| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALm_T+2rdmwCYLZVw=gALPDufXB5R8=pX8P2jhgYE=_0PCJJ_Q@mail.gmail.com> Date: Tue, 8 Jul 2025 15:54:22 +0800 From: Luka <luka.2016.cs@...il.com> To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> Cc: Simon Horman <horms@...nel.org>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [Bug] soft lockup in neigh_timer_handler in Linux kernel v6.12 Dear Linux Kernel Maintainers, I hope this message finds you well. I am writing to report a potential vulnerability I encountered during testing of the Linux Kernel version v6.12. Git Commit: adc218676eef25575469234709c2d87185ca223a (tag: v6.12) Bug Location: neigh_timer_handler+0xc17/0xfe0 net/core/neighbour.c:1148 Bug report: https://pastebin.com/06NiBtXm Entire kernel config: https://pastebin.com/MRWGr3nv Root Cause Analysis: A soft lockup occurs in the neighbor subsystem due to prolonged execution within neigh_timer_handler(), where repeated neighbor entry invalidation and associated routing operations (e.g., ipv4_link_failure() and arp_error_report()) lead to excessive CPU occupation without yielding, triggering the kernel watchdog. At present, I have not yet obtained a minimal reproducer for this issue. However, I am actively working on reproducing it, and I will promptly share any additional findings or a working reproducer as soon as it becomes available. Thank you very much for your time and attention to this matter. I truly appreciate the efforts of the Linux kernel community. Best regards, Luka
Powered by blists - more mailing lists