lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 23 Jun 2021 11:37:43 +0000
From:   "Ismail, Mohammad Athari" <mohammad.athari.ismail@...el.com>
To:     netdev <netdev@...r.kernel.org>
CC:     Jose Abreu <joabreu@...opsys.com>
Subject: [BUG] Kernel panic when running stmmac selftest

Hi,

I'm getting Kernel panic when running stmmac selftest using "ethtool -t enp0s30f4 offline" command. I'm using net/master branch with last commit ID f4b29d2ee903 (net/master) Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.
It is tested on Intel ElkhartLake platform which has DesignWare Core Ethernet QoS version 5.20 (MAC), DesignWare Core Ethernet PCS version 3.30 and Marvell88E2110 PHY.

Below is the Kernel dump:

[   40.099871] ------------[ cut here ]------------
[   40.105049] kernel BUG at net/core/skbuff.c:1673!
[   40.110331] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[   40.116179] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G     U            5.13.0-rc6-intel-lts-mismail5+ #89
[   40.126786] Hardware name: Intel Corporation Elkhart Lake Embedded Platform/ElkhartLake LPDDR4x T4 RVP1, BIOS EHLSFWI1.R00.3192.A01.2105041421 05/04/2021
[   40.142135] RIP: 0010:pskb_expand_head+0x24b/0x2d0
[   40.147491] Code: df e8 c9 fc ff ff e9 ae fe ff ff 44 2b 74 24 04 31 c0 44 01 b3 d0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 0b <0f> 0b be 02 00 00 00 e8 49 41 be ff e9 67 ff ff ff f6 c2 01 75 0d
[   40.168474] RSP: 0018:ffffa78100003b78 EFLAGS: 00010202
[   40.174308] RAX: 000000000000028d RBX: ffff8c0907ac3300 RCX: 0000000000000a20
[   40.182272] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff8c0907ac3300
[   40.190241] RBP: ffffa78100003bf0 R08: ffff8c0907ac33d4 R09: 0000000000000043
[   40.198212] R10: 0000000000000008 R11: ffff8c0908788090 R12: 0000000000000224
[   40.206182] R13: ffff8c0907ac3300 R14: ffff8c090896bd40 R15: ffff8c0907ac3300
[   40.214150] FS:  0000000000000000(0000) GS:ffff8c0a64200000(0000) knlGS:0000000000000000
[   40.223188] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.229602] CR2: 00007f81a5a99e30 CR3: 0000000103c6c000 CR4: 0000000000350ef0
[   40.237573] Call Trace:
[   40.240297]  <IRQ>
[   40.242528]  __pskb_pull_tail+0x4f/0x3b0
[   40.246924]  stmmac_test_loopback_validate+0x6c/0x220 [stmmac]
[   40.253452]  __netif_receive_skb_core+0x66a/0x1120
[   40.258800]  ? domain_unmap+0x6e/0xf0
[   40.262888]  __netif_receive_skb_list_core+0x10d/0x280
[   40.268625]  ? mod_timer+0x1b5/0x320
[   40.272614]  netif_receive_skb_list_internal+0x1cd/0x2d0
[   40.278537]  gro_normal_list.part.160+0x19/0x40
[   40.283594]  napi_complete_done+0x65/0x150
[   40.288165]  stmmac_napi_poll_rx+0xc7f/0xd70 [stmmac]
[   40.293811]  ? __napi_schedule+0x7a/0x90
[   40.298190]  __napi_poll+0x28/0x140
[   40.302082]  net_rx_action+0x23d/0x290
[   40.306268]  __do_softirq+0xa3/0x2ef
[   40.310258]  irq_exit_rcu+0xbc/0xd0
[   40.314151]  common_interrupt+0xaf/0xe0
[   40.318434]  </IRQ>
[   40.320772]  asm_common_interrupt+0x1e/0x40
[   40.325443] RIP: 0010:cpuidle_enter_state+0xd9/0x370
[   40.330987] Code: 85 c0 0f 8f 0a 02 00 00 31 ff e8 a2 71 7c ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 47 02 00 00 31 ff e8 0b 43 82 ff fb 45 85 f6 <0f> 88 ab 00 00 00 49 63 ce 48 2b 2c 24 48 89 c8 48 6b d1 68 48 c1
[   40.351969] RSP: 0018:ffffffff93803e50 EFLAGS: 00000202
[   40.357806] RAX: ffff8c0a64200000 RBX: 0000000000000001 RCX: 000000000000001f
[   40.365774] RDX: 0000000956207c60 RSI: ffffffff93664a37 RDI: ffffffff9366ed64
