lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20080211100802.9640365b.akpm@linux-foundation.org>
Date:	Mon, 11 Feb 2008 10:08:02 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	netdev@...r.kernel.org
Cc:	bugme-daemon@...zilla.kernel.org, tomas.simonaitis@...il.com
Subject: Re: [Bugme-new] [Bug 9933] New: kernel BUG at
 include/linux/skbuff.h:912

On Mon, 11 Feb 2008 03:46:45 -0800 (PST) bugme-daemon@...zilla.kernel.org wrote:

> http://bugzilla.kernel.org/show_bug.cgi?id=9933
> 
>            Summary: kernel BUG at include/linux/skbuff.h:912
>            Product: Networking
>            Version: 2.5
>      KernelVersion: 2.6.24.2
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: Netfilter/Iptables
>         AssignedTo: networking_netfilter-iptables@...nel-bugs.osdl.org
>         ReportedBy: tomas.simonaitis@...il.com
> 
> 
> Latest working kernel version: 2.6.22.3
> Earliest failing kernel version: 2.6.24.1
> Distribution: Debian etch
> Hardware Environment: x86_64, SMP
> 
> If libnetfilter-queue (v. 0.0.12-1) application calls nfq_set_verdict
> and:
> - protocol is IPv4 (works fine with IPv6)
> - new packet length has been changed
> - packet contains data payload (not affected if tcp header is extended with
> options, but data payload=0)
> 
> SKB_LINEAR_ASSERT is catched.
> 
> 
> ------------[ cut here ]------------
> kernel BUG at include/linux/skbuff.h:912!
> invalid opcode: 0000 [1] SMP
> CPU 4
> Modules linked in: nfnetlink_queue nfnetlink ip6table_mangle xt_NFQUEUE
> iptable_mangle xt_tcpudp nf_conntrack_ipv6 nf_conntrack_ipv4 xt_state
> nf_conntrack iptable_filter ip_tables ip6table_filter ip6_tables x_tables esp4
> ah4 xfrm4_mode_transport deflate zlib_deflate twofish twofish_common camellia
> serpent blowfish des_generic cbc ecb blkcipher aes_x86_64 aes_generic xcbc
> sha256_generic sha1_generic crypto_null af_key dm_crypt dm_snapshot dm_mirror
> dm_mod ipv6 ipmi_si iTCO_wdt container ipmi_msghandler button serio_raw evdev
> pcspkr ide_generic ide_cd cdrom pata_acpi ata_generic ata_piix libata scsi_mod
> usbhid piix generic ide_core ehci_hcd bnx2 uhci_hcd zlib_inflate cciss thermal
> processor fan
> Pid: 3390, comm: tcpmd5 Not tainted 2.6.24.2 #1
> RIP: 0010:[<ffffffff88258b2c>]  [<ffffffff88258b2c>]
> :nfnetlink_queue:nfqnl_recv_verdict+0x179/0x227
> RSP: 0018:ffff81012d219a08  EFLAGS: 00010206
> RAX: 0000000000000100 RBX: 0000000000000000 RCX: 0000000000010001
> RDX: ffff81012e539500 RSI: ffff81012e539638 RDI: ffff81012df7ce18
> RBP: 0000000000000075 R08: ffffffff88250079 R09: ffff81012df7ce18
> R10: 00007fff576df198 R11: ffff81012d9daac0 R12: 0000000000000014
> R13: ffff81012e691e40 R14: 0000000000000001 R15: ffff81012eae3c20
> FS:  00002aab53c7a6d0(0000) GS:ffff81012f8fdb40(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> CR2: 00002aab535e6090 CR3: 000000012e06c000 CR4: 00000000000006e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
> Process tcpmd5 (pid: 3390, threadinfo ffff81012d218000, task ffff81012dafc080)
> Stack:  ffffffff8825000a ffff81012d219a60 ffff81012e524740 ffff81012d219a60
>  ffff81012d219af8 ffffffff88258ff8 ffff81012eae3c00 ffff81012d219ac8
>  ffff81012f9d7a80 ffffffff88255233 ffffffff804e42e8 0000000000000000
> Call Trace:
>  [<ffffffff88255233>] :nfnetlink:nfnetlink_rcv_msg+0x129/0x172
>  [<ffffffff8825512b>] :nfnetlink:nfnetlink_rcv_msg+0x21/0x172
>  [<ffffffff8825510a>] :nfnetlink:nfnetlink_rcv_msg+0x0/0x172
>  [<ffffffff803d23b6>] netlink_rcv_skb+0x34/0x8b
>  [<ffffffff8825501f>] :nfnetlink:nfnetlink_rcv+0x1f/0x2c
>  [<ffffffff803d2156>] netlink_unicast+0x1e0/0x240
>  [<ffffffff803d29eb>] netlink_sendmsg+0x2a2/0x2b5
>  [<ffffffff803ba345>] memcpy_fromiovec+0x36/0x66
>  [<ffffffff803b3790>] sock_sendmsg+0xe2/0xff
>  [<ffffffff80243e10>] autoremove_wake_function+0x0/0x2e
>  [<ffffffff803b3790>] sock_sendmsg+0xe2/0xff
>  [<ffffffff80243e10>] autoremove_wake_function+0x0/0x2e
>  [<ffffffff80312f8d>] xfs_vn_getattr+0x3d/0xfd
>  [<ffffffff803b29c0>] move_addr_to_kernel+0x25/0x36
>  [<ffffffff803b39c1>] sys_sendmsg+0x214/0x287
>  [<ffffffff803b3b5c>] sys_sendto+0x128/0x151
>  [<ffffffff8027bbf5>] do_readv_writev+0x18f/0x1a4
>  [<ffffffff8020be2e>] system_call+0x7e/0x83
> 
> 
> Code: 0f 0b eb fe 44 01 e0 44 01 67 68 3b 87 b8 00 00 00 89 87 b4
> RIP  [<ffffffff88258b2c>] :nfnetlink_queue:nfqnl_recv_verdict+0x179/0x227
>  RSP <ffff81012d219a08>
> ---[ end trace 303d8add98149551 ]---
> 
> I cannot reproduce problem on kernel 2.6.22.3 (both i386 and x86-64) and
> 2.6.24.2 if arch is i386.
> 
> tcpmd5 application http://tcpmd5.googlecode.com/files/tcpmd5_0.0.3.tar.gz
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