From: Stephen Hemminger <stephen@networkplumber.org>
To: netdev@vger.kernel.org
Subject: Fw: [Bug 202309] New: Possible regression kernel null ptr deref in receive path
Date: Thu, 17 Jan 2019 09:34:13 -0800 [thread overview]
Message-ID: <20190117093413.579b95eb@hermes.lan> (raw)
Begin forwarded message:
Date: Thu, 17 Jan 2019 00:43:53 +0000
From: bugzilla-daemon@bugzilla.kernel.org
To: stephen@networkplumber.org
Subject: [Bug 202309] New: Possible regression kernel null ptr deref in receive path
https://bugzilla.kernel.org/show_bug.cgi?id=202309
Bug ID: 202309
Summary: Possible regression kernel null ptr deref in receive
path
Product: Networking
Version: 2.5
Kernel Version: 4.14.92
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: IPV4
Assignee: stephen@networkplumber.org
Reporter: vishnu.rangayyan@gmail.com
Regression: No
I don't see this with 4.14.52 or 4.14.74 LTS built out of kernel.org. I see it
on 4.14.92.
Not sure of the exact traffic or packets that triggers this. There are no
custom net namespaces created on this system.
[ 9460.729925] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 9460.823645] IP: tcp_v4_rcv+0x315/0x9c0
[ 9460.868466] PGD 8000001fe4ace067 P4D 8000001fe4ace067 PUD 1fe4acf067 PMD 0
[ 9460.951773] Oops: 0000 [#1] SMP PTI
[ 9460.993474] Modules linked in: 8021q garp stp llc nf_log_ipv4 nf_log_common
xt_LOG xt_limit xt_multiport iptable_filter ip_tables xt_comment
ip6table_filter ip6_tables iTCO_wdt iTCO_vendor_support ipmi_devintf ipmi_si
ipmi_msghandler ixgbe dca ptp pps_core hwmon mdio i2c_i801 i2c_core sg lpc_ich
mfd_core wmi pcc_cpufreq tcp_bbr isci libsas scsi_transport_sas sd_mod
dm_mirror dm_region_hash dm_log dm_mod dax ahci libahci
[ 9461.438712] CPU: 3 PID: 7933 Comm: nginx Not tainted 4.14.92 #1
[ 9461.618840] task: ffff889fe1b5dac0 task.stack: ffffc9002494c000
[ 9461.689670] RIP: 0010:tcp_v4_rcv+0x315/0x9c0
[ 9461.740730] RSP: 0000:ffff889fffac3c18 EFLAGS: 00010246
[ 9461.803235] RAX: 0000000000000000 RBX: ffff889feacd6f00 RCX:
00000000d73392bf
[ 9461.888624] RDX: ffff889fd9e2e8ce RSI: ffffffff82676e40 RDI:
00000000000000d4
[ 9461.974009] RBP: ffffffff820883c0 R08: 0000000000022b40 R09:
ffffffff8153fa79
[ 9462.059394] R10: ffff88bff5077200 R11: ffff889ff50707e0 R12:
ffff889fd9e2e8ce
[ 9462.144779] R13: ffff889fd9e2e8f6 R14: 0000000000000004 R15:
0000000000000000
[ 9462.230166] FS: 00007f86baafa740(0000) GS:ffff889fffac0000(0000)
knlGS:0000000000000000
[ 9462.326990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9462.395737] CR2: 0000000000000000 CR3: 0000001fe8764002 CR4:
00000000001606e0
[ 9462.481122] Call Trace:
[ 9462.510347] <IRQ>
[ 9462.534378] ip_local_deliver_finish+0x58/0x1e0
[ 9462.588562] ip_local_deliver+0x56/0xc0
[ 9462.634427] ? ip_rcv_finish+0x3a0/0x3a0
[ 9462.681331] ip_rcv+0x267/0x330
[ 9462.718873] ? packet_rcv+0x3c/0x420
[ 9462.761620] ? __build_skb+0x20/0xe0
[ 9462.804363] __netif_receive_skb_core+0x416/0xad0
[ 9462.860631] ? ip_rcv+0x267/0x330
[ 9462.900254] ? netif_receive_skb_internal+0x1f/0xa0
[ 9462.958601] netif_receive_skb_internal+0x1f/0xa0
[ 9463.014865] napi_gro_receive+0x6a/0x80
[ 9463.060735] ixgbe_clean_rx_irq+0x3db/0xc10 [ixgbe]
[ 9463.119078] ixgbe_poll+0x25a/0x740 [ixgbe]
[ 9463.169101] net_rx_action+0x128/0x320
[ 9463.213924] __do_softirq+0xcb/0x20a
[ 9463.256669] irq_exit+0xe4/0xf0
[ 9463.294215] do_IRQ+0x84/0xd0
[ 9463.329680] common_interrupt+0x84/0x84
[ 9463.375541] </IRQ>
[ 9463.400606] RIP: 0033:0x62db1c
[ 9463.437107] RSP: 002b:00007fff6ae59000 EFLAGS: 00000286 ORIG_RAX:
ffffffffffffff46
[ 9463.527693] RAX: 26dbccaa2510e7d4 RBX: b3b6246dbf7e995d RCX:
0000000001820140
[ 9463.613079] RDX: be939e9af863f331 RSI: 0000000004206e40 RDI:
daa9470e74920648
[ 9463.698467] RBP: dfa7d50834d1f8a9 R08: de0967ebf339c627 R09:
0000000000000010
[ 9463.783851] R10: 8507145f04d8176d R11: 5993ffac119f960e R12:
0000000004206ac0
[ 9463.869238] R13: d44af7942e55384f R14: 000000000000000c R15:
0000000000000010
[ 9463.954622] Code: 03 93 d0 00 00 00 48 83 e0 fe 74 0c 44 8b b0 ac 00 00 00
45 85 f6 75 07 44 8b b3 a0 00 00 00 41 0f b6 7d 0c 48 c7 c6 40 6e 67 82 <48> 8b
00 44 8b 42 10 41 0f b7 4d 00 40 c0 ef 04 8b 52 0c 40 88
[ 9464.180416] RIP: tcp_v4_rcv+0x315/0x9c0 RSP: ffff889fffac3c18
[ 9464.249155] CR2: 0000000000000000
(gdb) list *(tcp_v4_rcv+0x315)
0xffffffff81563375 is in tcp_v4_rcv (./include/net/net_namespace.h:281).
276 }
277
278 static inline struct net *read_pnet(const possible_net_t *pnet)
279 {
280 #ifdef CONFIG_NET_NS
281 return pnet->net;
282 #else
283 return &init_net;
284 #endif
285 }
--
You are receiving this mail because:
You are the assignee for the bug.
reply other threads:[~2019-01-17 17:34 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190117093413.579b95eb@hermes.lan \
--to=stephen@networkplumber.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.