lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5689FE01.5020100@nextfour.com>
Date:	Mon, 4 Jan 2016 07:07:13 +0200
From:	Mika Penttilä <mika.penttila@...tfour.com>
To:	Cong Wang <xiyou.wangcong@...il.com>
CC:	LKML <linux-kernel@...r.kernel.org>,
	Linux Kernel Network Developers <netdev@...r.kernel.org>,
	Rainer Weikusat <rweikusat@...ileactivedefense.com>
Subject: Re: 4.4-rc crash (af_unix)

Just got other one with rc8 (random, not easily reproducable):

[ 1254.780923] Unable to handle kernel NULL pointer dereference at
virtual address 00000000
[ 1254.789308] pgd = a9200000
[ 1254.789320] [00000000] *pgd=39120831, *pte=00000000, *ppte=00000000
[ 1254.789331] Internal error: Oops: 817 [#1] PREEMPT SMP ARM
[ 1254.789340] Modules linked in: btwilink st_drv
[ 1254.789352] CPU: 3 PID: 319 Comm: compositor Tainted: G        W
  4.4.0-rc8 #8
[ 1254.789361] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[ 1254.789365] task: a888d580 ti: a90a4000 task.ti: a90a4000
[ 1254.789376] PC is at skb_queue_tail+0x24/0x48
[ 1254.789385] LR is at _raw_spin_lock_irqsave+0x18/0x5c
[ 1254.789390] pc : [<8051ded8>]    lr : [<806dff80>]    psr: 600d0093
[ 1254.789390] sp : a90a5e40  ip : 0000000a  fp : a911288c
[ 1254.789394] r10: a9111b80  r9 : 0000003e  r8 : 00000001
[ 1254.789397] r7 : a9112704  r6 : a9112710  r5 : a9112704  r4 : a9112704
[ 1254.789400] r3 : 00000000  r2 : 00000000  r1 : 00000000  r0 : 600d0013
[ 1254.789406] Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM
Segment user
[ 1254.789411] Control: 10c5387d  Table: 3920004a  DAC: 00000055
[ 1254.789414] Process compositor (pid: 319, stack limit = 0xa90a4210)
[ 1254.789418] Stack: (0xa90a5e40 to 0xa90a6000)
[ 1254.789425] 5e40: 0000003e 00000000 a9112680 805c1034 a90a5e70
00000003 00000000 0000003e
[ 1254.789432] 5e60: a63bac00 00000001 a90a5ec4 a90a5ebc 00000000
00000000 00000000 00000000
[ 1254.789438] 5e80: ffffffff ffffffff 0000013f a90a5f14 a8e49e40
00000001 00000000 00000000
[ 1254.789445] 5ea0: 00000000 00000000 7e90b4bc 8051622c a90a5f14
805162c4 00000000 00000000
[ 1254.789450] 5ec0: 00000000 00000001 00000000 00000000 a90a5f14
00000000 00000000 00000000
[ 1254.789457] 5ee0: 00000000 a90a5f28 a90a5efc a8e49e40 00000000
a90a5f88 a90a5f88 800e37b0
[ 1254.789475] 5f00: 0000003e 806e01f4 00000000 7e908fb0 0000003e
00000001 00000000 0000003e
[ 1254.789485] 5f20: a90a5f0c 00000001 a8e49e40 00000000 00000000
00000000 00000000 00000000
[ 1254.789492] 5f40: 00000000 00000000 cbb1c6a8 a8e49e40 0000003e
7e908fb0 a90a5f88 8000f6a4
[ 1254.789498] 5f60: a90a4000 800e3f00 7e908fb0 0000003e a8e49e40
a8e49e41 7e908fb0 0000003e
[ 1254.789505] 5f80: 8000f6a4 800e4718 00000000 00000000 000004e7
0000003e 7e908fb0 75b41cc0
[ 1254.789511] 5fa0: 00000004 8000f500 0000003e 7e908fb0 00000002
7e908fb0 0000003e 00000000
[ 1254.789517] 5fc0: 0000003e 7e908fb0 75b41cc0 00000004 0000003e
00000000 00000002 7e90b4bc
[ 1254.789524] 5fe0: 00000000 7e908e88 73e3f4c0 75ad0d34 800d0010
00000002 00000000 00000000
[ 1254.789553] [<8051ded8>] (skb_queue_tail) from [<805c1034>]
(unix_stream_sendmsg+0x134/0x340)
[ 1254.789567] [<805c1034>] (unix_stream_sendmsg) from [<8051622c>]
(sock_sendmsg+0x14/0x24)
[ 1254.789577] [<8051622c>] (sock_sendmsg) from [<805162c4>]
(sock_write_iter+0x88/0xbc)
[ 1254.789594] [<805162c4>] (sock_write_iter) from [<800e37b0>]
(__vfs_write+0xac/0xdc)
[ 1254.789605] [<800e37b0>] (__vfs_write) from [<800e3f00>]
(vfs_write+0x90/0x164)
[ 1254.789614] [<800e3f00>] (vfs_write) from [<800e4718>]
(SyS_write+0x44/0x9c)
[ 1254.789630] [<800e4718>] (SyS_write) from [<8000f500>]
(ret_fast_syscall+0x0/0x34)
[ 1254.789639] Code: eb070826 e5943004 e5854000 e5853004 (e5835000)
[ 1254.789644] ---[ end trace d7af6297ad511a4e ]---


On 12/22/2015 02:51 AM, Cong Wang wrote:
> (Cc'ing netdev and Rainer)
> 
> On Thu, Dec 17, 2015 at 9:12 PM, Mika Penttilä
> <mika.penttila@...tfour.com> wrote:
>> Still something with af_unix and/or wake code on rc5 :
>>
>>
>> [34971.300210] Unable to handle kernel paging request at virtual address
>> 56ac56ac
>>
>> [34971.307455] pgd = a8c30000
>>
>> [34971.310164] [56ac56ac] *pgd=00000000
>>
>> [34971.313761] Internal error: Oops: 80000005 [#1] PREEMPT SMP ARM
>>
>> [34971.319683] Modules linked in: btwilink st_drv
>>
>> [34971.324174] CPU: 1 PID: 333 Comm: compositor Not tainted 4.4.0-rc5 #1
>>
>> [34971.330620] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
>>
>> [34971.337152] task: a8c71c80 ti: a8aea000 task.ti: a8aea000
>>
>> [34971.342554] PC is at 0x56ac56ac
>>
>> [34971.345710] LR is at __wake_up_common+0x4c/0x80
>>
>> [34971.350246] pc : [<56ac56ac>]    lr : [<800585e4>]    psr: 200f0093
>>
>> [34971.350246] sp : a8aebd20  ip : a8ea56bc  fp : 00000001
>>
>> [34971.361725] r10: 00000001  r9 : 00000001  r8 : 00000304
>>
>> [34971.366952] r7 : a8ea5744  r6 : 8023a9e4  r5 : 56ac56ac  r4 : a8c95d28
>>
>> [34971.373480] r3 : 00000304  r2 : 00000001  r1 : 00000001  r0 : a8ea56bc
>>
>> [34971.380010] Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM
>> Segment user
>>
>> [34971.387234] Control: 10c5387d  Table: 38c3004a  DAC: 00000055
>>
>> [34971.392982] Process compositor (pid: 333, stack limit = 0xa8aea210)
>>
>> [34971.399250] Stack: (0xa8aebd20 to 0xa8aec000)
>>
>> [34971.403612] bd20: 00000001 a8ea5740 00000001 00000304 00000001
>> a00f0013 00000098 a8aebe4c
>>
>> [34971.411793] bd40: 00000000 80058bc8 00000304 a8aebe78 a8db42c0
>> a8db42c0 a8db4000 00000f68
>>
>> [34971.419974] bd60: a8db4084 805bd7c0 a8db4394 805196d8 a9e37600
>> 00000000 a8db4000 805bd270
>>
>> [34971.428155] bd80: a8aebd94 00000000 00000000 00000000 00000000
>> 00000000 a9e37600 8051a810
>>
>> [34971.436336] bda0: a9e37600 8051a970 a9e37600 8051aa44 a9e37600
>> 805be498 7ec113e8 8025f2e4
>>
>> [34971.444517] bdc0: a8f35044 00000098 a8db420c 00000098 a653e780
>> 00000001 00000000 00000000
>>
>> [34971.452697] bde0: a8db41e4 00000000 a8aebdf8 00000000 a8aea000
>> 800e4928 00000000 00000000
>>
>> [34971.460878] be00: 00000000 00000000 00000000 00000000 7ec115a8
>> 80264d8c a8aebe78 a8aebe24
>>
>> [34971.469059] be20: 00a5cda4 80513658 a8aebf6c 40000040 7ec115b8
>> 7ec115d4 a8aebeb8 a653e780
>>
>> [34971.477240] be40: 00c50388 805be604 00c87240 805bd130 a653e780
>> a8aebf6c 00000000 00001000
>>
>> [34971.485420] be60: 40000040 00000000 00c50388 8051515c 00000000
>> 00000000 00c506fc 00000c8c
>>
>> [34971.493601] be80: 00c50388 00000374 0000014d 00000000 00000004
>> 00000320 00a70664 00983dcc
>>
>> [34971.501782] bea0: 758ce8e0 00983dcc 758ce8e0 758ce8ec 00a70664
>> 758ce8ec 00000000 80513a8c
>>
>> [34971.509963] bec0: a8b6df8c a8aebf10 a8b6df8c a8aebf10 7ec116d8
