From: Chris Boot <bootc@bootc.net>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: lkml <linux-kernel@vger.kernel.org>, netdev <netdev@vger.kernel.org>
Subject: Re: BUG: unable to handle kernel NULL pointer dereference in ipv6_select_ident
Date: Wed, 21 Dec 2011 21:58:36 +0000 [thread overview]
Message-ID: <4EF2568C.6040006@bootc.net> (raw)
In-Reply-To: <1324500775.2621.9.camel@edumazet-laptop>
On 21/12/2011 20:52, Eric Dumazet wrote:
> Le mercredi 21 décembre 2011 à 21:28 +0100, Eric Dumazet a écrit :
>> Le mercredi 21 décembre 2011 à 20:05 +0000, Chris Boot a écrit :
>>> On 21/12/2011 18:00, Eric Dumazet wrote:
>>>> Le mercredi 21 décembre 2011 à 18:36 +0100, Eric Dumazet a écrit :
>>>>
>>>>> Good point, thats a different problem then, since 3.1 is not supposed to
>>>>> have this bug.
>>>>>
>>>>> It seems rt->rt6i_peer points to invalid memory in your crash.
>>>>>
>>>>> (RBX=00000000000001f4)
>>>>>
>>>>> 8b 83 a4 00 00 00 mov 0xa4(%rbx),%eax p->refcnt
>>>>> 1f4+a4 -> CR2=0000000000000298
>>>>>
>>>> It would help if you can confirm latest linux tree can reproduce the
>>>> bug.
>>> Hi Eric,
>>>
>>> I just built a v3.2-rc6-140-gb9e26df with the same config as the Debian
>>> 3.1.0 kernel. I can reproduce the bug just as easily with this kernel as
>>> with the Debian kernel. Unfortunately I wasn't able to get an entire
>>> trace, for some reason it didn't appear to be printed to the serial port
>>> and hung after the (long) list of loaded kernel modules. The crash
>>> happens at the same offset:
>>>
>> Thanks !
>>
>> Oh well, br_netfilter fake_rtable strikes again.
>>
>> I'll cook a patch in a couple of minutes...
>>
> Could you try following patch ?
>
> [snip]
Eric,
It looks good! The rsync that caused the crash real quick hasn't done it
at all with the patch applied. I'll keep testing it of course, but I
think that's done it.
Many thanks indeed!
Chris
--
Chris Boot
bootc@bootc.net
next prev parent reply other threads:[~2011-12-21 21:58 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4EF200BB.7000209@bootc.net>
2011-12-21 16:29 ` BUG: unable to handle kernel NULL pointer dereference in ipv6_select_ident Eric Dumazet
2011-12-21 17:03 ` Chris Boot
2011-12-21 17:36 ` Eric Dumazet
2011-12-21 18:00 ` Eric Dumazet
2011-12-21 20:05 ` Chris Boot
2011-12-21 20:28 ` Eric Dumazet
2011-12-21 20:52 ` Eric Dumazet
2011-12-21 21:58 ` Chris Boot [this message]
2011-12-21 23:12 ` Chris Boot
2011-12-22 4:37 ` Eric Dumazet
2011-12-22 6:00 ` [PATCH] bridge: provide a mtu() method for fake_dst_ops Eric Dumazet
2011-12-22 7:05 ` Steffen Klassert
2011-12-22 6:38 ` BUG: unable to handle kernel NULL pointer dereference in ipv6_select_ident Steffen Klassert
2011-12-22 7:51 ` Eric Dumazet
2011-12-22 7:58 ` Steffen Klassert
2011-12-22 8:05 ` Eric Dumazet
2011-12-22 10:01 ` Steffen Klassert
2011-12-22 10:04 ` Chris Boot
2011-12-22 14:15 ` Eric Dumazet
2011-12-22 15:54 ` Chris Boot
2011-12-22 17:41 ` Eric Dumazet
2011-12-22 18:29 ` David Miller
2011-12-23 3:38 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EF2568C.6040006@bootc.net \
--to=bootc@bootc.net \
--cc=eric.dumazet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).