Re: tipc_udp_send_msg oops in 4.4 when setting link tolerance
From: Tommi Rantala
Date: Tue Nov 14 2017 - 05:16:10 EST
On 13.11.2017 23:25, Jon Maloy wrote:
> Hi Tommi,
> I am not sure, but is seems like the following patch is what you need:
> commit 9b3009604b8e ("tipc: add net device to skb before UDP xmit")
> This was applied in tipc 4.5.
Found it, the missing patch is this one (9b3009604b8e does not help):
commit d01332f1acacc0cb43a61f4244dd2b846d4cd585
Author: Richard Alpe <richard.alpe@xxxxxxxxxxxx>
Date: Mon Feb 1 08:19:56 2016 +0100
tipc: fix link attribute propagation bug
It does not apply as-is to 4.4, so backported it, see below.
Does it look good? I can send it forward to Greg for inclusion in 4.4.
But with this patch included, I can easily reproduce the "BUG: Bad page
state in process git" issue also in 4.4 like this:
$ tipc link set tolerance 100 link $LINKNAME
$ cd /tmp && git clone /path/to/linux-stable
I can try to debug that a bit more to see if I can figure it out.
-Tommi
From e1857e6c60355296fd1cbe6e376d8a7265c2b289 Mon Sep 17 00:00:00 2001
From: Richard Alpe <richard.alpe@xxxxxxxxxxxx>
Date: Tue, 14 Nov 2017 11:09:50 +0200
Subject: [PATCH] tipc: fix link attribute propagation bug
commit d01332f1acacc0cb43a61f4244dd2b846d4cd585 upstream.
[backported to 4.4 by Tommi Rantala]
Changing certain link attributes (link tolerance and link priority)
from the TIPC management tool is supposed to automatically take
effect at both endpoints of the affected link.
Currently the media address is not instantiated for the link and is
used uninstantiated when crafting protocol messages designated for the
peer endpoint. This means that changing a link property currently
results in the property being changed on the local machine but the
protocol message designated for the peer gets lost. Resulting in
property discrepancy between the endpoints.
In this patch we resolve this by using the media address from the
link entry and using the bearer transmit function to send it. Hence,
we can now eliminate the redundant function tipc_link_prot_xmit() and
the redundant field tipc_link::media_addr.
Fixes: 2af5ae372a4b (tipc: clean up unused code and structures)
Reviewed-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx>
Reported-by: Jason Hu <huzhijiang@xxxxxxxxx>
Signed-off-by: Richard Alpe <richard.alpe@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Tommi Rantala <tommi.t.rantala@xxxxxxxxx>
---
net/tipc/link.c | 28 ++++++----------------------
net/tipc/link.h | 1 -
2 files changed, 6 insertions(+), 23 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index 72268eac4ec7..736fffb28ab6 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1084,25 +1084,6 @@ drop:
return rc;
}
-/*
- * Send protocol message to the other endpoint.
- */
-void tipc_link_proto_xmit(struct tipc_link *l, u32 msg_typ, int
probe_msg,
- u32 gap, u32 tolerance, u32 priority)
-{
- struct sk_buff *skb = NULL;
- struct sk_buff_head xmitq;
-
- __skb_queue_head_init(&xmitq);
- tipc_link_build_proto_msg(l, msg_typ, probe_msg, gap,
- tolerance, priority, &xmitq);
- skb = __skb_dequeue(&xmitq);
- if (!skb)
- return;
- tipc_bearer_xmit_skb(l->net, l->bearer_id, skb, l->media_addr);
- l->rcv_unacked = 0;
-}
-
static void tipc_link_build_proto_msg(struct tipc_link *l, int mtyp,
bool probe,
u16 rcvgap, int tolerance, int
priority,
struct sk_buff_head *xmitq)
@@ -1636,9 +1617,12 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
genl_info *info)
char *name;
struct tipc_link *link;
struct tipc_node *node;
+ struct sk_buff_head xmitq;
struct nlattr *attrs[TIPC_NLA_LINK_MAX + 1];
struct net *net = sock_net(skb->sk);
+ __skb_queue_head_init(&xmitq);
+
if (!info->attrs[TIPC_NLA_LINK])
return -EINVAL;
@@ -1683,14 +1667,14 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
genl_info *info)
tol = nla_get_u32(props[TIPC_NLA_PROP_TOL]);
link->tolerance = tol;
- tipc_link_proto_xmit(link, STATE_MSG, 0, 0, tol, 0);
+ tipc_link_build_proto_msg(link, STATE_MSG, 0, 0,
tol, 0, &xmitq);
}
if (props[TIPC_NLA_PROP_PRIO]) {
u32 prio;
prio = nla_get_u32(props[TIPC_NLA_PROP_PRIO]);
link->priority = prio;
- tipc_link_proto_xmit(link, STATE_MSG, 0, 0, 0,
prio);
+ tipc_link_build_proto_msg(link, STATE_MSG, 0, 0,
0, prio, &xmitq);
}
if (props[TIPC_NLA_PROP_WIN]) {
u32 win;
@@ -1702,7 +1686,7 @@ int tipc_nl_link_set(struct sk_buff *skb, struct
genl_info *info)
out:
tipc_node_unlock(node);
-
+ tipc_bearer_xmit(net, bearer_id, &xmitq,
&node->links[bearer_id].maddr);
return res;
}
diff --git a/net/tipc/link.h b/net/tipc/link.h
index 66d859b66c84..2a0d58671e88 100644
--- a/net/tipc/link.h
+++ b/net/tipc/link.h
@@ -153,7 +153,6 @@ struct tipc_stats {
struct tipc_link {
u32 addr;
char name[TIPC_MAX_LINK_NAME];
- struct tipc_media_addr *media_addr;
struct net *net;
/* Management and link supervision data */
--
2.14.2
-----Original Message-----
From: netdev-owner@xxxxxxxxxxxxxxx [mailto:netdev-
owner@xxxxxxxxxxxxxxx] On Behalf Of Tommi Rantala
Sent: Monday, November 13, 2017 11:23
To: Jon Maloy <jon.maloy@xxxxxxxxxxxx>; Ying Xue
<ying.xue@xxxxxxxxxxxxx>; David S. Miller <davem@xxxxxxxxxxxxx>;
netdev@xxxxxxxxxxxxxxx; tipc-discussion@xxxxxxxxxxxxxxxxxxxxx; linux-
kernel@xxxxxxxxxxxxxxx
Subject: tipc_udp_send_msg oops in 4.4 when setting link tolerance
Hi,
I always get an instant TIPC oops in 4.4, when I try to set the link tolerance
(with LINKNAME != "broadcast-link"):
$ tipc link set tolerance 1000 link $LINKNAME
Any idea what's going on? Some tipc patch missing in 4.4?
In 4.9 the "tipc" command executes just fine, but I've seen a few times that
later some random process crashes with "BUG: Bad page state". KASAN does
not report anything before it happens.
4.14 is OK, could not reproduce these problems with it.
tipc_udp_send_msg+0x102/0x4f0
matches to:
tipc_udp_send_msg at linux-stable/net/tipc/udp_media.c:172
static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb,
struct tipc_bearer *b,
struct tipc_media_addr *dest) {
int ttl, err = 0;
struct udp_bearer *ub;
struct udp_media_addr *dst = (struct udp_media_addr *)&dest->value;
struct udp_media_addr *src = (struct udp_media_addr *)&b-
addr.value;
struct rtable *rt;
if (skb_headroom(skb) < UDP_MIN_HEADROOM) {
err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0,
GFP_ATOMIC);
if (err)
goto tx_error;
}
skb_set_inner_protocol(skb, htons(ETH_P_TIPC));
ub = rcu_dereference_rtnl(b->media_ptr);
if (!ub) {
err = -ENODEV;
goto tx_error;
}
if (dst->proto == htons(ETH_P_IP)) { <------ HERE
[ 111.423647]
==========================================================
========
[ 111.424826] BUG: KASAN: null-ptr-deref on address (null)
[ 111.425538] Read of size 2 by task tipc/2643 [ 111.426215] CPU: 3 PID: 2643
Comm: tipc Not tainted 4.4.97-pc64 #1 [ 111.428081] 0000000000000000
ffff880026327478 ffffffff8248005e
0000000000000002
[ 111.429476] ffff880047ad5ac0 ffff8800263274f8 ffffffff8227f5af
0000000265711040
[ 111.430728] 0000000000000000 0000000000000297 ffffffffa0387fd2
02090220ffffffff [ 111.432051] Call Trace:
[ 111.432472] [<ffffffff8248005e>] dump_stack+0x86/0xc8 [ 111.433208]
[<ffffffff8227f5af>] kasan_report.part.2+0x41f/0x520 [ 111.434040]
[<ffffffffa0387fd2>] ? tipc_udp_send_msg+0x102/0x4f0 [tipc] [ 111.434908]
[<ffffffff8227f965>] kasan_report+0x25/0x30 [ 111.435647]
[<ffffffff8227e3a6>] __asan_load2+0x66/0x70 [ 111.436391]
[<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [ 111.437334]
[<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.438301]
[<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.439328]
[<ffffffff8227e04c>] ?
