| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Jun 2008 00:49:43 +0400 From: Alexey Dobriyan <adobriyan@...il.com> To: netdev@...r.kernel.org Cc: den@...nvz.org, xemul@...nvz.org, ebiederm@...ssion.com, dlezcano@...ibm.com, benjamin.thery@...l.net Subject: ICMP sockets destruction vs ICMP packets oops After icmp_sk_exit() nuked ICMP sockets, we get an interrupt. icmp_reply() wants ICMP socket. Steps to reproduce: launch shell in new netns move real NIC to netns setup routing ping -i 0 exit from shell BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 IP: [<ffffffff803fce17>] icmp_sk+0x17/0x30 PGD 17f3cd067 PUD 17f3ce067 PMD 0 Oops: 0000 [1] PREEMPT SMP DEBUG_PAGEALLOC CPU 0 Modules linked in: usblp usbcore Pid: 0, comm: swapper Not tainted 2.6.26-rc6-netns-ct #4 RIP: 0010:[<ffffffff803fce17>] [<ffffffff803fce17>] icmp_sk+0x17/0x30 RSP: 0018:ffffffff8057fc30 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff81017c7db900 RDX: 0000000000000034 RSI: ffff81017c7db900 RDI: ffff81017dc41800 RBP: ffffffff8057fc40 R08: 0000000000000001 R09: 000000000000a815 R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8057fd28 R13: ffffffff8057fd00 R14: ffff81017c7db938 R15: ffff81017dc41800 FS: 0000000000000000(0000) GS:ffffffff80525000(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 0000000000000000 CR3: 000000017fcda000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process swapper (pid: 0, threadinfo ffffffff8053a000, task ffffffff804fa4a0) Stack: 0000000000000000 ffff81017c7db900 ffffffff8057fcf0 ffffffff803fcfe4 ffffffff804faa38 0000000000000246 0000000000005a40 0000000000000246 000000000001ffff ffff81017dd68dc0 0000000000005a40 0000000055342436 Call Trace: <IRQ> [<ffffffff803fcfe4>] icmp_reply+0x44/0x1e0 [<ffffffff803d3a0a>] ? ip_route_input+0x23a/0x1360 [<ffffffff803fd645>] icmp_echo+0x65/0x70 [<ffffffff803fd300>] icmp_rcv+0x180/0x1b0 [<ffffffff803d6d84>] ip_local_deliver+0xf4/0x1f0 [<ffffffff803d71bb>] ip_rcv+0x33b/0x650 [<ffffffff803bb16a>] netif_receive_skb+0x27a/0x340 [<ffffffff803be57d>] process_backlog+0x9d/0x100 [<ffffffff803bdd4d>] net_rx_action+0x18d/0x250 [<ffffffff80237be5>] __do_softirq+0x75/0x100 [<ffffffff8020c97c>] call_softirq+0x1c/0x30 [<ffffffff8020f085>] do_softirq+0x65/0xa0 [<ffffffff80237af7>] irq_exit+0x97/0xa0 [<ffffffff8020f198>] do_IRQ+0xa8/0x130 [<ffffffff80212ee0>] ? mwait_idle+0x0/0x60 [<ffffffff8020bc46>] ret_from_intr+0x0/0xf <EOI> [<ffffffff80212f2c>] ? mwait_idle+0x4c/0x60 [<ffffffff80212f23>] ? mwait_idle+0x43/0x60 [<ffffffff8020a217>] ? cpu_idle+0x57/0xa0 [<ffffffff8040f380>] ? rest_init+0x70/0x80 Code: 10 5b 41 5c 41 5d 41 5e c9 c3 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 53 48 83 ec 08 48 8b 9f 78 01 00 00 e8 2b c7 f1 ff 89 c0 <48> 8b 04 c3 48 83 c4 08 5b c9 c3 66 66 66 66 66 2e 0f 1f 84 00 RIP [<ffffffff803fce17>] icmp_sk+0x17/0x30 RSP <ffffffff8057fc30> CR2: 0000000000000000 ---[ end trace ea161157b76b33e8 ]--- Kernel panic - not syncing: Aiee, killing interrupt handler! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists