Re: next-20180605 - BUG in ipv6_add_addr
From: David Ahern
Date: Thu Jun 07 2018 - 20:51:35 EST
On 6/7/18 5:03 PM, valdis.kletnieks@xxxxxx wrote:
> On Thu, 07 Jun 2018 16:49:07 -0700, David Ahern said:
>> On 6/7/18 1:17 PM, valdis.kletnieks@xxxxxx wrote:
>
>>> [ 1820.832682] BUG: unable to handle kernel NULL pointer dereference at 0000000000000209
>>> [ 1820.832728] RIP: 0010:ipv6_add_addr+0x280/0xd10
>
>>> [ 1820.832888] Call Trace:
>>> [ 1820.832898] ? __local_bh_enable_ip+0x119/0x260
>>> [ 1820.832904] ? ipv6_create_tempaddr+0x259/0x5a0
>>> [ 1820.832912] ? __local_bh_enable_ip+0x139/0x260
>>> [ 1820.832921] ipv6_create_tempaddr+0x2da/0x5a0
>>> [ 1820.832926] ? ipv6_create_tempaddr+0x2da/0x5a0
>>> [ 1820.832941] manage_tempaddrs+0x1a5/0x240
>>> [ 1820.832951] inet6_addr_del+0x20b/0x3b0
>>> [ 1820.832959] ? nla_parse+0xce/0x1e0
>>> [ 1820.832968] inet6_rtm_deladdr+0xd9/0x210
>>> [ 1820.832981] rtnetlink_rcv_msg+0x1d4/0x5f0
>>
>> I am the most likely guilty party. I have been staring at the code for
>> this stack trace for a while and nothing jumps out. Can you send me the
>> kernel config?
>
> Attached. Note that this one happened while I was on wireless at work,
> where we're *heavily* IPv6 (I've had days where I'll work for 2-3 hours before
> I notice that IPv4 didn't dhcp and I've been ipv6-only the whole time.
>
> Also, the interface was config'ed as:
>
> conf/wlp3s0b1/temp_prefered_lft:86400
> conf/wlp3s0b1/temp_valid_lft:604800
> conf/wlp3s0b1/use_tempaddr:2
>
I know you don't have a reliable reproducer, but I did find one spot
where I was too clever and did not initialize a new cfg variable:
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 89019bf59f46..59c22a25e654 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1324,6 +1324,7 @@ static int ipv6_create_tempaddr(struct
inet6_ifaddr *ifp,
}
}
+ memset(&cfg, 0, sizeof(cfg));
cfg.valid_lft = min_t(__u32, ifp->valid_lft,
idev->cnf.temp_valid_lft + age);
cfg.preferred_lft = cnf_temp_preferred_lft + age -
idev->desync_factor;