lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 10 Aug 2012 16:29:10 -0400
From:	Dave Jones <davej@...hat.com>
To:	netdev@...r.kernel.org
Cc:	Fedora Kernel Team <kernel-team@...oraproject.org>
Subject: Re: WARNING: at net/ipv4/tcp.c:1598 tcp_recvmsg+0x641/0xd30()

On Mon, Aug 06, 2012 at 11:46:16AM -0400, Dave Jones wrote:
 > We just got an automated report of this WARN being hit in 3.5
 > 
 >  > backtrace:
 >  > :WARNING: at net/ipv4/tcp.c:1598 tcp_recvmsg+0x641/0xd30()
 >  > :Hardware name: P5Q DELUXE
 >  > :recvmsg bug: copied 99F66400 seq 99F6A4A8 rcvnxt 99F6CDAD fl 0
 >  > : [<ffffffff811848e6>] do_sync_read+0xe6/0x120
 >  > : [<ffffffff81275eea>] ? inode_has_perm.isra.31.constprop.61+0x2a/0x30
 >  > : [<ffffffff81272f32>] ? security_file_permission+0x92/0xb0
 >  > : [<ffffffff81184d81>] ? rw_verify_area+0x61/0xf0
 >  > : [<ffffffff811852cd>] vfs_read+0x15d/0x180
 >  > : [<ffffffff8118533a>] sys_read+0x4a/0x90
 >  > : [<ffffffff8160fc29>] system_call_fastpath+0x16/0x1b
 > 
 > 1594                         /* Now that we have two receive queues this
 > 1595                          * shouldn't happen.
 > 1596                          */
 > 1597                         if (WARN(before(*seq, TCP_SKB_CB(skb)->seq),
 > 1598                                  "recvmsg bug: copied %X seq %X rcvnxt %X fl %X\n",
 > 1599                                  *seq, TCP_SKB_CB(skb)->seq, tp->rcv_nxt,
 > 1600                                  flags))
 > 1601                                 break;
 > 
 > 
 > Hopefully this means more to you guys than it does to me.

We're getting more reports of this happening too.

This guy managed to hit both of the recvmsg BUG's.

https://bugzilla.redhat.com/show_bug.cgi?id=846996
https://bugzilla.redhat.com/show_bug.cgi?id=846991

The first reporter claimed to be doing nothing special, just browsing with google chrome.

Anyone ?

	Dave

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