* tipc_udp_send_msg oops in 4.4 when setting link tolerance
@ 2017-11-13 16:23 Tommi Rantala
2017-11-13 21:25 ` Jon Maloy
0 siblings, 1 reply; 5+ messages in thread
From: Tommi Rantala @ 2017-11-13 16:23 UTC (permalink / raw)
To: Jon Maloy, Ying Xue, David S. Miller, netdev, tipc-discussion,
linux-kernel
Hi,
I always get an instant TIPC oops in 4.4, when I try to set the link
tolerance (with LINKNAME != "broadcast-link"):
$ tipc link set tolerance 1000 link $LINKNAME
Any idea what's going on? Some tipc patch missing in 4.4?
In 4.9 the "tipc" command executes just fine, but I've seen a few times
that later some random process crashes with "BUG: Bad page state". KASAN
does not report anything before it happens.
4.14 is OK, could not reproduce these problems with it.
tipc_udp_send_msg+0x102/0x4f0
matches to:
tipc_udp_send_msg at linux-stable/net/tipc/udp_media.c:172
static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb,
struct tipc_bearer *b,
struct tipc_media_addr *dest)
{
int ttl, err = 0;
struct udp_bearer *ub;
struct udp_media_addr *dst = (struct udp_media_addr *)&dest->value;
struct udp_media_addr *src = (struct udp_media_addr
*)&b->addr.value;
struct rtable *rt;
if (skb_headroom(skb) < UDP_MIN_HEADROOM) {
err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0,
GFP_ATOMIC);
if (err)
goto tx_error;
}
skb_set_inner_protocol(skb, htons(ETH_P_TIPC));
ub = rcu_dereference_rtnl(b->media_ptr);
if (!ub) {
err = -ENODEV;
goto tx_error;
}
if (dst->proto == htons(ETH_P_IP)) { <------ HERE
[ 111.423647]
==================================================================
[ 111.424826] BUG: KASAN: null-ptr-deref on address (null)
[ 111.425538] Read of size 2 by task tipc/2643
[ 111.426215] CPU: 3 PID: 2643 Comm: tipc Not tainted 4.4.97-pc64 #1
[ 111.428081] 0000000000000000 ffff880026327478 ffffffff8248005e
0000000000000002
[ 111.429476] ffff880047ad5ac0 ffff8800263274f8 ffffffff8227f5af
0000000265711040
[ 111.430728] 0000000000000000 0000000000000297 ffffffffa0387fd2
02090220ffffffff
[ 111.432051] Call Trace:
[ 111.432472] [<ffffffff8248005e>] dump_stack+0x86/0xc8
[ 111.433208] [<ffffffff8227f5af>] kasan_report.part.2+0x41f/0x520
[ 111.434040] [<ffffffffa0387fd2>] ? tipc_udp_send_msg+0x102/0x4f0 [tipc]
[ 111.434908] [<ffffffff8227f965>] kasan_report+0x25/0x30
[ 111.435647] [<ffffffff8227e3a6>] __asan_load2+0x66/0x70
[ 111.436391] [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc]
[ 111.437334] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70
[ 111.438301] [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10
[ 111.439328] [<ffffffff8227e04c>] ?
__kmalloc_node_track_caller+0xac/0x230
[ 111.440493] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70
[ 111.441479] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc]
[ 111.442628] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70
[ 111.443598] [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80
[ 111.444610] [<ffffffff8227ebf8>] ? memset+0x28/0x30
[ 111.445539] [<ffffffff8275fab3>] ? __alloc_skb+0x2b3/0x310
[ 111.446560] [<ffffffff8275f800>] ? skb_complete_tx_timestamp+0x110/0x110
[ 111.447695] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0
[ 111.448735] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0
[ 111.449608] [<ffffffff8227ec76>] ? memcpy+0x36/0x40
[ 111.450524] [<ffffffffa03665e8>] ?
tipc_link_build_proto_msg+0x398/0x4c0 [tipc]
[ 111.451946] [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc]
[ 111.453078] [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc]
[ 111.454218] [<ffffffffa036a4f0>] ?
tipc_link_build_reset_msg+0x50/0x50 [tipc]
[ 111.455542] [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc]
[ 111.456659] [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0
[tipc]
[ 111.457831] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90
[ 111.458884] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80
[ 111.459931] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140
[ 111.460892] [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0
[ 111.461948] [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120
[tipc]
[ 111.463107] [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40
[ 111.463987] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
[ 111.465048] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460
[ 111.465986] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
[ 111.467045] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220
[ 111.468067] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110
[ 111.468994] [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180
[ 111.469939] [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0
[ 111.470954] [<ffffffff827d1d58>] genl_rcv+0x28/0x40
[ 111.471798] [<ffffffff827d0a27>] netlink_unicast+0x2e7/0x3a0
[ 111.472806] [<ffffffff827d0740>] ? netlink_attachskb+0x330/0x330
[ 111.473845] [<ffffffff8249b731>] ? copy_from_iter+0xf1/0x3b0
[ 111.474847] [<ffffffff827d0f8d>] netlink_sendmsg+0x4ad/0x620
[ 111.475788] [<ffffffff827d0ae0>] ? netlink_unicast+0x3a0/0x3a0
[ 111.476793] [<ffffffff822c0683>] ? __fdget+0x13/0x20
[ 111.477723] [<ffffffff82751575>] ? sockfd_lookup_light+0x95/0xb0
[ 111.478773] [<ffffffff827538fc>] SYSC_sendto+0x1bc/0x290
[ 111.479659] [<ffffffff82753740>] ? sock_write_iter+0x200/0x200
[ 111.480692] [<ffffffff822c0683>] ? __fdget+0x13/0x20
[ 111.481559] [<ffffffff82751575>] ? sockfd_lookup_light+0x95/0xb0
[ 111.482591] [<ffffffff827caf71>] ? netlink_getname+0xb1/0x110
[ 111.483570] [<ffffffff82750b0c>] ? move_addr_to_user+0x5c/0x70
[ 111.484539] [<ffffffff82751706>] ? SYSC_getsockname+0x176/0x190
[ 111.485540] [<ffffffff82751590>] ? sockfd_lookup_light+0xb0/0xb0
[ 111.486558] [<ffffffff82753225>] ? SYSC_bind+0xe5/0x180
[ 111.487548] [<ffffffff82753140>] ? __sock_recv_ts_and_drops+0x260/0x260
[ 111.488700] [<ffffffff822c132b>] ? fd_install+0x3b/0x50
[ 111.489596] [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70
[ 111.490553] [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120
[ 111.491437] [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40
[ 111.492505] [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120
[ 111.493557] [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19
[ 111.494629] [<ffffffff827544ce>] SyS_sendto+0xe/0x10
[ 111.495588] [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
[ 111.496697]
==================================================================
[ 111.498005] Disabling lock debugging due to kernel taint
[ 111.499059] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 111.500698] IP: [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc]
[ 111.502027] PGD 4b01c067 PUD 1f0a5067 PMD 0
[ 111.503053] Oops: 0000 [#1] SMP KASAN
[ 111.503980] Modules linked in: ip6table_mangle ip6_tables
iptable_mangle iptable_filter ip_tables x_tables tipc ip6_udp_tunnel
udp_tunnel fuse isofs aesni_intel aes_x86_64 glue_helper lrw gf128mul
ablk_helper cryptd ata_piix i6300esb sch_fq_codel
nf_conntrack_proto_sctp nf_conntrack autofs4
[ 111.509927] CPU: 3 PID: 2643 Comm: tipc Tainted: G B
4.4.97-pc64 #1
[ 111.511249] Hardware name: Fedora Project OpenStack Nova, BIOS
seabios-1.7.5-11.el7.tis.1 04/01/2014
[ 111.512935] task: ffff880047ad5ac0 ti: ffff880026320000 task.ti:
ffff880026320000
[ 111.514283] RIP: 0010:[<ffffffffa0387fd2>] [<ffffffffa0387fd2>]
tipc_udp_send_msg+0x102/0x4f0 [tipc]
[ 111.515960] RSP: 0018:ffff880026327528 EFLAGS: 00010292
[ 111.516832] RAX: ffff880047ad5ac0 RBX: ffff880065711040 RCX:
0000000000000000
[ 111.517992] RDX: 1ffffffff06b9196 RSI: 0000000000000297 RDI:
0000000000000297
[ 111.519117] RBP: ffff8800263276f0 R08: 0000000000000000 R09:
fffffbfff069f014
[ 111.520228] R10: dffffc0000000001 R11: ffff88006bc02a00 R12:
1ffff10004c64eb1
[ 111.521361] R13: ffff88005ad07750 R14: 0000000000000000 R15:
ffff88005154d9e0
[ 111.522538] FS: 00007f467f3ac700(0000) GS:ffff88006c380000(0000)
knlGS:0000000000000000
[ 111.523960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 111.524947] CR2: 0000000000000000 CR3: 000000001f076000 CR4:
00000000001406e0
[ 111.526084] Stack:
[ 111.526551] 1ffff1000a2c11d8 ffff880026327550 ffffffff8227eb1e
ffff880051608cc0
[ 111.528272] ffff88006bc02a00 ffff880026327560 ffffffff8227edfd
ffff8800263275b0
[ 111.529886] ffffffff8227e04c ffff880026327590 ffffffff8227eb1e
ffffffff832dfec0
[ 111.531535] Call Trace:
[ 111.532106] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70
[ 111.533075] [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10
[ 111.534041] [<ffffffff8227e04c>] ?
__kmalloc_node_track_caller+0xac/0x230
[ 111.535102] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70
[ 111.536047] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc]
[ 111.537186] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70
[ 111.538139] [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80
[ 111.539106] [<ffffffff8227ebf8>] ? memset+0x28/0x30
[ 111.539946] [<ffffffff8275fab3>] ? __alloc_skb+0x2b3/0x310
[ 111.540876] [<ffffffff8275f800>] ? skb_complete_tx_timestamp+0x110/0x110
[ 111.541954] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0
[ 111.542978] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0
[ 111.543914] [<ffffffff8227ec76>] ? memcpy+0x36/0x40
[ 111.544817] [<ffffffffa03665e8>] ?
tipc_link_build_proto_msg+0x398/0x4c0 [tipc]
[ 111.546199] [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc]
[ 111.547355] [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc]
[ 111.548482] [<ffffffffa036a4f0>] ?
tipc_link_build_reset_msg+0x50/0x50 [tipc]
[ 111.549763] [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc]
[ 111.550822] [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0
[tipc]
[ 111.551921] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90
[ 111.552961] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80
[ 111.554010] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140
[ 111.554906] [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0
[ 111.555954] [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120
[tipc]
[ 111.557104] [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40
[ 111.557949] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
[ 111.559030] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460
[ 111.559983] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
[ 111.561058] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220
[ 111.562038] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110
[ 111.562966] [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180
[ 111.563930] [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0
[ 111.564949] [<ffffffff827d1d58>] genl_rcv+0x28/0x40
[ 111.565818] [<ffffffff827d0a27>] netlink_unicast+0x2e7/0x3a0
[ 111.566759] [<ffffffff827d0740>] ? netlink_attachskb+0x330/0x330
[ 111.567765] [<ffffffff8249b731>] ? copy_from_iter+0xf1/0x3b0
[ 111.568707] [<ffffffff827d0f8d>] netlink_sendmsg+0x4ad/0x620
[ 111.569706] [<ffffffff827d0ae0>] ? netlink_unicast+0x3a0/0x3a0
[ 111.570658] [<ffffffff822c0683>] ? __fdget+0x13/0x20
[ 111.571548] [<ffffffff82751575>] ? sockfd_lookup_light+0x95/0xb0
[ 111.572541] [<ffffffff827538fc>] SYSC_sendto+0x1bc/0x290
[ 111.573459] [<ffffffff82753740>] ? sock_write_iter+0x200/0x200
[ 111.574435] [<ffffffff822c0683>] ? __fdget+0x13/0x20
[ 111.575330] [<ffffffff82751575>] ? sockfd_lookup_light+0x95/0xb0
[ 111.576354] [<ffffffff827caf71>] ? netlink_getname+0xb1/0x110
[ 111.577371] [<ffffffff82750b0c>] ? move_addr_to_user+0x5c/0x70
[ 111.578385] [<ffffffff82751706>] ? SYSC_getsockname+0x176/0x190
[ 111.579407] [<ffffffff82751590>] ? sockfd_lookup_light+0xb0/0xb0
[ 111.580431] [<ffffffff82753225>] ? SYSC_bind+0xe5/0x180
[ 111.581369] [<ffffffff82753140>] ? __sock_recv_ts_and_drops+0x260/0x260
[ 111.582518] [<ffffffff822c132b>] ? fd_install+0x3b/0x50
[ 111.583450] [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70
[ 111.584417] [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120
[ 111.585353] [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40
[ 111.586405] [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120
[ 111.587434] [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19
[ 111.588511] [<ffffffff827544ce>] SyS_sendto+0xe/0x10
[ 111.589378] [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
[ 111.590420] Code: 00 00 e8 e2 64 ef e1 4c 89 ef 80 a3 93 00 00 00 f7
e8 43 65 ef e1 4d 8b 7d 00 4d 85 ff 0f 84 db 03 00 00 4c 89 f7 e8 6e 63
ef e1 <66> 41 83 3e 08 0f 84 80 01 00 00 48 8d bc 24 20 01 00 00 31 c0
[ 111.598579] RIP [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0
[tipc]
[ 111.599831] RSP <ffff880026327528>
[ 111.600538] CR2: 0000000000000000
[ 111.601202] ---[ end trace 827dd66f798de44a ]---
[ 111.602025] Kernel panic - not syncing: Fatal exception in interrupt
[ 111.614704] Kernel Offset: disabled
[ 111.615249] Rebooting in 60 seconds..
[ 31.985039] BUG: Bad page state in process ___ pfn:400c0
[ 31.985680] page:ffffea0001003000 count:0 mapcount:0
mapping:000000000000003c index:0x0
[ 31.986619] flags: 0x10000(mappedtodisk)
[ 31.987081] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
[ 31.987701] bad because of flags: 0x10000(mappedtodisk)
[ 31.988268] Modules linked in: iptable_filter ip_tables x_tables tipc ...
[ 31.991804] CPU: 3 PID: 2716 Not tainted 4.9.52 #1
[ 31.993608] ffffc90003023b28 ffffffff822ee180 ffffea0001003000
ffffffff827b76c8
[ 31.994792] ffffc90003023b50 ffffffff8215c5e4 0000000000010000
ffffea0001000000
[ 31.995986] 0000000000000009 ffffc90003023b60 ffffffff8215c71f
ffffc90003023c28
[ 31.997380] Call Trace:
[ 31.997780] [<ffffffff822ee180>] dump_stack+0x86/0xc6
[ 31.998460] [<ffffffff8215c5e4>] bad_page+0xc4/0x130
[ 31.999160] [<ffffffff8215c71f>] check_new_page_bad+0x5f/0x70
[ 31.999968] [<ffffffff8215fe5a>] get_page_from_freelist+0x7ca/0xb20
[ 32.000782] [<ffffffff8216123c>] __alloc_pages_nodemask+0xdc/0x220
[ 32.001621] [<ffffffff821a4c18>] alloc_fresh_huge_page+0x68/0xc0
[ 32.002407] [<ffffffff821a590f>] set_max_huge_pages+0x4df/0x530
[ 32.003176] [<ffffffff8230698c>] ? _kstrtoull+0x2c/0x70
[ 32.003841] [<ffffffff821a59ec>] nr_hugepages_store_common+0x8c/0xf0
[ 32.004619] [<ffffffff821c2626>] ? mem_cgroup_commit_charge+0x66/0x430
[ 32.005384] [<ffffffff821a5a83>] nr_hugepages_store+0x13/0x20
[ 32.006176] [<ffffffff822f02bf>] kobj_attr_store+0xf/0x20
[ 32.006838] [<ffffffff82237877>] sysfs_kf_write+0x37/0x40
[ 32.007534] [<ffffffff82236bcc>] kernfs_fop_write+0x11c/0x1b0
[ 32.008258] [<ffffffff821c7068>] __vfs_write+0x28/0x120
[ 32.008931] [<ffffffff820fb23d>] ? __audit_syscall_entry+0xad/0xf0
[ 32.009681] [<ffffffff821c7735>] vfs_write+0xb5/0x1a0
[ 32.010308] [<ffffffff821c8a96>] SyS_write+0x46/0xa0
[ 32.010917] [<ffffffff8204b8fa>] ? trace_do_page_fault+0x5a/0x140
[ 32.011741] [<ffffffff82002bfe>] do_syscall_64+0x7e/0x1a0
[ 32.012476] [<ffffffff825dc0c4>] entry_SYSCALL64_slow_path+0x25/0x25
[ 32.013244] Disabling lock debugging due to kernel taint
[ 34.055994] ip6_tables: (C) 2000-2006 Netfilter Core Team
-Tommi
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: tipc_udp_send_msg oops in 4.4 when setting link tolerance
2017-11-13 16:23 tipc_udp_send_msg oops in 4.4 when setting link tolerance Tommi Rantala
@ 2017-11-13 21:25 ` Jon Maloy
2017-11-14 10:15 ` Tommi Rantala
0 siblings, 1 reply; 5+ messages in thread
From: Jon Maloy @ 2017-11-13 21:25 UTC (permalink / raw)
To: Tommi Rantala, Ying Xue, David S. Miller, netdev,
tipc-discussion, linux-kernel
Hi Tommi,
I am not sure, but is seems like the following patch is what you need:
commit 9b3009604b8e ("tipc: add net device to skb before UDP xmit")
This was applied in tipc 4.5.
Is this a stooping problem for you?
BR
///jon
> -----Original Message-----
> From: netdev-owner@vger.kernel.org [mailto:netdev-
> owner@vger.kernel.org] On Behalf Of Tommi Rantala
> Sent: Monday, November 13, 2017 11:23
> To: Jon Maloy <jon.maloy@ericsson.com>; Ying Xue
> <ying.xue@windriver.com>; David S. Miller <davem@davemloft.net>;
> netdev@vger.kernel.org; tipc-discussion@lists.sourceforge.net; linux-
> kernel@vger.kernel.org
> Subject: tipc_udp_send_msg oops in 4.4 when setting link tolerance
>
> Hi,
>
> I always get an instant TIPC oops in 4.4, when I try to set the link tolerance
> (with LINKNAME != "broadcast-link"):
>
> $ tipc link set tolerance 1000 link $LINKNAME
>
> Any idea what's going on? Some tipc patch missing in 4.4?
>
> In 4.9 the "tipc" command executes just fine, but I've seen a few times that
> later some random process crashes with "BUG: Bad page state". KASAN does
> not report anything before it happens.
>
> 4.14 is OK, could not reproduce these problems with it.
>
>
>
>
> tipc_udp_send_msg+0x102/0x4f0
>
> matches to:
> tipc_udp_send_msg at linux-stable/net/tipc/udp_media.c:172
>
> static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb,
> struct tipc_bearer *b,
> struct tipc_media_addr *dest) {
> int ttl, err = 0;
> struct udp_bearer *ub;
> struct udp_media_addr *dst = (struct udp_media_addr *)&dest->value;
> struct udp_media_addr *src = (struct udp_media_addr *)&b-
> >addr.value;
> struct rtable *rt;
>
> if (skb_headroom(skb) < UDP_MIN_HEADROOM) {
> err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0,
> GFP_ATOMIC);
> if (err)
> goto tx_error;
> }
>
> skb_set_inner_protocol(skb, htons(ETH_P_TIPC));
> ub = rcu_dereference_rtnl(b->media_ptr);
> if (!ub) {
> err = -ENODEV;
> goto tx_error;
> }
> if (dst->proto == htons(ETH_P_IP)) { <------ HERE
>
>
>
> [ 111.423647]
> ==========================================================
> ========
> [ 111.424826] BUG: KASAN: null-ptr-deref on address (null)
> [ 111.425538] Read of size 2 by task tipc/2643 [ 111.426215] CPU: 3 PID: 2643
> Comm: tipc Not tainted 4.4.97-pc64 #1 [ 111.428081] 0000000000000000
> ffff880026327478 ffffffff8248005e
> 0000000000000002
> [ 111.429476] ffff880047ad5ac0 ffff8800263274f8 ffffffff8227f5af
> 0000000265711040
> [ 111.430728] 0000000000000000 0000000000000297 ffffffffa0387fd2
> 02090220ffffffff [ 111.432051] Call Trace:
> [ 111.432472] [<ffffffff8248005e>] dump_stack+0x86/0xc8 [ 111.433208]
> [<ffffffff8227f5af>] kasan_report.part.2+0x41f/0x520 [ 111.434040]
> [<ffffffffa0387fd2>] ? tipc_udp_send_msg+0x102/0x4f0 [tipc] [ 111.434908]
> [<ffffffff8227f965>] kasan_report+0x25/0x30 [ 111.435647]
> [<ffffffff8227e3a6>] __asan_load2+0x66/0x70 [ 111.436391]
> [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [ 111.437334]
> [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.438301]
> [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.439328]
> [<ffffffff8227e04c>] ?
> __kmalloc_node_track_caller+0xac/0x230
> [ 111.440493] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> 111.441479] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
> 111.442628] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.443598]
> [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.444610]
> [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.445539] [<ffffffff8275fab3>]
> ? __alloc_skb+0x2b3/0x310 [ 111.446560] [<ffffffff8275f800>] ?
