lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CA+G9fYt1pTgZriRB9tj==3dPqtvMXVtKKDnd4qh00aMW2H-now@mail.gmail.com>
Date:   Mon, 17 Jun 2019 18:37:35 +0530
From:   Naresh Kamboju <naresh.kamboju@...aro.org>
To:     Netdev <netdev@...r.kernel.org>, bpf@...r.kernel.org,
        Linux-Next Mailing List <linux-next@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>
Cc:     Daniel Borkmann <daniel@...earbox.net>,
        Stanislav Fomichev <sdf@...gle.com>,
        Yonghong Song <yhs@...com>, alan.maguire@...cle.com,
        alexei.starovoitov@...il.com, edumazet@...gle.com,
        john.fastabend@...il.com, kuznet@....inr.ac.ru,
        yoshfuji@...ux-ipv6.org, ast@...nel.org, kafai@...com,
        Song Liu <songliubraving@...com>
Subject: BUG: kernel NULL pointer dereference, address: 00000000

While running selftest bpf: test_sockmap the kernel BUG found on i386 and arm
kernel running on Linux version 5.2.0-rc5-next-20190617

steps to reproduce,
 cd /opt/kselftests/default-in-kernel/bpf
 ./test_sockmap

[   33.666964] BUG: kernel NULL pointer dereference, address: 00000000
[   33.673246] #PF: supervisor read access in kernel mode
[   33.678392] #PF: error_code(0x0000) - not-present page
[   33.683539] *pde = 00000000
[   33.686435] Oops: 0000 [#1] SMP
[   33.689593] CPU: 1 PID: 619 Comm: test_sockmap Not tainted
5.2.0-rc5-next-20190617 #1
[   33.697431] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS
2.0b 07/27/2017
[   33.704914] EIP: memcpy+0x1d/0x30
[   33.708240] Code: 59 58 eb 85 90 90 90 90 90 90 90 90 90 3e 8d 74
26 00 55 89 e5 57 56 89 c7 53 89 d6 89 cb c1 e9 02 f3 a5 89 d9 83 e1
03 74 02 <f3> a4 5b 5e 5f 5d c3 8d b6 00 00 00 00 8d bf 00 00 00 00 3e
8d 74
[   33.726985] EAX: f1faf000 EBX: 00000001 ECX: 00000001 EDX: 00000000
[   33.733249] ESI: 00000000 EDI: f1faf000 EBP: f2e6d99c ESP: f2e6d990
[   33.739505] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010202
[   33.746283] CR0: 80050033 CR2: 00000000 CR3: 31fae000 CR4: 003406d0
[   33.752542] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   33.758807] DR6: fffe0ff0 DR7: 00000400
[   33.762638] Call Trace:
[   33.765084]  bpf_msg_push_data+0x635/0x660
[   33.769183]  ? _raw_spin_unlock_irqrestore+0x2f/0x50
[   33.774150]  ? lockdep_hardirqs_on+0xec/0x1a0
[   33.778512]  ___bpf_prog_run+0xa0d/0x15a0
[   33.782523]  ? __lock_acquire+0x1fe/0x1ec0
[   33.786621]  __bpf_prog_run32+0x4b/0x70
[   33.790462]  ? sk_psock_msg_verdict+0x5/0x290
[   33.794819]  sk_psock_msg_verdict+0xad/0x290
[   33.799091]  ? sk_psock_msg_verdict+0xad/0x290
[   33.803537]  ? lockdep_hardirqs_on+0xec/0x1a0
[   33.807887]  ? __local_bh_enable_ip+0x78/0xf0
[   33.812238]  tcp_bpf_send_verdict+0x29c/0x3b0
[   33.816590]  tcp_bpf_sendpage+0x233/0x3d0
[   33.820603]  ? __lock_acquire+0x1fe/0x1ec0
[   33.824703]  ? __lock_acquire+0x1fe/0x1ec0
[   33.828801]  ? find_held_lock+0x27/0xa0
[   33.832640]  ? lock_release+0x92/0x290
[   33.836392]  ? find_get_entry+0x136/0x300
[   33.840397]  ? touch_atime+0x34/0xd0
[   33.843978]  ? copy_page_to_iter+0x245/0x400
[   33.848248]  ? lockdep_hardirqs_on+0xec/0x1a0
[   33.852600]  ? tcp_bpf_send_verdict+0x3b0/0x3b0
[   33.857132]  inet_sendpage+0x53/0x1f0
[   33.860789]  ? inet_recvmsg+0x1e0/0x1e0
[   33.864620]  ? kernel_sendpage+0x40/0x40
[   33.868536]  kernel_sendpage+0x1e/0x40
[   33.872282]  sock_sendpage+0x24/0x30
[   33.875861]  pipe_to_sendpage+0x59/0xa0
[   33.879692]  ? direct_splice_actor+0x40/0x40
[   33.883962]  __splice_from_pipe+0xde/0x1c0
[   33.888055]  ? direct_splice_actor+0x40/0x40
[   33.892342]  ? direct_splice_actor+0x40/0x40
[   33.896635]  splice_from_pipe+0x59/0x80
[   33.900466]  ? splice_from_pipe+0x80/0x80
[   33.904469]  ? generic_splice_sendpage+0x20/0x20
[   33.909080]  generic_splice_sendpage+0x18/0x20
[   33.913516]  ? direct_splice_actor+0x40/0x40
[   33.917782]  direct_splice_actor+0x2d/0x40
[   33.921880]  splice_direct_to_actor+0x127/0x240
[   33.926403]  ? generic_pipe_buf_nosteal+0x10/0x10
[   33.931105]  do_splice_direct+0x7e/0xc0
[   33.934944]  do_sendfile+0x20d/0x3e0
[   33.938522]  sys_sendfile+0xac/0xd0
[   33.942015]  do_fast_syscall_32+0x8e/0x320
[   33.946114]  entry_SYSENTER_32+0x70/0xc8
[   33.950039] EIP: 0xb7fa67a1
[   33.952830] Code: 8b 98 60 cd ff ff 85 d2 89 c8 74 02 89 0a 5b 5d
c3 8b 04 24 c3 8b 14 24 c3 8b 1c 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f
34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90
8d 76
[   33.971567] EAX: ffffffda EBX: 00000018 ECX: 0000001c EDX: 00000000
[   33.977823] ESI: 00000001 EDI: 00000018 EBP: 00000001 ESP: bfcaa6d4
[   33.984083] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000206
[   33.990869] Modules linked in: x86_pkg_temp_thermal fuse
[   33.996181] CR2: 0000000000000000
[   33.999500] ---[ end trace 0ef7a1496c65bde8 ]---

- Naresh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