__kmalloc_node_track_caller+0xac/0x230
[ 111.440493] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
111.441479] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
111.442628] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.443598]
[<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.444610]
[<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.445539] [<ffffffff8275fab3>]
? __alloc_skb+0x2b3/0x310 [ 111.446560] [<ffffffff8275f800>] ?
skb_complete_tx_timestamp+0x110/0x110
[ 111.447695] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0 [
111.448735] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.449608]
[<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.450524]
[<ffffffffa03665e8>] ?
tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.451946]
[<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [ 111.453078]
[<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [ 111.454218]
[<ffffffffa036a4f0>] ?
tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.455542]
[<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.456659]
[<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
111.457831] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
111.458884] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
111.459931] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.460892]
[<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.461948]
[<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [ 111.463107]
[<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.463987]
[<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
[ 111.465048] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
111.465986] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
[ 111.467045] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
111.468067] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [ 111.468994]
[<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.469939]
[<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.470954]
[<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.471798] [<ffffffff827d0a27>]
netlink_unicast+0x2e7/0x3a0 [ 111.472806] [<ffffffff827d0740>] ?
netlink_attachskb+0x330/0x330 [ 111.473845] [<ffffffff8249b731>] ?
copy_from_iter+0xf1/0x3b0 [ 111.474847] [<ffffffff827d0f8d>]
netlink_sendmsg+0x4ad/0x620 [ 111.475788] [<ffffffff827d0ae0>] ?
netlink_unicast+0x3a0/0x3a0 [ 111.476793] [<ffffffff822c0683>] ?
__fdget+0x13/0x20 [ 111.477723] [<ffffffff82751575>] ?
sockfd_lookup_light+0x95/0xb0 [ 111.478773] [<ffffffff827538fc>]
SYSC_sendto+0x1bc/0x290 [ 111.479659] [<ffffffff82753740>] ?
sock_write_iter+0x200/0x200 [ 111.480692] [<ffffffff822c0683>] ?
__fdget+0x13/0x20 [ 111.481559] [<ffffffff82751575>] ?
sockfd_lookup_light+0x95/0xb0 [ 111.482591] [<ffffffff827caf71>] ?
netlink_getname+0xb1/0x110 [ 111.483570] [<ffffffff82750b0c>] ?
move_addr_to_user+0x5c/0x70 [ 111.484539] [<ffffffff82751706>] ?
SYSC_getsockname+0x176/0x190 [ 111.485540] [<ffffffff82751590>] ?
sockfd_lookup_light+0xb0/0xb0 [ 111.486558] [<ffffffff82753225>] ?
SYSC_bind+0xe5/0x180 [ 111.487548] [<ffffffff82753140>] ?
