.094408] RSP <ffff880079f0bbc8> [ 313.095233] CR2: 0000000000000000 [ 207.542992] BUG: unable to handle kernel NULL pointer dereference at (null) [ 207.545125] IP: [<ffffffff81536cc3>] skb_queue_tail+0x33/0x50 [ 207.546719] PGD 49067 PUD 1a3067 PMD 0 [ 207.547815] Oops: 0002 [#1] SMP [ 207.548725] Modules linked in: stap_a22ae6d0c4bc77fa650b27434e28e712_2992(OF) ip6t_rpfilter ip6t_REJECT ipt_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel dm_mirror glue_helper dm_region_hash lrw gf128mul dm_log ablk_helper dm_mod cryptd microcode vmw_balloon ppdev parport_pc serio_raw pcspkr vmw_vmci parport shpchp i2c_piix4 nfsd auth_rpcgss nfs_acl lockd sunrpc uinput sd_mod ata_generic pata_acpi mptspi scsi_transport_spi mptscsih mptbase ata_piix libata e1000 floppy [ 207.568456] CPU: 3 PID: 3016 Comm: Xorg Tainted: GF W O 3.14.0+ #12 [ 207.570127] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013 [ 207.572653] task: ffff88007bf4baa0 ti: ffff88007a230000 task.ti: ffff88007a230000 [ 207.574431] RIP: 0010:[<ffffffff81536cc3>] [<ffffffff81536cc3>] skb_queue_tail+0x33/0x50 [ 207.576378] RSP: 0018:ffff88007a231c70 EFLAGS: 00010046 [ 207.577655] RAX: 0000000000000246 RBX: ffff8800221c4190 RCX: 0000000000000000 [ 207.579361] RDX: 0000000000000000 RSI: 0000000000000246 RDI: ffff8800221c41a4 [ 207.581034] RBP: ffff88007a231c88 R08: 0000000000000246 R09: 0000000000000300 [ 207.582752] R10: ffff88003c3cc900 R11: 0000000000000020 R12: ffff8800221c4190 [ 207.584445] R13: ffff8800221c41a4 R14: ffff8800221c4100 R15: 0000000000000000 [ 207.586114] FS: 00007f91fc263980(0000) GS:ffff88007fcc0000(0000) knlGS:0000000000000000 [ 207.588011] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 207.589752] CR2: 0000000000000000 CR3: 0000000000139000 CR4: 00000000000407e0 [ 207.591514] Stack: [ 207.592046] ffff8800221c4190 0000000000000020 0000000000000000 ffff88007a231d30 [ 207.594108] ffffffff815e2018 ffff8800221c4190 0000002000000059 ffff88007a231d40 [ 207.596194] 0000000000000020 ffff8800221c43e8 ffff88007a231d78 ffff88007b22ef80 [ 207.598156] Call Trace: [ 207.598774] [<ffffffff815e2018>] unix_stream_sendmsg+0x1b8/0x3f0 [ 207.600297] [<ffffffff8152dde7>] sock_aio_write+0xd7/0xf0 [ 207.601750] [<ffffffff811d1eb8>] ? fsnotify+0x228/0x2f0 [ 207.603077] [<ffffffff81190e9c>] do_sync_readv_writev+0x4c/0x80 [ 207.604638] [<ffffffff81192300>] do_readv_writev+0xb0/0x220 [ 207.606030] [<ffffffff8108c91a>] ? __hrtimer_start_range_ns+0x1aa/0x380 [ 207.607678] [<ffffffff8142154e>] ? vmw_unlocked_ioctl+0x4e/0x70 [ 207.609322] [<ffffffff811a3e60>] ? do_vfs_ioctl+0x2e0/0x4c0 [ 207.610728] [<ffffffff811924f0>] vfs_writev+0x30/0x60 [ 207.612081] [<ffffffff8119263a>] SyS_writev+0x4a/0xd0 [ 207.613369] [<ffffffff81645da9>] system_call_fastpath+0x16/0x1b [ 207.614896] Code: e5 41 55 4c 8d 6f 14 41 54 49 89 f4 53 48 89 fb 4c 89 ef e8 00 7c 10 00 48 8b 53 08 49 89 1c 24 4c 89 ef 48 89 c6 49 89 54 24 08 <4c> 89 22 83 43 10 01 4c 89 63 08 e8 dd 79 10 00 5b 41 5c 41 5d [ 207.621107] RIP [<ffffffff81536cc3>] skb_queue_tail+0x33/0x50 [ 207.622519] RSP <ffff88007a231c70> [ 207.623354] CR2: 0000000000000000 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists