I have some more details about the kernel panic. In net/ipv4/igmp.c, line 320, ip_route_output_ports() is called with socket (aka "sk") = NULL. In include/net/route.h, line 150, that NULL socket pointer is passed on to sock_i_uid(), so sock_i_uid(NULL) is called.
That sock_i_uid() call is not in mainline Linux (neither 3.4 nor 3.18), but it is in the Google android goldfish kernel. I'd say that code is faulty, because the ip_route_output_ports() function takes a NULL socket into account, only the recently added sock_i_uid() call is missing a NULL check. In net/core/sock.c, line 1477, the sock_i_uid() function then dereferences the NULL pointer, which probably explains my kernel panic issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1420366 Title: kernel null pointer dereference after setsockopt(…IP_ADD_MEMBERSHIP…) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-goldfish/+bug/1420366/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs