lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <trinity-99bcd71d-8f78-4bbe-a439-f6a915040b0a-1565606589515@3c-app-gmx-bs80>
Date:   Mon, 12 Aug 2019 12:43:09 +0200
From:   "Frank Wunderlich" <frank-w@...lic-files.de>
To:     "Andrew Lunn" <andrew@...n.ch>,
        "Vivien Didelot" <vivien.didelot@...il.com>,
        "Florian Fainelli" <f.fainelli@...il.com>,
        "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [BUG] access to null-pointer in dsa_switch_event when bridge set up

Hi,

i've noticed a bug when using bridge on dsa-ports. Tested on Bpi-r2, Crash happens on 5.3-rc1 and rc4, 5.2-rc7 (last version pre 5.3 i have found on my tftp) is not affected.

root@...-r2:~# brctl addbr br0
root@...-r2:~# ip addr add 192.168.0.11/24 dev br0
root@...-r2:~# brctl addif br0 lan0
[   47.731914] br0: port 1(lan0) entered blocking state
[   47.736898] br0: port 1(lan0) entered disabled state
[   47.742586] device lan0 entered promiscuous mode
root@...-r2:~# ip link set br0 up
[  114.675568] br0: port 1(lan0) entered blocking state
[  114.680612] br0: port 1(lan0) entered forwarding state
[  114.686643] IPv6: ADDRCONF(NETDEV_CHANGE): br0: link becomes ready
root@...-r2:~# [  114.718094] 8<--- cut here ---
[  114.721167] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[  114.729344] pgd = 661519c9
[  114.732055] [00000000] *pgd=00000000
[  114.735642] Internal error: Oops: 80000005 [#1] SMP ARM
[  114.740865] Modules linked in:
[  114.743925] CPU: 1 PID: 156 Comm: kworker/1:2 Not tainted 5.3.0-rc4-bpi-r2 #307
[  114.751231] Hardware name: Mediatek Cortex-A7 (Device Tree)
[  114.756816] Workqueue: events switchdev_deferred_process_work
[  114.762564] PC is at 0x0
[  114.765100] LR is at dsa_switch_event+0x640/0x6e8
[  114.769801] pc : [<00000000>]    lr : [<c09f2f00>]    psr: 20070013
[  114.776064] sp : e71edcc8  ip : 00000000  fp : e71edd0c
[  114.781285] r10: e71ede73  r9 : ea1b7088  r8 : e6932dd0
[  114.786506] r7 : ea1b7040  r6 : 00000006  r5 : c1104c48  r4 : ea1b704c
[  114.793030] r3 : 00000000  r2 : e6932dd0  r1 : 00000006  r0 : ea1b7040
[  114.799560] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[  114.806698] Control: 10c5387d  Table: a778006a  DAC: 00000051
[  114.812447] Process kworker/1:2 (pid: 156, stack limit = 0xb5a13451)
[  114.818801] Stack: (0xe71edcc8 to 0xe71ee000)
[  114.823162] dcc0:                   c086981c c11a5c20 00000001 600c0113 00000000 1021bd52
[  114.831347] dce0: e71edd08 ffffffff 00000000 e71edd54 00000005 00000000 c09f1dd0 00000000
[  114.839531] dd00: e71edd34 e71edd10 c014d4f8 c09f28cc c1104c48 c1104c48 00000000 e71fd800
[  114.847715] dd20: c09f0740 c09f1dd0 e71edd4c e71edd38 c014d658 c014d4ac 00000000 c017a738
[  114.855900] dd40: e71edd7c e71edd50 c09efe1c c014d63c e71eddac e6932dd0 e71ede73 00000000
[  114.864084] dd60: 00000006 1021bd52 00000000 e71ede38 e71edd8c e71edd80 c09f1e2c c09efdd0
[  114.872268] dd80: e71eddc4 e71edd90 c0b47cc4 c09f1ddc b43f0a89 1021bd52 00000000 ffffffff
[  114.880452] dda0: 00000000 e71ede38 00000006 00000000 00000000 00000000 e71eddd4 e71eddc8
[  114.888637] ddc0: c0b47d5c c0b47c6c e71edde4 e71eddd8 c09f1c58 c0b47d50 e71ede0c e71edde8
[  114.896821] dde0: c014d4f8 c09f1c14 00000006 c11bc820 e71ede38 e71fd800 e6932dd0 00000000
[  114.905006] de00: e71ede34 e71ede10 c014dd70 c014d4ac 00000000 e71ede20 c016a99c c1104c48
[  114.913190] de20: 1021bd52 00000000 e71ede64 e71ede38 c0b479ec c014dd28 e71fd800 00000000
[  114.921374] de40: e6932dd0 e71ede73 00000001 1021bd52 c1104c48 e71ede73 e71ede9c e71ede68
[  114.929559] de60: c0b47af4 c0b479a4 00000000 c0b65d88 0014d4f8 1021bd52 e6932dc0 e6932dd0
[  114.937743] de80: e71fd800 00000100 00000000 c11c50f0 e71edebc e71edea0 c0b47b8c c0b47a5c
[  114.945927] dea0: e6932dc0 c11bc818 c12332ac 00000100 e71edee4 e71edec0 c0b477e0 c0b47b74
[  114.954112] dec0: 010000ff c0898820 c11bc83c e909f380 ead8f100 ead92200 e71edef4 e71edee8
[  114.962296] dee0: c0b47890 c0b47768 e71edf34 e71edef8 c0144dac c0b47880 e90b12c0 ffffe000
[  114.970480] df00: e71edf1c e71edf10 c0146f48 e909f380 ead8f100 e909f394 ead8f118 ffffe000
