| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Dec 2011 21:28:52 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: Chris Boot <bootc@...tc.net> Cc: lkml <linux-kernel@...r.kernel.org>, netdev <netdev@...r.kernel.org> Subject: Re: BUG: unable to handle kernel NULL pointer dereference in ipv6_select_ident Le mercredi 21 décembre 2011 à 20:05 +0000, Chris Boot a écrit : > On 21/12/2011 18:00, Eric Dumazet wrote: > > Le mercredi 21 décembre 2011 à 18:36 +0100, Eric Dumazet a écrit : > > > >> Good point, thats a different problem then, since 3.1 is not supposed to > >> have this bug. > >> > >> It seems rt->rt6i_peer points to invalid memory in your crash. > >> > >> (RBX=00000000000001f4) > >> > >> 8b 83 a4 00 00 00 mov 0xa4(%rbx),%eax p->refcnt > >> 1f4+a4 -> CR2=0000000000000298 > >> > > It would help if you can confirm latest linux tree can reproduce the > > bug. > > Hi Eric, > > I just built a v3.2-rc6-140-gb9e26df with the same config as the Debian > 3.1.0 kernel. I can reproduce the bug just as easily with this kernel as > with the Debian kernel. Unfortunately I wasn't able to get an entire > trace, for some reason it didn't appear to be printed to the serial port > and hung after the (long) list of loaded kernel modules. The crash > happens at the same offset: > Thanks ! Oh well, br_netfilter fake_rtable strikes again. I'll cook a patch in a couple of minutes... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists