[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120820090313.4856779b@nehalam.linuxnetplumber.net>
Date: Mon, 20 Aug 2012 09:03:13 -0700
From: Stephen Hemminger <shemminger@...tta.com>
To: netdev@...r.kernel.org
Subject: Fw: [Bug 46131] New: 32-bit read from uninitialized memory in
__ip_select_ident since 3.6-rc2
Begin forwarded message:
Date: Sat, 18 Aug 2012 09:49:45 +0000 (UTC)
From: bugzilla-daemon@...zilla.kernel.org
To: shemminger@...ux-foundation.org
Subject: [Bug 46131] New: 32-bit read from uninitialized memory in __ip_select_ident since 3.6-rc2
https://bugzilla.kernel.org/show_bug.cgi?id=46131
Summary: 32-bit read from uninitialized memory in
__ip_select_ident since 3.6-rc2
Product: Networking
Version: 2.5
Kernel Version: 3.6-rc2
Platform: All
OS/Version: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: IPV4
AssignedTo: shemminger@...ux-foundation.org
ReportedBy: casteyde.christian@...e.fr
Regression: Yes
Slacware64 current
Intel Core i7
6GB RAM
Since 3.6-rc2 (this is a regression from 3.6-rc1), I get the following warning
when I ping a host:
WARNING: kmemcheck: Caught 32-bit read from uninitialized memory
(ffff8801c3f79460)
00000000030380ab00000000450000482881000080118ebbc0a8010bc0a8010d
u u u u i i i i i i i i i i i i i i i i i i i i i i i i i i i i
^
Pid: 5836, comm: udev-acl.ck Not tainted 3.6.0-rc2 #3 Acer Aspire 7750G/JE70_HR
RIP: 0010:[<ffffffff81697ed2>] [<ffffffff81697ed2>]
__ip_select_ident+0x22/0x120
RSP: 0000:ffff8801c7e035e0 EFLAGS: 00010282
RAX: ffff88018194ab00 RBX: ffff88018b454700 RCX: 0000000000000040
RDX: 0000000000000001 RSI: ffff8801c7e035ec RDI: ffff8801c3f79450
RBP: ffff8801c7e03620 R08: ffff8801c54a8238 R09: 0000000000000000
R10: ffff8801c7e03770 R11: 0000000000000050 R12: ffff8801c3f79450
R13: 0000000000000000 R14: ffff88018db74a80 R15: ffff8801c3f79450
FS: 00007f0692dfb740(0000) GS:ffff8801c7e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8801c6b06a88 CR3: 00000001a9ae5000 CR4: 00000000000407f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
[<ffffffff816a2aa8>] __ip_make_skb+0x2f8/0x3c0
[<ffffffff816a2bd7>] ip_push_pending_frames+0x17/0x30
[<ffffffff816d16be>] icmp_push_reply+0xee/0x120
[<ffffffff816d1b95>] icmp_send+0x4a5/0xb10
[<ffffffff816ce5b8>] __udp4_lib_rcv+0x568/0x920
[<ffffffff816ce985>] udp_rcv+0x15/0x20
[<ffffffff8169b0d7>] ip_local_deliver_finish+0x107/0x460
[<ffffffff8169b6f8>] ip_local_deliver+0x88/0x90
[<ffffffff8169ab10>] ip_rcv_finish+0x120/0x5e0
[<ffffffff8169b919>] ip_rcv+0x219/0x2b0
[<ffffffff8164de82>] __netif_receive_skb+0x742/0x9b0
[<ffffffff8164ef68>] netif_receive_skb+0x28/0x1e0
[<ffffffff817a2de5>] ieee80211_deliver_skb.isra.28+0xa5/0x220
[<ffffffff817a3e87>] ieee80211_rx_handlers+0xf27/0x2380
[<ffffffff817a55e7>] ieee80211_prepare_and_rx_handle+0x307/0x8b0
[<ffffffff817a620e>] ieee80211_rx+0x67e/0xce0
[<ffffffff814b819c>] ath_rx_tasklet+0xc9c/0x1350
[<ffffffff814b6024>] ath9k_tasklet+0xe4/0x140
[<ffffffff810784ec>] tasklet_action+0x6c/0xe0
[<ffffffff81078e5a>] __do_softirq+0xba/0x180
[<ffffffff817e32dc>] call_softirq+0x1c/0x30
[<ffffffff8103a4ed>] do_softirq+0x7d/0xb0
[<ffffffff81079276>] irq_exit+0x96/0xc0
[<ffffffff81039f8e>] do_IRQ+0x5e/0xd0
[<ffffffff817e18ac>] ret_from_intr+0x0/0x13
[<ffffffffffffffff>] 0xffffffffffffffff
This is a wireless network.
gdb gives the following:
(gdb) l *0xffffffff81697ed2
0xffffffff81697ed2 is in __ip_select_ident (include/net/inetpeer.h:145).
140 __be32 v4daddr,
141 int create)
142 {
143 struct inetpeer_addr daddr;
144
145 daddr.addr.a4 = v4daddr;
146 daddr.family = AF_INET;
147 return inet_getpeer(base, &daddr, create);
148 }
149
(gdb) l *0xffffffff816a2aa8
0xffffffff816a2aa8 is in __ip_make_skb (include/net/ip.h:264).
259 * a TCP stream using header compression.
260 */
261 iph->id = (sk && inet_sk(sk)->inet_daddr) ?
262 htons(inet_sk(sk)->inet_id++) :
0;
263 } else
264 __ip_select_ident(iph, dst, 0);
265 }
266
267 static inline void ip_select_ident_more(struct iphdr *iph, struct
dst_entry *dst, struct sock *sk, int more)
268 {
--
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists