From: Cong Wang <xiyou.wangcong@gmail.com>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
James Morris <jmorris@namei.org>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Patrick McHardy <kaber@trash.net>,
netdev <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Eric Dumazet <edumazet@google.com>,
David Ahern <dsa@cumulusnetworks.com>,
Dmitry Vyukov <dvyukov@google.com>,
Kostya Serebryany <kcc@google.com>,
syzkaller <syzkaller@googlegroups.com>
Subject: Re: net/ipv6: GPF in rt6_ifdown
Date: Wed, 21 Jun 2017 13:08:39 -0700 [thread overview]
Message-ID: <CAM_iQpWeWTqBzjj1iju_Vxr5vgr58wRUn-xuSrLqmsd98HpxcQ@mail.gmail.com> (raw)
In-Reply-To: <CAAeHK+xGdXtfTxNE0g71-Ffkvj+6qy4At15WisvBbXMQ4EUqNQ@mail.gmail.com>
On Wed, Jun 21, 2017 at 10:53 AM, Andrey Konovalov
<andreyknvl@google.com> wrote:
> On Wed, Jun 21, 2017 at 3:09 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>> On Wed, Jun 21, 2017 at 2:08 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>>> Hi,
>>>
>>> I've got the following error report while fuzzing the kernel with syzkaller.
>>>
>>> On commit 9705596d08ac87c18aee32cc97f2783b7d14624e (4.12-rc6+).
>>>
>>> It might be related to:
>>> https://groups.google.com/forum/#!topic/syzkaller/ZJaqAiFLe3k
>>>
>>> I only have a reproducer in the form of a syzkaller program, attached
>>> together with my .config.
>>
>> I now have a C reproducer as well, attached.
>
> And here's a much simpler reproducer.
Thanks a lot for your reproducer!
I added a few printk's, and find that we somehow have rt->rt6i_idev set
to NULL but still keep it in the uncached list. ip6_dst_destroy() unlinks
it before NULL'ing, so it should not be that case.
next prev parent reply other threads:[~2017-06-21 20:09 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-21 12:08 net/ipv6: GPF in rt6_ifdown Andrey Konovalov
2017-06-21 13:09 ` Andrey Konovalov
2017-06-21 17:53 ` Andrey Konovalov
2017-06-21 20:08 ` Cong Wang [this message]
2017-06-21 21:01 ` Cong Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAM_iQpWeWTqBzjj1iju_Vxr5vgr58wRUn-xuSrLqmsd98HpxcQ@mail.gmail.com \
--to=xiyou.wangcong@gmail.com \
--cc=andreyknvl@google.com \
--cc=davem@davemloft.net \
--cc=dsa@cumulusnetworks.com \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kcc@google.com \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.