>> 8011da50 00a70664 00000000
>>
>> [34971.518143] bee0: 00000001 600f0013 a8aebefc 8004559c a8c07500
>> 600f0013 a8c07534 806de1a0
>>
>> [34971.526324] bf00: a8c07534 806de414 00000000 8011df1c a8aebf10
>> a8aebf10 a8aebf2c 00000020
>>
>> [34971.534505] bf20: a895ccc0 800fd364 a8aebf68 a8aebf64 40000040
>> 00000129 a653e780 7ec115b8
>>
>> [34971.542686] bf40: 40000040 00000129 8000f6a4 a8aea000 00000000
>> 80515eb0 00000000 00000000
>>
>> [34971.550867] bf60: 00000020 00000001 fffffff7 00000000 00000000
>> 00000000 00000098 00000f68
>>
>> [34971.559047] bf80: a8aebe78 00000002 7ec115d4 0000007c 40000000
>> 00000000 00000040 0000001c
>>
>> [34971.567227] bfa0: 7ec115b8 8000f500 00000040 0000001c 0000001c
>> 7ec115b8 40000040 00000000
>>
>> [34971.575409] bfc0: 00000040 0000001c 7ec115b8 00000129 00000006
>> 7ec115b8 76145d68 00c50388
>>
>> [34971.583589] bfe0: 00000000 7ec11588 73d6f4c0 75bef794 800f0010
>> 0000001c 3bf5e861 3bf5ec61
>>
>> [34971.591782] [<800585e4>] (__wake_up_common) from [<80058bc8>]
>> (__wake_up_sync_key+0x44/0x60)
>>
>> [34971.600235] [<80058bc8>] (__wake_up_sync_key) from [<805bd7c0>]
>> (unix_write_space+0x58/0x88)
>>
>> [34971.608686] [<805bd7c0>] (unix_write_space) from [<805196d8>]
>> (sock_wfree+0x78/0x80)
>>
>> [34971.616437] [<805196d8>] (sock_wfree) from [<805bd270>]
>> (unix_destruct_scm+0x64/0x6c)
>>
>> [34971.624276] [<805bd270>] (unix_destruct_scm) from [<8051a810>]
>> (skb_release_head_state+0x84/0xec)
>>
>> [34971.633154] [<8051a810>] (skb_release_head_state) from [<8051a970>]
>> (skb_release_all+0xc/0x24)
>>
>> [34971.641772] [<8051a970>] (skb_release_all) from [<8051aa44>]
>> (consume_skb+0x24/0x60)
>>
>> [34971.649523] [<8051aa44>] (consume_skb) from [<805be498>]
>> (unix_stream_read_generic+0x71c/0x7d0)
>>
>> [34971.658228] [<805be498>] (unix_stream_read_generic) from [<805be604>]
>> (unix_stream_recvmsg+0x38/0x40)
>>
>> [34971.667453] [<805be604>] (unix_stream_recvmsg) from [<8051515c>]
>> (___sys_recvmsg+0x94/0x12c)
>>
>> [34971.675897] [<8051515c>] (___sys_recvmsg) from [<80515eb0>]
>> (__sys_recvmsg+0x3c/0x6c)
>>
>> [34971.683738] [<80515eb0>] (__sys_recvmsg) from [<8000f500>]
>> (ret_fast_syscall+0x0/0x34)
>>
>> [34971.691659] Code: bad PC value
>>
>> [34971.694718] ---[ end trace b54a6d4b7a89f212 ]---
>>
>> [34971.699339] Kernel panic - not syncing: Fatal exception
>>
>> [34971.704572] CPU2: stopping
>>
>> [34971.707292] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G      D
>> 4.4.0-rc5 #1
>>
>> [34971.714691] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
>>
>> [34971.721240] [<80016be4>] (unwind_backtrace) from [<80012b68>]
>> (show_stack+0x10/0x14)
>>
>> [34971.728997] [<80012b68>] (show_stack) from [<802527f8>]
>> (dump_stack+0x84/0xc4)
>>
>> [34971.736227] [<802527f8>] (dump_stack) from [<80015aa8>]
>> (handle_IPI+0x1ac/0x1c0)
>>
>> [34971.743630] [<80015aa8>] (handle_IPI) from [<80009468>]
>> (gic_handle_irq+0x84/0x88)
>>
>> [34971.751206] [<80009468>] (gic_handle_irq) from [<80013600>]
>> (__irq_svc+0x40/0x74)
>>
>> [34971.758691] Exception stack(0xa80a3f58 to 0xa80a3fa0)
>>
>> [34971.763745] 3f40:
>>    00000000 ab720d00
>>
>> [34971.771927] 3f60: 00000001 a80a2000 00000001 ab71d528 9166621b
>> 00001fce 9006c93e 00001fce
>>
>> [34971.780109] 3f80: 00000004 80b635e8 00000000 a80a3fa8 806de3c0
