On Fri, 4 May 2001, Maciej 'Agaran' Pijanka wrote:
> On Fri, 4 May 2001, Pekka Savola wrote:
>
> > On Fri, 4 May 2001, Maciej 'Agaran' Pijanka wrote:
> > > im trying to use on one box 2.4.4 and i it crashes very often
> > > i mean i need try to ssh to box, then ifdown eth0;ifup eth0
> > > to get crash.
> > > anybody found similar problems?
> >
> > Works for me (though in all honesty, running 2.4.3+patches which should
> > equal 2.4.4).
> >
> > These were most probably caused by fixes in ifdown ; ifup behaviour;
> > before, autoconfiguration would fail after ifup as the host didn't rejoin
> > the multicast group.
> >
> > > Arch: i486, Eisa,Scsi,3c59x,no PCI,no IDE,no IPv4 exept lo
> > > and crash is around same place (reproductable)
> > > and sometimes if i dont try to ssh, and play with up/down iface
> > > it crashes too (just need to wait some time)
> > > and again around ndisc/v6/tcp6 (according to start of trace)
> >
> > Supplying a full decoded trace + .config, and the way you got it might
> > help.
> ok, just one if need more i have some other oops'es (bit different trace call)
> processed via ksymoops (on second box..copied ksyms,modules)
The problem appears to be:
in ndisc_solicit:
struct in6_addr *saddr = NULL;
[...]
if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev))
saddr = &skb->nh.ipv6h->saddr;
[...]
ndisc_send_ns(dev, neigh, target, target, saddr);
[...]
This check apparently fails? and saddr is left null.
in ndisc_send_ns, NULL saddr is checked:
send_llinfo = dev->addr_len && ipv6_addr_type(saddr) != IPV6_ADDR_ANY;
which make a null ptr dereference. send_llinfo check was added recently
to fix RFC incompliancy a week or so ago.
Now I can preproduce this. ping6 target_host_ipv6 will crash the system
in a matter of seconds. ssh -6 target_host_ipv6 works too. Etc.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
|