> skb_complete_tx_timestamp+0x110/0x110
> [ 111.447695] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0 [
> 111.448735] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.449608]
> [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.450524]
> [<ffffffffa03665e8>] ?
> tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.451946]
> [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [ 111.453078]
> [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [ 111.454218]
> [<ffffffffa036a4f0>] ?
> tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.455542]
> [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.456659]
> [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
> 111.457831] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
> 111.458884] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
> 111.459931] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.460892]
> [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.461948]
> [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [ 111.463107]
> [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.463987]
> [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> [ 111.465048] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
> 111.465986] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> [ 111.467045] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
> 111.468067] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [ 111.468994]
> [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.469939]
> [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.470954]
> [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.471798] [<ffffffff827d0a27>]
> netlink_unicast+0x2e7/0x3a0 [ 111.472806] [<ffffffff827d0740>] ?
> netlink_attachskb+0x330/0x330 [ 111.473845] [<ffffffff8249b731>] ?
> copy_from_iter+0xf1/0x3b0 [ 111.474847] [<ffffffff827d0f8d>]
> netlink_sendmsg+0x4ad/0x620 [ 111.475788] [<ffffffff827d0ae0>] ?
> netlink_unicast+0x3a0/0x3a0 [ 111.476793] [<ffffffff822c0683>] ?
> __fdget+0x13/0x20 [ 111.477723] [<ffffffff82751575>] ?
> sockfd_lookup_light+0x95/0xb0 [ 111.478773] [<ffffffff827538fc>]
> SYSC_sendto+0x1bc/0x290 [ 111.479659] [<ffffffff82753740>] ?
> sock_write_iter+0x200/0x200 [ 111.480692] [<ffffffff822c0683>] ?
> __fdget+0x13/0x20 [ 111.481559] [<ffffffff82751575>] ?
> sockfd_lookup_light+0x95/0xb0 [ 111.482591] [<ffffffff827caf71>] ?
> netlink_getname+0xb1/0x110 [ 111.483570] [<ffffffff82750b0c>] ?
> move_addr_to_user+0x5c/0x70 [ 111.484539] [<ffffffff82751706>] ?
> SYSC_getsockname+0x176/0x190 [ 111.485540] [<ffffffff82751590>] ?
> sockfd_lookup_light+0xb0/0xb0 [ 111.486558] [<ffffffff82753225>] ?
> SYSC_bind+0xe5/0x180 [ 111.487548] [<ffffffff82753140>] ?
> __sock_recv_ts_and_drops+0x260/0x260
> [ 111.488700] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.489596]
> [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.490553]
> [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.491437]
> [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.492505]
> [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.493557]
> [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.494629]
> [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.495588]
> [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
> [ 111.496697]
> ==========================================================
> ========
> [ 111.498005] Disabling lock debugging due to kernel taint [ 111.499059]
> BUG: unable to handle kernel NULL pointer dereference at
> (null)
> [ 111.500698] IP: [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0
> [tipc] [ 111.502027] PGD 4b01c067 PUD 1f0a5067 PMD 0 [ 111.503053] Oops:
> 0000 [#1] SMP KASAN [ 111.503980] Modules linked in: ip6table_mangle
> ip6_tables iptable_mangle iptable_filter ip_tables x_tables tipc
> ip6_udp_tunnel udp_tunnel fuse isofs aesni_intel aes_x86_64 glue_helper
> lrw gf128mul ablk_helper cryptd ata_piix i6300esb sch_fq_codel
> nf_conntrack_proto_sctp nf_conntrack autofs4
> [ 111.509927] CPU: 3 PID: 2643 Comm: tipc Tainted: G B
> 4.4.97-pc64 #1
> [ 111.511249] Hardware name: Fedora Project OpenStack Nova, BIOS
> seabios-1.7.5-11.el7.tis.1 04/01/2014
> [ 111.512935] task: ffff880047ad5ac0 ti: ffff880026320000 task.ti:
> ffff880026320000
> [ 111.514283] RIP: 0010:[<ffffffffa0387fd2>] [<ffffffffa0387fd2>]
> tipc_udp_send_msg+0x102/0x4f0 [tipc]
> [ 111.515960] RSP: 0018:ffff880026327528 EFLAGS: 00010292 [ 111.516832]
> RAX: ffff880047ad5ac0 RBX: ffff880065711040 RCX:
> 0000000000000000
> [ 111.517992] RDX: 1ffffffff06b9196 RSI: 0000000000000297 RDI:
> 0000000000000297
> [ 111.519117] RBP: ffff8800263276f0 R08: 0000000000000000 R09:
> fffffbfff069f014
> [ 111.520228] R10: dffffc0000000001 R11: ffff88006bc02a00 R12:
> 1ffff10004c64eb1
> [ 111.521361] R13: ffff88005ad07750 R14: 0000000000000000 R15:
> ffff88005154d9e0
> [ 111.522538] FS: 00007f467f3ac700(0000) GS:ffff88006c380000(0000)
> knlGS:0000000000000000
> [ 111.523960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
> 111.524947] CR2: 0000000000000000 CR3: 000000001f076000 CR4:
> 00000000001406e0
> [ 111.526084] Stack:
> [ 111.526551] 1ffff1000a2c11d8 ffff880026327550 ffffffff8227eb1e
> ffff880051608cc0
> [ 111.528272] ffff88006bc02a00 ffff880026327560 ffffffff8227edfd
> ffff8800263275b0
> [ 111.529886] ffffffff8227e04c ffff880026327590 ffffffff8227eb1e
> ffffffff832dfec0
> [ 111.531535] Call Trace:
> [ 111.532106] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> 111.533075] [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.534041]
> [<ffffffff8227e04c>] ?
> __kmalloc_node_track_caller+0xac/0x230
> [ 111.535102] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> 111.536047] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
> 111.537186] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.538139]
> [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.539106]
> [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.539946] [<ffffffff8275fab3>]
> ? __alloc_skb+0x2b3/0x310 [ 111.540876] [<ffffffff8275f800>] ?
> skb_complete_tx_timestamp+0x110/0x110
> [ 111.541954] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0 [
> 111.542978] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.543914]
> [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.544817]
> [<ffffffffa03665e8>] ?
> tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.546199]
> [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [ 111.547355]
> [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [ 111.548482]
> [<ffffffffa036a4f0>] ?
> tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.549763]
> [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.550822]
> [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
> 111.551921] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
> 111.552961] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
> 111.554010] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.554906]
> [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.555954]
> [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [ 111.557104]
> [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.557949]
> [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> [ 111.559030] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
> 111.559983] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> [ 111.561058] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
> 111.562038] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [ 111.562966]
> [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.563930]
> [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.564949]
> [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.565818] [<ffffffff827d0a27>]
> netlink_unicast+0x2e7/0x3a0 [ 111.566759] [<ffffffff827d0740>] ?
> netlink_attachskb+0x330/0x330 [ 111.567765] [<ffffffff8249b731>] ?
> copy_from_iter+0xf1/0x3b0 [ 111.568707] [<ffffffff827d0f8d>]
> netlink_sendmsg+0x4ad/0x620 [ 111.569706] [<ffffffff827d0ae0>] ?
> netlink_unicast+0x3a0/0x3a0 [ 111.570658] [<ffffffff822c0683>] ?
> __fdget+0x13/0x20 [ 111.571548] [<ffffffff82751575>] ?
> sockfd_lookup_light+0x95/0xb0 [ 111.572541] [<ffffffff827538fc>]
> SYSC_sendto+0x1bc/0x290 [ 111.573459] [<ffffffff82753740>] ?
> sock_write_iter+0x200/0x200 [ 111.574435] [<ffffffff822c0683>] ?
> __fdget+0x13/0x20 [ 111.575330] [<ffffffff82751575>] ?
> sockfd_lookup_light+0x95/0xb0 [ 111.576354] [<ffffffff827caf71>] ?
> netlink_getname+0xb1/0x110 [ 111.577371] [<ffffffff82750b0c>] ?
> move_addr_to_user+0x5c/0x70 [ 111.578385] [<ffffffff82751706>] ?
> SYSC_getsockname+0x176/0x190 [ 111.579407] [<ffffffff82751590>] ?
> sockfd_lookup_light+0xb0/0xb0 [ 111.580431] [<ffffffff82753225>] ?
> SYSC_bind+0xe5/0x180 [ 111.581369] [<ffffffff82753140>] ?
> __sock_recv_ts_and_drops+0x260/0x260
> [ 111.582518] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.583450]
> [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.584417]
> [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.585353]
> [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.586405]
> [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.587434]
> [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.588511]
> [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.589378]
> [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
> [ 111.590420] Code: 00 00 e8 e2 64 ef e1 4c 89 ef 80 a3 93 00 00 00 f7
> e8 43 65 ef e1 4d 8b 7d 00 4d 85 ff 0f 84 db 03 00 00 4c 89 f7 e8 6e 63 ef e1
> <66> 41 83 3e 08 0f 84 80 01 00 00 48 8d bc 24 20 01 00 00 31 c0 [ 111.598579]
> RIP [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [
> 111.599831] RSP <ffff880026327528> [ 111.600538] CR2: 0000000000000000 [
> 111.601202] ---[ end trace 827dd66f798de44a ]--- [ 111.602025] Kernel panic -
> not syncing: Fatal exception in interrupt [ 111.614704] Kernel Offset: disabled
> [ 111.615249] Rebooting in 60 seconds..
>
>
>
>
>
> [ 31.985039] BUG: Bad page state in process ___ pfn:400c0
> [ 31.985680] page:ffffea0001003000 count:0 mapcount:0
> mapping:000000000000003c index:0x0
> [ 31.986619] flags: 0x10000(mappedtodisk)
> [ 31.987081] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
> [ 31.987701] bad because of flags: 0x10000(mappedtodisk)
> [ 31.988268] Modules linked in: iptable_filter ip_tables x_tables tipc ...
> [ 31.991804] CPU: 3 PID: 2716 Not tainted 4.9.52 #1
> [ 31.993608] ffffc90003023b28 ffffffff822ee180 ffffea0001003000
> ffffffff827b76c8
> [ 31.994792] ffffc90003023b50 ffffffff8215c5e4 0000000000010000
> ffffea0001000000
> [ 31.995986] 0000000000000009 ffffc90003023b60 ffffffff8215c71f
> ffffc90003023c28
> [ 31.997380] Call Trace:
> [ 31.997780] [<ffffffff822ee180>] dump_stack+0x86/0xc6
> [ 31.998460] [<ffffffff8215c5e4>] bad_page+0xc4/0x130
> [ 31.999160] [<ffffffff8215c71f>] check_new_page_bad+0x5f/0x70
> [ 31.999968] [<ffffffff8215fe5a>] get_page_from_freelist+0x7ca/0xb20
> [ 32.000782] [<ffffffff8216123c>] __alloc_pages_nodemask+0xdc/0x220
> [ 32.001621] [<ffffffff821a4c18>] alloc_fresh_huge_page+0x68/0xc0
> [ 32.002407] [<ffffffff821a590f>] set_max_huge_pages+0x4df/0x530
> [ 32.003176] [<ffffffff8230698c>] ? _kstrtoull+0x2c/0x70
> [ 32.003841] [<ffffffff821a59ec>] nr_hugepages_store_common+0x8c/0xf0
> [ 32.004619] [<ffffffff821c2626>] ?