>> 8046687c 20000013 ffffffff
>>
>> [34971.788299] [<80013600>] (__irq_svc) from [<8046687c>]
>> (cpuidle_enter_state+0x128/0x25c)
>>
>> [34971.796400] [<8046687c>] (cpuidle_enter_state) from [<8005917c>]
>> (cpu_startup_entry+0x18c/0x270)
>>
>> [34971.805193] [<8005917c>] (cpu_startup_entry) from [<1000950c>]
>> (0x1000950c)
>>
>> [34971.812157] CPU0: stopping
>>
>> [34971.814874] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D
>> 4.4.0-rc5 #1
>>
>> [34971.822273] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
>>
>> [34971.828815] [<80016be4>] (unwind_backtrace) from [<80012b68>]
>> (show_stack+0x10/0x14)
>>
>> [34971.836567] [<80012b68>] (show_stack) from [<802527f8>]
>> (dump_stack+0x84/0xc4)
>>
>> [34971.843797] [<802527f8>] (dump_stack) from [<80015aa8>]
>> (handle_IPI+0x1ac/0x1c0)
>>
>> [34971.851200] [<80015aa8>] (handle_IPI) from [<80009468>]
>> (gic_handle_irq+0x84/0x88)
>>
>> [34971.858775] [<80009468>] (gic_handle_irq) from [<80013600>]
>> (__irq_svc+0x40/0x74)
>>
>> [34971.866260] Exception stack(0x80b61f20 to 0x80b61f68)
>>
>> [34971.871318] 1f20: 00000000 ab708d00 00000001 80b60000 00000001
>> ab705528 91666267 00001fce
>>
>> [34971.879500] 1f40: 9006a068 00001fce 00000004 80b635e8 00000000
>> 80b61f70 806de3c0 8046687c
>>
>> [34971.887678] 1f60: 200d0013 ffffffff
>>
>> [34971.891176] [<80013600>] (__irq_svc) from [<8046687c>]
>> (cpuidle_enter_state+0x128/0x25c)
>>
>> [34971.899276] [<8046687c>] (cpuidle_enter_state) from [<8005917c>]
>> (cpu_startup_entry+0x18c/0x270)
>>
>> [34971.908073] [<8005917c>] (cpu_startup_entry) from [<80a27c14>]
>> (start_kernel+0x344/0x350)
>>
>> [34971.916253] CPU3: stopping
>>
>> [34971.918971] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G      D
>> 4.4.0-rc5 #1
>>
>> [34971.926370] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
>>
>> [34971.932913] [<80016be4>] (unwind_backtrace) from [<80012b68>]
>> (show_stack+0x10/0x14)
>>
>> [34971.940664] [<80012b68>] (show_stack) from [<802527f8>]
>> (dump_stack+0x84/0xc4)
>>
>> [34971.947894] [<802527f8>] (dump_stack) from [<80015aa8>]
>> (handle_IPI+0x1ac/0x1c0)
>>
>> [34971.955296] [<80015aa8>] (handle_IPI) from [<80009468>]
>> (gic_handle_irq+0x84/0x88)
>>
>> [34971.962872] [<80009468>] (gic_handle_irq) from [<80013600>]
>> (__irq_svc+0x40/0x74)
>>
>> [34971.970357] Exception stack(0xa80a5f58 to 0xa80a5fa0)
>>
>> [34971.975411] 5f40:
>>    00000003 80930e14
>>
>> [34971.983594] 5f60: 00000001 2abcb000 00000000 ab729528 916661c0
>> 00001fce 8da46492 00001fce
>>
>> [34971.991776] 5f80: 00000000 80b635e8 0000001b a80a5fa8 80058ec4
>> 8046687c 200f0013 ffffffff
>>
>> [34971.999961] [<80013600>] (__irq_svc) from [<8046687c..
>> [7:06:39 AM] Matti Pakarinen (Nextfour): [34971.999961] [<80013600>]
>> (__irq_svc) from [<8046687c>] (cpuidle_enter_state+0x128/0x25c)
>>
>> [34972.008060] [<8046687c>] (cpuidle_enter_state) from [<8005917c>]
>> (cpu_startup_entry+0x18c/0x270)
>>
>> [34972.016852] [<8005917c>] (cpu_startup_entry) from [<1000950c>]
>> (0x1000950c)
>>
>> [34972.023820] Rebooting in 1 seconds..
>>
>>
>> Thanks,
>> --Mika
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>> the body of a message to majordomo@...r.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at  http://www.tux.org/lkml/

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