[Kernel-packages] [Bug 1981658] Re: BUG: kernel NULL pointer dereference, address: 0000000000000008
The changelog on ubuntuupdates is cut short. See https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1082.89 instead. The fix is mentioned there (tcp: make sure treq->af_specific is initialized) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-hwe-5.4 in Ubuntu. https://bugs.launchpad.net/bugs/1981658 Title: BUG: kernel NULL pointer dereference, address: 0008 Status in linux package in Ubuntu: Confirmed Status in linux-hwe-5.4 package in Ubuntu: Confirmed Status in linux source package in Bionic: Confirmed Status in linux-hwe-5.4 source package in Bionic: Confirmed Bug description: Hi, On one of the main US Ubuntu Archive servers (banjo), we decided to reboot into a HWE kernel. The latest being 5.4.0-122 but on doing so, ran into this kernel panic: | [ 350.776585] BUG: kernel NULL pointer dereference, address: 0008 | [ 350.783674] #PF: supervisor read access in kernel mode | [ 350.788846] #PF: error_code(0x) - not-present page | [ 350.794019] PGD 0 P4D 0 | [ 350.796631] Oops: [#1] SMP NOPTI | [ 350.800425] CPU: 8 PID: 0 Comm: swapper/8 Not tainted 5.4.0-122-generic #138~18.04.1-Ubuntu | [ 350.808918] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 02/10/2022 | [ 350.817666] RIP: 0010:tcp_create_openreq_child+0x2e1/0x3e0 | [ 350.823187] Code: 08 00 00 41 8b 84 24 18 01 00 00 48 c7 83 80 08 00 00 00 00 00 00 4c 89 e6 4c 89 ef 89 83 c4 05 00 00 49 8b 84 24 f8 00 00 00 <48> 8b 40 08 e8 96 28 42 00 48 85 c0 0f b7 83 68 05 00 00 74 0a 83 | [ 350.842068] RSP: 0018:9a958cce8858 EFLAGS: 00010246 | [ 350.847324] RAX: RBX: 897618739c80 RCX: 0007 | [ 350.854502] RDX: 0020 RSI: 897607afb0b0 RDI: 897605c85580 | [ 350.861682] RBP: 9a958cce8878 R08: 0178 R09: 89763e407800 | [ 350.868859] R10: 04c4 R11: 9a958cce89c7 R12: 897607afb0b0 | [ 350.876039] R13: 897605c85580 R14: 8976205fbe00 R15: 89762688b400 | [ 350.883219] FS: () GS:89763ec0() knlGS: | [ 350.891358] CS: 0010 DS: ES: CR0: 80050033 | [ 350.897138] CR2: 0008 CR3: 001fd7914000 CR4: 00340ee0 | [ 350.904319] Call Trace: | [ 350.906787] | [ 350.908824] tcp_v6_syn_recv_sock+0x8d/0x710 | [ 350.913259] ? ip6_route_output_flags_noref+0xd0/0x110 | [ 350.918435] tcp_get_cookie_sock+0x48/0x140 | [ 350.922688] cookie_v6_check+0x5a2/0x700 | [ 350.926714] tcp_v6_do_rcv+0x36c/0x3e0 | [ 350.930589] ? tcp_v6_do_rcv+0x36c/0x3e0 | [ 350.934589] tcp_v6_rcv+0xa16/0xa60 | [ 350.938102] ip6_protocol_deliver_rcu+0xd8/0x4d0 | [ 350.942750] ip6_input+0x41/0xb0 | [ 350.946000] ip6_sublist_rcv_finish+0x42/0x60 | [ 350.950385] ip6_sublist_rcv+0x235/0x260 | [ 350.954333] ? __netif_receive_skb_core+0x19d/0xc60 | [ 350.959245] ipv6_list_rcv+0x110/0x140 | [ 350.963018] __netif_receive_skb_list_core+0x157/0x260 | [ 350.968192] ? build_skb+0x17/0x80 | [ 350.971615] netif_receive_skb_list_internal+0x187/0x2a0 | [ 350.976961] gro_normal_list.part.131+0x1e/0x40 | [ 350.981519] napi_complete_done+0x94/0x120 | [ 350.985700] mlx5e_napi_poll+0x178/0x630 [mlx5_core] | [ 350.990697] net_rx_action+0x140/0x3e0 | [ 350.994475] __do_softirq+0xe4/0x2da | [ 350.998079] irq_exit+0xae/0xb0 | [ 351.001239] do_IRQ+0x59/0xe0 | [ 351.004228] common_interrupt+0xf/0xf | [ 351.007913] | [ 351.010029] RIP: 0010:cpuidle_enter_state+0xbc/0x440 | [ 351.015023] Code: ff e8 b8 ca 80 ff 80 7d d3 00 74 17 9c 58 0f 1f 44 00 00 f6 c4 02 0f 85 54 03 00 00 31 ff e8 4b 4f 87 ff fb 66 0f 1f 44 00 00 <45> 85 ed 0f 88 1a 03 00 00 4c 2b 7d c8 48 ba cf f7 53 e3 a5 9b c4 | [ 351.033952] RSP: 0018:9a958026fe48 EFLAGS: 0246 ORIG_RAX: ffd6 | [ 351.041633] RAX: 89763ec2fe00 RBX: 84b66b40 RCX: 001f | [ 351.048816] RDX: 0051abe96150 RSI: 2abf3234 RDI: | [ 351.055997] RBP: 9a958026fe88 R08: 0002 R09: 0002f680 | [ 351.063176] R10: 9a958026fe18 R11: 0115 R12: 8976274c3800 | [ 351.070355] R13: 0001 R14: 84b66bb8 R15: 0051abe96150 | [ 351.077540] ? cpuidle_enter_state+0x98/0x440 | [ 351.081930] ? menu_select+0x377/0x600 | [ 351.085706] cpuidle_enter+0x2e/0x40 | [ 351.089310] call_cpuidle+0x23/0x40 | [ 351.092821] do_idle+0x1f6/0x270 | [ 351.096069] cpu_startup_entry+0x1d/0x20 | [ 351.100024] start_secondary+0x166/0x1c0 | [ 351.103977] secondary_startup_64+0xa4/0xb0 | [ 351.108186] Modules linked in: binfmt_misc bonding nls_iso8859_1 ipmi_ssif edac_mce_amd kvm_amd kvm hpilo ccp ipmi_si ipmi_devintf ipmi_msghandler acpi_tad k10temp
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
Tested with kernel 4.4.0-123.147. Issue is fixed there. ** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Invalid Status in linux source package in Xenial: Fix Committed Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [ 62.881570] [] kprobe_perf_func+0x37/0x250 [ 62.977365] [] ? finish_task_switch+0x76/0x230 [ 62.981405] [] ? __raw_callee_save___pv_queued_spin_unlock+0x11/0x20 [
[Kernel-packages] [Bug 1763454] Re: bpf_map_lookup_elem: BUG: unable to handle kernel paging request
(I used my team account cloudstackers-7 before, now with my own one) The bounds check may not be necessary, because replace_map_fd_with_map_ptr is called before do_check and the relevant check is already in replace_map_fd_with_map_ptr. But it's not obvious, so at least a comment in do_check may be a good idea. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763454 Title: bpf_map_lookup_elem: BUG: unable to handle kernel paging request Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: SRU Justification Impact: Some unfortunate timing between the fix for CVE-2017-17862 being backported and some updates from upstream stable resulted in us not having some hunks from the CVE patch. This is causing oopses (see below). Fix: Add in the missing hunks from the CVE patch. Test case: See test results in comment #4. Regression potential: This just updates the code to match the upstream patch, which has been upstream for months, so regression potential should be low. --- Hey, we are currently debugging an issue with Scope [1] where the initialization of the used tcptracer-bpf [2] leads to a kernel oops at the first call of `bpf_map_lookup_elem`. The OS is Ubuntu Xenial with kernel version `Ubuntu 4.4.0-119.143-generic 4.4.114`. `4.4.0-116.140` does not show the problem. Example: ``` [ 58.763045] BUG: unable to handle kernel paging request at 3c0c41a8 [ 58.846450] IP: [] bpf_map_lookup_elem+0x6/0x20 [ 58.909436] PGD 80003be04067 PUD 3bea1067 PMD 0 [ 58.914876] Oops: [#1] SMP [ 58.915581] Modules linked in: ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables xt_conntrack x_tables nf_nat nf_conntrack br_netfilter bridge stp llc overlay vboxsf isofs ppdev crct10dif_pclmul crc32_pclmul ghash_clmulni_intel vboxguest input_leds serio_raw parport_pc parport video ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mptspi aesni_intel scsi_transport_spi mptscsih aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd mptbase psmouse e1000 [ 59.678145] CPU: 1 PID: 1810 Comm: scope Not tainted 4.4.0-119-generic #143-Ubuntu [ 59.790501] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 59.846405] task: 88003ae23800 ti: 880022c84000 task.ti: 880022c84000 [ 60.000524] RIP: 0010:[] [] bpf_map_lookup_elem+0x6/0x20 [ 60.178029] RSP: 0018:880022c87960 EFLAGS: 00010082 [ 60.257957] RAX: 8117cd70 RBX: c922f090 RCX: [ 60.350704] RDX: RSI: 880022c87ba8 RDI: 3c0c4180 [ 60.449182] RBP: 880022c87be8 R08: R09: 0800 [ 60.547638] R10: 88003ae23800 R11: 88003ca12e10 R12: [ 60.570757] R13: 88003c601200 R14: 88003fd10020 R15: 880022c87d10 [ 60.678811] FS: 7f95ba372700() GS:88003fd0() knlGS: [ 60.778636] CS: 0010 DS: ES: CR0: 80050033 [ 60.866380] CR2: 3c0c41a8 CR3: 3aeae000 CR4: 00060670 [ 60.963736] DR0: DR1: DR2: [ 61.069195] DR3: DR6: fffe0ff0 DR7: 0400 [ 61.187006] Stack: [ 61.189256] 880022c87be8 81177411 0001 [ 61.253133] 3c0c4180 880022c87ba8 [ 61.345334] 880022c87d10 0001 [ 61.459069] Call Trace: [ 61.505273] [] ? __bpf_prog_run+0x7a1/0x1360 [ 61.625511] [] ? update_curr+0x79/0x170 [ 61.741423] [] ? update_cfs_shares+0xbc/0x100 [ 61.837892] [] ? __schedule+0x30d/0x7f0 [ 61.941349] [] ? __schedule+0x301/0x7f0 [ 62.073874] [] ? __schedule+0x30d/0x7f0 [ 62.185260] [] ? __schedule+0x301/0x7f0 [ 62.186239] [] ? __schedule+0x30d/0x7f0 [ 62.305193] [] ? __schedule+0x301/0x7f0 [ 62.399854] [] ? __schedule+0x30d/0x7f0 [ 62.406219] [] ? __schedule+0x301/0x7f0 [ 62.407994] [] ? __schedule+0x30d/0x7f0 [ 62.410491] [] ? __schedule+0x301/0x7f0 [ 62.431220] [] ? __schedule+0x30d/0x7f0 [ 62.497078] [] ? __schedule+0x30d/0x7f0 [ 62.559245] [] ? __schedule+0x301/0x7f0 [ 62.661493] [] ? __schedule+0x30d/0x7f0 [ 62.712927] [] ? __schedule+0x301/0x7f0 [ 62.799216] [] trace_call_bpf+0x37/0x50 [
