Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp249525imm; Thu, 7 Jun 2018 17:52:08 -0700 (PDT) X-Google-Smtp-Source: ADUXVKIt2mhhdYbeKTuaaMm5yebROqJY1GgQ7aDiTEJIrgS1i6KSQNLV7AWdFHH2Je/iJ7hoIB3e X-Received: by 2002:a62:f551:: with SMTP id n78-v6mr3801808pfh.200.1528419128148; Thu, 07 Jun 2018 17:52:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1528419128; cv=none; d=google.com; s=arc-20160816; b=N0OqzBhYna2Ozcn3XaBpFpoqM4OmO9n3KTL0dlpH+iZTcfvayseUp4ZfiVPeIXfuvM KvnU6xQe+C3Rs3qtXO17LG6fVV+XOz8LCDVgkuDg0i6yLay+e/QVtz2odsV/RqjNNA5g gZKhs3LlTnon4Jsv9CpUcQ29KglG8r+QxeJrY9jhvUQdWkdM6R9Uhf+FM3F4wuzccrrV SjGdyVKPvuHd1n9sjAsdMQ1BnLxVbFARVY9sXCUozlLXgm8wc07zWv/JS6N/i7gB8Rn1 nh9Vz4zlRF6ESlE82jhS7UZV7RCQXXyL2TOa/NvmqInq5ZaFQOMWoUHWv9MfM4BBGDpr GONA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=xS7rwxfWU043BnbUljmRDw9J7e+6Krs/T9aA1XkdXTs=; b=vFkbPjicsxtyZh2vzuJc1djkw9OiNxqRJTt6QfrzukoMkU4JbH+1SK5iyKSC2XwTNk nHQBMvGjPmiiXW2evzskuNp1ABAx+CQ+2HRKxb97875HXs4AvvZBu3oc6XhQteksIVkd FrGN3nm7tr+wLXtGd/cTmQWmigBg6IbEdeUVNQkxGtNVMQYwZFYv2pgZ+9FT8KZMJ4gv XuvYdEunpkhm2WvCw+F/01kWfXlZfPgPSaTq9UlcpgS4AzLJ0+hQpKtzQ8ZNpK2LoVq2 LzXn+46fm6OrHbWhoyeT9E8N42kfdGn6tmmhhcIR73lOgVGru3OmTuRyizJ5a84jbU/F FyOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=iD6CgS15; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z9-v6si12673538pln.250.2018.06.07.17.51.52; Thu, 07 Jun 2018 17:52:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=iD6CgS15; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752662AbeFHAv3 (ORCPT + 99 others); Thu, 7 Jun 2018 20:51:29 -0400 Received: from mail-pf0-f196.google.com ([209.85.192.196]:38250 "EHLO mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752413AbeFHAvZ (ORCPT ); Thu, 7 Jun 2018 20:51:25 -0400 Received: by mail-pf0-f196.google.com with SMTP id b74-v6so5743051pfl.5; Thu, 07 Jun 2018 17:51:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=xS7rwxfWU043BnbUljmRDw9J7e+6Krs/T9aA1XkdXTs=; b=iD6CgS15/x3oDLO5D8L/5k6ouwaD4zQd0ykV/COx17J12oqJweWPS93bmbJs0rietD yZXe3UHKb5d0yb98ThhXiyT75JX+otwXbAsR6VScv3arUMA4Ww9m5QLn3/zAfAkRZcCl vjZOQwPZXkVAoZmL/V/bHZ3JvCRtC1j0FtB05BDnqyOvA90+wI/n5L89r55GcWDgteIR d8+wGScbIxJypr7drADmSDzBQUzHv+VGTjiSy7los1lIootoeicO+Xv28+v8SYiV9N27 I7zUJjIKefxwrNFlD2lAhOX8luTx+VXkz9ZiNZ5/0lm432HG3PhQ3y/RXM41NwytwU78 2NcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=xS7rwxfWU043BnbUljmRDw9J7e+6Krs/T9aA1XkdXTs=; b=aIbG6FKck2vogfjk+8314XyGwMLS7NLQsy9DeSAWeLUFs5Iaz04h1C8DG0CEWgACUp RrndZdRUoqeenwR8oLwCp5J7NAlct03DoxVu1AH3nAfUTpUlVjPFWHGOlEr7Ub4zTQbH JqxLFik4fWG7vdSnYlMXzajtjrEbDAGZwUjAxWyEV6X4wfGV4ECuy0qCu4oh7kKG32oJ rokU/GdlE4L2BYGx5Cir6j10o4c4dlaLsG20XmawUZwcBhVvaQ7+1r4JbEoDXRam63fr OS/B0VCdknE+7vfsMkKjIZ/EMo2N64KjfoP2ie4AC1DvoTGCYI7K34RCbRHujoJNJMn0 tx8g== X-Gm-Message-State: APt69E3vg1v/UeZ28T/ZQs60xZcEQOnM2GVEfI+TLTfcHBFxW9dTDx5H VeZHFJ0jpy5MuDL3/UB1KalfN+PP X-Received: by 2002:a65:5246:: with SMTP id q6-v6mr3353251pgp.152.1528419084629; Thu, 07 Jun 2018 17:51:24 -0700 (PDT) Received: from dsa-mb.dana.cumulusnetworks.com (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x8-v6sm23055484pfa.87.2018.06.07.17.51.