From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45B99C43387 for ; Thu, 17 Jan 2019 17:34:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0D1C620855 for ; Thu, 17 Jan 2019 17:34:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=networkplumber-org.20150623.gappssmtp.com header.i=@networkplumber-org.20150623.gappssmtp.com header.b="mIGRaqcc" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728570AbfAQReR (ORCPT ); Thu, 17 Jan 2019 12:34:17 -0500 Received: from mail-pf1-f195.google.com ([209.85.210.195]:37746 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727226AbfAQReQ (ORCPT ); Thu, 17 Jan 2019 12:34:16 -0500 Received: by mail-pf1-f195.google.com with SMTP id y126so5158696pfb.4 for ; Thu, 17 Jan 2019 09:34:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:subject:message-id:mime-version :content-transfer-encoding; bh=IKx7Ly/JM92CzltNL2HJiOS/NBcoKLZF+0RLLyCjyuo=; b=mIGRaqccXMHpttHfxqxdNBjnj4o23AFCcdXXFExT5Xmkt1GWy7zb0raFAKrw8f+/ig XNatg2EDtsUavgU48PBEFJRp1YnaFKtdsRDiJQxf73o++oee9auI0kchUmHeEjywtwix 9Zd9iQ5uLdP4/4l3lf3KCjesfOPJOiwDsZ4EhLIwkvbqQCiIbffnyw4QUJpeav9BH1Hz ADep52vPh4THn9qZ5k/LZCMcBNHfoKdcJrj3JZ0FRPukE6ZmlIlKH8m61BL6hczFJP4N Gt3n251BV8m9Ji6IOtgqr0D6z6mO3ZwWuNk3L/5PEEhaQsF9NrVbZZ1lUx4Jm7JNVkHi tW7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-transfer-encoding; bh=IKx7Ly/JM92CzltNL2HJiOS/NBcoKLZF+0RLLyCjyuo=; b=spRnG6g5Wm2oFbGHs1dREJ2vCdbv8e+MhYG+9TJWD+LKH3kPmyKfSArIjTsogjc+NT f6Ohrau6hX+K3tYrMUVXmDwwwtb4Ftdpk9Qo3t4lOu4qE846HOjJS4Fsmu/5/7NAa47/ k+scmw+Efb4HwM4dQf0Gk2iJ8MUog7EegjPfuL14+X/6/KLj5aZ6EpOSCBY/Hvi9HZwd ncy2pUfk8tY+OUfDK5sBHiR5nnvFob9MnQ/lLNNywS8VQVadUmsIowpiMoB8IONh/0FP eqOD/yOqnSMOAhB1CRHwhiG/du2pvwjX5OUnWJ4LDrKxjL5nF+2jNJatr/5/pGFar6xF 8Lkw== X-Gm-Message-State: AJcUukfDoiFu3xEqn0loUCHcW6Vcne17yAQKvpE7nJfy/stU84jFm/FZ aWf+HhAGCcz2g+rPEH6Iq43QVyA+9q0= X-Google-Smtp-Source: ALg8bN7s/9Kvz4+nLM2rpd7WYjFTckILTgke7E64Zoi86deMC/4a1TYz+SOH6Y/CIo1j0EV2WWDG8g== X-Received: by 2002:a62:13c3:: with SMTP id 64mr15819620pft.93.1547746455146; Thu, 17 Jan 2019 09:34:15 -0800 (PST) Received: from hermes.lan (204-195-22-127.wavecable.com. [204.195.22.127]) by smtp.gmail.com with ESMTPSA id b2sm4208480pfm.3.2019.01.17.09.34.14 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 17 Jan 2019 09:34:15 -0800 (PST) Date: Thu, 17 Jan 2019 09:34:13 -0800 From: Stephen Hemminger To: netdev@vger.kernel.org Subject: Fw: [Bug 202309] New: Possible regression kernel null ptr deref in receive path Message-ID: <20190117093413.579b95eb@hermes.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Begin forwarded message: Date: Thu, 17 Jan 2019 00:43:53 +0000 From: bugzilla-daemon@bugzilla.kernel.org To: stephen@networkplumber.org Subject: [Bug 202309] New: Possible regression kernel null ptr deref in receive path https://bugzilla.kernel.org/show_bug.cgi?id=202309 Bug ID: 202309 Summary: Possible regression kernel null ptr deref in receive path Product: Networking Version: 2.5 Kernel Version: 4.14.92 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: IPV4 Assignee: stephen@networkplumber.org Reporter: vishnu.rangayyan@gmail.com Regression: No I don't see this with 4.14.52 or 4.14.74 LTS built out of kernel.org. I see it on 4.14.92. Not sure of the exact traffic or packets that triggers this. There are no custom net namespaces created on this system. [ 9460.729925] BUG: unable to handle kernel NULL pointer dereference at (null) [ 9460.823645] IP: tcp_v4_rcv+0x315/0x9c0 [ 