* Freeze when using ipheth+IPsec+IPv6
@ 2018-06-05 8:54 Yves-Alexis Perez
2018-06-06 8:21 ` Yves-Alexis Perez
0 siblings, 1 reply; 6+ messages in thread
From: Yves-Alexis Perez @ 2018-06-05 8:54 UTC (permalink / raw)
To: linux-kernel, David S. Miller, Hans Liljestrand, David Windsor,
Kees Cook, Reshetova, Elena, Kirill Tkhai, Al Viro, Cong Wang,
Mateusz Jurczyk, Denys Vlasenko, David Herrmann, netdev,
Alexander Kappner, Johannes Berg, Gustavo A. R. Silva,
Arvind Yadav, Steffen Klassert, Herbert Xu
[-- Attachment #1.1: Type: text/plain, Size: 996 bytes --]
Hi,
since some kernels releases (I didn't test thorougly but at least 4.16
and 4.17) I have regular freezes in certain situations on my laptop.
It seems to happen when I:
- tether using my iPhone (involving ipheth)
- mount an IPsec tunnel over IPv4
- run evolution to fetch my mail (IMAP traffic over IPv6 inside the IPv4
IPsec tunnel)
When I do that, the interface seems to freeze. Last time the mouse was
still moving so the kernel didn't completely crash, but the UI was
completely irresponsive. I managed to get the attached log from
/sys/fs/pstore with refcount_t stuff pointing to an underflow.
Since this doesn't happen if all three conditions aren't met, I've added
a lot of people to the CC: list, sorry for the noise.
I can try to add debugging here and there if needed, but any pointer to
where would be helpful. I'm especially puzzled about the presence of
net/unix/af_unix.c:491 unix_sock_destructor+0x97/0xc0 in the log.
Regards,
--
Yves-Alexis
[-- Attachment #1.2: dmesg-crash.txt --]
[-- Type: text/plain, Size: 14641 bytes --]
Oops#1 Part8
<4>[ 2189.388649] ------------[ cut here ]------------
<4>[ 2189.388652] refcount_t: underflow; use-after-free.
<4>[ 2189.388691] WARNING: CPU: 3 PID: 30 at /home/corsac/projets/linux/linux/lib/refcount.c:187 refcount_sub_and_test+0x3e/0x50
<4>[ 2189.388692] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel ipheth bnep rtsx_pci_sdmmc iwlmvm snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi iwlwifi snd_hda_intel rtsx_pci snd_hda_codec snd_hwdep snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
<4>[ 2189.388713] CPU: 3 PID: 30 Comm: ksoftirqd/3 Tainted: G T 4.17.0 #22
<4>[ 2189.388714] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
<4>[ 2189.388718] RIP: 0010:refcount_sub_and_test+0x3e/0x50
<4>[ 2189.388720] RSP: 0000:ffff93e640dabdc0 EFLAGS: 00010282
<4>[ 2189.388722] RAX: 0000000000000000 RBX: ffff8d00bac82000 RCX: 0000000000000006
<4>[ 2189.388723] RDX: 0000000000000007 RSI: 0000000000000096 RDI: ffff8d014dd95610
<4>[ 2189.388724] RBP: ffff8d00bac82144 R08: 00000000000003b3 R09: 0000000000000004
<4>[ 2189.388725] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8d014dda1100
<4>[ 2189.388726] R13: 0000000000000000 R14: 909c6c76983bd4d2 R15: 13146644b16dc153
<4>[ 2189.388728] FS: 0000000000000000(0000) GS:ffff8d014dd80000(0000) knlGS:0000000000000000
<4>[ 2189.388729] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 2189.388731] CR2: 0000755942c8c000 CR3: 000000006620a004 CR4: 00000000003606e0
<4>[ 2189.388732] Call Trace:
<4>[ 2189.388738] sock_wfree+0x40/0x60
<4>[ 2189.388743] unix_destruct_scm+0x7b/0xa0
<4>[ 2189.388747] skb_release_head_state+0x59/0x90
<4>[ 2189.388751] skb_release_all+0x9/0x20
<4>[ 2189.388753] __kfree_skb_defer+0x19/0x50
Oops#1 Part7
<4>[ 2189.388757] net_tx_action+0xf0/0x2d0
<4>[ 2189.388760] __do_softirq+0xdb/0x220
<4>[ 2189.388766] ? sort_range+0x20/0x20
<4>[ 2189.388768] run_ksoftirqd+0x1f/0x30
<4>[ 2189.388771] smpboot_thread_fn+0x11f/0x1e0
<4>[ 2189.388775] kthread+0x109/0x120
<4>[ 2189.388779] ? kthread_create_worker_on_cpu+0x70/0x70
<4>[ 2189.388783] ret_from_fork+0x35/0x40
<4>[ 2189.388785] Code: c9 75 0c f0 0f b1 16 75 27 85 d2 0f 94 c0 c3 80 3d ab 82 f4 00 00 75 15 48 c7 c7 b8 a5 fd bd c6 05 9b 82 f4 00 01 e8 22 13 d4 ff <0f> 0b 31 c0 c3 83 f8 ff 75 bf eb f6 66 0f 1f 44 00 00 48 89 fe
<4>[ 2189.388825] ---[ end trace b06d93f176d25117 ]---
<4>[ 2189.388848] WARNING: CPU: 3 PID: 30 at /home/corsac/projets/linux/linux/net/unix/af_unix.c:491 unix_sock_destructor+0x97/0xc0
<4>[ 2189.388849] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel ipheth bnep rtsx_pci_sdmmc iwlmvm snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi iwlwifi snd_hda_intel rtsx_pci snd_hda_codec snd_hwdep snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
<4>[ 2189.388866] CPU: 3 PID: 30 Comm: ksoftirqd/3 Tainted: G W T 4.17.0 #22
<4>[ 2189.388867] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
<4>[ 2189.388869] RIP: 0010:unix_sock_destructor+0x97/0xc0
<4>[ 2189.388871] RSP: 0000:ffff93e640dabda8 EFLAGS: 00010286
<4>[ 2189.388872] RAX: 0000000000000000 RBX: ffff8d00bac82000 RCX: 0000000000000000
<4>[ 2189.388873] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 0000000000000282
<4>[ 2189.388875] RBP: ffff8d00bac82000 R08: ffff8d0084796430 R09: ffff93e640dabd50
<4>[ 2189.388876] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8d014dda1100
<4>[ 2189.388877] R13: 0000000000000000 R14: 909c6c76983bd4d2 R15: 13146644b16dc153
Oops#1 Part6
<4>[ 2189.388879] FS: 0000000000000000(0000) GS:ffff8d014dd80000(0000) knlGS:0000000000000000
<4>[ 2189.388880] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 2189.388881] CR2: 0000755942c8c000 CR3: 000000006620a004 CR4: 00000000003606e0
<4>[ 2189.388882] Call Trace:
<4>[ 2189.388886] __sk_destruct+0x1f/0x140
<4>[ 2189.388888] unix_destruct_scm+0x7b/0xa0
<4>[ 2189.388891] skb_release_head_state+0x59/0x90
<4>[ 2189.388894] skb_release_all+0x9/0x20
<4>[ 2189.388894] ------------[ cut here ]------------
<4>[ 2189.388896] refcount_t: addition on 0; use-after-free.
