netdev
[Top] [All Lists]

Re: 2.4.4 & IPv6 oopses

To: "Maciej 'Agaran' Pijanka" <agaran@xxxxxxxxxxxxxxx>
Subject: Re: 2.4.4 & IPv6 oopses
From: Pekka Savola <pekkas@xxxxxxxxxx>
Date: Fri, 4 May 2001 17:43:56 +0300 (EEST)
Cc: NetDevel List <netdev@xxxxxxxxxxx>, <kuznet@xxxxxxxxxxxxx>
In-reply-to: <Pine.LNX.4.21.0105041357150.17065-100000@xxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-netdev@xxxxxxxxxxx
On Fri, 4 May 2001, Maciej 'Agaran' Pijanka wrote:
> On Fri, 4 May 2001, Pekka Savola wrote:
>
> > On Fri, 4 May 2001, Maciej 'Agaran' Pijanka wrote:
> > > im trying to use on one box 2.4.4 and i it crashes very often
> > > i mean i need try to ssh to box, then ifdown eth0;ifup eth0
> > > to get crash.
> > > anybody found similar problems?
> >
> > Works for me (though in all honesty, running 2.4.3+patches which should
> > equal 2.4.4).
> >
> > These were most probably caused by fixes in ifdown ; ifup behaviour;
> > before, autoconfiguration would fail after ifup as the host didn't rejoin
> > the multicast group.
> >
> > > Arch: i486, Eisa,Scsi,3c59x,no PCI,no IDE,no IPv4 exept lo
> > > and crash is around same place (reproductable)
> > > and sometimes if i dont try to ssh, and play with up/down iface
> > > it crashes too (just need to wait some time)
> > > and again around ndisc/v6/tcp6 (according to start of trace)
> >
> > Supplying a full decoded trace + .config, and the way you got it might
> > help.
> ok, just one if need more i have some other oops'es (bit different trace call)
> processed via ksymoops (on second box..copied ksyms,modules)

The problem appears to be:

in ndisc_solicit:

struct in6_addr *saddr = NULL;
[...]
        if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev))
                saddr = &skb->nh.ipv6h->saddr;
[...]
        ndisc_send_ns(dev, neigh, target, target, saddr);
[...]
This check apparently fails? and saddr is left null.

in ndisc_send_ns, NULL saddr is checked:

send_llinfo = dev->addr_len && ipv6_addr_type(saddr) != IPV6_ADDR_ANY;

which make a null ptr dereference.  send_llinfo check was added recently
to fix RFC incompliancy a week or so ago.

Now I can preproduce this.  ping6 target_host_ipv6 will crash the system
in a matter of seconds.  ssh -6 target_host_ipv6 works too.  Etc.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords




<Prev in Thread] Current Thread [Next in Thread>