Re: [Umap2][7/11][160a:3184] NULL pointer dereference

Binyamin Sharet <s.binyamin@xxxxxxxxx> · Thu, 22 Sep 2016 14:46:56 +0300

On Thu, Sep 22, 2016 at 11:18 AM, Binyamin Sharet <s.binyamin@xxxxxxxxx> wrote:
> On Thu, Sep 22, 2016 at 11:02 AM, Oliver Neukum <oneukum@xxxxxxxx> wrote:
>> On Thu, 2016-09-22 at 10:50 +0300, Binyamin Sharet wrote:
>>> On Thu, Sep 22, 2016 at 10:35 AM, Oliver Neukum <oneukum@xxxxxxxx> wrote:
>>> > On Thu, 2016-09-22 at 09:53 +0300, Binyamin Sharet wrote:
>>> >> On Wed, Sep 21, 2016 at 11:09 PM, Malcolm Priestley <tvboxspy@xxxxxxxxx> wrote:
>>> >> >
>>> >> Malcolm, just to make it clear, this bug was not found with an
>>> >> actual device, but with emulation.
>>> >
>>> > It was quite peculiar a bug, though. Could you prepare a test kernel
>>> > without BPF?
>>> >
>>> >         Regards
>>> >                 Oliver
>>> >
>>> >
>>>
>>> Oliver,
>>>
>>> If this question was directed to me, I will need some clarification
>>> of what is needed (and also - what's BPF?)
>>
>> BPF = Berkeley Packet Filter (a mechanism to filter packets going over a
>> socket)
>>
>> The oops you reproduced was in the BPF. That is rather generic code
>> without connection to the driver in question. That raises the question
>> whether you've accidentally triggered a generic bug.
>> To rule that out a rerun on a kernel compiled without CONFIG_BPF would
>> be useful. Or you could build an initrd with the BPF modules
>> blacklisted, so we are sure the test system does not use BPF.
>>
>>         Regards
>>                 Oliver
>>
>>
>>
>
> Thanks Oliver, will do.
>
> -- Binyamin

I compiled the kernel without BPF and still got an issue (attached)
How can I verify the BPF is not enabled/part of the kernel?

-- Binyamin
[   70.514366] usb 1-1.2: new full-speed USB device number 6 using ehci-pci
[   70.815709] usb 1-1.2: New USB device found, idVendor=160a, idProduct=3184
[   70.815713] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.815715] usb 1-1.2: Product: UMAP2. PID:0x3184
[   70.815717] usb 1-1.2: Manufacturer: UMAP2. VID:0x160a
[   70.815719] usb 1-1.2: SerialNumber: 123456
[   70.995314] vt6656_stage: module is from the staging directory, the quality is unknown, you have been warned.
[   70.995843] usb 1-1.2: VIA Networking Wireless LAN USB Driver Ver. mac80211
[   70.995844] usb 1-1.2: Copyright (c) 2004 VIA Networking Technologies, Inc.
[   71.073733] usb 1-1.2: reset full-speed USB device number 6 using ehci-pci
[   71.316005] usb 1-1.2: Starting mac80211
[   71.316051] usb 1-1.2: VIA Networking Wireless LAN USB Driver Ver. mac80211
[   71.316053] usb 1-1.2: Copyright (c) 2004 VIA Networking Technologies, Inc.
[   71.319384] usb 1-1.2: Direct firmware load for vntwusb.fw failed with error -2
[   71.319389] usb 1-1.2: firmware file vntwusb.fw request failed (-2)
[   71.319396] usb 1-1.2: failed to start
[   71.346203] usb 1-1.2: VIA Networking Wireless LAN USB Driver Ver. mac80211
[   71.346206] usb 1-1.2: Copyright (c) 2004 VIA Networking Technologies, Inc.
[   71.346222] usb 1-1.2: usb_device_reset fail status=-22
[   71.346232] usb 1-1.2: usb_device_reset fail status=-19
[   71.346283] usbcore: registered new interface driver vt6656
[   71.347035] usb 1-1.2: Starting mac80211
[   71.347052] usb 1-1.2: Direct firmware load for vntwusb.fw failed with error -2
[   71.347055] usb 1-1.2: firmware file vntwusb.fw request failed (-2)
[   71.347058] usb 1-1.2: failed to start
[   71.347068] usb 1-1.2: Starting mac80211
[   71.347077] usb 1-1.2: Direct firmware load for vntwusb.fw failed with error -2
[   71.347079] usb 1-1.2: firmware file vntwusb.fw request failed (-2)
[   71.347081] usb 1-1.2: failed to start
[   71.347376] usb 1-1.2: USB disconnect, device number 6
[   71.393522] BUG: unable to handle kernel paging request at ffffbe2280a05fe8
[   71.393581] IP: [<ffffffff8f1df905>] find_vmap_area+0x25/0x60
[   71.393613] PGD 13348f067 PUD 133494067 PMD 12d762067 PTE 0
[   71.393648] Oops: 0000 [#1] SMP
[   71.393663] Modules linked in: vt6656_stage(C) rfcomm bnep arc4 iwldvm snd_hda_codec_hdmi intel_powerclamp coretemp snd_hda_codec_conexant mac80211 snd_hda_codec_generic kvm_intel snd_hda_intel kvm snd_hda_codec snd_hda_core uvcvideo btusb irqbypass crct10dif_pclmul btrtl videobuf2_vmalloc crc32_pclmul videobuf2_memops videobuf2_v4l2 btbcm ghash_clmulni_intel snd_hwdep joydev btintel videobuf2_core iwlwifi bluetooth thinkpad_acpi videodev aesni_intel snd_pcm input_leds aes_x86_64 media lrw gf128mul nvram snd_seq_midi glue_helper snd_seq_midi_event cfg80211 snd_rawmidi snd_seq ablk_helper snd_seq_device serio_raw snd_timer cryptd mei_me mei snd intel_ips lpc_ich shpchp soundcore mac_hid parport_pc ppdev lp parport autofs4 i915 psmouse i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops
[   71.394087]  ahci drm libahci e1000e ptp pps_core wmi fjes video
[   71.394134] CPU: 2 PID: 23 Comm: kworker/2:0 Tainted: G         C      4.8.0-rc2-nobpf+ #14
[   71.394162] Hardware name: LENOVO 4492A56/4492A56, BIOS 6QET44WW (1.14 ) 04/20/2010
[   71.394192] Workqueue: events bpf_prog_free_deferred
[   71.394211] task: ffff9aa9728e5b00 task.stack: ffff9aa97293c000
[   71.394233] RIP: 0010:[<ffffffff8f1df905>]  [<ffffffff8f1df905>] find_vmap_area+0x25/0x60
[   71.394264] RSP: 0018:ffff9aa97293fd68  EFLAGS: 00010286
[   71.394283] RAX: ffffbe2280a06000 RBX: ffffbe2280a06000 RCX: 00000000000043c6
[   71.394307] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffffff901f22e8
[   71.394332] RBP: ffff9aa97293fd70 R08: 000000000001c4e0 R09: ffffffff8f1774b6
[   71.394356] R10: ffffea0004b38b80 R11: ffff9aa977d1a188 R12: ffff9aa977d18a00
[   71.394380] R13: 0000000000000001 R14: 0000000000000080 R15: ffff9aa96ce2e510
[   71.394406] FS:  0000000000000000(0000) GS:ffff9aa977d00000(0000) knlGS:0000000000000000
[   71.394433] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   71.394453] CR2: ffffbe2280a05fe8 CR3: 0000000115e06000 CR4: 00000000000006e0
[   71.394478] Stack:
[   71.394487]  ffffbe2280a06000 ffff9aa97293fd90 ffffffff8f1e1f81 ffffbe2280a06000
[   71.394521]  ffff9aa977d18a00 ffff9aa97293fdb8 ffffffff8f1e2006 ffffbe2280a06000
[   71.394555]  ffff9aa977d18a00 ffff9aa977d1d300 ffff9aa97293fdd0 ffffffff8f1e211e
[   71.394589] Call Trace:
[   71.394603]  [<ffffffff8f1e1f81>] remove_vm_area+0x11/0x70
[   71.394623]  [<ffffffff8f1e2006>] __vunmap+0x26/0xd0
[   71.394643]  [<ffffffff8f1e211e>] vfree+0x2e/0x70
[   71.394661]  [<ffffffff8f1774be>] __bpf_prog_free+0x1e/0x30
[   71.394684]  [<ffffffff8f07cef7>] bpf_jit_free+0x47/0x4c
[   71.394705]  [<ffffffff8f177272>] bpf_prog_free_deferred+0x12/0x20
[   71.394731]  [<ffffffff8f09bcab>] process_one_work+0x16b/0x480
[   71.394752]  [<ffffffff8f09c00b>] worker_thread+0x4b/0x500
[   71.394773]  [<ffffffff8f09bfc0>] ? process_one_work+0x480/0x480
[   71.394796]  [<ffffffff8f0a21e8>] kthread+0xd8/0xf0
[   71.394818]  [<ffffffff8f85671f>] ret_from_fork+0x1f/0x40
[   71.394838]  [<ffffffff8f0a2110>] ? kthread_create_on_node+0x1a0/0x1a0
[   71.394861] Code: 84 00 00 00 00 00 66 66 66 66 90 55 48 89 e5 53 48 89 fb 48 c7 c7 e8 22 1f 90 e8 97 6a 67 00 48 8b 05 d8 29 01 01 48 85 c0 74 0f <48> 3b 58 e8 73 1f 48 8b 40 10 48 85 c0 75 f1 31 d2 48 c7 c7 e8 
[   71.395101] RIP  [<ffffffff8f1df905>] find_vmap_area+0x25/0x60
[   71.395125]  RSP <ffff9aa97293fd68>
[   71.395138] CR2: ffffbe2280a05fe8
[   71.399142] ---[ end trace 1f3f6cf7d65146aa ]---
[   71.399178] BUG: unable to handle kernel paging request at 00000000c3a19199
[   71.399231] IP: [<ffffffff8f0c4cbb>] __wake_up_common+0x2b/0x90
[   71.399279] PGD 0 
[   71.399300] Oops: 0000 [#2] SMP