* net,sctp: oops in sctp_do_sm
@ 2012-10-19 2:33 Sasha Levin
2012-10-22 15:19 ` Neil Horman
0 siblings, 1 reply; 2+ messages in thread
From: Sasha Levin @ 2012-10-19 2:33 UTC (permalink / raw)
To: vyasevich, sri, davem
Cc: linux-sctp, netdev, linux-kernel@vger.kernel.org, Dave Jones
Hi all,
While fuzzing with trinity inside a KVM tools (lkvm) guest running today's linux-next, I've
stumbled on the following:
[ 439.574039] BUG: unable to handle kernel paging request at ffff88001b9f40c8
[ 439.576486] IP: [<ffffffff83746fc3>] sctp_do_sm+0x293/0x310
[ 439.578128] PGD 4e27063 PUD 4e2b063 PMD 1fa57067 PTE 1b9f4160
[ 439.580796] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 439.581635] Dumping ftrace buffer:
[ 439.582171] (ftrace buffer empty)
[ 439.582673] CPU 3
[ 439.582957] Pid: 7101, comm: trinity-child16 Tainted: G W 3.7.0-rc1-next-20121018-sasha-00002-g60a870d-dirty #62
[ 439.582986] RIP: 0010:[<ffffffff83746fc3>] [<ffffffff83746fc3>] sctp_do_sm+0x293/0x310
[ 439.582986] RSP: 0018:ffff880010c57988 EFLAGS: 00010286
[ 439.582986] RAX: 0000000000000003 RBX: 0000000000000001 RCX: 0000000000000006
[ 439.582986] RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff880010c579d0
[ 439.582986] RBP: ffff880010c57ae8 R08: 0000000000000000 R09: 0000000000000000
[ 439.582986] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000004
[ 439.582986] R13: ffff88001b9f4000 R14: ffff880065d22600 R15: 0000000000000003
[ 439.582986] FS: 00007f9a949c3700(0000) GS:ffff880067600000(0000) knlGS:0000000000000000
[ 439.582986] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 439.582986] CR2: ffff88001b9f40c8 CR3: 0000000015850000 CR4: 00000000000406e0
[ 439.582986] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 439.582986] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 439.582986] Process trinity-child16 (pid: 7101, threadinfo ffff880010c56000, task ffff880010a98000)
[ 439.582986] Stack:
[ 439.582986] ffffffff000000d0 0000000000000000 ffffffff84c92d36 ffffffff84cc4b50
[ 439.582986] ffffffff83763b30 0000000000000004 ffffffff842c0370 0000000181152f15
[ 439.582986] ffff880010c579f8 0000000000000002 0000000000000015 0000000000000000
[ 439.582986] Call Trace:
[ 439.582986] [<ffffffff83763b30>] ? sctp_cname+0x70/0x70
[ 439.582986] [<ffffffff83761403>] sctp_primitive_SHUTDOWN+0x43/0x50
[ 439.582986] [<ffffffff8375bd70>] sctp_close+0x150/0x310
[ 439.606533] [<ffffffff8351bf22>] inet_release+0x1b2/0x1c0
[ 439.606533] [<ffffffff8351bd8d>] ? inet_release+0x1d/0x1c0
[ 439.606533] [<ffffffff83578b04>] inet6_release+0x34/0x60
[ 439.606533] [<ffffffff833c17b8>] sock_release+0x18/0x80
[ 439.610261] [<ffffffff833c1849>] sock_close+0x29/0x30
[ 439.610261] [<ffffffff812773f2>] __fput+0x122/0x2d0
[ 439.610261] [<ffffffff812775a9>] ____fput+0x9/0x10
[ 439.610261] [<ffffffff81131afe>] task_work_run+0xbe/0x100
[ 439.610261] [<ffffffff811107e2>] do_exit+0x432/0xbd0
[ 439.610261] [<ffffffff811243d9>] ? get_signal_to_deliver+0x899/0x910
[ 439.610261] [<ffffffff8117b2e2>] ? get_lock_stats+0x22/0x70
[ 439.610261] [<ffffffff8117b36e>] ? put_lock_stats.isra.16+0xe/0x40
[ 439.610261] [<ffffffff83a6802b>] ? _raw_spin_unlock_irq+0x2b/0x80
[ 439.610261] [<ffffffff81111044>] do_group_exit+0x84/0xd0
[ 439.610261] [<ffffffff8112433d>] get_signal_to_deliver+0x7fd/0x910
[ 439.610261] [<ffffffff8117dffd>] ? trace_hardirqs_off+0xd/0x10
[ 439.620391] [<ffffffff819fe7db>] ? debug_object_assert_init+0xbb/0x110
[ 439.620391] [<ffffffff8106d59a>] do_signal+0x3a/0x950
[ 439.620391] [<ffffffff811c62c3>] ? rcu_cleanup_after_idle+0x23/0x170
[ 439.620391] [<ffffffff811ca824>] ? rcu_eqs_exit_common+0x64/0x270
[ 439.620391] [<ffffffff811c90bd>] ? rcu_user_enter+0x10d/0x140
[ 439.620391] [<ffffffff811cae05>] ? rcu_user_exit+0xc5/0xf0
[ 439.620391] [<ffffffff8106df1f>] do_notify_resume+0x4f/0xa0
[ 439.620391] [<ffffffff83a69bea>] int_signal+0x12/0x17
[ 439.620391] Code: e8 eb 48 2c 00 0f 0b 90 41 b8 f4 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 8b 35 5a 0a 06 02 85 f6 74 66 4d 85
ed 75 04 31 c0 eb 2a <41> 8b b5 c8 00 00 00 44 89 85 b8 fe ff ff 49 8b 7e 20 e8 f6 51
[ 439.630251] RIP [<ffffffff83746fc3>] sctp_do_sm+0x293/0x310
[ 439.630251] RSP <ffff880010c57988>
[ 439.630251] CR2: ffff88001b9f40c8
[ 439.630251] ---[ end trace aa5ad9f036ee09dd ]---
This points to the DEBUG_POST_SFX macro in sctp_do_sm().
Thanks,
Sasha
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: net,sctp: oops in sctp_do_sm
2012-10-19 2:33 net,sctp: oops in sctp_do_sm Sasha Levin
@ 2012-10-22 15:19 ` Neil Horman
0 siblings, 0 replies; 2+ messages in thread
From: Neil Horman @ 2012-10-22 15:19 UTC (permalink / raw)
To: Sasha Levin
Cc: vyasevich, sri, davem, linux-sctp, netdev,
linux-kernel@vger.kernel.org, Dave Jones
On Thu, Oct 18, 2012 at 10:33:29PM -0400, Sasha Levin wrote:
> Hi all,
>
> While fuzzing with trinity inside a KVM tools (lkvm) guest running today's linux-next, I've
> stumbled on the following:
>
> [ 439.574039] BUG: unable to handle kernel paging request at ffff88001b9f40c8
> [ 439.576486] IP: [<ffffffff83746fc3>] sctp_do_sm+0x293/0x310
> [ 439.578128] PGD 4e27063 PUD 4e2b063 PMD 1fa57067 PTE 1b9f4160
> [ 439.580796] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
> [ 439.581635] Dumping ftrace buffer:
> [ 439.582171] (ftrace buffer empty)
> [ 439.582673] CPU 3
> [ 439.582957] Pid: 7101, comm: trinity-child16 Tainted: G W 3.7.0-rc1-next-20121018-sasha-00002-g60a870d-dirty #62
> [ 439.582986] RIP: 0010:[<ffffffff83746fc3>] [<ffffffff83746fc3>] sctp_do_sm+0x293/0x310
> [ 439.582986] RSP: 0018:ffff880010c57988 EFLAGS: 00010286
> [ 439.582986] RAX: 0000000000000003 RBX: 0000000000000001 RCX: 0000000000000006
> [ 439.582986] RDX: 0000000000000003 RSI: 0000000000000001 RDI: ffff880010c579d0
> [ 439.582986] RBP: ffff880010c57ae8 R08: 0000000000000000 R09: 0000000000000000
> [ 439.582986] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000004
> [ 439.582986] R13: ffff88001b9f4000 R14: ffff880065d22600 R15: 0000000000000003
> [ 439.582986] FS: 00007f9a949c3700(0000) GS:ffff880067600000(0000) knlGS:0000000000000000
> [ 439.582986] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 439.582986] CR2: ffff88001b9f40c8 CR3: 0000000015850000 CR4: 00000000000406e0
