New issue
Advanced search Search tips

Issue 922559 link

Starred by 1 user
Status: Unconfirmed
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug-Regression



Sign in to add a comment

M72: kernel panic in kernel/v3.14/net/core/sock_diag.c on Guado

Project Member Reported by ziegs@google.com, Jan 16 (6 days ago) 
Chrome Version: 72.0.3626.49
Chrome OS Version: 11316.66.0
Chrome OS Platform: Guado (Asus Chromebox)
Network info: Google corp network

Sample reports: https://crash.corp.google.com/browse?q=clientid%3D%2778e141d6dc174a16a9b193fa7ac9f3b2%27&ignore_case=false&enable_rewrite=true&omit_field_opt=%3D#+samplereports:5


Buganizer issue: http://b/122947049

Null pointer dereference, stacktrace points to sock_diag_save_cookie

We're seeing this issue on Guado CfMs that have taken M72

Comment 1 by ziegs@google.com, Jan 16 (6 days ago) 

Stacktrace:

<1>[ 30.844361] BUG: unable to handle kernel NULL pointer dereference at 000000000000001f
<1>[ 30.844372] IP: [<ffffffff82e06d31>] sock_gen_cookie+0x1e/0x31
<5>[ 30.844383] PGD 0
<5>[ 30.844387] Oops: 0002 [#1] PREEMPT SMP
<0>[ 30.846567] gsmi: Log Shutdown Reason 0x03
<5>[ 30.846572] Modules linked in: i2c_dev cmac rfcomm evdi uinput ip6t_REJECT snd_hda_codec_realtek snd_hda_codec_generic memc_x86 snd_hda_codec_hdmi x86_pkg_temp_thermal snd_soc_sst_acpi snd_hda_intel snd_hda_controller snd_hda_codec zram fuse ip6table_filter snd_seq_midi snd_seq_midi_event snd_seq ip6_tables joydev hid_multitouch snd_usb_audio snd_usbmidi_lib snd_hwdep snd_rawmidi snd_seq_device btusb btbcm btintel bluetooth uvcvideo videobuf2_vmalloc iwlmvm r8169 mii iwlwifi iwl7000_mac80211 cfg80211
<5>[ 30.846642] CPU: 2 PID: 2747 Comm: ss Not tainted 3.14.0 #1
<5>[ 30.846647] Hardware name: GOOGLE Guado, BIOS Google_Guado.6301.108.4 04/01/2015
<5>[ 30.846653] task: ffff88005eabbe20 ti: ffff880148a02000 task.ti: ffff880148a02000
<5>[ 30.846659] RIP: 0010:[<ffffffff82e06d31>] [<ffffffff82e06d31>] sock_gen_cookie+0x1e/0x31
<5>[ 30.846669] RSP: 0018:ffff880148a03850 EFLAGS: 00010246
<5>[ 30.846674] RAX: 0000000000000000 RBX: ffff88014898309c RCX: ffffffffffffffff
<5>[ 30.846680] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff88016a09e300
<5>[ 30.846686] RBP: ffff880148a03850 R08: 0000000000000048 R09: 0000000000000002
<5>[ 30.846692] R10: ffff880074f10014 R11: ffff88017299ca80 R12: ffff88016a09e300
<5>[ 30.846697] R13: ffff8801489af400 R14: ffff880148983088 R15: ffff880167290000
<5>[ 30.846704] FS: 000077bad1341540(0000) GS:ffff88017ed00000(0000) knlGS:0000000000000000
<5>[ 30.846711] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<5>[ 30.846716] CR2: 000000000000001f CR3: 000000014bd0a000 CR4: 00000000003607e0
<5>[ 30.846721] Stack:
<5>[ 30.846724] ffff880148a03868 ffffffff82e06d56 ffff880148983060 ffff880148a038f0
<5>[ 30.846733] ffffffff82e843fe 0000000031fd8cb6 ffffffff8342e6c0 ffff88017299ca80
