On Mon, Nov 21, 2022 at 10:41:57PM +0100, Sabrina Dubroca wrote: > 2022-11-21, 18:15:13 +0100, Steffen Klassert wrote: > > On Mon, Nov 21, 2022 at 04:07:26PM +0100, Sabrina Dubroca wrote: > > > 2022-11-21, 05:47:38 -0800, syzbot wrote: > > > > Hello, > > > > > > > > syzbot found the following issue on: > > > > > > > > HEAD commit: e4cd8d3ff7f9 Add linux-next specific files for 20221121 > > > > git tree: linux-next > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=1472370d880000 > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=a0ebedc6917bacc1 > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=bfb2bee01b9c01fff864 > > > > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > > > > > > > > Downloadable assets: > > > > disk image: https://storage.googleapis.com/syzbot-assets/b59eb967701d/disk-e4cd8d3f.raw.xz > > > > vmlinux: https://storage.googleapis.com/syzbot-assets/37a7b43e6e84/vmlinux-e4cd8d3f.xz > > > > kernel image: https://storage.googleapis.com/syzbot-assets/ebfb0438e6a2/bzImage-e4cd8d3f.xz > > > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > > Reported-by: syzbot+bfb2bee01b9c01fff864@xxxxxxxxxxxxxxxxxxxxxxxxx > > > > > > > > general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN > > > > KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] > > > > CPU: 0 PID: 5295 Comm: kworker/0:3 Not tainted 6.1.0-rc5-next-20221121-syzkaller #0 > > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 > > > > Workqueue: ipv6_addrconf addrconf_dad_work > > > > RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 net/xfrm/xfrm_policy.c:2139 > > > > > > That's the printk at the end of the function, when > > > xfrm_policy_lookup_bytype returns NULL. It seems to have snuck into > > > commit c39f95aaf6d1 ("xfrm: Fix oops in __xfrm_state_delete()"), we > > > can just remove it: > > > > > > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c > > > index 3a203c59a11b..e392d8d05e0c 100644 > > > --- a/net/xfrm/xfrm_policy.c > > > +++ b/net/xfrm/xfrm_policy.c > > > @@ -2135,9 +2135,6 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type, > > > fail: > > > rcu_read_unlock(); > > > > > > - if (!IS_ERR(ret)) > > > - printk("xfrm_policy_lookup_bytype: policy if_id %d, wanted if_id %d\n", ret->if_id, if_id); > > > - > > > return ret; > > > > Hm, this was not in the original patch. Maybe my tree was not > > clean when I applied it. Do you want to send a patch, or should > > I just remove it? > > Go ahead, I guess it's more convenient for you. I just did a forced push to remove that hunk. Thanks!