> [ 439.582986] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 439.582986] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> [ 439.582986] Process trinity-child16 (pid: 7101, threadinfo ffff880010c56000, task ffff880010a98000)
> [ 439.582986] Stack:
> [ 439.582986] ffffffff000000d0 0000000000000000 ffffffff84c92d36 ffffffff84cc4b50
> [ 439.582986] ffffffff83763b30 0000000000000004 ffffffff842c0370 0000000181152f15
> [ 439.582986] ffff880010c579f8 0000000000000002 0000000000000015 0000000000000000
> [ 439.582986] Call Trace:
> [ 439.582986] [<ffffffff83763b30>] ? sctp_cname+0x70/0x70
> [ 439.582986] [<ffffffff83761403>] sctp_primitive_SHUTDOWN+0x43/0x50
> [ 439.582986] [<ffffffff8375bd70>] sctp_close+0x150/0x310
> [ 439.606533] [<ffffffff8351bf22>] inet_release+0x1b2/0x1c0
> [ 439.606533] [<ffffffff8351bd8d>] ? inet_release+0x1d/0x1c0
> [ 439.606533] [<ffffffff83578b04>] inet6_release+0x34/0x60
> [ 439.606533] [<ffffffff833c17b8>] sock_release+0x18/0x80
> [ 439.610261] [<ffffffff833c1849>] sock_close+0x29/0x30
> [ 439.610261] [<ffffffff812773f2>] __fput+0x122/0x2d0
> [ 439.610261] [<ffffffff812775a9>] ____fput+0x9/0x10
> [ 439.610261] [<ffffffff81131afe>] task_work_run+0xbe/0x100
> [ 439.610261] [<ffffffff811107e2>] do_exit+0x432/0xbd0
> [ 439.610261] [<ffffffff811243d9>] ? get_signal_to_deliver+0x899/0x910
> [ 439.610261] [<ffffffff8117b2e2>] ? get_lock_stats+0x22/0x70
> [ 439.610261] [<ffffffff8117b36e>] ? put_lock_stats.isra.16+0xe/0x40
> [ 439.610261] [<ffffffff83a6802b>] ? _raw_spin_unlock_irq+0x2b/0x80
> [ 439.610261] [<ffffffff81111044>] do_group_exit+0x84/0xd0
> [ 439.610261] [<ffffffff8112433d>] get_signal_to_deliver+0x7fd/0x910
> [ 439.610261] [<ffffffff8117dffd>] ? trace_hardirqs_off+0xd/0x10
> [ 439.620391] [<ffffffff819fe7db>] ? debug_object_assert_init+0xbb/0x110
> [ 439.620391] [<ffffffff8106d59a>] do_signal+0x3a/0x950
> [ 439.620391] [<ffffffff811c62c3>] ? rcu_cleanup_after_idle+0x23/0x170
> [ 439.620391] [<ffffffff811ca824>] ? rcu_eqs_exit_common+0x64/0x270
> [ 439.620391] [<ffffffff811c90bd>] ? rcu_user_enter+0x10d/0x140
> [ 439.620391] [<ffffffff811cae05>] ? rcu_user_exit+0xc5/0xf0
> [ 439.620391] [<ffffffff8106df1f>] do_notify_resume+0x4f/0xa0
> [ 439.620391] [<ffffffff83a69bea>] int_signal+0x12/0x17
> [ 439.620391] Code: e8 eb 48 2c 00 0f 0b 90 41 b8 f4 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 8b 35 5a 0a 06 02 85 f6 74 66 4d 85
> ed 75 04 31 c0 eb 2a <41> 8b b5 c8 00 00 00 44 89 85 b8 fe ff ff 49 8b 7e 20 e8 f6 51
> [ 439.630251] RIP [<ffffffff83746fc3>] sctp_do_sm+0x293/0x310
> [ 439.630251] RSP <ffff880010c57988>
> [ 439.630251] CR2: ffff88001b9f40c8
> [ 439.630251] ---[ end trace aa5ad9f036ee09dd ]---
>
> This points to the DEBUG_POST_SFX macro in sctp_do_sm().
>
>
> Thanks,
> Sasha
You don't have any of the logs right before this oops available do you? It
might be helpful in determining what went wrong here
Thanks
Neil
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-10-22 15:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-19 2:33 net,sctp: oops in sctp_do_sm Sasha Levin
2012-10-22 15:19 ` Neil Horman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).