<5>[ 30.846743] ffff8801489af400 ffff88016723dba8 ffff880158f43210 ffffffff834b9280
<5>[ 30.846753] Call Trace:
<5>[ 30.846761] [<ffffffff82e06d56>] sock_diag_save_cookie+0x12/0x1e
<5>[ 30.846768] [<ffffffff82e843fe>] inet_diag_fill_req.isra.7+0xa7/0x22b
<5>[ 30.846776] [<ffffffff82e83dfc>] ? inet_csk_diag_dump+0x6f/0x7e
<5>[ 30.846783] [<ffffffff82e84873>] inet_diag_dump_icsk+0x2f1/0x5d1
<5>[ 30.846791] [<ffffffff82e84c0c>] ? tcp_diag_dump_one+0x20/0x20
<5>[ 30.846798] [<ffffffff82e84c2d>] tcp_diag_dump+0x21/0x23
<5>[ 30.846805] [<ffffffff82e84333>] inet_diag_dump+0x69/0x8d
<5>[ 30.846812] [<ffffffff82e842ca>] ? inet_diag_rcv_msg_compat+0xdb/0xdb
<5>[ 30.846820] [<ffffffff82e17dbc>] netlink_dump+0x94/0x1fc
<5>[ 30.846827] [<ffffffff82e18031>] __netlink_dump_start+0x10d/0x15e
<5>[ 30.846834] [<ffffffff82e83cd6>] inet_diag_handler_cmd+0x8b/0x142
<5>[ 30.846840] [<ffffffff82e842ca>] ? inet_diag_rcv_msg_compat+0xdb/0xdb
<5>[ 30.846847] [<ffffffff82e83c4b>] ? inet_sk_diag_fill+0x442/0x442
<5>[ 30.846855] [<ffffffff82e06ae4>] sock_diag_rcv_msg+0x129/0x172
<5>[ 30.846861] [<ffffffff82e069bb>] ? sock_diag_bind+0x53/0x53
<5>[ 30.846868] [<ffffffff82e196d3>] netlink_rcv_skb+0x4f/0x94
<5>[ 30.846875] [<ffffffff82e06b55>] sock_diag_rcv+0x28/0x37
<5>[ 30.846881] [<ffffffff82e19510>] netlink_unicast+0x10d/0x198
<5>[ 30.846889] [<ffffffff82e19a35>] netlink_sendmsg+0x31d/0x376
<5>[ 30.846897] [<ffffffff828cf182>] sock_sendmsg+0xb7/0xf0
<5>[ 30.846904] [<ffffffff82de61ca>] ? move_addr_to_kernel+0x43/0x5e
<5>[ 30.846911] [<ffffffff828cf737>] ___sys_sendmsg+0x23a/0x2e0
<5>[ 30.846917] [<ffffffff828cf737>] ? ___sys_sendmsg+0x23a/0x2e0
<5>[ 30.846925] [<ffffffff8288550e>] ? task_sid+0x23/0x28
<5>[ 30.846932] [<ffffffff82de5aff>] ? move_addr_to_user+0x77/0xa6
<5>[ 30.846939] [<ffffffff82de5cac>] ? SYSC_getsockname+0xa9/0xd2
<5>[ 30.846946] [<ffffffff828cfdb6>] SyS_sendmsg+0x7b/0xb8
<5>[ 30.846952] [<ffffffff828cfdb6>] ? SyS_sendmsg+0x7b/0xb8
<5>[ 30.846960] [<ffffffff82edbe42>] system_call_fastpath+0x20/0x25
<5>[ 30.846965] Code: 45 31 e4 e8 76 79 b4 ff e9 3b ff ff ff 0f 1f 44 00 00 55 be 01 00 00 00 48 89 e5 48 8b 47 58 48 85 c0 75 18 48 8b 4f 30 48 89 f2 <f0> 48 0f c1 51 20 48 ff c2 f0 48 0f b1 57 58 eb df 5d c3 0f 1f
<1>[ 30.847041] RIP [<ffffffff82e06d31>] sock_gen_cookie+0x1e/0x31
<5>[ 30.847048] RSP <ffff880148a03850>
<5>[ 30.847052] CR2: 000000000000001f
<4>[ 30.847056] ---[ end trace 0d7e274ba6aa9bd9 ]---
<0>[ 30.852737] Kernel panic - not syncing: Fatal exception in interrupt
<0>[ 30.852749] Kernel Offset: 0x1800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
<0>[ 30.852857] gsmi: Log Shutdown Reason 0x02

So far I've only found Guado on 3.14 M72 with this issue

Comment 2 by ziegs@google.com, Jan 16 (6 days ago)

Labels: M-72

Comment 3 by ziegs@google.com, Jan 16 (6 days ago)

Labels: Proj-Hotrod

Sign in to add a comment