Fw: [Bug 202309] New: Possible regression kernel null ptr deref in receive path

All of lore.kernel.org
 help / color / mirror / Atom feed

* Fw: [Bug 202309] New: Possible regression kernel null ptr deref in receive path
@ 2019-01-17 17:34 Stephen Hemminger
  0 siblings, 0 replies; only message in thread
From: Stephen Hemminger @ 2019-01-17 17:34 UTC (permalink / raw)
  To: netdev



Begin forwarded message:

Date: Thu, 17 Jan 2019 00:43:53 +0000
From: bugzilla-daemon@bugzilla.kernel.org
To: stephen@networkplumber.org
Subject: [Bug 202309] New: Possible regression kernel null ptr deref in receive path


https://bugzilla.kernel.org/show_bug.cgi?id=202309

            Bug ID: 202309
           Summary: Possible regression kernel null ptr deref in receive
                    path
           Product: Networking
           Version: 2.5
    Kernel Version: 4.14.92
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: IPV4
          Assignee: stephen@networkplumber.org
          Reporter: vishnu.rangayyan@gmail.com
        Regression: No

I don't see this with 4.14.52 or 4.14.74 LTS built out of kernel.org. I see it
on 4.14.92.
Not sure of the exact traffic or packets that triggers this. There are no
custom net namespaces created on this system.

[ 9460.729925] BUG: unable to handle kernel NULL pointer dereference at        
  (null)
[ 9460.823645] IP: tcp_v4_rcv+0x315/0x9c0
[ 9460.868466] PGD 8000001fe4ace067 P4D 8000001fe4ace067 PUD 1fe4acf067 PMD 0 
[ 9460.951773] Oops: 0000 [#1] SMP PTI
[ 9460.993474] Modules linked in: 8021q garp stp llc nf_log_ipv4 nf_log_common
xt_LOG xt_limit xt_multiport iptable_filter ip_tables xt_comment
ip6table_filter ip6_tables iTCO_wdt iTCO_vendor_support ipmi_devintf ipmi_si
ipmi_msghandler ixgbe dca ptp pps_core hwmon mdio i2c_i801 i2c_core sg lpc_ich
mfd_core wmi pcc_cpufreq tcp_bbr isci libsas scsi_transport_sas sd_mod
dm_mirror dm_region_hash dm_log dm_mod dax ahci libahci
[ 9461.438712] CPU: 3 PID: 7933 Comm: nginx Not tainted 4.14.92 #1
[ 9461.618840] task: ffff889fe1b5dac0 task.stack: ffffc9002494c000
[ 9461.689670] RIP: 0010:tcp_v4_rcv+0x315/0x9c0
[ 9461.740730] RSP: 0000:ffff889fffac3c18 EFLAGS: 00010246
[ 9461.803235] RAX: 0000000000000000 RBX: ffff889feacd6f00 RCX:
00000000d73392bf
[ 9461.888624] RDX: ffff889fd9e2e8ce RSI: ffffffff82676e40 RDI:
00000000000000d4
[ 9461.974009] RBP: ffffffff820883c0 R08: 0000000000022b40 R09:
ffffffff8153fa79
[ 9462.059394] R10: ffff88bff5077200 R11: ffff889ff50707e0 R12:
ffff889fd9e2e8ce
[ 9462.144779] R13: ffff889fd9e2e8f6 R14: 0000000000000004 R15:
0000000000000000
[ 9462.230166] FS:  00007f86baafa740(0000) GS:ffff889fffac0000(0000)
knlGS:0000000000000000
[ 9462.326990] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 9462.395737] CR2: 0000000000000000 CR3: 0000001fe8764002 CR4:
00000000001606e0
[ 9462.481122] Call Trace:
[ 9462.510347]  <IRQ>
[ 9462.534378]  ip_local_deliver_finish+0x58/0x1e0
[ 9462.588562]  ip_local_deliver+0x56/0xc0
[ 9462.634427]  ? ip_rcv_finish+0x3a0/0x3a0
[ 9462.681331]  ip_rcv+0x267/0x330
[ 9462.718873]  ? packet_rcv+0x3c/0x420
[ 9462.761620]  ? __build_skb+0x20/0xe0
[ 9462.804363]  __netif_receive_skb_core+0x416/0xad0
[ 9462.860631]  ? ip_rcv+0x267/0x330
[ 9462.900254]  ? netif_receive_skb_internal+0x1f/0xa0
[ 9462.958601]  netif_receive_skb_internal+0x1f/0xa0
[ 9463.014865]  napi_gro_receive+0x6a/0x80
[ 9463.060735]  ixgbe_clean_rx_irq+0x3db/0xc10 [ixgbe]
[ 9463.119078]  ixgbe_poll+0x25a/0x740 [ixgbe]
[ 9463.169101]  net_rx_action+0x128/0x320
[ 9463.213924]  __do_softirq+0xcb/0x20a
[ 9463.256669]  irq_exit+0xe4/0xf0
[ 9463.294215]  do_IRQ+0x84/0xd0
[ 9463.329680]  common_interrupt+0x84/0x84
[ 9463.375541]  </IRQ>
[ 9463.400606] RIP: 0033:0x62db1c
[ 9463.437107] RSP: 002b:00007fff6ae59000 EFLAGS: 00000286 ORIG_RAX:
ffffffffffffff46
[ 9463.527693] RAX: 26dbccaa2510e7d4 RBX: b3b6246dbf7e995d RCX:
0000000001820140
[ 9463.613079] RDX: be939e9af863f331 RSI: 0000000004206e40 RDI:
daa9470e74920648
[ 9463.698467] RBP: dfa7d50834d1f8a9 R08: de0967ebf339c627 R09:
0000000000000010
[ 9463.783851] R10: 8507145f04d8176d R11: 5993ffac119f960e R12:
0000000004206ac0
[ 9463.869238] R13: d44af7942e55384f R14: 000000000000000c R15:
0000000000000010
[ 9463.954622] Code: 03 93 d0 00 00 00 48 83 e0 fe 74 0c 44 8b b0 ac 00 00 00
45 85 f6 75 07 44 8b b3 a0 00 00 00 41 0f b6 7d 0c 48 c7 c6 40 6e 67 82 <48> 8b
00 44 8b 42 10 41 0f b7 4d 00 40 c0 ef 04 8b 52 0c 40 88 
[ 9464.180416] RIP: tcp_v4_rcv+0x315/0x9c0 RSP: ffff889fffac3c18
[ 9464.249155] CR2: 0000000000000000

(gdb) list *(tcp_v4_rcv+0x315)
0xffffffff81563375 is in tcp_v4_rcv (./include/net/net_namespace.h:281).
276     }
277     
278     static inline struct net *read_pnet(const possible_net_t *pnet)
279     {
280     #ifdef CONFIG_NET_NS
281             return pnet->net;
282     #else
283             return &init_net;
284     #endif
285     }

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-01-17 17:34 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-17 17:34 Fw: [Bug 202309] New: Possible regression kernel null ptr deref in receive path Stephen Hemminger

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.