lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 15 Oct 2019 20:31:49 -0400
From:   Rajendra Dendukuri <rajen83@...il.com>
To:     netdev@...r.kernel.org
Subject: Crash in in __skb_unlink during net_rx_action

Observed below kernel oops on "Linux version 4.9.0-9-2-amd64" from Debian 9.

This was observed when bridge vlan netdevs were getting deleted while
packets were being received. I observed this only once, but wanted to
put it out there for the record. Below is the decoded call path. It
appears to be in the elementary pkt handling function. I searched for
upstream commits for any patches around this code but could not find
anything. Any thoughts on what it might be about while I try to figure
out the test case to simulate the panic condition again.

process_backlog()  ---- __skb_dequeue()  --- __skb_unlink()  --
next->prev = prev; (Panic)


[12106.283243] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000008
[12106.292014] IP: [<ffffffff9ab1265c>] process_backlog+0x7c/0x130
[12106.298643] PGD 0 [12106.300691]
[12106.302356] Oops: 0002 1 SMP
<SNIP>
[12106.456408] task: ffff8a0aad1ed140 task.stack: ffff950741980000
[12106.463027] RIP: 0010:[<ffffffff9ab1265c>] [<ffffffff9ab1265c>]
process_backlog+0x7c/0x130
<SNIP>
[12106.584667] Call Trace:
[12106.587403] [<ffffffff9ab11df6>] ? net_rx_action+0x246/0x380
[12106.593827] [<ffffffff9ac1e81d>] ? __do_softirq+0x10d/0x2b0
[12106.600152] [<ffffffff9a69d560>] ? sort_range+0x20/0x20
[12106.606090] [<ffffffff9a67ff5e>] ? run_ksoftirqd+0x1e/0x40
[12106.612318] [<ffffffff9a69d66e>] ? smpboot_thread_fn+0x10e/0x160
[12106.619130] [<ffffffff9a699dd9>] ? kthread+0xd9/0xf0
[12106.624776] [<ffffffff9a699d00>] ? kthread_park+0x60/0x60
[12106.630908] [<ffffffff9ac1aeb7>] ? ret_from_fork+0x57/0x70

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