Bug 5306

Summary: Oops on IPv6 route lookup
Product: Networking Reporter: Joris van Rantwijk (jvrantwijk)
Component: IPV6Assignee: Herbert Xu (herbert)
Status: RESOLVED CODE_FIX    
Severity: normal    
Priority: P2    
Hardware: i386   
OS: Linux   
Kernel Version: 2.6.14-rc2 Subsystem:
Regression: --- Bisected commit-id:
Attachments: ksymoops output

Description Joris van Rantwijk 2005-09-24 07:35:23 UTC 
Most recent kernel where this bug did not occur: unknown, 2.6.13 also has it
Distribution: Debian 3.1
Hardware Environment: Athlon64 (32-bit mode)

Problem Description:
I can reliably cause a kernel oops by using the "ip" command to lookup an
unroutable IPv6 address. The oops does not occur if I just ping6 the unroutable
address, only when I try to look it up through netlink with the "ip" command.

Steps to reproduce:
1. Boot Linux, do NOT setup any IPv6 routes
2. ip route get 2001::1 (or any unroutable address)

Further info:
I will attach the oops.
The NULL-pointer dereference occurs in the function ipv6_get_saddr in
net/ipv6/addrconf.c. It tries to follow dev->rt6i_idev->dev while dev is
non-NULL but dev->rt6i_idev is NULL.
Comment 1 Joris van Rantwijk 2005-09-24 07:36:31 UTC 
Created attachment 6126 [details]
ksymoops output
Comment 2 Herbert Xu 2006-02-04 01:07:14 UTC 
Fixed by c62dba9011b93fd88fde929848582b2a98309878.