lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6471e14e-2872-3ba4-7336-7c5840d28c12@gmail.com>
Date:   Thu, 7 Jun 2018 17:51:22 -0700
From:   David Ahern <dsahern@...il.com>
To:     valdis.kletnieks@...edu
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: next-20180605 - BUG in ipv6_add_addr

On 6/7/18 5:03 PM, valdis.kletnieks@...edu wrote:
> On Thu, 07 Jun 2018 16:49:07 -0700, David Ahern said:
>> On 6/7/18 1:17 PM, valdis.kletnieks@...edu wrote:
> 
>>> [ 1820.832682] BUG: unable to handle kernel NULL pointer dereference at 0000000000000209
>>> [ 1820.832728] RIP: 0010:ipv6_add_addr+0x280/0xd10
> 
>>> [ 1820.832888] Call Trace:
>>> [ 1820.832898]  ? __local_bh_enable_ip+0x119/0x260
>>> [ 1820.832904]  ? ipv6_create_tempaddr+0x259/0x5a0
>>> [ 1820.832912]  ? __local_bh_enable_ip+0x139/0x260
>>> [ 1820.832921]  ipv6_create_tempaddr+0x2da/0x5a0
>>> [ 1820.832926]  ? ipv6_create_tempaddr+0x2da/0x5a0
>>> [ 1820.832941]  manage_tempaddrs+0x1a5/0x240
>>> [ 1820.832951]  inet6_addr_del+0x20b/0x3b0
>>> [ 1820.832959]  ? nla_parse+0xce/0x1e0
>>> [ 1820.832968]  inet6_rtm_deladdr+0xd9/0x210
>>> [ 1820.832981]  rtnetlink_rcv_msg+0x1d4/0x5f0
>>
>> I am the most likely guilty party. I have been staring at the code for
>> this stack trace for a while and nothing jumps out. Can you send me the
>> kernel config?
> 
> Attached.  Note that this one happened while I was on wireless at work,
> where we're *heavily* IPv6 (I've had days where I'll work for 2-3 hours before
> I notice that IPv4 didn't dhcp and I've been ipv6-only the whole time.
> 
> Also, the interface was config'ed as:
> 
> conf/wlp3s0b1/temp_prefered_lft:86400
> conf/wlp3s0b1/temp_valid_lft:604800
> conf/wlp3s0b1/use_tempaddr:2
> 

I know you don't have a reliable reproducer, but I did find one spot
where I was too clever and did not initialize a new cfg variable:

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 89019bf59f46..59c22a25e654 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1324,6 +1324,7 @@ static int ipv6_create_tempaddr(struct
inet6_ifaddr *ifp,
                }
        }

+       memset(&cfg, 0, sizeof(cfg));
        cfg.valid_lft = min_t(__u32, ifp->valid_lft,
                              idev->cnf.temp_valid_lft + age);
        cfg.preferred_lft = cnf_temp_preferred_lft + age -
idev->desync_factor;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