__sock_recv_ts_and_drops+0x260/0x260
[ 111.488700] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.489596]
[<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.490553]
[<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.491437]
[<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.492505]
[<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.493557]
[<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.494629]
[<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.495588]
[<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
[ 111.496697]
==========================================================
========
[ 111.498005] Disabling lock debugging due to kernel taint [ 111.499059]
BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 111.500698] IP: [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0
[tipc] [ 111.502027] PGD 4b01c067 PUD 1f0a5067 PMD 0 [ 111.503053] Oops:
0000 [#1] SMP KASAN [ 111.503980] Modules linked in: ip6table_mangle
ip6_tables iptable_mangle iptable_filter ip_tables x_tables tipc
ip6_udp_tunnel udp_tunnel fuse isofs aesni_intel aes_x86_64 glue_helper
lrw gf128mul ablk_helper cryptd ata_piix i6300esb sch_fq_codel
nf_conntrack_proto_sctp nf_conntrack autofs4
[ 111.509927] CPU: 3 PID: 2643 Comm: tipc Tainted: G B
4.4.97-pc64 #1
[ 111.511249] Hardware name: Fedora Project OpenStack Nova, BIOS
seabios-1.7.5-11.el7.tis.1 04/01/2014
[ 111.512935] task: ffff880047ad5ac0 ti: ffff880026320000 task.ti:
ffff880026320000
[ 111.514283] RIP: 0010:[<ffffffffa0387fd2>] [<ffffffffa0387fd2>]
tipc_udp_send_msg+0x102/0x4f0 [tipc]
[ 111.515960] RSP: 0018:ffff880026327528 EFLAGS: 00010292 [ 111.516832]
RAX: ffff880047ad5ac0 RBX: ffff880065711040 RCX:
0000000000000000
[ 111.517992] RDX: 1ffffffff06b9196 RSI: 0000000000000297 RDI:
0000000000000297
[ 111.519117] RBP: ffff8800263276f0 R08: 0000000000000000 R09:
fffffbfff069f014
[ 111.520228] R10: dffffc0000000001 R11: ffff88006bc02a00 R12:
1ffff10004c64eb1
[ 111.521361] R13: ffff88005ad07750 R14: 0000000000000000 R15:
ffff88005154d9e0
[ 111.522538] FS: 00007f467f3ac700(0000) GS:ffff88006c380000(0000)
knlGS:0000000000000000
[ 111.523960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
111.524947] CR2: 0000000000000000 CR3: 000000001f076000 CR4:
00000000001406e0
[ 111.526084] Stack:
[ 111.526551] 1ffff1000a2c11d8 ffff880026327550 ffffffff8227eb1e
ffff880051608cc0
[ 111.528272] ffff88006bc02a00 ffff880026327560 ffffffff8227edfd
ffff8800263275b0
[ 111.529886] ffffffff8227e04c ffff880026327590 ffffffff8227eb1e
ffffffff832dfec0
[ 111.531535] Call Trace:
[ 111.532106] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
111.533075] [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.534041]
[<ffffffff8227e04c>] ?
__kmalloc_node_track_caller+0xac/0x230
[ 111.535102] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [
111.536047] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [
111.537186] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.538139]
[<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.539106]
[<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.539946] [<ffffffff8275fab3>]
? __alloc_skb+0x2b3/0x310 [ 111.540876] [<ffffffff8275f800>] ?
skb_complete_tx_timestamp+0x110/0x110
[ 111.541954] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0 [
111.542978] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.543914]
[<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.544817]
[<ffffffffa03665e8>] ?
tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.546199]
[<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [ 111.547355]
[<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [ 111.548482]
[<ffffffffa036a4f0>] ?
tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.549763]
[<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.550822]
[<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [
111.551921] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [
111.552961] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [
111.554010] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.554906]
[<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.555954]
[<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [ 111.557104]
[<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.557949]
[<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
[ 111.559030] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [
111.559983] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180
[ 111.561058] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [
111.562038] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [ 111.562966]
[<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.563930]
[<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.564949]
[<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.565818] [<ffffffff827d0a27>]
netlink_unicast+0x2e7/0x3a0 [ 111.566759] [<ffffffff827d0740>] ?
netlink_attachskb+0x330/0x330 [ 111.567765] [<ffffffff8249b731>] ?
copy_from_iter+0xf1/0x3b0 [ 111.568707] [<ffffffff827d0f8d>]
netlink_sendmsg+0x4ad/0x620 [ 111.569706] [<ffffffff827d0ae0>] ?
netlink_unicast+0x3a0/0x3a0 [ 111.570658] [<ffffffff822c0683>] ?
__fdget+0x13/0x20 [ 111.571548] [<ffffffff82751575>] ?
sockfd_lookup_light+0x95/0xb0 [ 111.572541] [<ffffffff827538fc>]
SYSC_sendto+0x1bc/0x290 [ 111.573459] [<ffffffff82753740>] ?
sock_write_iter+0x200/0x200 [ 111.574435] [<ffffffff822c0683>] ?
__fdget+0x13/0x20 [ 111.575330] [<ffffffff82751575>] ?
sockfd_lookup_light+0x95/0xb0 [ 111.576354] [<ffffffff827caf71>] ?
netlink_getname+0xb1/0x110 [ 111.577371] [<ffffffff82750b0c>] ?
move_addr_to_user+0x5c/0x70 [ 111.578385] [<ffffffff82751706>] ?
SYSC_getsockname+0x176/0x190 [ 111.579407] [<ffffffff82751590>] ?
sockfd_lookup_light+0xb0/0xb0 [ 111.580431] [<ffffffff82753225>] ?
SYSC_bind+0xe5/0x180 [ 111.581369] [<ffffffff82753140>] ?
__sock_recv_ts_and_drops+0x260/0x260
[ 111.582518] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.583450]
[<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.584417]
[<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.585353]
[<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.586405]
[<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.587434]
[<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.588511]
[<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.589378]
[<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d
[ 111.590420] Code: 00 00 e8 e2 64 ef e1 4c 89 ef 80 a3 93 00 00 00 f7
e8 43 65 ef e1 4d 8b 7d 00 4d 85 ff 0f 84 db 03 00 00 4c 89 f7 e8 6e 63 ef e1
<66> 41 83 3e 08 0f 84 80 01 00 00 48 8d bc 24 20 01 00 00 31 c0 [ 111.598579]
RIP [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [
111.599831] RSP <ffff880026327528> [ 111.600538] CR2: 0000000000000000 [
111.601202] ---[ end trace 827dd66f798de44a ]--- [ 111.602025] Kernel panic -
not syncing: Fatal exception in interrupt [ 111.614704] Kernel Offset: disabled
[ 111.615249] Rebooting in 60 seconds..
[ 31.985039] BUG: Bad page state in process ___ pfn:400c0
[ 31.985680] page:ffffea0001003000 count:0 mapcount:0
mapping:000000000000003c index:0x0
[ 31.986619] flags: 0x10000(mappedtodisk)
[ 31.987081] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set
[ 31.987701] bad because of flags: 0x10000(mappedtodisk)
[ 31.988268] Modules linked in: iptable_filter ip_tables x_tables tipc ...
[ 31.991804] CPU: 3 PID: 2716 Not tainted 4.9.52 #1
[ 31.993608] ffffc90003023b28 ffffffff822ee180 ffffea0001003000
ffffffff827b76c8
[ 31.994792] ffffc90003023b50 ffffffff8215c5e4 0000000000010000
ffffea0001000000
[ 31.995986] 0000000000000009 ffffc90003023b60 ffffffff8215c71f
ffffc90003023c28
[ 31.997380] Call Trace:
[ 31.997780] [<ffffffff822ee180>] dump_stack+0x86/0xc6
[ 31.998460] [<ffffffff8215c5e4>] bad_page+0xc4/0x130
[ 31.999160] [<ffffffff8215c71f>] check_new_page_bad+0x5f/0x70
[ 31.999968] [<ffffffff8215fe5a>] get_page_from_freelist+0x7ca/0xb20
[ 32.000782] [<ffffffff8216123c>] __alloc_pages_nodemask+0xdc/0x220
[ 32.001621] [<ffffffff821a4c18>] alloc_fresh_huge_page+0x68/0xc0
[ 32.002407] [<ffffffff821a590f>] set_max_huge_pages+0x4df/0x530
[ 32.003176] [<ffffffff8230698c>] ? _kstrtoull+0x2c/0x70
[ 32.003841] [<ffffffff821a59ec>] nr_hugepages_store_common+0x8c/0xf0
[ 32.004619] [<ffffffff821c2626>] ?
mem_cgroup_commit_charge+0x66/0x430
[ 32.005384] [<ffffffff821a5a83>] nr_hugepages_store+0x13/0x20
[ 32.006176] [<ffffffff822f02bf>] kobj_attr_store+0xf/0x20
[ 32.006838] [<ffffffff82237877>] sysfs_kf_write+0x37/0x40
[ 32.007534] [<ffffffff82236bcc>] kernfs_fop_write+0x11c/0x1b0
[ 32.008258] [<ffffffff821c7068>] __vfs_write+0x28/0x120
[ 32.008931] [<ffffffff820fb23d>] ? __audit_syscall_entry+0xad/0xf0
[ 32.009681] [<ffffffff821c7735>] vfs_write+0xb5/0x1a0
[ 32.010308] [<ffffffff821c8a96>] SyS_write+0x46/0xa0
[ 32.010917] [<ffffffff8204b8fa>] ? trace_do_page_fault+0x5a/0x140
[ 32.011741] [<ffffffff82002bfe>] do_syscall_64+0x7e/0x1a0
[ 32.012476] [<ffffffff825dc0c4>] entry_SYSCALL64_slow_path+0x25/0x25
[ 32.013244] Disabling lock debugging due to kernel taint
[ 34.055994] ip6_tables: (C) 2000-2006 Netfilter Core Team
-Tommi