<4>[ 2189.388898] __kfree_skb_defer+0x19/0x50
<4>[ 2189.388901] net_tx_action+0xf0/0x2d0
<4>[ 2189.388906] WARNING: CPU: 0 PID: 1094 at /home/corsac/projets/linux/linux/lib/refcount.c:102 refcount_add+0x26/0x30
<4>[ 2189.388907] Modules linked in: esp4
<4>[ 2189.388910] __do_softirq+0xdb/0x220
<4>[ 2189.388911] xfrm6_mode_tunnel
<4>[ 2189.388915] ? sort_range+0x20/0x20
<4>[ 2189.388915] xfrm4_mode_tunnel ipheth
<4>[ 2189.388918] run_ksoftirqd+0x1f/0x30
<4>[ 2189.388918] bnep
<4>[ 2189.388920] smpboot_thread_fn+0x11f/0x1e0
<4>[ 2189.388921] rtsx_pci_sdmmc
<4>[ 2189.388924] kthread+0x109/0x120
<4>[ 2189.388925] iwlmvm
<4>[ 2189.388927] ? kthread_create_worker_on_cpu+0x70/0x70
<4>[ 2189.388928] snd_hda_codec_realtek
<4>[ 2189.388932] ret_from_fork+0x35/0x40
<4>[ 2189.388932] snd_hda_codec_generic snd_hda_codec_hdmi
<4>[ 2189.388933] Code:
<4>[ 2189.388935] iwlwifi
<4>[ 2189.388936] e8 ff
<4>[ 2189.388937] snd_hda_intel rtsx_pci
<4>[ 2189.388938] f0 f2 ff 5b be
<4>[ 2189.388941] snd_hda_codec snd_hwdep
<4>[ 2189.388942] 00 02
<4>[ 2189.388944] snd_hda_core
<4>[ 2189.388944] 00 00
<4>[ 2189.388945] snd_pcm thinkpad_acpi
Oops#1 Part5
<4>[ 2189.388947] 48
<4>[ 2189.388947] efivarfs input_leds
<4>[ 2189.388949] c7
<4>[ 2189.388951] c7
<4>[ 2189.388952] CPU: 0 PID: 1094 Comm: Xorg Tainted: G W T 4.17.0 #22
<4>[ 2189.388953] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
<4>[ 2189.388954] 5c
<4>[ 2189.388957] RIP: 0010:refcount_add+0x26/0x30
<4>[ 2189.388958] c3
<4>[ 2189.388959] RSP: 0018:ffff93e64167bbe0 EFLAGS: 00010286
<4>[ 2189.388960] 7b
<4>[ 2189.388961] RAX: 0000000000000000 RBX: ffff93e64167bc18 RCX: 0000000000000000
<4>[ 2189.388963] RDX: ffff8d014dc1c540 RSI: ffff8d014dc15618 RDI: ffff8d014dc15618
<4>[ 2189.388963] bd
<4>[ 2189.388965] RBP: ffffffffbd0d1570 R08: 00000000000003e6 R09: 0000000000000004
<4>[ 2189.388966] R10: ffff8d01449ee000 R11: 0000000000000001 R12: ffff93e64167bc94
<4>[ 2189.388967] 5d e9
<4>[ 2189.388969] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8d00bac82000
<4>[ 2189.388970] FS: 00007559523e76c0(0000) GS:ffff8d014dc00000(0000) knlGS:0000000000000000
<4>[ 2189.388971] 2c 91
<4>[ 2189.388973] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 2189.388975] CR2: 00007e917c21a000 CR3: 00000002431c8002 CR4: 00000000003606f0
<4>[ 2189.388976] 8d
<4>[ 2189.388977] Call Trace:
<4>[ 2189.388977] ff 48 89 ef
<4>[ 2189.388983] sock_alloc_send_pskb+0x20c/0x230
<4>[ 2189.388984] e8 24 73
<4>[ 2189.388987] unix_stream_sendmsg+0x2bf/0x3d0
<4>[ 2189.388988] 9f ff eb be
<4>[ 2189.388993] sock_sendmsg+0x31/0x40
<4>[ 2189.388994] 0f
<4>[ 2189.388996] sock_write_iter+0x88/0xf0
<4>[ 2189.388997] 0b 48 83
<4>[ 2189.389002] do_iter_readv_writev+0x147/0x1a0
<4>[ 2189.389005] 7b
<4>[ 2189.389007] do_iter_write+0x81/0x1a0
<4>[ 2189.389008] 70
<4>[ 2189.389010] vfs_writev+0xd1/0x160
<4>[ 2189.389011] 00 74
Oops#1 Part4
<4>[ 2189.389013] ? __sys_recvmsg+0x71/0xb0
<4>[ 2189.389016] ? __fget+0x6f/0xb0
<4>[ 2189.389016] 8b <0f> 0b
<4>[ 2189.389019] ? do_writev+0x5c/0xf0
<4>[ 2189.389021] do_writev+0x5c/0xf0
<4>[ 2189.389022] 48 83 bb
<4>[ 2189.389025] do_syscall_64+0x72/0x1c0
<4>[ 2189.389026] 60
<4>[ 2189.389029] entry_SYSCALL_64_after_hwframe+0x44/0xa9
<4>[ 2189.389029] 02 00
<4>[ 2189.389031] RIP: 0033:0x75594f801017
<4>[ 2189.389033] RSP: 002b:00007ffdf628f130 EFLAGS: 00000293
<4>[ 2189.389033] 00
<4>[ 2189.389034] ORIG_RAX: 0000000000000014
<4>[ 2189.389035] 00
<4>[ 2189.389037] RAX: ffffffffffffffda RBX: 000000000000004b RCX: 000075594f801017
<4>[ 2189.389037] 74
<4>[ 2189.389039] RDX: 0000000000000001 RSI: 00007ffdf628f430 RDI: 000000000000004b
<4>[ 2189.389039] 89
<4>[ 2189.389041] RBP: 00007ffdf628f430 R08: 0000000000000000 R09: 0000616b576c78e0
<4>[ 2189.389041] 0f
<4>[ 2189.389043] R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000000001
<4>[ 2189.389043] 0b
<4>[ 2189.389045] R13: 00007ffdf628f430 R14: 0000000000000020 R15: 0000616b57691c80
<4>[ 2189.389046] eb 85
<4>[ 2189.389047] Code:
<4>[ 2189.389048] 48
<4>[ 2189.389049] 00 00
<4>[ 2189.389050] 89
<4>[ 2189.389051] 00
<4>[ 2189.389052] de
<4>[ 2189.389053] 00
<4>[ 2189.389054] 5b
<4>[ 2189.389055] 00
<4>[ 2189.389055] 48
<4>[ 2189.389057] e8 8b
<4>[ 2189.389058] ---[ end trace b06d93f176d25118 ]---
<4>[ 2189.389059] ff ff ff 84 c0 74 01 c3 80 3d 76 83 f4 00 00 75 f6 48 c7 c7 58 a5 fd bd c6 05 66 83 f4 00 01 e8 ea 13 d4 ff <0f> 0b c3 0f 1f 80 00 00 00 00 8b
<4>[ 2189.389090] WARNING: CPU: 3 PID: 30 at /home/corsac/projets/linux/linux/net/unix/af_unix.c:492 unix_sock_destructor+0xa3/0xc0
<4>[ 2189.389090] Modules linked in:
<4>[ 2189.389091] 07
<4>[ 2189.389092] esp4
<4>[ 2189.389093] 8d 50
Oops#1 Part3
<4>[ 2189.389094] xfrm6_mode_tunnel
<4>[ 2189.389095] 01 85
<4>[ 2189.389097] xfrm4_mode_tunnel
<4>[ 2189.389097] c0 74
<4>[ 2189.389099] ipheth
<4>[ 2189.389100] 35 85
<4>[ 2189.389101] bnep rtsx_pci_sdmmc
<4>[ 2189.389103] d2
<4>[ 2189.389104] iwlmvm
<4>[ 2189.389106] ---[ end trace b06d93f176d25119 ]---
<4>[ 2189.389106] snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi iwlwifi snd_hda_intel rtsx_pci snd_hda_codec snd_hwdep snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
<4>[ 2189.389116] CPU: 3 PID: 30 Comm: ksoftirqd/3 Tainted: G W T 4.17.0 #22
<4>[ 2189.389117] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
<4>[ 2189.389119] RIP: 0010:unix_sock_destructor+0xa3/0xc0
<4>[ 2189.389121] RSP: 0000:ffff93e640dabda8 EFLAGS: 00010286
<4>[ 2189.389123] RAX: 0000000000000000 RBX: ffff8d00bac82000 RCX: 0000000000000000
<4>[ 2189.389124] RDX: 0000000000000001 RSI: 0000000000000282 RDI: 0000000000000282
<4>[ 2189.389126] RBP: ffff8d00bac82000 R08: ffff8d0084796430 R09: ffff93e640dabd50
<4>[ 2189.389127] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8d014dda1100
<4>[ 2189.389128] R13: 0000000000000000 R14: 909c6c76983bd4d2 R15: 13146644b16dc153
<4>[ 2189.389130] FS: 0000000000000000(0000) GS:ffff8d014dd80000(0000) knlGS:0000000000000000
<4>[ 2189.389131] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 2189.389133] CR2: 0000755942c8c000 CR3: 000000006620a004 CR4: 00000000003606e0
<4>[ 2189.389134] Call Trace:
<4>[ 2189.389138] __sk_destruct+0x1f/0x140
<4>[ 2189.389141] unix_destruct_scm+0x7b/0xa0
<4>[ 2189.389145] skb_release_head_state+0x59/0x90
<4>[ 2189.389148] skb_release_all+0x9/0x20
<4>[ 2189.389150] __kfree_skb_defer+0x19/0x50
<4>[ 2189.389153] net_tx_action+0xf0/0x2d0
Oops#1 Part2
<4>[ 2189.389155] __do_softirq+0xdb/0x220
<4>[ 2189.389159] ? sort_range+0x20/0x20
<4>[ 2189.389163] run_ksoftirqd+0x1f/0x30
<4>[ 2189.389165] smpboot_thread_fn+0x11f/0x1e0
<4>[ 2189.389168] kthread+0x109/0x120
<4>[ 2189.389171] ? kthread_create_worker_on_cpu+0x70/0x70
<4>[ 2189.389174] ret_from_fork+0x35/0x40
<4>[ 2189.389176] Code: c7 c7 5c c3 7b bd 5d e9 2c 91 8d ff 48 89 ef e8 24 73 9f ff eb be 0f 0b 48 83 7b 70 00 74 8b 0f 0b 48 83 bb 60 02 00 00 00 74 89 <0f> 0b eb 85 48 89 de 5b 48 c7 c7 60 78 05 be 5d e9 31 74 92 ff
<4>[ 2189.389222] ---[ end trace b06d93f176d2511a ]---
<6>[ 2189.389224] unix: Attempt to release alive unix socket: 000000003dc67149
<1>[ 2190.401779] BUG: unable to handle kernel paging request at ffffffffbd3e3680
<6>[ 2190.401785] PGD 6620c067 P4D 6620c067 PUD 6620d063 PMD 652000e1
<4>[ 2190.401790] Oops: 0003 [#1] PREEMPT SMP PTI
<4>[ 2190.401792] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel ipheth bnep rtsx_pci_sdmmc iwlmvm snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi iwlwifi snd_hda_intel rtsx_pci snd_hda_codec snd_hwdep snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
<4>[ 2190.401806] CPU: 2 PID: 4119 Comm: evolution Tainted: G W T 4.17.0 #22
<4>[ 2190.401808] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
<4>[ 2190.401813] RIP: 0010:queued_spin_lock_slowpath+0xe4/0x1a0
<4>[ 2190.401815] RSP: 0018:ffff93e642373c60 EFLAGS: 00010282
<4>[ 2190.401817] RAX: ffffffffbd3e3680 RBX: 0000000000000008 RCX: ffff8d014dd20880
<4>[ 2190.401818] RDX: 0000000000001084 RSI: 0000000042161000 RDI: ffff8d00bac82340
<4>[ 2190.401820] RBP: ffff8d00bac82340 R08: 00000000000c0000 R09: ffff8d0142385000
<4>[ 2190.401821] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8d0142385000
Oops#1 Part1
<4>[ 2190.401823] R13: 0000000000000000 R14: ffff8d00bac82000 R15: ffff8d0144916800
<4>[ 2190.401825] FS: 0000746978d9bf80(0000) GS:ffff8d014dd00000(0000) knlGS:0000000000000000
<4>[ 2190.401827] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 2190.401829] CR2: ffffffffbd3e3680 CR3: 00000001844d6005 CR4: 00000000003606e0
<4>[ 2190.401830] Call Trace:
<4>[ 2190.401835] unix_stream_sendmsg+0x1df/0x3d0
<4>[ 2190.401839] sock_sendmsg+0x31/0x40
<4>[ 2190.401842] sock_write_iter+0x88/0xf0
<4>[ 2190.401846] do_iter_readv_writev+0x147/0x1a0
<4>[ 2190.401848] do_iter_write+0x81/0x1a0
<4>[ 2190.401851] vfs_writev+0xd1/0x160
<4>[ 2190.401854] ? __fget+0x6f/0xb0
<4>[ 2190.401857] ? do_writev+0x5c/0xf0
<4>[ 2190.401859] do_writev+0x5c/0xf0
<4>[ 2190.401863] do_syscall_64+0x72/0x1c0
<4>[ 2190.401866] entry_SYSCALL_64_after_hwframe+0x44/0xa9
<4>[ 2190.401868] RIP: 0033:0x746973a7c017
<4>[ 2190.401870] RSP: 002b:00007ffd99341b60 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
<4>[ 2190.401872] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000746973a7c017
<4>[ 2190.401873] RDX: 0000000000000003 RSI: 00007ffd99341d10 RDI: 0000000000000004
<4>[ 2190.401875] RBP: 00007ffd99341d10 R08: 0000000000000000 R09: 0000000000000000
<4>[ 2190.401876] R10: 00000000000000b0 R11: 0000000000000293 R12: 0000000000000003
<4>[ 2190.401878] R13: 00007ffd99341c94 R14: 000060ed17d42a98 R15: 00007ffd99341c98
<4>[ 2190.401880] Code: 89 c2 c1 e2 10 85 d2 0f 84 cc 00 00 00 c1 ea 12 83 e0 03 83 ea 01 48 c1 e0 04 48 63 d2 48 05 80 08 02 00 48 03 04 d5 80 54 06 be <48> 89 08 8b 41 08 85 c0 75 09 f3 90 8b 41 08 85 c0 74 f7 4c 8b
<1>[ 2190.401909] RIP: queued_spin_lock_slowpath+0xe4/0x1a0 RSP: ffff93e642373c60
<4>[ 2190.401910] CR2: ffffffffbd3e3680
<4>[ 2190.401912] ---[ end trace b06d93f176d2511b ]---
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Freeze when using ipheth+IPsec+IPv6
2018-06-05 8:54 Freeze when using ipheth+IPsec+IPv6 Yves-Alexis Perez
@ 2018-06-06 8:21 ` Yves-Alexis Perez
2018-11-29 23:31 ` Kees Cook
0 siblings, 1 reply; 6+ messages in thread
From: Yves-Alexis Perez @ 2018-06-06 8:21 UTC (permalink / raw)
To: linux-kernel, David S. Miller, Hans Liljestrand, David Windsor,
Kees Cook, Reshetova, Elena, Kirill Tkhai, Al Viro, Cong Wang,
Mateusz Jurczyk, Denys Vlasenko, David Herrmann, netdev,
Alexander Kappner, Johannes Berg, Gustavo A. R. Silva,
Arvind Yadav, Steffen Klassert, Herbert Xu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Tue, Jun 05, 2018 at 10:54:51AM +0200, Yves-Alexis Perez wrote:
> Hi,
>
> since some kernels releases (I didn't test thorougly but at least 4.16
> and 4.17) I have regular freezes in certain situations on my laptop.
>
> It seems to happen when I:
>
> - tether using my iPhone (involving ipheth)
> - mount an IPsec tunnel over IPv4
> - run evolution to fetch my mail (IMAP traffic over IPv6 inside the IPv4
> IPsec tunnel)
>
> When I do that, the interface seems to freeze. Last time the mouse was
> still moving so the kernel didn't completely crash, but the UI was
> completely irresponsive. I managed to get the attached log from
> /sys/fs/pstore with refcount_t stuff pointing to an underflow.
Today I had a different behavior. Again same situation (ipheth, IPsec
tunnel, refresh of the LKML folder in Evolution). The kernel didn't
crash/freeze but I had multiple (33309 actually) "recvmsg bug:
copied..." traces like this one:
[ 1555.957599] ------------[ cut here ]------------
[ 1555.957619] recvmsg bug: copied ABEA08B2 seq 1 rcvnxt ABEA0DCE fl 0
[ 1555.957805] WARNING: CPU: 3 PID: 2177 at /home/corsac/projets/linux/linux/net/ipv4/tcp.c:1850 tcp_recvmsg+0x610/0xb40
[ 1555.957813] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel bnep ipheth rtsx_pci_sdmmc snd_hda_codec_realtek iwlmvm snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel iwlwifi snd_hda_codec snd_hwdep rtsx_pci snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
[ 1555.957895] CPU: 3 PID: 2177 Comm: pool Tainted: G T 4.17.0 #22
[ 1555.957902] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
[ 1555.957922] RIP: 0010:tcp_recvmsg+0x610/0xb40
[ 1555.957927] RSP: 0018:ffffb77e010f7cf8 EFLAGS: 00010282
[ 1555.957932] RAX: 0000000000000000 RBX: 00000000abea08b2 RCX: 0000000000000006
[ 1555.957935] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa37a8dd95610
[ 1555.957939] RBP: ffffb77e010f7db8 R08: 00000000000003b4 R09: 0000000000000004
[ 1555.957942] R10: ffffa37a3b1180c8 R11: 0000000000000001 R12: ffffa37a81d40e00
[ 1555.957945] R13: ffffa37a3b118000 R14: ffffa37a3b118524 R15: 0000000000000000
[ 1555.957951] FS: 0000738f795c0700(0000) GS:ffffa37a8dd80000(0000) knlGS:0000000000000000
[ 1555.957954] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1555.957957] CR2: 0000738f0879a028 CR3: 000000024200c006 CR4: 00000000003606e0
[ 1555.957964] Call Trace:
[ 1555.957996] inet_recvmsg+0x5c/0x110
[ 1555.958017] __sys_recvfrom+0xf2/0x160
[ 1555.958030] __x64_sys_recvfrom+0x1f/0x30
[ 1555.958039] do_syscall_64+0x72/0x1c0
[ 1555.958048] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1555.958053] RIP: 0033:0x73901a71deae
[ 1555.958056] RSP: 002b:0000738f795bee50 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[ 1555.958060] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 000073901a71deae
[ 1555.958063] RDX: 0000000000000404 RSI: 0000738f087955a7 RDI: 0000000000000028
[ 1555.958066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1555.958068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000738f087955a7
[ 1555.958071] R13: 0000000000000404 R14: 0000000000000000 R15: ffffffffffffffff
[ 1555.958075] Code: e9 33 fd ff ff 4c 89 e0 41 8b 8d 20 05 00 00 89 de 48 c7 c7 10 47 05 ae 48 89 85 48 ff ff ff 44 8b 85 70 ff ff ff e8 80 0d 93 ff <0f> 0b 48 8b 85 48 ff ff ff e9 ed fd ff ff 41 8b 8d 20 05 00 00
[ 1555.958180] ---[ end trace e7da03c87ec51f13 ]---
(complete log available but it seems that only R08 is changing between
these traces)
Followed by a "recvmsg bug 2:":
[ 1563.657991] ------------[ cut here ]------------
[ 1563.657992] recvmsg bug 2: copied ABEA08B2 seq 6A7E3970 rcvnxt ABECA5EE fl 0
[ 1563.658002] WARNING: CPU: 1 PID: 2177 at /home/corsac/projets/linux/linux/net/ipv4/tcp.c:1864 tcp_recvmsg+0x647/0xb40
[ 1563.658002] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel bnep ipheth rtsx_pci_sdmmc snd_hda_codec_realtek iwlmvm snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel iwlwifi snd_hda_codec snd_hwdep rtsx_pci snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