> mem_cgroup_commit_charge+0x66/0x430
> [ 32.005384] [<ffffffff821a5a83>] nr_hugepages_store+0x13/0x20
> [ 32.006176] [<ffffffff822f02bf>] kobj_attr_store+0xf/0x20
> [ 32.006838] [<ffffffff82237877>] sysfs_kf_write+0x37/0x40
> [ 32.007534] [<ffffffff82236bcc>] kernfs_fop_write+0x11c/0x1b0
> [ 32.008258] [<ffffffff821c7068>] __vfs_write+0x28/0x120
> [ 32.008931] [<ffffffff820fb23d>] ? __audit_syscall_entry+0xad/0xf0
> [ 32.009681] [<ffffffff821c7735>] vfs_write+0xb5/0x1a0
> [ 32.010308] [<ffffffff821c8a96>] SyS_write+0x46/0xa0
> [ 32.010917] [<ffffffff8204b8fa>] ? trace_do_page_fault+0x5a/0x140
> [ 32.011741] [<ffffffff82002bfe>] do_syscall_64+0x7e/0x1a0
> [ 32.012476] [<ffffffff825dc0c4>] entry_SYSCALL64_slow_path+0x25/0x25
> [ 32.013244] Disabling lock debugging due to kernel taint
> [ 34.055994] ip6_tables: (C) 2000-2006 Netfilter Core Team
>
>
> -Tommi
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: tipc_udp_send_msg oops in 4.4 when setting link tolerance
2017-11-13 21:25 ` Jon Maloy
@ 2017-11-14 10:15 ` Tommi Rantala
2017-11-14 11:35 ` Jon Maloy
0 siblings, 1 reply; 5+ messages in thread
From: Tommi Rantala @ 2017-11-14 10:15 UTC (permalink / raw)
To: Jon Maloy, Ying Xue, David S. Miller, netdev, tipc-discussion,
linux-kernel
On 13.11.2017 23:25, Jon Maloy wrote:
> Hi Tommi,
> I am not sure, but is seems like the following patch is what you need:
> commit 9b3009604b8e ("tipc: add net device to skb before UDP xmit")
> This was applied in tipc 4.5.
Found it, the missing patch is this one (9b3009604b8e does not help):
commit d01332f1acacc0cb43a61f4244dd2b846d4cd585
Author: Richard Alpe <richard.alpe@ericsson.com>
Date: Mon Feb 1 08:19:56 2016 +0100
tipc: fix link attribute propagation bug
It does not apply as-is to 4.4, so backported it, see below.
Does it look good? I can send it forward to Greg for inclusion in 4.4.
But with this patch included, I can easily reproduce the "BUG: Bad page
state in process git" issue also in 4.4 like this:
$ tipc link set tolerance 100 link $LINKNAME
$ cd /tmp && git clone /path/to/linux-stable
I can try to debug that a bit more to see if I can figure it out.
-Tommi
From e1857e6c60355296fd1cbe6e376d8a7265c2b289 Mon Sep 17 00:00:00 2001
From: Richard Alpe <richard.alpe@ericsson.com>
Date: Tue, 14 Nov 2017 11:09:50 +0200
Subject: [PATCH] tipc: fix link attribute propagation bug
commit d01332f1acacc0cb43a61f4244dd2b846d4cd585 upstream.
[backported to 4.4 by Tommi Rantala]
Changing certain link attributes (link tolerance and link priority)
from the TIPC management tool is supposed to automatically take
effect at both endpoints of the affected link.
Currently the media address is not instantiated for the link and is
used uninstantiated when crafting protocol messages designated for the
peer endpoint. This means that changing a link property currently
results in the property being changed on the local machine but the
protocol message designated for the peer gets lost. Resulting in
property discrepancy between the endpoints.
In this patch we resolve this by using the media address from the
link entry and using the bearer transmit function to send it. Hence,
we can now eliminate the redundant function tipc_link_prot_xmit() and
the redundant field tipc_link::media_addr.
Fixes: 2af5ae372a4b (tipc: clean up unused code and structures)
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Reported-by: Jason Hu <huzhijiang@gmail.com>
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
---
net/tipc/link.c | 28 ++++++----------------------
net/tipc/link.h | 1 -
2 files changed, 6 insertions(+), 23 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index 72268eac4ec7..736fffb28ab6 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1084,25 +1084,6 @@ drop:
return rc;
}
-/*
- * Send protocol message to the other endpoint.
- */
-void tipc_link_proto_xmit(struct tipc_link *l, u32 msg_typ, int
probe_msg,
- u32 gap, u32 tolerance, u32 priority)
-{
- struct sk_buff *skb = NULL;
- struct sk_buff_head xmitq;
-
- __skb_queue_head_init(&xmitq);
- tipc_link_build_proto_msg(l, msg_typ, probe_msg, gap,
- tolerance, priority, &xmitq);
- skb = __skb_dequeue(&xmitq);
- if (!skb)
- return;
- tipc_bearer_xmit_skb(l->net, l->bearer_id, skb, l->media_addr);
- l->rcv_unacked = 0;
-}
-
static void tipc_link_build_proto_msg(struct tipc_link *l, int mtyp,
bool probe,
u16 rcvgap, int tolerance, int
priority,
struct sk_buff_head *xmitq)
@@ -1636,9 +1617,12 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
genl_info *info)
char *name;
struct tipc_link *link;
struct tipc_node *node;
+ struct sk_buff_head xmitq;
struct nlattr *attrs[TIPC_NLA_LINK_MAX + 1];
struct net *net = sock_net(skb->sk);
+ __skb_queue_head_init(&xmitq);
+
if (!info->attrs[TIPC_NLA_LINK])
return -EINVAL;
@@ -1683,14 +1667,14 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
genl_info *info)
tol = nla_get_u32(props[TIPC_NLA_PROP_TOL]);
link->tolerance = tol;
- tipc_link_proto_xmit(link, STATE_MSG, 0, 0, tol, 0);
+ tipc_link_build_proto_msg(link, STATE_MSG, 0, 0,
tol, 0, &xmitq);
}
if (props[TIPC_NLA_PROP_PRIO]) {
u32 prio;
prio = nla_get_u32(props[TIPC_NLA_PROP_PRIO]);
link->priority = prio;
- tipc_link_proto_xmit(link, STATE_MSG, 0, 0, 0,
prio);
+ tipc_link_build_proto_msg(link, STATE_MSG, 0, 0,
0, prio, &xmitq);
}
if (props[TIPC_NLA_PROP_WIN]) {
u32 win;
@@ -1702,7 +1686,7 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
genl_info *info)
out:
tipc_node_unlock(node);
-
+ tipc_bearer_xmit(net, bearer_id, &xmitq,
&node->links[bearer_id].maddr);
return res;
}
diff --git a/net/tipc/link.h b/net/tipc/link.h
index 66d859b66c84..2a0d58671e88 100644
--- a/net/tipc/link.h
+++ b/net/tipc/link.h
@@ -153,7 +153,6 @@ struct tipc_stats {
struct tipc_link {
u32 addr;
char name[TIPC_MAX_LINK_NAME];
- struct tipc_media_addr *media_addr;
struct net *net;
/* Management and link supervision data */
--
2.14.2
>> -----Original Message-----
>> From: netdev-owner@vger.kernel.org [mailto:netdev-
>> owner@vger.kernel.org] On Behalf Of Tommi Rantala
>> Sent: Monday, November 13, 2017 11:23
>> To: Jon Maloy <jon.maloy@ericsson.com>; Ying Xue
>> <ying.xue@windriver.com>; David S. Miller <davem@davemloft.net>;
>> netdev@vger.kernel.org; tipc-discussion@lists.sourceforge.net; linux-
>> kernel@vger.kernel.org
>> Subject: tipc_udp_send_msg oops in 4.4 when setting link tolerance
>>
>> Hi,
>>
>> I always get an instant TIPC oops in 4.4, when I try to set the link tolerance
>> (with LINKNAME != "broadcast-link"):
>>
>> $ tipc link set tolerance 1000 link $LINKNAME
>>
>> Any idea what's going on? Some tipc patch missing in 4.4?
>>
>> In 4.9 the "tipc" command executes just fine, but I've seen a few times that
>> later some random process crashes with "BUG: Bad page state". KASAN does
>> not report anything before it happens.
>>
>> 4.14 is OK, could not reproduce these problems with it.
>>
>>
>>
>>
>> tipc_udp_send_msg+0x102/0x4f0
>>
>> matches to:
>> tipc_udp_send_msg at linux-stable/net/tipc/udp_media.c:172
>>
>> static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb,
>> struct tipc_bearer *b,
>> struct tipc_media_addr *dest) {
>> int ttl, err = 0;
>> struct udp_bearer *ub;
>> struct udp_media_addr *dst = (struct udp_media_addr *)&dest->value;
>> struct udp_media_addr *src = (struct udp_media_addr *)&b-
>>> addr.value;
>> struct rtable *rt;
>>
>> if (skb_headroom(skb) < UDP_MIN_HEADROOM) {
>> err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0,
>> GFP_ATOMIC);
>> if (err)
>> goto tx_error;
>> }
>>
>> skb_set_inner_protocol(skb, htons(ETH_P_TIPC));
>> ub = rcu_dereference_rtnl(b->media_ptr);
>> if (!ub) {
>> err = -ENODEV;
>> goto tx_error;
>> }
>> if (dst->proto == htons(ETH_P_IP)) { <------ HERE
>>
>>
>>
>> [ 111.423647]
>> ==========================================================
>> ========
>> [ 111.424826] BUG: KASAN: null-ptr-deref on address (null)
>> [ 111.425538] Read of size 2 by task tipc/2643 [ 111.426215] CPU: 3 PID: 2643
>> Comm: tipc Not tainted 4.4.97-pc64 #1 [ 111.428081] 0000000000000000
>> ffff880026327478 ffffffff8248005e
>> 0000000000000002
>> [ 111.429476] ffff880047ad5ac0 ffff8800263274f8 ffffffff8227f5af
>> 0000000265711040
>> [ 111.430728] 0000000000000000 0000000000000297 ffffffffa0387fd2
>> 02090220ffffffff [ 111.432051] Call Trace:
>> [ 111.432472] [<ffffffff8248005e>] dump_stack+0x86/0xc8 [ 111.433208]
>> [<ffffffff8227f5af>] kasan_report.part.2+0x41f/0x520 [ 111.434040]
>> [<ffffffffa0387fd2>] ? tipc_udp_send_msg+0x102/0x4f0 [tipc] [ 111.434908]
>> [<ffffffff8227f965>] kasan_report+0x25/0x30 [ 111.435647]
>> [<ffffffff8227e3a6>] __asan_load2+0x66/0x70 [ 111.436391]
>> [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [ 111.437334]
>> [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.438301]
>> [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.439328]
>> [<ffffffff8227e04c>] ?
