lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 30 May 2020 15:46:08 +0800
From:   Lu Fengqi <lufq.fnst@...fujitsu.com>
To:     <bpf@...r.kernel.org>
CC:     <netdev@...r.kernel.org>, <ast@...nel.org>
Subject: BUG: kernel NULL pointer dereference in __cgroup_bpf_run_filter_skb

Hello,

I encountered a reproducible NULL pointer dereference using the mainline
kernel v5.7-rc7-44-g75caf310d16c(which also happened multiple times on
5.6.14). The machine is installed with archlinux, used as a kubernetes
v1.18.3 node, and uses calico v3.13.2 as a cni plugin. I use kdump/crash
to see the value of the bpf_prog pointer in cgroup.bpf is 0x0 or 0x800.

I am not sure whether this is caused by kernel bpf or calico? If you need
me to provide more information, please let me know. Any suggestions are
very helpful.

Attachments:
kernel_config is the config used to compile the kernel
__cgroup_bpf_run_filter_skb is the result of "dis -l __cgroup_bpf_run_filter_skb"
log. * is dmesg
bt_FF. * is the stack frames when NULL Pointer dereference occurs
cgroup.bpf. * is the bpf member of the cgroup structure in the __cgroup_bpf_run_filter_skb function
bpf. * is the currently loaded bpf programs

-- 
Thanks,
Lu



View attachment "kernel_config" of type "text/plain" (248822 bytes)

View attachment "__cgroup_bpf_run_filter_skb" of type "text/plain" (5162 bytes)

View attachment "log.2020-05-30-03:56:57" of type "text/plain" (122705 bytes)

View attachment "bt_FF.2020-05-30-03:56:57" of type "text/plain" (19980 bytes)

View attachment "cgroup.bpf.2020-05-30-03:56:57" of type "text/plain" (3443 bytes)

View attachment "bpf.2020-05-30-03:56:57" of type "text/plain" (37742 bytes)

View attachment "log.2020-05-30-06:59:58" of type "text/plain" (123814 bytes)

View attachment "bt_FF.2020-05-30-06:59:58" of type "text/plain" (19720 bytes)

View attachment "cgroup.bpf.2020-05-30-06:59:58" of type "text/plain" (2175 bytes)

View attachment "bpf.2020-05-30-06:59:58" of type "text/plain" (37745 bytes)

Powered by blists - more mailing lists