Le 06/02/2014 13:38, François-Xavier Le Bail a écrit : >> From: Nicolas Dichtel > > >> Subject: Re: [PATCH net-next v2] ipv6: enable anycast addresses as source addresses in ICMPv6 error messages >> >> Le 19/01/2014 17:00, Francois-Xavier Le Bail a écrit : >> >>> - Uses ipv6_anycast_destination() in icmp6_send(). >>> >>> Suggested-by: Bill Fink >>> Signed-off-by: Francois-Xavier Le Bail >> This patch causes an Oops on my target. > > What is your target ? x86 32bits > >> Here is the step to reproduce it: >> modprobe sit >> ip link add sit1 type sit remote 10.16.0.121 local 10.16.0.249 >> ip l s sit1 up >> ip -6 a a dev sit1 2001:1234::123 remote 2001:1234::121 >> ping6 2001:1234::121 > > I cannot reproduce this in my target (updated net-next x86_64) and > iproute2 from git. I use linus tree (3.14-rc1+). > Can you send me your config file ? See attachment. > >> The problem is that ipv6_anycast_destination() uses unconditionally >> skb_dst(skb), which is NULL in this case. >> >> Not sure what is the best way to fix this, any suggestions? > > I will try to reproduce first and see. Note that the peer was not set up, hence the ping didn't work. ipip6_err() calls ipip6_err_gen_icmpv6_unreach() which will drop the dst before calling icmpv6_send(). Here is the backtrace: [ 387.786155] BUG: unable to handle kernel NULL pointer dereference at 00000096 [ 387.787291] IP: [] icmp6_send+0x79/0x596 [ 387.788147] *pdpt = 0000000000000000 *pde = f000ff53f000ff53 [ 387.789343] Oops: 0000 [#1] SMP [ 387.790002] Modules linked in: sit ip_tunnel rfcomm bnep bluetooth ppdev lp 6lowpan_iphc rfkill crc16 cpufreq_userspace cpufreq_conservative cpufreq_stats cpufreq_powersave xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 binfmt_misc deflate ctr twofish_generic twofish_i586 twofish_common camellia_generic serpent_generic blowfish_generic blowfish_common cast5_generic cast_common des_generic cbc xcbc rmd160 sha512_generic sha256_generic hmac crypto_null af_key xfrm_algo fuse nfsv3 nfsv4 nfsd auth_rpcgss oid_registry nfs_acl nfs lockd fscache sunrpc 8021q garp stp llc sctp loop sg sr_mod cdrom 8139too psmouse i2c_piix4 8139cp pcspkr processor parport_pc parport evdev microcode floppy button mii serio_raw i2c_core thermal_sys ext3 mbcache jbd sd_mod crc_t10dif crct10dif_common ata_generic ata_piix libata scsi_mod [ 387.790055] CPU: 5 PID: 0 Comm: swapper/5 Not tainted 3.14.0-rc1+ #67 [ 387.790055] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007 [ 387.790055] task: f286b010 ti: f29a6000 task.ti: f2892000 [ 387.790055] EIP: 0060:[] EFLAGS: 00210246 CPU: 5 [ 387.790055] EIP is at icmp6_send+0x79/0x596 [ 387.790055] EAX: 00000000 EBX: f752a2c0 ECX: f1925800 EDX: 00000000 [ 387.790055] ESI: 000e0001 EDI: 00000000 EBP: f1bfbf96 ESP: f29a7e04 [ 387.790055] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 387.790055] CR0: 8005003b CR2: 00000096 CR3: 01537000 CR4: 000006f0 [ 387.790055] Stack: [ 387.790055] f1bfbf7e 00000000 f29a7e2c c14a6f40 030116f2 f29a7e1c c12e59b3 f21602c0 [ 387.790055] f747b240 00000001 c14a6f40 f1bfbf96 f29a7e64 c12e4ff6 c12e59b3 00000000 [ 387.790055] 00000000 00000000 00000000 00000000 34120120 00000000 00000000 23010000 [ 387.790055] Call Trace: [ 387.790055] [] ? rt6_multipath_select+0xa7/0xa7 [ 387.790055] [] ? rt6_lookup+0x60/0x89 [ 387.790055] [] ? rt6_multipath_select+0xa7/0xa7 [ 387.790055] [] ? icmpv6_push_pending_frames+0xc6/0xc6 [ 387.790055] [] ? icmpv6_send+0x17/0x1a [ 387.790055] [] ? ipip6_err+0x1bb/0x213 [sit] [ 387.790055] [] ? tunnel64_err+0x16/0x25 [tunnel4]