lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Thu, 30 Nov 2017 11:14:59 +0800
From:   Fengguang Wu <fengguang.wu@...el.com>
To:     netdev@...r.kernel.org
Cc:     "David S. Miller" <davem@...emloft.net>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        linzhang <xiaolou4617@...il.com>,
        David Howells <dhowells@...hat.com>,
        linux-kernel@...r.kernel.org, lkp@...org
Subject: [llc_ui_sendmsg] kernel BUG at net/core/skbuff.c:104!

Hello,

FYI this happens in mainline kernel 4.15.0-rc1.
It looks like a new regression and not easy to bisect.

It occurs in 1 out of 100+ boots with trinity.

[child2:628] acct (163) returned ENOSYS, marking as inactive.
[child2:628] finit_module (313) returned ENOSYS, marking as inactive.
[child2:628] bpf (321) returned ENOSYS, marking as inactive.
[   99.901457] skbuff: skb_over_panic: text:ffffffff826045f3 len:579 put:3 head:ffff8800195f92f8 data:ffff8800195f92f8 tail:0x243 end:0x240 dev:eql
[   99.903187] ------------[ cut here ]------------
[   99.903764] kernel BUG at net/core/skbuff.c:104!
[   99.904540] invalid opcode: 0000 [#1]
[   99.905028] CPU: 0 PID: 628 Comm: trinity-c2 Not tainted 4.15.0-rc1 #138
[   99.905843] task: ffff880019600000 task.stack: ffffc900001fc000
[   99.906612] RIP: 0010:skb_panic+0x83/0x93:
						skb_panic at net/core/skbuff.c:100 (discriminator 4)
[   99.906886] RSP: 0018:ffffc900001ffc38 EFLAGS: 00010202
[   99.906886] RAX: 0000000000000084 RBX: ffff8800195eed80 RCX: ffff880019600000
[   99.906886] RDX: 0000000000000000 RSI: ffff880019600000 RDI: 0000000000000002
[   99.906886] RBP: ffff88001bd4f020 R08: ffffffff81156a62 R09: 0000000000000084
[   99.906886] R10: 00000000000001c4 R11: ffff88001f23de40 R12: ffff88001bd4f020
[   99.906886] R13: ffffffff82ac4530 R14: ffffffff826045f3 R15: 0000000000000003
[   99.906886] FS:  000000000104a880(0000) GS:ffffffff8346c000(0000) knlGS:0000000000000000
[   99.906886] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   99.906886] CR2: 00007fd0cf08c000 CR3: 0000000019730000 CR4: 00000000000006f0
[   99.906886] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   99.906886] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[   99.906886] Call Trace:
[   99.906886]  ? llc_sap_action_send_ui+0xbd/0xbd:
						llc_sap_action_send_xid_c at net/llc/llc_s_ac.c:76
[   99.906886]  skb_put+0xdc/0xf4:
						skb_over_panic at net/core/skbuff.c:109
						 (inlined by) skb_put at net/core/skbuff.c:1694
[   99.906886]  llc_sap_action_send_xid_c+0x54/0xd4:
						llc_sap_action_send_xid_c at net/llc/llc_s_ac.c:83
[   99.906886]  llc_sap_state_process+0x123/0x24f:
						llc_exec_sap_trans_actions at net/llc/llc_sap.c:152
						 (inlined by) llc_sap_next_state at net/llc/llc_sap.c:181
						 (inlined by) llc_sap_state_process at net/llc/llc_sap.c:212
[   99.906886]  llc_build_and_send_xid_pkt+0x75/0x83:
						llc_build_and_send_xid_pkt at net/llc/llc_sap.c:276
[   99.906886]  llc_ui_sendmsg+0x3c1/0x774:
						llc_ui_sendmsg at net/llc/af_llc.c:945
[   99.906886]  sock_sendmsg_nosec+0x2e/0x8a:
						sock_sendmsg_nosec at net/socket.c:632
[   99.906886]  SYSC_sendto+0x1a0/0x1fe:
						sock_sendmsg at net/socket.c:642
						 (inlined by) SYSC_sendto at net/socket.c:1749
[   99.906886]  ? arch_local_irq_enable+0x28/0x5b:
						arch_local_irq_enable at arch/x86/include/asm/paravirt.h:787
						
						arch_local_irq_enable+0x28/0x5b:
						arch_local_irq_enable at arch/x86/include/asm/paravirt.h:787
						
						arch_local_irq_enable+0x28/0x5b:
						arch_local_irq_enable at arch/x86/include/asm/paravirt.h:787
						
						arch_local_irq_enable+0x28/0x5b:
						arch_local_irq_enable at arch/x86/include/asm/paravirt.h:787
						
						arch_local_irq_enable+0x28/0x5b:
						arch_local_irq_enable at arch/x86/include/asm/paravirt.h:787
						
						arch_local_irq_enable+0x28/0x5b:
						arch_local_irq_enable at arch/x86/include/asm/paravirt.h:787
						
						arch_local_irq_enable+0x28/0x5b:
						arch_local_irq_enable at arch/x86/include/asm/paravirt.h:787
[   99.906886]  ? __sanitizer_cov_trace_pc+0x27/0x60:
						__sanitizer_cov_trace_pc at kernel/kcov.c:101
[   99.906886]  ? do_setitimer+0x29d/0x2ae:
						do_setitimer at kernel/time/itimer.c:240
[   99.906886]  ? __sanitizer_cov_trace_pc+0x27/0x60:
						__sanitizer_cov_trace_pc at kernel/kcov.c:101
[   99.906886]  ? ftrace_likely_update+0x345/0x375:
						ftrace_likely_update at kernel/trace/trace_branch.c:223
[   99.906886]  ? __sanitizer_cov_trace_pc+0x27/0x60:
						__sanitizer_cov_trace_pc at kernel/kcov.c:101
[   99.906886]  ? trace_irq_enable_rcuidle+0xf/0xa1:
						__read_once_size at include/linux/compiler.h:183
						 (inlined by) atomic_read at arch/x86/include/asm/atomic.h:27
						 (inlined by) static_key_count at include/linux/jump_label.h:191
						 (inlined by) static_key_false at include/linux/jump_label.h:201
						 (inlined by) trace_irq_enable_rcuidle at include/trace/events/preemptirq.h:40
[   99.906886]  ? entry_SYSCALL_64_fastpath+0x5/0x90:
						entry_SYSCALL_64_fastpath at arch/x86/entry/entry_64.S:192
[   99.906886]  ? __sanitizer_cov_trace_pc+0x27/0x60:
						__sanitizer_cov_trace_pc at kernel/kcov.c:101
[   99.906886]  SyS_sendto+0x4f/0x5b
[   99.906886]  entry_SYSCALL_64_fastpath+0x1f/0x90:
						entry_SYSCALL_64_fastpath at arch/x86/entry/entry_64.S:210
[   99.906886] RIP: 0033:0x457389
[   99.906886] RSP: 002b:00007fff674f0a68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   99.906886] RAX: ffffffffffffffda RBX: 00007fd0cf597000 RCX: 0000000000457389
[   99.906886] RDX: 000000000000067b RSI: 0000000001212150 RDI: 0000000000000157
[   99.906886] RBP: 00007fd0d02ffe00 R08: 00000000011e1b70 R09: 0000000000000010
[   99.906886] R10: 0000000000000004 R11: 0000000000000246 R12: 00007fd0cf597000
[   99.906886] R13: 0000000000000016 R14: 00000000006fe4c0 R15: 00000000cccccccd
[   99.906886] Code: c0 00 00 00 4c 89 f2 4c 89 ee 48 c7 c7 cb 01 32 83 50 8b 83 b4 00 00 00 50 ff b3 c8 00 00 00 e8 cb 34 bc fe 48 ff 05 51 0c 32 03 <0f> 0b 48 ff 05 50 0c 32 03 48 ff 05 51 0c 32 03 55 53 48 89 fb
[   99.906886] RIP: skb_panic+0x83/0x93:
						skb_panic at net/core/skbuff.c:100 (discriminator 4) RSP: ffffc900001ffc38
[   99.935900] ---[ end trace d92468e4c9b72827 ]---
[   99.977058] Kernel panic - not syncing: Fatal exception

Attached the full dmesg, kconfig and reproduce scripts.

Thanks,
Fengguang

View attachment "dmesg-yocto-waimea-6:20171128131632:x86_64-randconfig-s3-11280958:4.15.0-rc1:138" of type "text/plain" (61405 bytes)

View attachment ".config" of type "text/plain" (116138 bytes)

View attachment "reproduce-yocto-waimea-6:20171128131632:x86_64-randconfig-s3-11280958:4.15.0-rc1:138" of type "text/plain" (877 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