>> __kmalloc_node_track_caller+0xac/0x230
>> [ 111.440493] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
>> 111.441479] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
>> 111.442628] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.443598]
>> [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.444610]
>> [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.445539] [<ffffffff8275fab3>]
>> ? __alloc_skb+0x2b3/0x310 [ 111.446560] [<ffffffff8275f800>] ?
>> skb_complete_tx_timestamp+0x110/0x110
>> [ 111.447695] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0 [
>> 111.448735] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.449608]
>> [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.450524]
>> [<ffffffffa03665e8>] ?
>> tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.451946]
>> [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [ 111.453078]
>> [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [ 111.454218]
>> [<ffffffffa036a4f0>] ?
>> tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.455542]
>> [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.456659]
>> [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
>> 111.457831] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
>> 111.458884] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
>> 111.459931] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.460892]
>> [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.461948]
>> [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [ 111.463107]
>> [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.463987]
>> [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
>> [ 111.465048] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
>> 111.465986] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
>> [ 111.467045] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
>> 111.468067] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [ 111.468994]
>> [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.469939]
>> [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.470954]
>> [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.471798] [<ffffffff827d0a27>]
>> netlink_unicast+0x2e7/0x3a0 [ 111.472806] [<ffffffff827d0740>] ?
>> netlink_attachskb+0x330/0x330 [ 111.473845] [<ffffffff8249b731>] ?
>> copy_from_iter+0xf1/0x3b0 [ 111.474847] [<ffffffff827d0f8d>]
>> netlink_sendmsg+0x4ad/0x620 [ 111.475788] [<ffffffff827d0ae0>] ?
>> netlink_unicast+0x3a0/0x3a0 [ 111.476793] [<ffffffff822c0683>] ?
>> __fdget+0x13/0x20 [ 111.477723] [<ffffffff82751575>] ?
>> sockfd_lookup_light+0x95/0xb0 [ 111.478773] [<ffffffff827538fc>]
>> SYSC_sendto+0x1bc/0x290 [ 111.479659] [<ffffffff82753740>] ?
>> sock_write_iter+0x200/0x200 [ 111.480692] [<ffffffff822c0683>] ?
>> __fdget+0x13/0x20 [ 111.481559] [<ffffffff82751575>] ?
>> sockfd_lookup_light+0x95/0xb0 [ 111.482591] [<ffffffff827caf71>] ?
>> netlink_getname+0xb1/0x110 [ 111.483570] [<ffffffff82750b0c>] ?
>> move_addr_to_user+0x5c/0x70 [ 111.484539] [<ffffffff82751706>] ?
>> SYSC_getsockname+0x176/0x190 [ 111.485540] [<ffffffff82751590>] ?
>> sockfd_lookup_light+0xb0/0xb0 [ 111.486558] [<ffffffff82753225>] ?
>> SYSC_bind+0xe5/0x180 [ 111.487548] [<ffffffff82753140>] ?
>> __sock_recv_ts_and_drops+0x260/0x260
>> [ 111.488700] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.489596]
>> [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.490553]
>> [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.491437]
>> [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.492505]
>> [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.493557]
>> [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.494629]
>> [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.495588]
>> [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
>> [ 111.496697]
>> ==========================================================
>> ========
>> [ 111.498005] Disabling lock debugging due to kernel taint [ 111.499059]
>> BUG: unable to handle kernel NULL pointer dereference at
>> (null)
>> [ 111.500698] IP: [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0
>> [tipc] [ 111.502027] PGD 4b01c067 PUD 1f0a5067 PMD 0 [ 111.503053] Oops:
>> 0000 [#1] SMP KASAN [ 111.503980] Modules linked in: ip6table_mangle
>> ip6_tables iptable_mangle iptable_filter ip_tables x_tables tipc
>> ip6_udp_tunnel udp_tunnel fuse isofs aesni_intel aes_x86_64 glue_helper
>> lrw gf128mul ablk_helper cryptd ata_piix i6300esb sch_fq_codel
>> nf_conntrack_proto_sctp nf_conntrack autofs4
>> [ 111.509927] CPU: 3 PID: 2643 Comm: tipc Tainted: G B
>> 4.4.97-pc64 #1
>> [ 111.511249] Hardware name: Fedora Project OpenStack Nova, BIOS
>> seabios-1.7.5-11.el7.tis.1 04/01/2014
>> [ 111.512935] task: ffff880047ad5ac0 ti: ffff880026320000 task.ti:
>> ffff880026320000
>> [ 111.514283] RIP: 0010:[<ffffffffa0387fd2>] [<ffffffffa0387fd2>]
>> tipc_udp_send_msg+0x102/0x4f0 [tipc]
>> [ 111.515960] RSP: 0018:ffff880026327528 EFLAGS: 00010292 [ 111.516832]
>> RAX: ffff880047ad5ac0 RBX: ffff880065711040 RCX:
>> 0000000000000000
>> [ 111.517992] RDX: 1ffffffff06b9196 RSI: 0000000000000297 RDI:
>> 0000000000000297
>> [ 111.519117] RBP: ffff8800263276f0 R08: 0000000000000000 R09:
>> fffffbfff069f014
>> [ 111.520228] R10: dffffc0000000001 R11: ffff88006bc02a00 R12:
>> 1ffff10004c64eb1
>> [ 111.521361] R13: ffff88005ad07750 R14: 0000000000000000 R15:
>> ffff88005154d9e0
>> [ 111.522538] FS: 00007f467f3ac700(0000) GS:ffff88006c380000(0000)
>> knlGS:0000000000000000
>> [ 111.523960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
>> 111.524947] CR2: 0000000000000000 CR3: 000000001f076000 CR4:
>> 00000000001406e0
>> [ 111.526084] Stack:
>> [ 111.526551] 1ffff1000a2c11d8 ffff880026327550 ffffffff8227eb1e
>> ffff880051608cc0
>> [ 111.528272] ffff88006bc02a00 ffff880026327560 ffffffff8227edfd
>> ffff8800263275b0
>> [ 111.529886] ffffffff8227e04c ffff880026327590 ffffffff8227eb1e
>> ffffffff832dfec0
>> [ 111.531535] Call Trace:
>> [ 111.532106] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
>> 111.533075] [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.534041]
>> [<ffffffff8227e04c>] ?
>> __kmalloc_node_track_caller+0xac/0x230
>> [ 111.535102] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
>> 111.536047] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
>> 111.537186] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.538139]
>> [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.539106]
>> [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.539946] [<ffffffff8275fab3>]
>> ? __alloc_skb+0x2b3/0x310 [ 111.540876] [<ffffffff8275f800>] ?
>> skb_complete_tx_timestamp+0x110/0x110
>> [ 111.541954] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0 [
>> 111.542978] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.543914]
>> [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.544817]
>> [<ffffffffa03665e8>] ?
>> tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.546199]
>> [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [ 111.547355]
>> [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [ 111.548482]
>> [<ffffffffa036a4f0>] ?
>> tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.549763]
>> [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.550822]
>> [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
>> 111.551921] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
>> 111.552961] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
>> 111.554010] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.554906]
>> [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.555954]
>> [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [ 111.557104]
>> [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.557949]
>> [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
>> [ 111.559030] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
>> 111.559983] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
>> [ 111.561058] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
>> 111.562038] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [ 111.562966]
>> [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.563930]
>> [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.564949]
>> [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.565818] [<ffffffff827d0a27>]
>> netlink_unicast+0x2e7/0x3a0 [ 111.566759] [<ffffffff827d0740>] ?
>> netlink_attachskb+0x330/0x330 [ 111.567765] [<ffffffff8249b731>] ?
>> copy_from_iter+0xf1/0x3b0 [ 111.568707] [<ffffffff827d0f8d>]
>> netlink_sendmsg+0x4ad/0x620 [ 111.569706] [<ffffffff827d0ae0>] ?
>> netlink_unicast+0x3a0/0x3a0 [ 111.570658] [<ffffffff822c0683>] ?
>> __fdget+0x13/0x20 [ 111.571548] [<ffffffff82751575>] ?
>> sockfd_lookup_light+0x95/0xb0 [ 111.572541] [<ffffffff827538fc>]
>> SYSC_sendto+0x1bc/0x290 [ 111.573459] [<ffffffff82753740>] ?
>> sock_write_iter+0x200/0x200 [ 111.574435] [<ffffffff822c0683>] ?
>> __fdget+0x13/0x20 [ 111.575330] [<ffffffff82751575>] ?
>> sockfd_lookup_light+0x95/0xb0 [ 111.576354] [<ffffffff827caf71>] ?
>> netlink_getname+0xb1/0x110 [ 111.577371] [<ffffffff82750b0c>] ?
>> move_addr_to_user+0x5c/0x70 [ 111.578385] [<ffffffff82751706>] ?
>> SYSC_getsockname+0x176/0x190 [ 111.579407] [<ffffffff82751590>] ?
>> sockfd_lookup_light+0xb0/0xb0 [ 111.580431] [<ffffffff82753225>] ?
>> SYSC_bind+0xe5/0x180 [ 111.581369] [<ffffffff82753140>] ?
>> __sock_recv_ts_and_drops+0x260/0x260
>> [ 111.582518] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.583450]
>> [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.584417]
>> [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.585353]
>> [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.586405]
>> [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.587434]
>> [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.588511]
>> [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.589378]
>> [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
>> [ 111.590420] Code: 00 00 e8 e2 64 ef e1 4c 89 ef 80 a3 93 00 00 00 f7
>> e8 43 65 ef e1 4d 8b 7d 00 4d 85 ff 0f 84 db 03 00 00 4c 89 f7 e8 6e 63 ef e1
>> <66> 41 83 3e 08 0f 84 80 01 00 00 48 8d bc 24 20 01 00 00 31 c0 [ 111.598579]
>> RIP [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [
>> 111.599831] RSP <ffff880026327528> [ 111.600538] CR2: 0000000000000000 [
>> 111.601202] ---[ end trace 827dd66f798de44a ]--- [ 111.602025] Kernel panic -
>> not syncing: Fatal exception in interrupt [ 111.614704] Kernel Offset: disabled
>> [ 111.615249] Rebooting in 60 seconds..