[  114.978665] df20: 00000008 c1103d00 e71edf74 e71edf38 c0145b8c c0144c0c ffffe000 c0e58270
[  114.986850] df40: c11c4939 ead8f100 c014b4f4 e910bf40 e910bf00 00000000 e71ec000 e909f380
[  114.995036] df60: c0145b30 ea13fe74 e71edfac e71edf78 c014ba18 c0145b3c e910bf5c e910bf5c
[  115.003219] df80: e71edfac e910bf00 c014b8b0 00000000 00000000 00000000 00000000 00000000
[  115.011404] dfa0: 00000000 e71edfb0 c01010e8 c014b8bc 00000000 00000000 00000000 00000000
[  115.019587] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  115.027770] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[  115.035948] Backtrace:
[  115.038406] [<c09f28c0>] (dsa_switch_event) from [<c014d4f8>] (notifier_call_chain+0x58/0x94)
[  115.046940]  r10:00000000 r9:c09f1dd0 r8:00000000 r7:00000005 r6:e71edd54 r5:00000000
[  115.054771]  r4:ffffffff
[  115.057308] [<c014d4a0>] (notifier_call_chain) from [<c014d658>] (raw_notifier_call_chain+0x28/0x30)
[  115.066447]  r9:c09f1dd0 r8:c09f0740 r7:e71fd800 r6:00000000 r5:c1104c48 r4:c1104c48
[  115.074197] [<c014d630>] (raw_notifier_call_chain) from [<c09efe1c>] (dsa_port_mdb_add+0x58/0x84)
[  115.083078] [<c09efdc4>] (dsa_port_mdb_add) from [<c09f1e2c>] (dsa_slave_port_obj_add+0x5c/0x78)
[  115.091866]  r4:e71ede38
[  115.094403] [<c09f1dd0>] (dsa_slave_port_obj_add) from [<c0b47cc4>] (__switchdev_handle_port_obj_add+0x64/0xe4)
[  115.104499] [<c0b47c60>] (__switchdev_handle_port_obj_add) from [<c0b47d5c>] (switchdev_handle_port_obj_add+0x18/0x24)
[  115.115201]  r10:00000000 r9:00000000 r8:00000000 r7:00000006 r6:e71ede38 r5:00000000
[  115.123032]  r4:ffffffff
[  115.125570] [<c0b47d44>] (switchdev_handle_port_obj_add) from [<c09f1c58>] (dsa_slave_switchdev_blocking_event+0x50/0xb0)
[  115.136535] [<c09f1c08>] (dsa_slave_switchdev_blocking_event) from [<c014d4f8>] (notifier_call_chain+0x58/0x94)
[  115.146632] [<c014d4a0>] (notifier_call_chain) from [<c014dd70>] (blocking_notifier_call_chain+0x54/0x6c)
[  115.156206]  r9:00000000 r8:e6932dd0 r7:e71fd800 r6:e71ede38 r5:c11bc820 r4:00000006
[  115.163956] [<c014dd1c>] (blocking_notifier_call_chain) from [<c0b479ec>] (switchdev_port_obj_notify+0x54/0xb8)
[  115.174049]  r6:00000000 r5:1021bd52 r4:c1104c48
[  115.178670] [<c0b47998>] (switchdev_port_obj_notify) from [<c0b47af4>] (switchdev_port_obj_add_now+0xa4/0x118)
[  115.188675]  r5:e71ede73 r4:c1104c48
[  115.192254] [<c0b47a50>] (switchdev_port_obj_add_now) from [<c0b47b8c>] (switchdev_port_obj_add_deferred+0x24/0x70)
[  115.202698]  r9:c11c50f0 r8:00000000 r7:00000100 r6:e71fd800 r5:e6932dd0 r4:e6932dc0
[  115.210450] [<c0b47b68>] (switchdev_port_obj_add_deferred) from [<c0b477e0>] (switchdev_deferred_process+0x84/0x118)
[  115.220978]  r7:00000100 r6:c12332ac r5:c11bc818 r4:e6932dc0
[  115.226643] [<c0b4775c>] (switchdev_deferred_process) from [<c0b47890>] (switchdev_deferred_process_work+0x1c/0x24)
[  115.237085]  r7:ead92200 r6:ead8f100 r5:e909f380 r4:c11bc83c
[  115.242751] [<c0b47874>] (switchdev_deferred_process_work) from [<c0144dac>] (process_one_work+0x1ac/0x4bc)
[  115.252499] [<c0144c00>] (process_one_work) from [<c0145b8c>] (worker_thread+0x5c/0x580)
[  115.260597]  r10:c1103d00 r9:00000008 r8:ffffe000 r7:ead8f118 r6:e909f394 r5:ead8f100
[  115.268427]  r4:e909f380
[  115.270965] [<c0145b30>] (worker_thread) from [<c014ba18>] (kthread+0x168/0x170)
[  115.278368]  r10:ea13fe74 r9:c0145b30 r8:e909f380 r7:e71ec000 r6:00000000 r5:e910bf00
[  115.286199]  r4:e910bf40
[  115.288737] [<c014b8b0>] (kthread) from [<c01010e8>] (ret_from_fork+0x14/0x2c)
[  115.295961] Exception stack(0xe71edfb0 to 0xe71edff8)
[  115.301014] dfa0:                                     00000000 00000000 00000000 00000000
[  115.309197] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  115.317379] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[  115.323997]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:c014b8b0
[  115.331827]  r4:e910bf00
[  115.334363] Code: bad PC value
[  115.337583] ---[ end trace 3bdbb989816b27f4 ]---

regards Frank

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