[E1000-devel] ixgbe NULL pointer dereference on ubuntu-5.8.0-25-generic

Dmitry Kravkov Mon, 22 Feb 2021 07:19:50 -0800

Hi All

I'm hitting the following bug during unload inbox driver and
insmod'ing 5.9.4 (also happens with 5.10.2):


[ 1739.889642] BUG: kernel NULL pointer dereference, address:
00000000000004f0
[ 1739.897969] #PF: supervisor read access in kernel mode
[ 1739.904155] #PF: error_code(0x0000) - not-present page
[ 1739.910327] PGD 0 P4D 0
[ 1739.913648] Oops: 0000 [#1] SMP PTI
[ 1739.917985] CPU: 16 PID: 0 Comm: swapper/16 Kdump: loaded Tainted: G
      OE     5.8.0-25-generic #26-Ubuntu
[ 1739.929943] Hardware name:  /, BIOS 2.2.2 01/16/2014
[ 1739.936043] RIP: 0010:eth_get_headlen+0x26/0xb0
[ 1739.941625] Code: 00 00 00 00 66 66 66 66 90 55 48 89 e5 41 54 53 89 d3
48 83 ec 18 65 48 8b 04 25 28 00 00 00 48 89 45 e8 31 c0 83 fa 0d 76 7e
<48> 8b bf f0 04 00 00 6a 01 49 89 f0 49 89 f4 52 48 8d 4d dc 48 c7
[ 1739.963567] RSP: 0018:ffffbe2506798db8 EFLAGS: 00010216
[ 1739.969961] RAX: 0000000000000000 RBX: 00000000000005ea RCX:
0000000000000002
[ 1739.978453] RDX: 00000000000005ea RSI: ffff9f6fb733c0c0 RDI:
0000000000000000
[ 1739.986957] RBP: ffffbe2506798de0 R08: 0000000000000000 R09:
ffff9f733306ff00
[ 1739.995423] R10: 00000000000005ea R11: 0000000000000100 R12:
ffff9f727b2c0740
[ 1740.003871] R13: ffff9f724b0e6010 R14: 00000000400a838d R15:
0000000000000000
[ 1740.012330] FS:  0000000000000000(0000) GS:ffff9f733fa00000(0000)
knlGS:0000000000000000
[ 1740.021848] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1740.028757] CR2: 00000000000004f0 CR3: 00000002c740a001 CR4:
00000000000606e0
[ 1740.037209] Call Trace:
[ 1740.040425]  <IRQ>
[ 1740.043154]  ixgbe_process_skb_fields+0x55/0x260 [ixgbe]
[ 1740.049577]  ixgbe_poll+0x52b/0x12c0 [ixgbe]
[ 1740.054809]  napi_poll+0x96/0x1b0
[ 1740.058985]  net_rx_action+0xb8/0x1c0
[ 1740.063575]  __do_softirq+0xd0/0x2a1
[ 1740.068055]  asm_call_irq_on_stack+0x12/0x20
[ 1740.073345]  </IRQ>
[ 1740.076223]  do_softirq_own_stack+0x3d/0x50
[ 1740.081402]  irq_exit_rcu+0x95/0xd0
[ 1740.085829]  common_interrupt+0x7c/0x150
[ 1740.090730]  asm_common_interrupt+0x1e/0x40
[ 1740.095941] RIP: 0010:cpuidle_enter_state+0xb4/0x3f0
[ 1740.102049] Code: 65 8b 3d 3f fb c6 58 e8 4a 5d 74 ff 48 89 45 d0 66 66
66 66 90 31 ff e8 fa 68 74 ff 80 7d c7 00 0f 85 d3 01 00 00 fb 66 66 90
<66> 66 90 45 85 e4 0f 88 df 01 00 00 49 63 d4 48 8d 04 52 48 8d 0c
[ 1740.124194] RSP: 0018:ffffbe250634fe48 EFLAGS: 00000246
[ 1740.130699] RAX: ffff9f733fa2c6c0 RBX: ffffde14bfa00f00 RCX:
000000000000001f
[ 1740.139315] RDX: 0000000000000000 RSI: 000000003333373a RDI:
0000000000000000
[ 1740.147943] RBP: ffffbe250634fe88 R08: 000001951980e894 R09:
000000002840a000
[ 1740.156580] R10: 00000000000002b9 R11: ffff9f733fa2b364 R12:
0000000000000005
[ 1740.165266] R13: ffffffffa856adc0 R14: 0000000000000005 R15:
0000000000000000
[ 1740.173911]  ? cpuidle_enter_state+0xa6/0x3f0
[ 1740.179470]  cpuidle_enter+0x2e/0x40
[ 1740.184136]  cpuidle_idle_call+0x145/0x200
[ 1740.189359]  do_idle+0x7a/0xe0
[ 1740.193426]  cpu_startup_entry+0x20/0x30
[ 1740.198466]  start_secondary+0xe6/0x100
[ 1740.203425]  secondary_startup_64+0xb6/0xc0
[ 1740.208779] Modules linked in: igb_uio(OE) ice(OE) i40e(OE) ixgbe(OE)
dell_rbu vxlan ip6_udp_tunnel udp_tunnel ip6table_filter ip6table_raw
ip6_tables mpt3sas raid_class scsi_transport_sas mptctl mptbase
xt_conntrack iptable_filter xt_tcpudp xt_CT nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 iptable_raw bpfilter intel_rapl_msr intel_rapl_common
sb_edac iTCO_wdt intel_pmc_bxt iTCO_vendor_support x86_pkg_temp_thermal
mgag200 intel_powerclamp drm_kms_helper cec rc_core coretemp drm kvm_intel
i2c_algo_bit fb_sys_fops syscopyarea kvm sysfillrect sysimgblt rapl
intel_cstate joydev pcspkr input_leds mei_me mei ipmi_si acpi_power_meter
evbug ipmi_devintf lpc_ich ipmi_msghandler mac_hid ip_tables x_tables
dm_multipath crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel
uas crypto_simd cryptd glue_helper xfrm_algo usb_storage megaraid_sas dca
tg3 wmi hid_generic usbkbd usbmouse usbhid hid btrfs blake2b_generic
libcrc32c xor raid6_pq sunrpc dm_mirror dm_region_hash dm_log be2iscsi
bnx2i cnic
[ 1740.208816]  uio cxgb4i cxgb4 cxgb3i cxgb3 mdio libcxgbi libcxgb qla4xxx
iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi
autofs4 [last unloaded: igb_uio]
[ 1740.331702] CR2: 00000000000004f0


Any chance that skb->dev is set to zero in  ixgbe_set_rsc_gso_size ?

I noticed that in kernel code ixgbe_set_rsc_gso_size() calls
skb_headlen(skb) and not eth_get_headlen(skb->dev, skb->data,
skb_headlen(skb));


-- 
Thanks,
Dmitry

_______________________________________________
E1000-devel mailing list
E1000-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/e1000-devel
To learn more about Intel Ethernet, visit 
https://forums.intel.com/s/topic/0TO0P00000018NbWAI/intel-ethernet

[E1000-devel] ixgbe NULL pointer dereference on ubuntu-5.8.0-25-generic

Reply via email to