>>
>>
>>
>>
>>
>> [ 31.985039] BUG: Bad page state in process ___ pfn:400c0
>> [ 31.985680] page:ffffea0001003000 count:0 mapcount:0
>> mapping:000000000000003c index:0x0
>> [ 31.986619] flags: 0x10000(mappedtodisk)
>> [ 31.987081] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
>> [ 31.987701] bad because of flags: 0x10000(mappedtodisk)
>> [ 31.988268] Modules linked in: iptable_filter ip_tables x_tables tipc ...
>> [ 31.991804] CPU: 3 PID: 2716 Not tainted 4.9.52 #1
>> [ 31.993608] ffffc90003023b28 ffffffff822ee180 ffffea0001003000
>> ffffffff827b76c8
>> [ 31.994792] ffffc90003023b50 ffffffff8215c5e4 0000000000010000
>> ffffea0001000000
>> [ 31.995986] 0000000000000009 ffffc90003023b60 ffffffff8215c71f
>> ffffc90003023c28
>> [ 31.997380] Call Trace:
>> [ 31.997780] [<ffffffff822ee180>] dump_stack+0x86/0xc6
>> [ 31.998460] [<ffffffff8215c5e4>] bad_page+0xc4/0x130
>> [ 31.999160] [<ffffffff8215c71f>] check_new_page_bad+0x5f/0x70
>> [ 31.999968] [<ffffffff8215fe5a>] get_page_from_freelist+0x7ca/0xb20
>> [ 32.000782] [<ffffffff8216123c>] __alloc_pages_nodemask+0xdc/0x220
>> [ 32.001621] [<ffffffff821a4c18>] alloc_fresh_huge_page+0x68/0xc0
>> [ 32.002407] [<ffffffff821a590f>] set_max_huge_pages+0x4df/0x530
>> [ 32.003176] [<ffffffff8230698c>] ? _kstrtoull+0x2c/0x70
>> [ 32.003841] [<ffffffff821a59ec>] nr_hugepages_store_common+0x8c/0xf0
>> [ 32.004619] [<ffffffff821c2626>] ?
>> mem_cgroup_commit_charge+0x66/0x430
>> [ 32.005384] [<ffffffff821a5a83>] nr_hugepages_store+0x13/0x20
>> [ 32.006176] [<ffffffff822f02bf>] kobj_attr_store+0xf/0x20
>> [ 32.006838] [<ffffffff82237877>] sysfs_kf_write+0x37/0x40
>> [ 32.007534] [<ffffffff82236bcc>] kernfs_fop_write+0x11c/0x1b0
>> [ 32.008258] [<ffffffff821c7068>] __vfs_write+0x28/0x120
>> [ 32.008931] [<ffffffff820fb23d>] ? __audit_syscall_entry+0xad/0xf0
>> [ 32.009681] [<ffffffff821c7735>] vfs_write+0xb5/0x1a0
>> [ 32.010308] [<ffffffff821c8a96>] SyS_write+0x46/0xa0
>> [ 32.010917] [<ffffffff8204b8fa>] ? trace_do_page_fault+0x5a/0x140
>> [ 32.011741] [<ffffffff82002bfe>] do_syscall_64+0x7e/0x1a0
>> [ 32.012476] [<ffffffff825dc0c4>] entry_SYSCALL64_slow_path+0x25/0x25
>> [ 32.013244] Disabling lock debugging due to kernel taint
>> [ 34.055994] ip6_tables: (C) 2000-2006 Netfilter Core Team
>>
>>
>> -Tommi
^ permalink raw reply related [flat|nested] 5+ messages in thread
* RE: tipc_udp_send_msg oops in 4.4 when setting link tolerance
2017-11-14 10:15 ` Tommi Rantala
@ 2017-11-14 11:35 ` Jon Maloy
2017-11-15 9:42 ` Tommi Rantala
0 siblings, 1 reply; 5+ messages in thread
From: Jon Maloy @ 2017-11-14 11:35 UTC (permalink / raw)
To: Tommi Rantala, Ying Xue, David S. Miller, netdev,
tipc-discussion, linux-kernel
> -----Original Message-----
> From: netdev-owner@vger.kernel.org [mailto:netdev-
> owner@vger.kernel.org] On Behalf Of Tommi Rantala
> Sent: Tuesday, November 14, 2017 05:16
> To: Jon Maloy <jon.maloy@ericsson.com>; Ying Xue
> <ying.xue@windriver.com>; David S. Miller <davem@davemloft.net>;
> netdev@vger.kernel.org; tipc-discussion@lists.sourceforge.net; linux-
> kernel@vger.kernel.org
> Subject: Re: tipc_udp_send_msg oops in 4.4 when setting link tolerance
>
> On 13.11.2017 23:25, Jon Maloy wrote:
> > Hi Tommi,
> > I am not sure, but is seems like the following patch is what you need:
> > commit 9b3009604b8e ("tipc: add net device to skb before UDP xmit") >
> This was applied in tipc 4.5.
>
> Found it, the missing patch is this one (9b3009604b8e does not help):
>
> commit d01332f1acacc0cb43a61f4244dd2b846d4cd585
> Author: Richard Alpe <richard.alpe@ericsson.com>
> Date: Mon Feb 1 08:19:56 2016 +0100
>
> tipc: fix link attribute propagation bug
>
>
> It does not apply as-is to 4.4, so backported it, see below.
> Does it look good? I can send it forward to Greg for inclusion in 4.4.
Yes. I would be very grateful if you do.
>
>
> But with this patch included, I can easily reproduce the "BUG: Bad page state
> in process git" issue also in 4.4 like this:
>
> $ tipc link set tolerance 100 link $LINKNAME $ cd /tmp && git clone
> /path/to/linux-stable
>
> I can try to debug that a bit more to see if I can figure it out.
I would appreciate that. If this turns out to also be an already fixed bug (most likely) you can send that directly to GKH too.
If you find a bug that requires a new patch send it to tipc-discussion for review first.
Finally, I want to say that I very much appreciate users like you, who try solving the problems themselves and contribute to the code.
We are right now in an upgrade phase of TIPC, where we have been/are adding new features to TIPC (overlapping ring neighbor monitoring, group communication, new addressing model, performance improvements...) which inevitably entail some new bugs, but I expect the frequency of these changes/improvements to TIPC go down in a few months, and with that the number of fixes needed.
BR
///jon
>
> -Tommi
>
>
>
> From e1857e6c60355296fd1cbe6e376d8a7265c2b289 Mon Sep 17 00:00:00
> 2001
> From: Richard Alpe <richard.alpe@ericsson.com>
> Date: Tue, 14 Nov 2017 11:09:50 +0200
> Subject: [PATCH] tipc: fix link attribute propagation bug
>
> commit d01332f1acacc0cb43a61f4244dd2b846d4cd585 upstream.
>
> [backported to 4.4 by Tommi Rantala]
>
> Changing certain link attributes (link tolerance and link priority) from the TIPC
> management tool is supposed to automatically take effect at both endpoints
> of the affected link.
>
> Currently the media address is not instantiated for the link and is used
> uninstantiated when crafting protocol messages designated for the peer
> endpoint. This means that changing a link property currently results in the
> property being changed on the local machine but the protocol message
> designated for the peer gets lost. Resulting in property discrepancy between
> the endpoints.
>
> In this patch we resolve this by using the media address from the link entry
> and using the bearer transmit function to send it. Hence, we can now
> eliminate the redundant function tipc_link_prot_xmit() and the redundant
> field tipc_link::media_addr.
>
> Fixes: 2af5ae372a4b (tipc: clean up unused code and structures)
> Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
> Reported-by: Jason Hu <huzhijiang@gmail.com>
> Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Tommi Rantala <tommi.t.rantala@nokia.com>
> ---
> net/tipc/link.c | 28 ++++++----------------------
> net/tipc/link.h | 1 -
>
> 2 files changed, 6 insertions(+), 23 deletions(-)
>
>
>
> diff --git a/net/tipc/link.c b/net/tipc/link.c
>
> index 72268eac4ec7..736fffb28ab6 100644
>
> --- a/net/tipc/link.c
>
> +++ b/net/tipc/link.c
>
> @@ -1084,25 +1084,6 @@ drop:
>
> return rc;
>
> }
>
>
>
> -/*
>
> - * Send protocol message to the other endpoint.
>
> - */
>
> -void tipc_link_proto_xmit(struct tipc_link *l, u32 msg_typ, int probe_msg,
> - u32 gap, u32 tolerance, u32 priority)
>
> -{
>
> - struct sk_buff *skb = NULL;
>
> - struct sk_buff_head xmitq;
>
> -
>
> - __skb_queue_head_init(&xmitq);
>
> - tipc_link_build_proto_msg(l, msg_typ, probe_msg, gap,
>
> - tolerance, priority, &xmitq);
>
> - skb = __skb_dequeue(&xmitq);
>
> - if (!skb)
>
> - return;
>
> - tipc_bearer_xmit_skb(l->net, l->bearer_id, skb, l->media_addr);
>
> - l->rcv_unacked = 0;
>
> -}
>
> -
>
> static void tipc_link_build_proto_msg(struct tipc_link *l, int mtyp, bool
> probe,
> u16 rcvgap, int tolerance, int priority,
> struct sk_buff_head *xmitq)
>
> @@ -1636,9 +1617,12 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
> genl_info *info)
> char *name;
>
> struct tipc_link *link;
> struct tipc_node *node;
> + struct sk_buff_head xmitq;
> struct nlattr *attrs[TIPC_NLA_LINK_MAX + 1];
> struct net *net = sock_net(skb->sk);
>
> + __skb_queue_head_init(&xmitq);
> +
> if (!info->attrs[TIPC_NLA_LINK])
> return -EINVAL;
>
> @@ -1683,14 +1667,14 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
> genl_info *info)
>
> tol = nla_get_u32(props[TIPC_NLA_PROP_TOL]);
> link->tolerance = tol;
> - tipc_link_proto_xmit(link, STATE_MSG, 0, 0, tol, 0);
> + tipc_link_build_proto_msg(link, STATE_MSG, 0, 0,
> tol, 0, &xmitq);
> }
> if (props[TIPC_NLA_PROP_PRIO]) {
> u32 prio;
>
> prio = nla_get_u32(props[TIPC_NLA_PROP_PRIO]);
> link->priority = prio;
> - tipc_link_proto_xmit(link, STATE_MSG, 0, 0, 0,
> prio);
> + tipc_link_build_proto_msg(link, STATE_MSG, 0, 0,
> 0, prio, &xmitq);
> }
> if (props[TIPC_NLA_PROP_WIN]) {
> u32 win;
> @@ -1702,7 +1686,7 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
> genl_info *info)
>
> out:
> tipc_node_unlock(node);
> -
> + tipc_bearer_xmit(net, bearer_id, &xmitq,
> &node->links[bearer_id].maddr);
> return res;
> }
>
> diff --git a/net/tipc/link.h b/net/tipc/link.h index
> 66d859b66c84..2a0d58671e88 100644
> --- a/net/tipc/link.h
> +++ b/net/tipc/link.h
> @@ -153,7 +153,6 @@ struct tipc_stats {
> struct tipc_link {
> u32 addr;
> char name[TIPC_MAX_LINK_NAME];
> - struct tipc_media_addr *media_addr;
> struct net *net;
>
> /* Management and link supervision data */
> --
> 2.14.2
>
>
>
>
> >> -----Original Message-----
> >> From: netdev-owner@vger.kernel.org [mailto:netdev-
> >> owner@vger.kernel.org] On Behalf Of Tommi Rantala
> >> Sent: Monday, November 13, 2017 11:23
> >> To: Jon Maloy <jon.maloy@ericsson.com>; Ying Xue
> >> <ying.xue@windriver.com>; David S. Miller <davem@davemloft.net>;
> >> netdev@vger.kernel.org; tipc-discussion@lists.sourceforge.net; linux-
> >> kernel@vger.kernel.org
> >> Subject: tipc_udp_send_msg oops in 4.4 when setting link tolerance
> >>
> >> Hi,
> >>
> >> I always get an instant TIPC oops in 4.4, when I try to set the link tolerance
> >> (with LINKNAME != "broadcast-link"):
> >>
> >> $ tipc link set tolerance 1000 link $LINKNAME
> >>
> >> Any idea what's going on? Some tipc patch missing in 4.4?
