[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20190117093413.579b95eb@hermes.lan>
Date: Thu, 17 Jan 2019 09:34:13 -0800
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Subject: Fw: [Bug 202309] New: Possible regression kernel null ptr deref in
receive path
Begin forwarded message:
Date: Thu, 17 Jan 2019 00:43:53 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: stephen@...workplumber.org
Subject: [Bug 202309] New: Possible regression kernel null ptr deref in receive path
https://bugzilla.kernel.org/show_bug.cgi?id=202309
Bug ID: 202309
Summary: Possible regression kernel null ptr deref in receive
path
Product: Networking
Version: 2.5
Kernel Version: 4.14.92
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: IPV4
Assignee: stephen@...workplumber.org
Reporter: vishnu.rangayyan@...il.com
Regression: No
I don't see this with 4.14.52 or 4.14.74 LTS built out of kernel.org. I see it
on 4.14.92.
Not sure of the exact traffic or packets that triggers this. There are no
custom net namespaces created on this system.
[ 9460.729925] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 9460.823645] IP: tcp_v4_rcv+0x315/0x9c0
[ 9460.868466] PGD 8000001fe4ace067 P4D 8000001fe4ace067 PUD 1fe4acf067 PMD 0
[ 9460.951773] Oops: 0000 [#1] SMP PTI
[ 9460.993474] Modules linked in: 8021q garp stp llc nf_log_ipv4 nf_log_common
xt_LOG xt_limit xt_multiport iptable_filter ip_tables xt_comment
ip6table_filter ip6_tables iTCO_wdt iTCO_vendor_support ipmi_devintf ipmi_si
ipmi_msghandler ixgbe dca ptp pps_core hwmon mdio i2c_i801 i2c_core sg lpc_ich
mfd_core wmi pcc_cpufreq tcp_bbr isci libsas scsi_transport_sas sd_mod
dm_mirror dm_region_hash dm_log dm_mod dax ahci libahci
[ 9461.438712] CPU: 3 PID: 7933 Comm: nginx Not tainted 4.14.92 #1
[ 9461.618840] task: ffff889fe1b5dac0 task.stack: ffffc9002494c000
[ 9461.689670] RIP: 0010:tcp_v4_rcv+0x315/0x9c0
[ 9461.740730] RSP: 0000:ffff889fffac3c18 EFLAGS: 00010246
[ 9461.803235] RAX: 0000000000000000 RBX: ffff889feacd6f00 RCX:
00000000d73392bf
[ 9461.888624] RDX: ffff889fd9e2e8ce RSI: ffffffff82676e40 RDI:
00000000000000d4
[ 9461.974009] RBP: ffffffff820883c0 R08: 0000000000022b40 R09:
ffffffff8153fa79
[ 9462.059394] R10: ffff88bff5077200 R11: ffff889ff50707e0 R12:
ffff889fd9e2e8ce
[ 9462.144779] R13: ffff889fd9e2e8f6 R14: 0000000000000004 R15:
0000000000000000
[ 9462.230166] FS: 00007f86baafa740(0000) GS:ffff889fffac0000(0000)
knlGS:0000000000000000
[ 9462.326990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9462.395737] CR2: 0000000000000000 CR3: 0000001fe8764002 CR4:
00000000001606e0
[ 9462.481122] Call Trace:
[ 9462.510347] <IRQ>
[ 9462.534378] ip_local_deliver_finish+0x58/0x1e0
[ 9462.588562] ip_local_deliver+0x56/0xc0
[ 9462.634427] ? ip_rcv_finish+0x3a0/0x3a0
[ 9462.681331] ip_rcv+0x267/0x330
[ 9462.718873] ? packet_rcv+0x3c/0x420
[ 9462.761620] ? __build_skb+0x20/0xe0
[ 9462.804363] __netif_receive_skb_core+0x416/0xad0
[ 9462.860631] ? ip_rcv+0x267/0x330
[ 9462.900254] ? netif_receive_skb_internal+0x1f/0xa0
[ 9462.958601] netif_receive_skb_internal+0x1f/0xa0
[ 9463.014865] napi_gro_receive+0x6a/0x80
[ 9463.060735] ixgbe_clean_rx_irq+0x3db/0xc10 [ixgbe]
[ 9463.119078] ixgbe_poll+0x25a/0x740 [ixgbe]
[ 9463.169101] net_rx_action+0x128/0x320
[ 9463.213924] __do_softirq+0xcb/0x20a
[ 9463.256669] irq_exit+0xe4/0xf0
[ 9463.294215] do_IRQ+0x84/0xd0
[ 9463.329680] common_interrupt+0x84/0x84
[ 9463.375541] </IRQ>
[ 9463.400606] RIP: 0033:0x62db1c
[ 9463.437107] RSP: 002b:00007fff6ae59000 EFLAGS: 00000286 ORIG_RAX:
ffffffffffffff46
[ 9463.527693] RAX: 26dbccaa2510e7d4 RBX: b3b6246dbf7e995d RCX:
0000000001820140
[ 9463.613079] RDX: be939e9af863f331 RSI: 0000000004206e40 RDI:
daa9470e74920648
[ 9463.698467] RBP: dfa7d50834d1f8a9 R08: de0967ebf339c627 R09:
0000000000000010
[ 9463.783851] R10: 8507145f04d8176d R11: 5993ffac119f960e R12:
0000000004206ac0
[ 9463.869238] R13: d44af7942e55384f R14: 000000000000000c R15:
0000000000000010
[ 9463.954622] Code: 03 93 d0 00 00 00 48 83 e0 fe 74 0c 44 8b b0 ac 00 00 00
45 85 f6 75 07 44 8b b3 a0 00 00 00 41 0f b6 7d 0c 48 c7 c6 40 6e 67 82 <48> 8b
00 44 8b 42 10 41 0f b7 4d 00 40 c0 ef 04 8b 52 0c 40 88
[ 9464.180416] RIP: tcp_v4_rcv+0x315/0x9c0 RSP: ffff889fffac3c18
[ 9464.249155] CR2: 0000000000000000
(gdb) list *(tcp_v4_rcv+0x315)
0xffffffff81563375 is in tcp_v4_rcv (./include/net/net_namespace.h:281).
276 }
277
278 static inline struct net *read_pnet(const possible_net_t *pnet)
279 {
280 #ifdef CONFIG_NET_NS
281 return pnet->net;
282 #else
283 return &init_net;
284 #endif
285 }
--
You are receiving this mail because:
You are the assignee for the bug.
Powered by blists - more mailing lists