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 07 Jun 2018 17:51:23 -0700 (PDT) Subject: Re: next-20180605 - BUG in ipv6_add_addr To: valdis.kletnieks@vt.edu Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <15599.1528402643@turing-police.cc.vt.edu> <10902.1528416198@turing-police.cc.vt.edu> From: David Ahern Message-ID: <6471e14e-2872-3ba4-7336-7c5840d28c12@gmail.com> Date: Thu, 7 Jun 2018 17:51:22 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <10902.1528416198@turing-police.cc.vt.edu> Content-Type: text/plain; charset=windows-1252 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/7/18 5:03 PM, valdis.kletnieks@vt.edu wrote: > On Thu, 07 Jun 2018 16:49:07 -0700, David Ahern said: >> On 6/7/18 1:17 PM, valdis.kletnieks@vt.edu wrote: > >>> [ 1820.832682] BUG: unable to handle kernel NULL pointer dereference at 0000000000000209 >>> [ 1820.832728] RIP: 0010:ipv6_add_addr+0x280/0xd10 > >>> [ 1820.832888] Call Trace: >>> [ 1820.832898] ? __local_bh_enable_ip+0x119/0x260 >>> [ 1820.832904] ? ipv6_create_tempaddr+0x259/0x5a0 >>> [ 1820.832912] ? __local_bh_enable_ip+0x139/0x260 >>> [ 1820.832921] ipv6_create_tempaddr+0x2da/0x5a0 >>> [ 1820.832926] ? ipv6_create_tempaddr+0x2da/0x5a0 >>> [ 1820.832941] manage_tempaddrs+0x1a5/0x240 >>> [ 1820.832951] inet6_addr_del+0x20b/0x3b0 >>> [ 1820.832959] ? nla_parse+0xce/0x1e0 >>> [ 1820.832968] inet6_rtm_deladdr+0xd9/0x210 >>> [ 1820.832981] rtnetlink_rcv_msg+0x1d4/0x5f0 >> >> I am the most likely guilty party. I have been staring at the code for >> this stack trace for a while and nothing jumps out. Can you send me the >> kernel config? > > Attached. Note that this one happened while I was on wireless at work, > where we're *heavily* IPv6 (I've had days where I'll work for 2-3 hours before > I notice that IPv4 didn't dhcp and I've been ipv6-only the whole time. > > Also, the interface was config'ed as: > > conf/wlp3s0b1/temp_prefered_lft:86400 > conf/wlp3s0b1/temp_valid_lft:604800 > conf/wlp3s0b1/use_tempaddr:2 > I know you don't have a reliable reproducer, but I did find one spot where I was too clever and did not initialize a new cfg variable: diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 89019bf59f46..59c22a25e654 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1324,6 +1324,7 @@ static int ipv6_create_tempaddr(struct inet6_ifaddr *ifp, } } + memset(&cfg, 0, sizeof(cfg)); cfg.valid_lft = min_t(__u32, ifp->valid_lft, idev->cnf.temp_valid_lft + age); cfg.preferred_lft = cnf_temp_preferred_lft + age - idev->desync_factor;