> >>
> >> In 4.9 the "tipc" command executes just fine, but I've seen a few times
> that
> >> later some random process crashes with "BUG: Bad page state". KASAN
> does
> >> not report anything before it happens.
> >>
> >> 4.14 is OK, could not reproduce these problems with it.
> >>
> >>
> >>
> >>
> >> tipc_udp_send_msg+0x102/0x4f0
> >>
> >> matches to:
> >> tipc_udp_send_msg at linux-stable/net/tipc/udp_media.c:172
> >>
> >> static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb,
> >> struct tipc_bearer *b,
> >> struct tipc_media_addr *dest) {
> >> int ttl, err = 0;
> >> struct udp_bearer *ub;
> >> struct udp_media_addr *dst = (struct udp_media_addr *)&dest-
> >value;
> >> struct udp_media_addr *src = (struct udp_media_addr *)&b-
> >>> addr.value;
> >> struct rtable *rt;
> >>
> >> if (skb_headroom(skb) < UDP_MIN_HEADROOM) {
> >> err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0,
> >> GFP_ATOMIC);
> >> if (err)
> >> goto tx_error;
> >> }
> >>
> >> skb_set_inner_protocol(skb, htons(ETH_P_TIPC));
> >> ub = rcu_dereference_rtnl(b->media_ptr);
> >> if (!ub) {
> >> err = -ENODEV;
> >> goto tx_error;
> >> }
> >> if (dst->proto == htons(ETH_P_IP)) { <------ HERE
> >>
> >>
> >>
> >> [ 111.423647]
> >>
> ==========================================================
> >> ========
> >> [ 111.424826] BUG: KASAN: null-ptr-deref on address (null)
> >> [ 111.425538] Read of size 2 by task tipc/2643 [ 111.426215] CPU: 3 PID:
> 2643
> >> Comm: tipc Not tainted 4.4.97-pc64 #1 [ 111.428081] 0000000000000000
> >> ffff880026327478 ffffffff8248005e
> >> 0000000000000002
> >> [ 111.429476] ffff880047ad5ac0 ffff8800263274f8 ffffffff8227f5af
> >> 0000000265711040
> >> [ 111.430728] 0000000000000000 0000000000000297 ffffffffa0387fd2
> >> 02090220ffffffff [ 111.432051] Call Trace:
> >> [ 111.432472] [<ffffffff8248005e>] dump_stack+0x86/0xc8 [ 111.433208]
> >> [<ffffffff8227f5af>] kasan_report.part.2+0x41f/0x520 [ 111.434040]
> >> [<ffffffffa0387fd2>] ? tipc_udp_send_msg+0x102/0x4f0 [tipc] [
> 111.434908]
> >> [<ffffffff8227f965>] kasan_report+0x25/0x30 [ 111.435647]
> >> [<ffffffff8227e3a6>] __asan_load2+0x66/0x70 [ 111.436391]
> >> [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [
> 111.437334]
> >> [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.438301]
> >> [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.439328]
> >> [<ffffffff8227e04c>] ?
> >> __kmalloc_node_track_caller+0xac/0x230
> >> [ 111.440493] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> >> 111.441479] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
> >> 111.442628] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> 111.443598]
> >> [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.444610]
> >> [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.445539]
> [<ffffffff8275fab3>]
> >> ? __alloc_skb+0x2b3/0x310 [ 111.446560] [<ffffffff8275f800>] ?
> >> skb_complete_tx_timestamp+0x110/0x110
> >> [ 111.447695] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0
> [
> >> 111.448735] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.449608]
> >> [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.450524]
> >> [<ffffffffa03665e8>] ?
> >> tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.451946]
> >> [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [
> 111.453078]
> >> [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [
> 111.454218]
> >> [<ffffffffa036a4f0>] ?
> >> tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.455542]
> >> [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.456659]
> >> [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
> >> 111.457831] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
> >> 111.458884] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
> >> 111.459931] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.460892]
> >> [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.461948]
> >> [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [
> 111.463107]
> >> [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.463987]
> >> [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> >> [ 111.465048] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
> >> 111.465986] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> >> [ 111.467045] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
> >> 111.468067] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [
> 111.468994]
> >> [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.469939]
> >> [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.470954]
> >> [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.471798]
> [<ffffffff827d0a27>]
> >> netlink_unicast+0x2e7/0x3a0 [ 111.472806] [<ffffffff827d0740>] ?
> >> netlink_attachskb+0x330/0x330 [ 111.473845] [<ffffffff8249b731>] ?
> >> copy_from_iter+0xf1/0x3b0 [ 111.474847] [<ffffffff827d0f8d>]
> >> netlink_sendmsg+0x4ad/0x620 [ 111.475788] [<ffffffff827d0ae0>] ?
> >> netlink_unicast+0x3a0/0x3a0 [ 111.476793] [<ffffffff822c0683>] ?
> >> __fdget+0x13/0x20 [ 111.477723] [<ffffffff82751575>] ?
> >> sockfd_lookup_light+0x95/0xb0 [ 111.478773] [<ffffffff827538fc>]
> >> SYSC_sendto+0x1bc/0x290 [ 111.479659] [<ffffffff82753740>] ?
> >> sock_write_iter+0x200/0x200 [ 111.480692] [<ffffffff822c0683>] ?
> >> __fdget+0x13/0x20 [ 111.481559] [<ffffffff82751575>] ?
> >> sockfd_lookup_light+0x95/0xb0 [ 111.482591] [<ffffffff827caf71>] ?
> >> netlink_getname+0xb1/0x110 [ 111.483570] [<ffffffff82750b0c>] ?
> >> move_addr_to_user+0x5c/0x70 [ 111.484539] [<ffffffff82751706>] ?
> >> SYSC_getsockname+0x176/0x190 [ 111.485540] [<ffffffff82751590>] ?
> >> sockfd_lookup_light+0xb0/0xb0 [ 111.486558] [<ffffffff82753225>] ?
> >> SYSC_bind+0xe5/0x180 [ 111.487548] [<ffffffff82753140>] ?
> >> __sock_recv_ts_and_drops+0x260/0x260
> >> [ 111.488700] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.489596]
> >> [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.490553]
> >> [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.491437]
> >> [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.492505]
> >> [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.493557]
> >> [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.494629]
> >> [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.495588]
> >> [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
> >> [ 111.496697]
> >>
> ==========================================================
> >> ========
> >> [ 111.498005] Disabling lock debugging due to kernel taint [ 111.499059]
> >> BUG: unable to handle kernel NULL pointer dereference at
> >> (null)
> >> [ 111.500698] IP: [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0
> >> [tipc] [ 111.502027] PGD 4b01c067 PUD 1f0a5067 PMD 0 [ 111.503053]
> Oops:
> >> 0000 [#1] SMP KASAN [ 111.503980] Modules linked in: ip6table_mangle
> >> ip6_tables iptable_mangle iptable_filter ip_tables x_tables tipc
> >> ip6_udp_tunnel udp_tunnel fuse isofs aesni_intel aes_x86_64
> glue_helper
> >> lrw gf128mul ablk_helper cryptd ata_piix i6300esb sch_fq_codel
> >> nf_conntrack_proto_sctp nf_conntrack autofs4
> >> [ 111.509927] CPU: 3 PID: 2643 Comm: tipc Tainted: G B
> >> 4.4.97-pc64 #1
> >> [ 111.511249] Hardware name: Fedora Project OpenStack Nova, BIOS
> >> seabios-1.7.5-11.el7.tis.1 04/01/2014
> >> [ 111.512935] task: ffff880047ad5ac0 ti: ffff880026320000 task.ti:
> >> ffff880026320000
> >> [ 111.514283] RIP: 0010:[<ffffffffa0387fd2>] [<ffffffffa0387fd2>]
> >> tipc_udp_send_msg+0x102/0x4f0 [tipc]
> >> [ 111.515960] RSP: 0018:ffff880026327528 EFLAGS: 00010292 [
> 111.516832]
> >> RAX: ffff880047ad5ac0 RBX: ffff880065711040 RCX:
> >> 0000000000000000
> >> [ 111.517992] RDX: 1ffffffff06b9196 RSI: 0000000000000297 RDI:
> >> 0000000000000297
> >> [ 111.519117] RBP: ffff8800263276f0 R08: 0000000000000000 R09:
> >> fffffbfff069f014
> >> [ 111.520228] R10: dffffc0000000001 R11: ffff88006bc02a00 R12:
> >> 1ffff10004c64eb1
> >> [ 111.521361] R13: ffff88005ad07750 R14: 0000000000000000 R15:
> >> ffff88005154d9e0
> >> [ 111.522538] FS: 00007f467f3ac700(0000) GS:ffff88006c380000(0000)
> >> knlGS:0000000000000000
> >> [ 111.523960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
> >> 111.524947] CR2: 0000000000000000 CR3: 000000001f076000 CR4:
> >> 00000000001406e0
> >> [ 111.526084] Stack:
> >> [ 111.526551] 1ffff1000a2c11d8 ffff880026327550 ffffffff8227eb1e
> >> ffff880051608cc0
> >> [ 111.528272] ffff88006bc02a00 ffff880026327560 ffffffff8227edfd
> >> ffff8800263275b0
> >> [ 111.529886] ffffffff8227e04c ffff880026327590 ffffffff8227eb1e
> >> ffffffff832dfec0
> >> [ 111.531535] Call Trace:
> >> [ 111.532106] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> >> 111.533075] [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [
> 111.534041]
> >> [<ffffffff8227e04c>] ?
