lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAN1eFqgvpM36Wvr6HtXrmb4HnxVZMZXacLwasj4-hj2KNFoe9A@mail.gmail.com>
Date:   Fri, 18 Oct 2019 13:54:13 -0400
From:   Rajendra Dendukuri <rajen83@...il.com>
To:     netdev@...r.kernel.org
Subject: Re: Crash in in __skb_unlink during net_rx_action

I find that below patch  was not applied 4.9.y. Can this be a possible
fix for the crash that is observed here.

net: properly flush delay-freed skbs
f52dffe049ee11ecc02588a118fbe4092672fbaa

On Tue, Oct 15, 2019 at 8:31 PM Rajendra Dendukuri <rajen83@...il.com> wrote:
>
> Observed below kernel oops on "Linux version 4.9.0-9-2-amd64" from Debian 9.
>
> This was observed when bridge vlan netdevs were getting deleted while
> packets were being received. I observed this only once, but wanted to
> put it out there for the record. Below is the decoded call path. It
> appears to be in the elementary pkt handling function. I searched for
> upstream commits for any patches around this code but could not find
> anything. Any thoughts on what it might be about while I try to figure
> out the test case to simulate the panic condition again.
>
> process_backlog()  ---- __skb_dequeue()  --- __skb_unlink()  --
> next->prev = prev; (Panic)
>
>
> [12106.283243] BUG: unable to handle kernel NULL pointer dereference
> at 0000000000000008
> [12106.292014] IP: [<ffffffff9ab1265c>] process_backlog+0x7c/0x130
> [12106.298643] PGD 0 [12106.300691]
> [12106.302356] Oops: 0002 1 SMP
> <SNIP>
> [12106.456408] task: ffff8a0aad1ed140 task.stack: ffff950741980000
> [12106.463027] RIP: 0010:[<ffffffff9ab1265c>] [<ffffffff9ab1265c>]
> process_backlog+0x7c/0x130
> <SNIP>
> [12106.584667] Call Trace:
> [12106.587403] [<ffffffff9ab11df6>] ? net_rx_action+0x246/0x380
> [12106.593827] [<ffffffff9ac1e81d>] ? __do_softirq+0x10d/0x2b0
> [12106.600152] [<ffffffff9a69d560>] ? sort_range+0x20/0x20
> [12106.606090] [<ffffffff9a67ff5e>] ? run_ksoftirqd+0x1e/0x40
> [12106.612318] [<ffffffff9a69d66e>] ? smpboot_thread_fn+0x10e/0x160
> [12106.619130] [<ffffffff9a699dd9>] ? kthread+0xd9/0xf0
> [12106.624776] [<ffffffff9a699d00>] ? kthread_park+0x60/0x60
> [12106.630908] [<ffffffff9ac1aeb7>] ? ret_from_fork+0x57/0x70

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