lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ac03a9ba41e130123cd680be6df9f30be95d0f98.camel@nvidia.com>
Date: Mon, 18 Mar 2024 09:41:46 +0000
From: Jianbo Liu <jianbol@...dia.com>
To: "fw@...len.de" <fw@...len.de>, "pablo@...filter.org"
	<pablo@...filter.org>, "netfilter-devel@...r.kernel.org"
	<netfilter-devel@...r.kernel.org>
CC: "davem@...emloft.net" <davem@...emloft.net>, "netdev@...r.kernel.org"
	<netdev@...r.kernel.org>
Subject: [BUG] kernel warning from br_nf_local_in+0x157/0x180

Hi Florian and Pablo,

We hit the following warning from br_nf_local_in+0x157/0x180.

[   57.571874] WARNING: CPU: 1 PID: 0 at
net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180
[br_netfilter]
[   57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink
nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter
rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm
ib_iser libiscsi scsi_transport_isc
si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core
mlx5ctl mlx5_core
[   57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19
[   57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
[   57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter]
[   57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff
ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb
91 <0f> 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1
[   57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202
[   57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX:
0000000000000000
[   57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI:
0000000000000000
[   57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09:
0000000000000003
[   57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12:
0000000000000000
[   57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15:
ffff88814519b800
[   57.582313] FS:  0000000000000000(0000) GS:ffff88885f840000(0000)
knlGS:0000000000000000
[   57.583040] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4:
0000000000370eb0
[   57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[   57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[   57.585440] Call Trace:
[   57.585721]  <IRQ>
[   57.585976]  ? __warn+0x7d/0x130
[   57.586323]  ? br_nf_local_in+0x157/0x180 [br_netfilter]
[   57.586811]  ? report_bug+0xf1/0x1c0
[   57.587177]  ? handle_bug+0x3f/0x70
[   57.587539]  ? exc_invalid_op+0x13/0x60
[   57.587929]  ? asm_exc_invalid_op+0x16/0x20
[   57.588336]  ? br_nf_local_in+0x157/0x180 [br_netfilter]
[   57.588825]  nf_hook_slow+0x3d/0xd0
[   57.589188]  ? br_handle_vlan+0x4b/0x110
[   57.589579]  br_pass_frame_up+0xfc/0x150
[   57.589970]  ? br_port_flags_change+0x40/0x40
[   57.590396]  br_handle_frame_finish+0x346/0x5e0
[   57.590837]  ? ipt_do_table+0x32e/0x430
[   57.591221]  ? br_handle_local_finish+0x20/0x20
[   57.591656]  br_nf_hook_thresh+0x4b/0xf0 [br_netfilter]
[   57.592286]  ? br_handle_local_finish+0x20/0x20
[   57.592802]  br_nf_pre_routing_finish+0x178/0x480 [br_netfilter]
[   57.593348]  ? br_handle_local_finish+0x20/0x20
[   57.593782]  ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat]
[   57.594279]  br_nf_pre_routing+0x24c/0x550 [br_netfilter]
[   57.594780]  ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter]
[   57.595280]  br_handle_frame+0x1f3/0x3d0
[   57.595676]  ? br_handle_local_finish+0x20/0x20
[   57.596118]  ? br_handle_frame_finish+0x5e0/0x5e0
[   57.596566]  __netif_receive_skb_core+0x25b/0xfc0
[   57.597017]  ? __napi_build_skb+0x37/0x40
[   57.597418]  __netif_receive_skb_list_core+0xfb/0x220
[   57.597887]  netif_receive_skb_list_internal+0x1c0/0x2d0
[   57.598376]  ? mlx5e_handle_rx_cqe_mpwrq+0x10f/0x1f0 [mlx5_core]
[   57.598969]  napi_complete_done+0x101/0x180
[   57.599383]  mlx5e_napi_poll+0x1a2/0x6c0 [mlx5_core]
[   57.599894]  __napi_poll+0x23/0x1b0
[   57.600257]  net_rx_action+0x256/0x2b0
[   57.600641]  __do_softirq+0xc1/0x297
[   57.601014]  irq_exit_rcu+0x6a/0x90
[   57.601377]  common_interrupt+0x5d/0xa0
[   57.601765]  </IRQ>
[   57.602028]  <TASK>
[   57.602287]  asm_common_interrupt+0x22/0x40
[   57.602701] RIP: 0010:default_idle+0x13/0x20
[   57.603125] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff
ff ff cc cc cc cc 8b 05 7a bf f0 00 85 c0 7e 07 0f 00 2d cf 50 2c 00 fb
f4 <fa> c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 80 b5 02 00
[   57.604718] RSP: 0018:ffff888101873ee0 EFLAGS: 00000242
[   57.605202] RAX: 0000000000000001 RBX: 0000000000000001 RCX:
4000000000000000
[   57.605826] RDX: 0000000000000000 RSI: 0000000000000083 RDI:
000000000002ea4c
[   57.606451] RBP: ffffffff82434ae0 R08: 0000000000000001 R09:
0000000000000000
[   57.607079] R10: 0000000000000075 R11: 0000000000000000 R12:
0000000000000000
[   57.607704] R13: 0000000000000000 R14: 0000000000000000 R15:
0000000000000000
[   57.608337]  default_idle_call+0x30/0xb0
[   57.608730]  do_idle+0x177/0x1e0
[   57.609072]  ? swake_up_locked.part.48+0x1a/0x40
[   57.609517]  cpu_startup_entry+0x26/0x30
[   57.609909]  start_secondary+0x107/0x130
[   57.610302]  secondary_startup_64_no_verify+0x15d/0x16b
[   57.610787]  </TASK>

It is from the commit: "netfilter: bridge: confirm multicast packets
before passing them up the stack"
https://lore.kernel.org/netdev/20240229000135.8780-3-pablo@netfilter.org/
And the issue can be easliy reproduced on two B2B machines with the
following configs.

On hostA:
BR=tst1
NIC1=enp8s0f0
NIC2=enp8s0f1
ip link add $BR type bridge
iptables -A FORWARD -i $BR -j ACCEPT
ip link set $NIC1 master $BR
ip link set $NIC2 master $BR
bridge vlan add dev $NIC1 vid 2 pvid untagged
bridge vlan add dev $NIC2 vid 2
ip link set $BR type bridge vlan_filtering 1
ip link set $NIC1 up
ip link set $NIC2 up
ip link set $BR up
 
On hostB:
ns1=ns1
ns2=ns2
NIC1=enp8s0f0
NIC2=enp8s0f1
ip netns add $ns1 2>/dev/null
ip netns add $ns2 2>/dev/null
ip link set dev $NIC1 netns $ns1
ip -net ${ns1} addr add 1.1.1.1/24 dev $NIC1
ip -net ${ns1} link set dev $NIC1 up
ip link set dev $NIC2 netns $ns2
ip -net ${ns2} link add link $NIC2 name $NIC2.2 type vlan id 2
ip -net ${ns2} addr add 1.1.1.2/24 dev $NIC2.2
ip -net ${ns2} link set dev $NIC2 up
ip -net ${ns2} link set dev $NIC2.2 up
 
Then run tcpdump on brigde interface (tst1) on hostA.
The warning appears immediately after ping on hostB: ip netns exec ns1
ping 1.1.1.2 -c 1

Thanks!
Jianbo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