lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 11 Jan 2016 14:11:52 -0800
From:	Salam Noureddine <noureddine@...sta.com>
To:	Ivaylo Dimitrov <ivo.g.dimitrov.75@...il.com>
Cc:	Eric Dumazet <eric.dumazet@...il.com>,
	"David S. Miller" <davem@...emloft.net>,
	Pali Rohár <pali.rohar@...il.com>,
	Network Development <netdev@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Sebastian Reichel <sre@...nel.org>,
	"linux-omap@...r.kernel.org" <linux-omap@...r.kernel.org>
Subject: Re: [OOPS] In __netif_receive_skb_core

Would you be able to disassemble your kernel so we could tell where
the null pointer dereference happens?

Thanks,

Salam

On Mon, Jan 11, 2016 at 1:03 PM, Ivaylo Dimitrov
<ivo.g.dimitrov.75@...il.com> wrote:
>
>
> On 10.01.2016 22:26, Eric Dumazet wrote:
>>
>>
>> I do not see anything wrong with this commit.
>>
>> It must uncover a prior bug.
>>
>
> Could be, but it was working fine in 3.19.
>
>> Seems to be a phonet bug not reacting to NETDEV_DOWN maybe ?
>>
>>
>> diff --git a/net/phonet/pn_dev.c b/net/phonet/pn_dev.c
>> index a58680016472..fd2f44940bd7 100644
>> --- a/net/phonet/pn_dev.c
>> +++ b/net/phonet/pn_dev.c
>
>
> The patch makes difference:
>
> <3>[  118.943542] et8ek8 3-003e: could not get clock
> <6>[  119.028045] IPv6: ADDRCONF(NETDEV_UP): phonet0: link is not ready
> <4>[  120.945922] sched: RT throttling activated
> <5>[  158.556091] ssi-protocol ssi-protocol: WAKELINES TEST OK
> <6>[  158.561828] IPv6: ADDRCONF(NETDEV_CHANGE): phonet0: link becomes ready
> <1>[  158.708831] Unable to handle kernel NULL pointer dereference at
> virtual address 0000005c
> <1>[  158.717498] pgd = ce548000
> <1>[  158.720367] [0000005c] *pgd=8e53a831, *pte=00000000, *ppte=00000000
> <0>[  158.727020] Internal error: Oops: 17 [#1] PREEMPT ARM
> <4>[  158.732330] Modules linked in: cmt_speech nokia_modem ssi_protocol
> vfat fat rfcomm sd_mod scsi_mod bnep bluetooth omaplfb pvrsrvkm ipv6
> bq2415x_charger uinput hsi_char radio_platform_si4713 joydev omap_ssi_port
> video_bus_switch arc4 wl1251_spi wl1251 isp1704_charger gpio_keys mac80211
> smc91x mii cfg80211 omap_wdt omap_sham crc7 tsc2005 tsc200x_core si4713
> leds_lp5523 leds_lp55xx_common adp1653 bq27xxx_battery tsl2563 twl4030_wdt
> rtc_twl et8ek8 smiaregs ad5820 v4l2_common twl4030_vibra ff_memless videodev
> lis3lv02d_i2c media lis3lv02d input_polldev omap_ssi hsi ti_soc_thermal
> thermal_sys hwmon rx51_battery
> <4>[  158.789154] CPU: 0 PID: 1038 Comm: csd Not tainted 4.4.0-rc7+ #14
> <4>[  158.795562] Hardware name: Nokia RX-51 board
> <4>[  158.800048] task: ce4d5900 ti: ce4e4000 task.ti: ce4e4000
> <4>[  158.805725] PC is at __netif_receive_skb_core+0x7c0/0x92c
> <4>[  158.811401] LR is at sock_queue_rcv_skb+0x208/0x214
> <4>[  158.816528] pc : [<c0394218>]    lr : [<c0385648>]    psr: 00000113
> <4>[  158.816528] sp : ce4e5e98  ip : 14400000  fp : cd4ab380
> <4>[  158.828582] r10: c249405c  r9 : 00000000  r8 : c24b2d74
> <4>[  158.834045] r7 : 0000f500  r6 : c2494000  r5 : c2494048  r4 : c24b2cc0
> <4>[  158.840911] r3 : 00000000  r2 : 00000002  r1 : 00000000  r0 : 00000000
> <4>[  158.847778] Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM
> Segment none
> <4>[  158.855285] Control: 10c5387d  Table: 8e548019  DAC: 00000051
> <0>[  158.861297] Process csd (pid: 1038, stack limit = 0xce4e4210)
> <0>[  158.867340] Stack: (0xce4e5e98 to 0xce4e6000)
> <0>[  158.871917] 5e80:       cf3ab000 cf2e4d90
> <0>[  158.880554] 5ea0: 00000002 c24b2cc0 c06534dc c243b67c c5dcae00
> c00685ac c243b67c 40000113
> <0>[  158.889129] 5ec0: ffffffff bf3b0fac bf3b0d88 ffffffff 00000000
> c06780c0 c24b2cc0 00000000
> <0>[  158.897735] 5ee0: c06780b4 c0678088 ce4e5f18 00000040 ce4e5f20
> c0396950 c03968dc c06780c0
> <0>[  158.906341] 5f00: 00000001 0000012c 00000040 c0678357 ffffc8d0
> c03970a4 ce4e5f18 ce4e5f18
> <0>[  158.914947] 5f20: ce4e5f20 ce4e5f20 cf3ab000 00000008 c0679380
> 00000008 c0679340 c067938c
> <0>[  158.923522] 5f40: 00000100 00400100 c0441be8 c0030e64 cf807f00
> fa2000cc 00000003 00000003
> <0>[  158.932128] 5f60: ffffc8cf 00000004 10c53c7d 00000000 00000000
> cf802000 00000001 10c53c7d
> <0>[  158.940734] 5f80: 00001a30 0000026c beba476c c0031214 00000000
> c005b4c4 ce4e5fb0 b6e3f82c
> <0>[  158.949310] 5fa0: 40000010 ffffffff 10c5387d c043c990 00000014
> 00000000 0001ef78 00000014
> <0>[  158.957946] 5fc0: 0001edf8 00000001 00000000 00000000 00000000
> 00001a30 0000026c beba476c
> <0>[  158.966522] 5fe0: b6e4d82c beba4748 b6e3f82c b6e3f82c 40000010
> ffffffff ddee3fd6 e7f5d5dd
> <4>[  158.975158] [<c0394218>] (__netif_receive_skb_core) from [<c0396950>]
> (process_backlog+0x74/0xf4)
> <4>[  158.984497] [<c0396950>] (process_backlog) from [<c03970a4>]
> (net_rx_action+0xd0/0x284)
> <4>[  158.992919] [<c03970a4>] (net_rx_action) from [<c0030e64>]
> (__do_softirq+0xb0/0x208)
> <4>[  159.001037] [<c0030e64>] (__do_softirq) from [<c0031214>]
> (irq_exit+0x80/0xe4)
> <4>[  159.008636] [<c0031214>] (irq_exit) from [<c005b4c4>]
> (__handle_domain_irq+0x88/0xa8)
> <4>[  159.016906] [<c005b4c4>] (__handle_domain_irq) from [<c043c990>]
> (__irq_usr+0x50/0x80)
> <0>[  159.025207] Code: e59d400c e5943014 e1530006 0a000025 (e593505c)
> <4>[  159.031677] ---[ end trace c52d1e36f2d07d67 ]---
> <0>[  159.038146] Kernel panic - not syncing: Fatal exception in interrupt
> --[ end trace c52d1e36f2d07d67 ]---
>
> Could you provide some hints on where to put some printks or dump some data
> to get a clearer picture on what happens?
>
> Thanks,
> Ivo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