Re: Infinite loop in ip6_fragment

2015-10-13 Thread Hannes Frederic Sowa
Hello, On Mon, Oct 12, 2015, at 11:26, Dmitry Vyukov wrote: > [] ip6_fragment+0x37e/0x9d0 net/ipv6/ip6_output.c:805 > [] ip6_finish_output+0xcd/0xe0 > net/ipv6/ip6_output.c:130 > [< inline >] NF_HOOK_COND include/linux/netfilter.h:236 > [] ip6_output+0x3f/0xe0 net/ipv6/ip6_output.c:14

Infinite loop in ip6_fragment

2015-10-12 Thread Dmitry Vyukov
Hello, The following program causes infinite loop in ip6_fragment function: // autogenerated by syzkaller (http://github.com/google/syzkaller) #include #include #include int main() { long r0 = syscall(SYS_socket, 0xaul, 0x3ul, 0x53cul); long r1 = syscall(SYS_mmap