Bug 5306 - Oops on IPv6 route lookup
Summary: Oops on IPv6 route lookup
Status: RESOLVED CODE_FIX
Alias: None
Product: Networking
Classification: Unclassified
Component: IPV6 (show other bugs)
Hardware: i386 Linux
: P2 normal
Assignee: Herbert Xu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-09-24 07:35 UTC by Joris van Rantwijk
Modified: 2006-02-04 01:07 UTC (History)
0 users

See Also:
Kernel Version: 2.6.14-rc2
Subsystem:
Regression: ---
Bisected commit-id:

Attachments
ksymoops output (6.73 KB, text/plain)
2005-09-24 07:36 UTC, Joris van Rantwijk 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Joris van Rantwijk 2005-09-24 07:35:23 UTC 
Most recent kernel where this bug did not occur: unknown, 2.6.13 also has it
Distribution: Debian 3.1
Hardware Environment: Athlon64 (32-bit mode)

Problem Description:
I can reliably cause a kernel oops by using the "ip" command to lookup an
unroutable IPv6 address. The oops does not occur if I just ping6 the unroutable
address, only when I try to look it up through netlink with the "ip" command.

Steps to reproduce:
1. Boot Linux, do NOT setup any IPv6 routes
2. ip route get 2001::1 (or any unroutable address)

Further info:
I will attach the oops.
The NULL-pointer dereference occurs in the function ipv6_get_saddr in
net/ipv6/addrconf.c. It tries to follow dev->rt6i_idev->dev while dev is
non-NULL but dev->rt6i_idev is NULL.
Comment 1 Joris van Rantwijk 2005-09-24 07:36:31 UTC 
Created attachment 6126 [details]
ksymoops output
Comment 2 Herbert Xu 2006-02-04 01:07:14 UTC 
Fixed by c62dba9011b93fd88fde929848582b2a98309878.
Note You need to log in before you can comment on or make changes to this bug.