[ 1563.658016] CPU: 1 PID: 2177 Comm: pool Tainted: G W T 4.17.0 #22
[ 1563.658017] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
[ 1563.658019] RIP: 0010:tcp_recvmsg+0x647/0xb40
[ 1563.658020] RSP: 0018:ffffb77e010f7cf8 EFLAGS: 00010282
[ 1563.658022] RAX: 0000000000000000 RBX: 00000000416bcf42 RCX: 0000000000000006
[ 1563.658023] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa37a8dc95610
[ 1563.658024] RBP: ffffb77e010f7db8 R08: 000000000013fd88 R09: 0000000000000004
[ 1563.658026] R10: ffffa37a3b1180c8 R11: 0000000000000001 R12: ffffa37a81d40e00
[ 1563.658027] R13: ffffa37a3b118000 R14: ffffa37a3b118524 R15: 0000000000000000
[ 1563.658028] FS: 0000738f795c0700(0000) GS:ffffa37a8dc80000(0000) knlGS:0000000000000000
[ 1563.658030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1563.658031] CR2: 00007f967818b048 CR3: 000000024200c003 CR4: 00000000003606e0
[ 1563.658032] Call Trace:
[ 1563.658040] inet_recvmsg+0x5c/0x110
[ 1563.658046] __sys_recvfrom+0xf2/0x160
[ 1563.658054] __x64_sys_recvfrom+0x1f/0x30
[ 1563.658060] do_syscall_64+0x72/0x1c0
[ 1563.658062] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1563.658065] RIP: 0033:0x73901a71deae
[ 1563.658070] RSP: 002b:0000738f795bee50 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[ 1563.658080] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 000073901a71deae
[ 1563.658085] RDX: 0000000000000404 RSI: 0000738f087955a7 RDI: 0000000000000028
[ 1563.658089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1563.658092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000738f087955a7
[ 1563.658097] R13: 0000000000000404 R14: 0000000000000000 R15: ffffffffffffffff
[ 1563.658102] Code: ff ff 41 8b 8d 20 05 00 00 48 c7 c7 40 47 05 ae 4c 89 95 48 ff ff ff 41 8b 54 24 28 44 8b 85 70 ff ff ff 41 8b 36 e8 49 0d 93 ff <0f> 0b 4c 8b 95 48 ff ff ff e9 89 fb ff ff 49 8b 55 60 83 e2 02
[ 1563.658219] ---[ end trace e7da03c87ec5c408 ]---
and finally a NULL pointer dereference:
[ 1563.658223] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[ 1563.658230] PGD 0 P4D 0
[ 1563.658234] Oops: 0000 [#1] PREEMPT SMP PTI
[ 1563.658237] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel bnep ipheth rtsx_pci_sdmmc snd_hda_codec_realtek iwlmvm snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel iwlwifi snd_hda_codec snd_hwdep rtsx_pci snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
[ 1563.658253] CPU: 1 PID: 2177 Comm: pool Tainted: G W T 4.17.0 #22
[ 1563.658255] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
[ 1563.658258] RIP: 0010:tcp_recvmsg+0x1eb/0xb40
[ 1563.658260] RSP: 0018:ffffb77e010f7cf8 EFLAGS: 00010282
[ 1563.658263] RAX: 0000000000000000 RBX: 00000000416bcf42 RCX: 0000000000000006
[ 1563.658265] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa37a8dc95610
[ 1563.658268] RBP: ffffb77e010f7db8 R08: 000000000013fd88 R09: 0000000000000004
[ 1563.658270] R10: ffffa37a3b1180c8 R11: 0000000000000001 R12: ffffa37a81d40e00
[ 1563.658272] R13: ffffa37a3b118000 R14: ffffa37a3b118524 R15: 0000000000000000
[ 1563.658275] FS: 0000738f795c0700(0000) GS:ffffa37a8dc80000(0000) knlGS:0000000000000000
[ 1563.658278] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1563.658280] CR2: 0000000000000028 CR3: 000000024200c003 CR4: 00000000003606e0
[ 1563.658282] Call Trace:
[ 1563.658287] inet_recvmsg+0x5c/0x110
[ 1563.658291] __sys_recvfrom+0xf2/0x160
[ 1563.658295] __x64_sys_recvfrom+0x1f/0x30
[ 1563.658298] do_syscall_64+0x72/0x1c0
[ 1563.658302] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1563.658304] RIP: 0033:0x73901a71deae
[ 1563.658306] RSP: 002b:0000738f795bee50 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[ 1563.658309] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 000073901a71deae
[ 1563.658311] RDX: 0000000000000404 RSI: 0000738f087955a7 RDI: 0000000000000028
[ 1563.658312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1563.658314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000738f087955a7
[ 1563.658316] R13: 0000000000000404 R14: 0000000000000000 R15: ffffffffffffffff
[ 1563.658318] Code: 8b 44 24 78 41 39 d8 77 57 41 f6 44 24 34 01 0f 85 24 01 00 00 45 85 ff 0f 84 40 04 00 00 49 8b 04 24 49 39 c2 0f 84 1d 02 00 00 <8b> 50 28 41 8b 1e 39 d3 0f 88 f4 03 00 00 49 89 c4 29 d3 41 f6
[ 1563.658365] RIP: tcp_recvmsg+0x1eb/0xb40 RSP: ffffb77e010f7cf8
[ 1563.658366] CR2: 0000000000000028
[ 1563.658369] ---[ end trace e7da03c87ec5c409 ]---
If you need more information, please ask.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlsXmYcACgkQ3rYcyPpX
RFtK6QgArIJyLOT8Lot0jdQehm9MfL6iNUWNSHbEckhK80zYQCLUodj8VQJsmeu1
1hZwvg/Kuw0vxLG3i744NxcbCncfoaBUkZHoUmCZxFzyUeQVviAf9EaLp6cU0JPk
ZBSKPeoPMF9WlBKecV9O/j6T6FRjbSmV/J7esj6vNFXm3iwOh1Yp0cugpU+j+/IA
BxWVkKWZqS/uxtXaakoYdYOvrcRRpxcGKNXHajGW2AKXqybfoPgx0tSWzQ8bpn/o
3NtU9AL5flo4CgmnSY+qXtwT1fnNEtSVbbRmWyrMRpzzLLzTE2v4Pn5043J1Q1C6
EmfVzeYke69MSSGG/fqrLeEV6PzLZQ==
=C7Mx
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Freeze when using ipheth+IPsec+IPv6
2018-06-06 8:21 ` Yves-Alexis Perez
@ 2018-11-29 23:31 ` Kees Cook
2018-11-29 23:52 ` David Miller
0 siblings, 1 reply; 6+ messages in thread
From: Kees Cook @ 2018-11-29 23:31 UTC (permalink / raw)
To: Yves-Alexis Perez
Cc: LKML, David S. Miller, Hans Liljestrand, David Windsor,
Reshetova, Elena, Kirill Tkhai, Al Viro, WANG Cong,
Mateusz Jurczyk, Denys Vlasenko, David Herrmann,
Network Development, agk, Johannes Berg, Gustavo A. R. Silva,
Arvind Yadav, Steffen Klassert, Herbert Xu
On Wed, Jun 6, 2018 at 1:21 AM Yves-Alexis Perez <corsac@corsac.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Tue, Jun 05, 2018 at 10:54:51AM +0200, Yves-Alexis Perez wrote:
> > Hi,
> >
> > since some kernels releases (I didn't test thorougly but at least 4.16
> > and 4.17) I have regular freezes in certain situations on my laptop.
> >
> > It seems to happen when I:
> >
> > - tether using my iPhone (involving ipheth)
> > - mount an IPsec tunnel over IPv4
> > - run evolution to fetch my mail (IMAP traffic over IPv6 inside the IPv4
> > IPsec tunnel)
> >
> > When I do that, the interface seems to freeze. Last time the mouse was
> > still moving so the kernel didn't completely crash, but the UI was
> > completely irresponsive. I managed to get the attached log from
> > /sys/fs/pstore with refcount_t stuff pointing to an underflow.
>
> Today I had a different behavior. Again same situation (ipheth, IPsec
> tunnel, refresh of the LKML folder in Evolution). The kernel didn't
> crash/freeze but I had multiple (33309 actually) "recvmsg bug:
> copied..." traces like this one:
>
>
> [ 1555.957599] ------------[ cut here ]------------
> [ 1555.957619] recvmsg bug: copied ABEA08B2 seq 1 rcvnxt ABEA0DCE fl 0
> [ 1555.957805] WARNING: CPU: 3 PID: 2177 at /home/corsac/projets/linux/linux/net/ipv4/tcp.c:1850 tcp_recvmsg+0x610/0xb40
(I'm going through ancient email while I try to catch up from travel...)
Did you ever solve this?
-Kees
> [ 1555.957813] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel bnep ipheth rtsx_pci_sdmmc snd_hda_codec_realtek iwlmvm snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel iwlwifi snd_hda_codec snd_hwdep rtsx_pci snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
> [ 1555.957895] CPU: 3 PID: 2177 Comm: pool Tainted: G T 4.17.0 #22
> [ 1555.957902] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
> [ 1555.957922] RIP: 0010:tcp_recvmsg+0x610/0xb40
> [ 1555.957927] RSP: 0018:ffffb77e010f7cf8 EFLAGS: 00010282
> [ 1555.957932] RAX: 0000000000000000 RBX: 00000000abea08b2 RCX: 0000000000000006
> [ 1555.957935] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa37a8dd95610
> [ 1555.957939] RBP: ffffb77e010f7db8 R08: 00000000000003b4 R09: 0000000000000004
> [ 1555.957942] R10: ffffa37a3b1180c8 R11: 0000000000000001 R12: ffffa37a81d40e00
> [ 1555.957945] R13: ffffa37a3b118000 R14: ffffa37a3b118524 R15: 0000000000000000
> [ 1555.957951] FS: 0000738f795c0700(0000) GS:ffffa37a8dd80000(0000) knlGS:0000000000000000
> [ 1555.957954] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1555.957957] CR2: 0000738f0879a028 CR3: 000000024200c006 CR4: 00000000003606e0
> [ 1555.957964] Call Trace:
> [ 1555.957996] inet_recvmsg+0x5c/0x110
> [ 1555.958017] __sys_recvfrom+0xf2/0x160
> [ 1555.958030] __x64_sys_recvfrom+0x1f/0x30
> [ 1555.958039] do_syscall_64+0x72/0x1c0
> [ 1555.958048] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 1555.958053] RIP: 0033:0x73901a71deae
> [ 1555.958056] RSP: 002b:0000738f795bee50 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
> [ 1555.958060] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 000073901a71deae
> [ 1555.958063] RDX: 0000000000000404 RSI: 0000738f087955a7 RDI: 0000000000000028
> [ 1555.958066] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
> [ 1555.958068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000738f087955a7
> [ 1555.958071] R13: 0000000000000404 R14: 0000000000000000 R15: ffffffffffffffff
> [ 1555.958075] Code: e9 33 fd ff ff 4c 89 e0 41 8b 8d 20 05 00 00 89 de 48 c7 c7 10 47 05 ae 48 89 85 48 ff ff ff 44 8b 85 70 ff ff ff e8 80 0d 93 ff <0f> 0b 48 8b 85 48 ff ff ff e9 ed fd ff ff 41 8b 8d 20 05 00 00
> [ 1555.958180] ---[ end trace e7da03c87ec51f13 ]---
>
> (complete log available but it seems that only R08 is changing between
> these traces)
>
> Followed by a "recvmsg bug 2:":
>
> [ 1563.657991] ------------[ cut here ]------------
> [ 1563.657992] recvmsg bug 2: copied ABEA08B2 seq 6A7E3970 rcvnxt ABECA5EE fl 0
> [ 1563.658002] WARNING: CPU: 1 PID: 2177 at /home/corsac/projets/linux/linux/net/ipv4/tcp.c:1864 tcp_recvmsg+0x647/0xb40
