* [Bug] soft lockup in ipv6_list_rcv in Linux kernel v6.15
@ 2025-07-08 7:30 Luka
2025-07-09 7:04 ` Krzysztof Kozlowski
0 siblings, 1 reply; 2+ messages in thread
From: Luka @ 2025-07-08 7:30 UTC (permalink / raw)
To: David S. Miller, David Ahern, Eric Dumazet, Jakub Kicinski,
Paolo Abeni
Cc: Simon Horman, netdev, linux-kernel
Dear Linux Kernel Maintainers,
I hope this message finds you well.
I am writing to report a potential vulnerability I encountered during
testing of the Linux Kernel version v6.15.
Git Commit: 0ff41df1cb268fc69e703a08a57ee14ae967d0ca (tag: v6.15)
Bug Location: net/ipv6/ip6_input.c
Bug report: https://pastebin.com/vw0Vrd2m
Complete log: https://pastebin.com/HsUKHEpJ
Entire kernel config: https://pastebin.com/jQ30sdLk
Root Cause Analysis:
This bug is caused by a logic error in the ipv6_list_rcv() function
within the IPv6 input processing pipeline. During the handling of
multicast packets, specifically in the ip6_mc_input() and subsequent
calls, improper synchronization and premature release of socket
buffers (skb) through kfree_skb() lead to corrupted memory access.
This results in the triggering of a soft lockup condition where the
CPU becomes unresponsive due to prolonged execution in
skb_release_data() without yielding control. The issue is likely
rooted in incorrect reference management or double-free conditions on
shared skb structures under concurrent processing scenarios.
At present, I have not yet obtained a minimal reproducer for this
issue. However, I am actively working on reproducing it, and I will
promptly share any additional findings or a working reproducer as soon
as it becomes available.
Thank you very much for your time and attention to this matter. I
truly appreciate the efforts of the Linux kernel community.
Best regards,
Luka
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Bug] soft lockup in ipv6_list_rcv in Linux kernel v6.15
2025-07-08 7:30 [Bug] soft lockup in ipv6_list_rcv in Linux kernel v6.15 Luka
@ 2025-07-09 7:04 ` Krzysztof Kozlowski
0 siblings, 0 replies; 2+ messages in thread
From: Krzysztof Kozlowski @ 2025-07-09 7:04 UTC (permalink / raw)
To: Luka, David S. Miller, David Ahern, Eric Dumazet, Jakub Kicinski,
Paolo Abeni
Cc: Simon Horman, netdev, linux-kernel
On 08/07/2025 09:30, Luka wrote:
> Dear Linux Kernel Maintainers,
>
> I hope this message finds you well.
>
> I am writing to report a potential vulnerability I encountered during
> testing of the Linux Kernel version v6.15.
>
> Git Commit: 0ff41df1cb268fc69e703a08a57ee14ae967d0ca (tag: v6.15)
The AI generated spam from this account restarted and continues. The
person learnt nothing from previous feedback.
I suggest ignoring completely.
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-07-09 7:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-08 7:30 [Bug] soft lockup in ipv6_list_rcv in Linux kernel v6.15 Luka
2025-07-09 7:04 ` Krzysztof Kozlowski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).