> >> __kmalloc_node_track_caller+0xac/0x230
> >> [ 111.535102] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> >> 111.536047] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
> >> 111.537186] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
> 111.538139]
> >> [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.539106]
> >> [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.539946]
> [<ffffffff8275fab3>]
> >> ? __alloc_skb+0x2b3/0x310 [ 111.540876] [<ffffffff8275f800>] ?
> >> skb_complete_tx_timestamp+0x110/0x110
> >> [ 111.541954] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0
> [
> >> 111.542978] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.543914]
> >> [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.544817]
> >> [<ffffffffa03665e8>] ?
> >> tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.546199]
> >> [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [
> 111.547355]
> >> [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [
> 111.548482]
> >> [<ffffffffa036a4f0>] ?
> >> tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.549763]
> >> [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.550822]
> >> [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
> >> 111.551921] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
> >> 111.552961] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
> >> 111.554010] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.554906]
> >> [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.555954]
> >> [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [
> 111.557104]
> >> [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.557949]
> >> [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> >> [ 111.559030] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
> >> 111.559983] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
> >> [ 111.561058] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
> >> 111.562038] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [
> 111.562966]
> >> [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.563930]
> >> [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.564949]
> >> [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.565818]
> [<ffffffff827d0a27>]
> >> netlink_unicast+0x2e7/0x3a0 [ 111.566759] [<ffffffff827d0740>] ?
> >> netlink_attachskb+0x330/0x330 [ 111.567765] [<ffffffff8249b731>] ?
> >> copy_from_iter+0xf1/0x3b0 [ 111.568707] [<ffffffff827d0f8d>]
> >> netlink_sendmsg+0x4ad/0x620 [ 111.569706] [<ffffffff827d0ae0>] ?
> >> netlink_unicast+0x3a0/0x3a0 [ 111.570658] [<ffffffff822c0683>] ?
> >> __fdget+0x13/0x20 [ 111.571548] [<ffffffff82751575>] ?
> >> sockfd_lookup_light+0x95/0xb0 [ 111.572541] [<ffffffff827538fc>]
> >> SYSC_sendto+0x1bc/0x290 [ 111.573459] [<ffffffff82753740>] ?
> >> sock_write_iter+0x200/0x200 [ 111.574435] [<ffffffff822c0683>] ?
> >> __fdget+0x13/0x20 [ 111.575330] [<ffffffff82751575>] ?
> >> sockfd_lookup_light+0x95/0xb0 [ 111.576354] [<ffffffff827caf71>] ?
> >> netlink_getname+0xb1/0x110 [ 111.577371] [<ffffffff82750b0c>] ?
> >> move_addr_to_user+0x5c/0x70 [ 111.578385] [<ffffffff82751706>] ?
> >> SYSC_getsockname+0x176/0x190 [ 111.579407] [<ffffffff82751590>] ?
> >> sockfd_lookup_light+0xb0/0xb0 [ 111.580431] [<ffffffff82753225>] ?
> >> SYSC_bind+0xe5/0x180 [ 111.581369] [<ffffffff82753140>] ?
> >> __sock_recv_ts_and_drops+0x260/0x260
> >> [ 111.582518] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.583450]
> >> [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.584417]
> >> [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.585353]
> >> [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.586405]
> >> [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.587434]
> >> [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.588511]
> >> [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.589378]
> >> [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
> >> [ 111.590420] Code: 00 00 e8 e2 64 ef e1 4c 89 ef 80 a3 93 00 00 00 f7
> >> e8 43 65 ef e1 4d 8b 7d 00 4d 85 ff 0f 84 db 03 00 00 4c 89 f7 e8 6e 63 ef e1
> >> <66> 41 83 3e 08 0f 84 80 01 00 00 48 8d bc 24 20 01 00 00 31 c0 [
> 111.598579]
> >> RIP [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [
> >> 111.599831] RSP <ffff880026327528> [ 111.600538] CR2:
> 0000000000000000 [
> >> 111.601202] ---[ end trace 827dd66f798de44a ]--- [ 111.602025] Kernel
> panic -
> >> not syncing: Fatal exception in interrupt [ 111.614704] Kernel Offset:
> disabled
> >> [ 111.615249] Rebooting in 60 seconds..
> >>
> >>
> >>
> >>
> >>
> >> [ 31.985039] BUG: Bad page state in process ___ pfn:400c0
> >> [ 31.985680] page:ffffea0001003000 count:0 mapcount:0
> >> mapping:000000000000003c index:0x0
> >> [ 31.986619] flags: 0x10000(mappedtodisk)
> >> [ 31.987081] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag
> set
> >> [ 31.987701] bad because of flags: 0x10000(mappedtodisk)
> >> [ 31.988268] Modules linked in: iptable_filter ip_tables x_tables tipc ...
> >> [ 31.991804] CPU: 3 PID: 2716 Not tainted 4.9.52 #1
> >> [ 31.993608] ffffc90003023b28 ffffffff822ee180 ffffea0001003000
> >> ffffffff827b76c8
> >> [ 31.994792] ffffc90003023b50 ffffffff8215c5e4 0000000000010000
> >> ffffea0001000000
> >> [ 31.995986] 0000000000000009 ffffc90003023b60 ffffffff8215c71f
> >> ffffc90003023c28
> >> [ 31.997380] Call Trace:
> >> [ 31.997780] [<ffffffff822ee180>] dump_stack+0x86/0xc6
> >> [ 31.998460] [<ffffffff8215c5e4>] bad_page+0xc4/0x130
> >> [ 31.999160] [<ffffffff8215c71f>] check_new_page_bad+0x5f/0x70
> >> [ 31.999968] [<ffffffff8215fe5a>] get_page_from_freelist+0x7ca/0xb20
> >> [ 32.000782] [<ffffffff8216123c>] __alloc_pages_nodemask+0xdc/0x220
> >> [ 32.001621] [<ffffffff821a4c18>] alloc_fresh_huge_page+0x68/0xc0
> >> [ 32.002407] [<ffffffff821a590f>] set_max_huge_pages+0x4df/0x530
> >> [ 32.003176] [<ffffffff8230698c>] ? _kstrtoull+0x2c/0x70
> >> [ 32.003841] [<ffffffff821a59ec>]
> nr_hugepages_store_common+0x8c/0xf0
> >> [ 32.004619] [<ffffffff821c2626>] ?
> >> mem_cgroup_commit_charge+0x66/0x430
> >> [ 32.005384] [<ffffffff821a5a83>] nr_hugepages_store+0x13/0x20
> >> [ 32.006176] [<ffffffff822f02bf>] kobj_attr_store+0xf/0x20
> >> [ 32.006838] [<ffffffff82237877>] sysfs_kf_write+0x37/0x40
> >> [ 32.007534] [<ffffffff82236bcc>] kernfs_fop_write+0x11c/0x1b0
> >> [ 32.008258] [<ffffffff821c7068>] __vfs_write+0x28/0x120
> >> [ 32.008931] [<ffffffff820fb23d>] ? __audit_syscall_entry+0xad/0xf0
> >> [ 32.009681] [<ffffffff821c7735>] vfs_write+0xb5/0x1a0
> >> [ 32.010308] [<ffffffff821c8a96>] SyS_write+0x46/0xa0
> >> [ 32.010917] [<ffffffff8204b8fa>] ? trace_do_page_fault+0x5a/0x140
> >> [ 32.011741] [<ffffffff82002bfe>] do_syscall_64+0x7e/0x1a0
> >> [ 32.012476] [<ffffffff825dc0c4>]
> entry_SYSCALL64_slow_path+0x25/0x25
> >> [ 32.013244] Disabling lock debugging due to kernel taint
> >> [ 34.055994] ip6_tables: (C) 2000-2006 Netfilter Core Team
> >>
> >>
> >> -Tommi
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: tipc_udp_send_msg oops in 4.4 when setting link tolerance
2017-11-14 11:35 ` Jon Maloy
@ 2017-11-15 9:42 ` Tommi Rantala
0 siblings, 0 replies; 5+ messages in thread
From: Tommi Rantala @ 2017-11-15 9:42 UTC (permalink / raw)
To: Jon Maloy, Ying Xue, David S. Miller, netdev, tipc-discussion,
linux-kernel
On 14.11.2017 13:35, Jon Maloy wrote:
>> Found it, the missing patch is this one (9b3009604b8e does not help):
>>
>> commit d01332f1acacc0cb43a61f4244dd2b846d4cd585
>> Author: Richard Alpe <richard.alpe@ericsson.com>
>> Date: Mon Feb 1 08:19:56 2016 +0100
>>
>> tipc: fix link attribute propagation bug
>>
>>
>> It does not apply as-is to 4.4, so backported it, see below.
>> Does it look good? I can send it forward to Greg for inclusion in 4.4.
>
> Yes. I would be very grateful if you do.
OK, sent the patch to stable@vger.kernel.org
>> But with this patch included, I can easily reproduce the "BUG: Bad page state
>> in process git" issue also in 4.4 like this:
>>
>> $ tipc link set tolerance 100 link $LINKNAME $ cd /tmp && git clone
>> /path/to/linux-stable
>>
>> I can try to debug that a bit more to see if I can figure it out.
>
> I would appreciate that. If this turns out to also be an already fixed bug (most likely) you can send that directly to GKH too.
> If you find a bug that requires a new patch send it to tipc-discussion for review first.
>
> Finally, I want to say that I very much appreciate users like you, who try solving the problems themselves and contribute to the code.
> We are right now in an upgrade phase of TIPC, where we have been/are adding new features to TIPC (overlapping ring neighbor monitoring, group communication, new addressing model, performance improvements...) which inevitably entail some new bugs, but I expect the frequency of these changes/improvements to TIPC go down in a few months, and with that the number of fixes needed.
Thanks!
After more testing, I noticed that I could only reproduce the "BUG: Bad
page state" in a single machine, so maybe something wrong with the
machine, and not with tipc.
-Tommi
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-11-15 9:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-13 16:23 tipc_udp_send_msg oops in 4.4 when setting link tolerance Tommi Rantala
2017-11-13 21:25 ` Jon Maloy
2017-11-14 10:15 ` Tommi Rantala
2017-11-14 11:35 ` Jon Maloy
2017-11-15 9:42 ` Tommi Rantala
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).