> [ 1563.658002] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel bnep ipheth rtsx_pci_sdmmc snd_hda_codec_realtek iwlmvm snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel iwlwifi snd_hda_codec snd_hwdep rtsx_pci snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
> [ 1563.658016] CPU: 1 PID: 2177 Comm: pool Tainted: G W T 4.17.0 #22
> [ 1563.658017] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
> [ 1563.658019] RIP: 0010:tcp_recvmsg+0x647/0xb40
> [ 1563.658020] RSP: 0018:ffffb77e010f7cf8 EFLAGS: 00010282
> [ 1563.658022] RAX: 0000000000000000 RBX: 00000000416bcf42 RCX: 0000000000000006
> [ 1563.658023] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa37a8dc95610
> [ 1563.658024] RBP: ffffb77e010f7db8 R08: 000000000013fd88 R09: 0000000000000004
> [ 1563.658026] R10: ffffa37a3b1180c8 R11: 0000000000000001 R12: ffffa37a81d40e00
> [ 1563.658027] R13: ffffa37a3b118000 R14: ffffa37a3b118524 R15: 0000000000000000
> [ 1563.658028] FS: 0000738f795c0700(0000) GS:ffffa37a8dc80000(0000) knlGS:0000000000000000
> [ 1563.658030] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1563.658031] CR2: 00007f967818b048 CR3: 000000024200c003 CR4: 00000000003606e0
> [ 1563.658032] Call Trace:
> [ 1563.658040] inet_recvmsg+0x5c/0x110
> [ 1563.658046] __sys_recvfrom+0xf2/0x160
> [ 1563.658054] __x64_sys_recvfrom+0x1f/0x30
> [ 1563.658060] do_syscall_64+0x72/0x1c0
> [ 1563.658062] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 1563.658065] RIP: 0033:0x73901a71deae
> [ 1563.658070] RSP: 002b:0000738f795bee50 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
> [ 1563.658080] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 000073901a71deae
> [ 1563.658085] RDX: 0000000000000404 RSI: 0000738f087955a7 RDI: 0000000000000028
> [ 1563.658089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
> [ 1563.658092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000738f087955a7
> [ 1563.658097] R13: 0000000000000404 R14: 0000000000000000 R15: ffffffffffffffff
> [ 1563.658102] Code: ff ff 41 8b 8d 20 05 00 00 48 c7 c7 40 47 05 ae 4c 89 95 48 ff ff ff 41 8b 54 24 28 44 8b 85 70 ff ff ff 41 8b 36 e8 49 0d 93 ff <0f> 0b 4c 8b 95 48 ff ff ff e9 89 fb ff ff 49 8b 55 60 83 e2 02
> [ 1563.658219] ---[ end trace e7da03c87ec5c408 ]---
>
> and finally a NULL pointer dereference:
>
> [ 1563.658223] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
> [ 1563.658230] PGD 0 P4D 0
> [ 1563.658234] Oops: 0000 [#1] PREEMPT SMP PTI
> [ 1563.658237] Modules linked in: esp4 xfrm6_mode_tunnel xfrm4_mode_tunnel bnep ipheth rtsx_pci_sdmmc snd_hda_codec_realtek iwlmvm snd_hda_codec_generic snd_hda_codec_hdmi snd_hda_intel iwlwifi snd_hda_codec snd_hwdep rtsx_pci snd_hda_core snd_pcm thinkpad_acpi efivarfs input_leds
> [ 1563.658253] CPU: 1 PID: 2177 Comm: pool Tainted: G W T 4.17.0 #22
> [ 1563.658255] Hardware name: LENOVO 20CMCTO1WW/20CMCTO1WW, BIOS N10ET48W (1.27 ) 09/12/2017
> [ 1563.658258] RIP: 0010:tcp_recvmsg+0x1eb/0xb40
> [ 1563.658260] RSP: 0018:ffffb77e010f7cf8 EFLAGS: 00010282
> [ 1563.658263] RAX: 0000000000000000 RBX: 00000000416bcf42 RCX: 0000000000000006
> [ 1563.658265] RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa37a8dc95610
> [ 1563.658268] RBP: ffffb77e010f7db8 R08: 000000000013fd88 R09: 0000000000000004
> [ 1563.658270] R10: ffffa37a3b1180c8 R11: 0000000000000001 R12: ffffa37a81d40e00
> [ 1563.658272] R13: ffffa37a3b118000 R14: ffffa37a3b118524 R15: 0000000000000000
> [ 1563.658275] FS: 0000738f795c0700(0000) GS:ffffa37a8dc80000(0000) knlGS:0000000000000000
> [ 1563.658278] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1563.658280] CR2: 0000000000000028 CR3: 000000024200c003 CR4: 00000000003606e0
> [ 1563.658282] Call Trace:
> [ 1563.658287] inet_recvmsg+0x5c/0x110
> [ 1563.658291] __sys_recvfrom+0xf2/0x160
> [ 1563.658295] __x64_sys_recvfrom+0x1f/0x30
> [ 1563.658298] do_syscall_64+0x72/0x1c0
> [ 1563.658302] entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [ 1563.658304] RIP: 0033:0x73901a71deae
> [ 1563.658306] RSP: 002b:0000738f795bee50 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
> [ 1563.658309] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 000073901a71deae
> [ 1563.658311] RDX: 0000000000000404 RSI: 0000738f087955a7 RDI: 0000000000000028
> [ 1563.658312] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
> [ 1563.658314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000738f087955a7
> [ 1563.658316] R13: 0000000000000404 R14: 0000000000000000 R15: ffffffffffffffff
> [ 1563.658318] Code: 8b 44 24 78 41 39 d8 77 57 41 f6 44 24 34 01 0f 85 24 01 00 00 45 85 ff 0f 84 40 04 00 00 49 8b 04 24 49 39 c2 0f 84 1d 02 00 00 <8b> 50 28 41 8b 1e 39 d3 0f 88 f4 03 00 00 49 89 c4 29 d3 41 f6
> [ 1563.658365] RIP: tcp_recvmsg+0x1eb/0xb40 RSP: ffffb77e010f7cf8
> [ 1563.658366] CR2: 0000000000000028
> [ 1563.658369] ---[ end trace e7da03c87ec5c409 ]---
>
> If you need more information, please ask.
>
> Regards,
> - --
> Yves-Alexis
> -----BEGIN PGP SIGNATURE-----
>
> iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlsXmYcACgkQ3rYcyPpX
> RFtK6QgArIJyLOT8Lot0jdQehm9MfL6iNUWNSHbEckhK80zYQCLUodj8VQJsmeu1
> 1hZwvg/Kuw0vxLG3i744NxcbCncfoaBUkZHoUmCZxFzyUeQVviAf9EaLp6cU0JPk
> ZBSKPeoPMF9WlBKecV9O/j6T6FRjbSmV/J7esj6vNFXm3iwOh1Yp0cugpU+j+/IA
> BxWVkKWZqS/uxtXaakoYdYOvrcRRpxcGKNXHajGW2AKXqybfoPgx0tSWzQ8bpn/o
> 3NtU9AL5flo4CgmnSY+qXtwT1fnNEtSVbbRmWyrMRpzzLLzTE2v4Pn5043J1Q1C6
> EmfVzeYke69MSSGG/fqrLeEV6PzLZQ==
> =C7Mx
> -----END PGP SIGNATURE-----
--
Kees Cook
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Freeze when using ipheth+IPsec+IPv6
2018-11-29 23:31 ` Kees Cook
@ 2018-11-29 23:52 ` David Miller
2018-11-30 0:42 ` Kees Cook
2018-11-30 7:32 ` Yves-Alexis Perez
0 siblings, 2 replies; 6+ messages in thread
From: David Miller @ 2018-11-29 23:52 UTC (permalink / raw)
To: keescook
Cc: corsac, linux-kernel, ishkamiel, dwindsor, elena.reshetova,
ktkhai, viro, xiyou.wangcong, mjurczyk, dvlasenk, dh.herrmann,
netdev, agk, johannes.berg, garsilva, arvind.yadav.cs,
steffen.klassert, herbert
From: Kees Cook <keescook@chromium.org>
Date: Thu, 29 Nov 2018 15:31:25 -0800
> Did you ever solve this?
I think it was fixed by:
commit 45611c61dd503454b2edae00aabe1e429ec49ebe
Author: Bernd Eckstein <3erndeckstein@gmail.com>
Date: Fri Nov 23 13:51:26 2018 +0100
usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Freeze when using ipheth+IPsec+IPv6
2018-11-29 23:52 ` David Miller
@ 2018-11-30 0:42 ` Kees Cook
2018-11-30 7:32 ` Yves-Alexis Perez
1 sibling, 0 replies; 6+ messages in thread
From: Kees Cook @ 2018-11-30 0:42 UTC (permalink / raw)
To: David S. Miller
Cc: Yves-Alexis Perez, LKML, Hans Liljestrand, David Windsor,
Reshetova, Elena, Kirill Tkhai, Al Viro, WANG Cong,
Mateusz Jurczyk, Denys Vlasenko, David Herrmann,
Network Development, agk, Johannes Berg, Gustavo A. R. Silva,
Arvind Yadav, Steffen Klassert, Herbert Xu
On Thu, Nov 29, 2018 at 3:52 PM David Miller <davem@davemloft.net> wrote:
>
> From: Kees Cook <keescook@chromium.org>
> Date: Thu, 29 Nov 2018 15:31:25 -0800
>
> > Did you ever solve this?
>
> I think it was fixed by:
>
> commit 45611c61dd503454b2edae00aabe1e429ec49ebe
> Author: Bernd Eckstein <3erndeckstein@gmail.com>
> Date: Fri Nov 23 13:51:26 2018 +0100
>
> usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
Ah-ha! Thanks. :)
--
Kees Cook
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Freeze when using ipheth+IPsec+IPv6
2018-11-29 23:52 ` David Miller
2018-11-30 0:42 ` Kees Cook
@ 2018-11-30 7:32 ` Yves-Alexis Perez
1 sibling, 0 replies; 6+ messages in thread
From: Yves-Alexis Perez @ 2018-11-30 7:32 UTC (permalink / raw)
To: David Miller, keescook
Cc: linux-kernel, ishkamiel, dwindsor, elena.reshetova, ktkhai, viro,
xiyou.wangcong, mjurczyk, dvlasenk, dh.herrmann, netdev, agk,
johannes.berg, garsilva, arvind.yadav.cs, steffen.klassert,
herbert
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, 2018-11-29 at 15:52 -0800, David Miller wrote:
> From: Kees Cook <keescook@chromium.org>
> Date: Thu, 29 Nov 2018 15:31:25 -0800
>
> > Did you ever solve this?
>
> I think it was fixed by:
>
> commit 45611c61dd503454b2edae00aabe1e429ec49ebe
> Author: Bernd Eckstein <3erndeckstein@gmail.com>
> Date: Fri Nov 23 13:51:26 2018 +0100
>
> usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
Supposedly yes. Bernd Eckstein contacted me with his patch, unfortunately at
that time I wasn't able to reproduce the bug consistently so I wasn't able to
put a Tested-By tag on it.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlwA53cACgkQ3rYcyPpX
RFtB6wgAhwVbajsYNqii7OYSN+Mpd8u9iYKySYceJg2UO1NOkoTxY47iwuHwQ7Aq
QicVI2fgwC4E1kHj4ZnxdZ9w09XZ7k/za5uvc19ZWWopscsyEkq6JeyLWGp/l7xA
OFxUy0NxTi8qkUDXM25dqoLChCAI5NWsHO6LBwbDghI+2A7aCbI092gkbwKDZsja
NBpkVS1LNYoUPRH+aP+kXw+Hzln88pRP9aKyc2+WyEH7AmFGRSPU+qL1snvzLjg/
1bI09LuU56nJe9hr68222MQ1WclOs69HDcSjHxu21LISEpRAUrXzt9ZN6cbTOFD8
LvgtkBAr7/AsQE9/VStCRdswgsW08g==
=O+dv
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-11-30 7:32 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-05 8:54 Freeze when using ipheth+IPsec+IPv6 Yves-Alexis Perez
2018-06-06 8:21 ` Yves-Alexis Perez
2018-11-29 23:31 ` Kees Cook
2018-11-29 23:52 ` David Miller
2018-11-30 0:42 ` Kees Cook
2018-11-30 7:32 ` Yves-Alexis Perez
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).