9460.868466] PGD 8000001fe4ace067 P4D 8000001fe4ace067 PUD 1fe4acf067 PMD 0 [ 9460.951773] Oops: 0000 [#1] SMP PTI [ 9460.993474] Modules linked in: 8021q garp stp llc nf_log_ipv4 nf_log_common xt_LOG xt_limit xt_multiport iptable_filter ip_tables xt_comment ip6table_filter ip6_tables iTCO_wdt iTCO_vendor_support ipmi_devintf ipmi_si ipmi_msghandler ixgbe dca ptp pps_core hwmon mdio i2c_i801 i2c_core sg lpc_ich mfd_core wmi pcc_cpufreq tcp_bbr isci libsas scsi_transport_sas sd_mod dm_mirror dm_region_hash dm_log dm_mod dax ahci libahci [ 9461.438712] CPU: 3 PID: 7933 Comm: nginx Not tainted 4.14.92 #1 [ 9461.618840] task: ffff889fe1b5dac0 task.stack: ffffc9002494c000 [ 9461.689670] RIP: 0010:tcp_v4_rcv+0x315/0x9c0 [ 9461.740730] RSP: 0000:ffff889fffac3c18 EFLAGS: 00010246 [ 9461.803235] RAX: 0000000000000000 RBX: ffff889feacd6f00 RCX: 00000000d73392bf [ 9461.888624] RDX: ffff889fd9e2e8ce RSI: ffffffff82676e40 RDI: 00000000000000d4 [ 9461.974009] RBP: ffffffff820883c0 R08: 0000000000022b40 R09: ffffffff8153fa79 [ 9462.059394] R10: ffff88bff5077200 R11: ffff889ff50707e0 R12: ffff889fd9e2e8ce [ 9462.144779] R13: ffff889fd9e2e8f6 R14: 0000000000000004 R15: 0000000000000000 [ 9462.230166] FS: 00007f86baafa740(0000) GS:ffff889fffac0000(0000) knlGS:0000000000000000 [ 9462.326990] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9462.395737] CR2: 0000000000000000 CR3: 0000001fe8764002 CR4: 00000000001606e0 [ 9462.481122] Call Trace: [ 9462.510347] [ 9462.534378] ip_local_deliver_finish+0x58/0x1e0 [ 9462.588562] ip_local_deliver+0x56/0xc0 [ 9462.634427] ? ip_rcv_finish+0x3a0/0x3a0 [ 9462.681331] ip_rcv+0x267/0x330 [ 9462.718873] ? packet_rcv+0x3c/0x420 [ 9462.761620] ? __build_skb+0x20/0xe0 [ 9462.804363] __netif_receive_skb_core+0x416/0xad0 [ 9462.860631] ? ip_rcv+0x267/0x330 [ 9462.900254] ? netif_receive_skb_internal+0x1f/0xa0 [ 9462.958601] netif_receive_skb_internal+0x1f/0xa0 [ 9463.014865] napi_gro_receive+0x6a/0x80 [ 9463.060735] ixgbe_clean_rx_irq+0x3db/0xc10 [ixgbe] [ 9463.119078] ixgbe_poll+0x25a/0x740 [ixgbe] [ 9463.169101] net_rx_action+0x128/0x320 [ 9463.213924] __do_softirq+0xcb/0x20a [ 9463.256669] irq_exit+0xe4/0xf0 [ 9463.294215] do_IRQ+0x84/0xd0 [ 9463.329680] common_interrupt+0x84/0x84 [ 9463.375541] [ 9463.400606] RIP: 0033:0x62db1c [ 9463.437107] RSP: 002b:00007fff6ae59000 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff46 [ 9463.527693] RAX: 26dbccaa2510e7d4 RBX: b3b6246dbf7e995d RCX: 0000000001820140 [ 9463.613079] RDX: be939e9af863f331 RSI: 0000000004206e40 RDI: daa9470e74920648 [ 9463.698467] RBP: dfa7d50834d1f8a9 R08: de0967ebf339c627 R09: 0000000000000010 [ 9463.783851] R10: 8507145f04d8176d R11: 5993ffac119f960e R12: 0000000004206ac0 [ 9463.869238] R13: d44af7942e55384f R14: 000000000000000c R15: 0000000000000010 [ 9463.954622] Code: 03 93 d0 00 00 00 48 83 e0 fe 74 0c 44 8b b0 ac 00 00 00 45 85 f6 75 07 44 8b b3 a0 00 00 00 41 0f b6 7d 0c 48 c7 c6 40 6e 67 82 <48> 8b 00 44 8b 42 10 41 0f b7 4d 00 40 c0 ef 04 8b 52 0c 40 88 [ 9464.180416] RIP: tcp_v4_rcv+0x315/0x9c0 RSP: ffff889fffac3c18 [ 9464.249155] CR2: 0000000000000000 (gdb) list *(tcp_v4_rcv+0x315) 0xffffffff81563375 is in tcp_v4_rcv (./include/net/net_namespace.h:281). 276 } 277 278 static inline struct net *read_pnet(const possible_net_t *pnet) 279 { 280 #ifdef CONFIG_NET_NS 281 return pnet->net; 282 #else 283 return &init_net; 284 #endif 285 } -- You are receiving this mail because: You are the assignee for the bug.