[   40.373742] RBP: 0000000956207c60 R08: 0000000000000000 R09: 000000000002a340
[   40.381712] R10: 0000001a53fb88c6 R11: ffff8c0a64229ae4 R12: ffffc780ffc24618
[   40.389679] R13: ffffffff93977380 R14: 0000000000000001 R15: 0000000000000000
[   40.397650]  cpuidle_enter+0x29/0x40
[   40.401638]  do_idle+0x250/0x290
[   40.405238]  cpu_startup_entry+0x19/0x20
[   40.409608]  start_kernel+0x537/0x55c
[   40.413695]  secondary_startup_64_no_verify+0xb0/0xbb
[   40.419335] Modules linked in: bnep 8021q bluetooth ecryptfs marvell10g nfsd snd_sof_pci_intel_tgl iTCO_wdt snd_sof_intel_hda_common x86_pkg_temp_thermal intel_ishtp_loader mei_hdcp soundwire_intel sch_fq_codel iTCO_vendor_support intel_ishtp_hid kvm_intel marvell soundwire_generic_allocation soundwire_cadence soundwire_bus kvm snd_hda_codec_hdmi snd_sof_xtensa_dsp uio snd_soc_acpi_intel_match uhid dwmac_intel snd_soc_acpi irqbypass stmmac intel_rapl_msr igb pcspkr snd_hda_intel pcs_xpcs snd_intel_dspcfg phylink i2c_i801 snd_intel_sdw_acpi libphy dca intel_ish_ipc snd_hda_codec mei_me snd_hda_core intel_ishtp mei i2c_smbus 8250_lpss spi_dw_pci dw_dmac_core spi_dw thermal tpm_crb tpm_tis tpm_tis_core parport_pc parport tpm intel_pmc_core i915 fuse configfs snd_sof_pci snd_sof snd_soc_core snd_compress ac97_bus ledtrig_audio snd_pcm snd_timer snd soundcore
[   40.503980] ---[ end trace a6a698bb4b2d1455 ]---
[   40.561709] RIP: 0010:pskb_expand_head+0x24b/0x2d0
[   40.567069] Code: df e8 c9 fc ff ff e9 ae fe ff ff 44 2b 74 24 04 31 c0 44 01 b3 d0 00 00 00 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 0b <0f> 0b be 02 00 00 00 e8 49 41 be ff e9 67 ff ff ff f6 c2 01 75 0d
[   40.588052] RSP: 0018:ffffa78100003b78 EFLAGS: 00010202
[   40.593888] RAX: 000000000000028d RBX: ffff8c0907ac3300 RCX: 0000000000000a20
[   40.601864] RDX: 0000000000000002 RSI: 0000000000000000 RDI: ffff8c0907ac3300
[   40.609838] RBP: ffffa78100003bf0 R08: ffff8c0907ac33d4 R09: 0000000000000043
[   40.609840] R10: 0000000000000008 R11: ffff8c0908788090 R12: 0000000000000224
[   40.609841] R13: ffff8c0907ac3300 R14: ffff8c090896bd40 R15: ffff8c0907ac3300
[   40.609841] FS:  0000000000000000(0000) GS:ffff8c0a64200000(0000) knlGS:0000000000000000
[   40.609843] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   40.609844] CR2: 00007f81a5a99e30 CR3: 0000000103c6c000 CR4: 0000000000350ef0
[   40.609845] Kernel panic - not syncing: Fatal exception in interrupt
[   40.609885] Kernel Offset: 0x11200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   40.727867] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---

I`m not really have much knowledge and expertise on skb framework. It look like the issue is due to the skb is still shared by other user before running skb_linearize().

The Kernel panic can be fixed (as workaround) by below change:

diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
index 0462dcc93e53..53b1a9efb3d4 100644
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_selftests.c
@@ -261,6 +261,10 @@ static int stmmac_test_loopback_validate(struct sk_buff *skb,
        if (!skb)
                goto out;
 
+       skb = skb_share_check(skb, GFP_ATOMIC);
+       if (!skb)
+               goto out;
+
        if (skb_linearize(skb))
                goto out;
        if (skb_headlen(skb) < (STMMAC_TEST_PKT_SIZE - ETH_HLEN))

Please comment and advise.

Thank you.

Regards,
Athari

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