Red Hat Bugzilla – Bug 157228
Kernel crashes on executing ip -6 route add ::/96 dev sit1 if device is not up
Last modified: 2012-06-20 12:09:08 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7.7) Gecko/20050414 Firefox/1.0.3 Description of problem: During trying to enable 6to4 on an RHEL4 box the kernel crashes. Version-Release number of selected component (if applicable): kernel-2.6.9-5.EL How reproducible: Always Steps to Reproduce: 0. # rpm -qf `which ip` iproute-2.6.9-3 1. # uname -a Linux ***** 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux 2. # ip tunnel add mode sit local 192.168.1.1 remote any name sit1 3. # ip -6 route add ::/96 dev sit1 Segmentation fault Actual Results: Crash: NET: Registered protocol family 10 Disabled Privacy Extensions on device c0366c20(lo) IPv6 over IPv4 tunneling driver divert: not allocating divert_blk for non-ethernet device sit0 ip_tables: (C) 2000-2002 Netfilter core team divert: not allocating divert_blk for non-ethernet device sit1 Unable to handle kernel NULL pointer dereference at virtual address 00000014 printing eip: d09cf769 *pde = 00000000 Oops: 0000 [#1] Modules linked in: md5 ipv6 autofs4 nfs lockd sunrpc dm_mod uhci_hcd hw_random 8139too mii floppy ext3 jbd CPU: 0 EIP: 0060:[<d09cf769>] Not tainted VLI EFLAGS: 00010202 (2.6.9-5.EL) EIP is at ip6_route_add+0x531/0x55c [ipv6] eax: 00000000 ebx: cfefb460 ecx: cd0ce800 edx: 00000000 esi: ffffffed edi: d09d0353 ebp: ccfb8c70 esp: ccfb8c40 ds: 007b es: 007b ss: 0068 Process ip (pid: 2490, threadinfo=ccfb8000 task=ccf4c170) Stack: ccfb8c70 ccfb8c70 00000000 cd0ce800 00000000 cfefb460 cfed2400 cfefb460 cfed2400 d09d0353 00000008 d09d037d 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Call Trace: [<d09d0353>] inet6_rtm_newroute+0x0/0x35 [ipv6] [<d09d037d>] inet6_rtm_newroute+0x2a/0x35 [ipv6] [<d09d0353>] inet6_rtm_newroute+0x0/0x35 [ipv6] [<c02ae989>] rtnetlink_rcv+0x225/0x313 [<c02baf2e>] netlink_data_ready+0x14/0x43 [<c02ba6b1>] netlink_sendskb+0x52/0x6b [<c02bad4a>] netlink_sendmsg+0x252/0x261 [<c029d4af>] sock_sendmsg+0xdb/0xf7 [<c011d043>] autoremove_wake_function+0x0/0x2d [<c02a2e8e>] verify_iovec+0x76/0xc2 [<c029ec47>] sys_sendmsg+0x1ee/0x23b [<c015236d>] handle_mm_fault+0xd5/0x1fd [<c015332b>] __vma_link+0x59/0x66 [<c0153419>] vma_link+0xe1/0x1dd [<c0154fce>] do_brk+0x1da/0x213 [<c029f030>] sys_socketcall+0x1c1/0x1dd [<c0301bfb>] syscall_call+0x7/0xb Code: 14 8b 54 24 18 83 c4 1c 5b 5e 5f 5d e9 cf f1 ff ff be ea ff ff ff 83 7c 24 0c 00 74 0a 8b 4c 24 0c ff 89 84 01 00 00 8b 54 24 10 <83> 7a 14 01 7f 1b 8b 42 04 85 c0 75 0d 89 d0 e8 7a ba 8d ef 85 Expected Results: No such crash like on FC3: # uname -a Linux ******* 2.6.11-1.14_FC3 #1 Thu Apr 7 19:23:49 EDT 2005 i686 i686 i386 GNU/Linux # ip tunnel add mode sit local 10.3.62.50 remote any name sit1 # ip -6 route add ::/96 dev sit1 RTNETLINK answers: No such device Additional info: Note that normally, a device need to be up before such route is added, I'll investigate now, why this is not proper happen in initscripts. Anyway, kernel shouldn't crash either.
Same happen on 2.6.9-11.EL
Same happen on 2.6.9-42.EL
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.