Hello,
syzbot found the following crash on:
HEAD commit: a03d0bba ANDROID: build.config: enforce trace_printk check
git tree: android-4.9
console output:
https://syzkaller.appspot.com/x/log.txt?x=15619a97800000
kernel config:
https://syzkaller.appspot.com/x/.config?x=499a13c4e119010c
dashboard link:
https://syzkaller.appspot.com/bug?extid=30ed7a3c09ba09f97dac
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=13fb5297800000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=17dee607800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+30ed7a...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
IPVS: Creating netns size=2536 id=1
IPVS: Creating netns size=2536 id=2
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 6 Comm: kworker/u4:0 Not tainted 4.9.98-ga03d0bb #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: netns cleanup_net
task: ffff8801d9a38000 task.stack: ffff8801d9a40000
RIP: 0010:[<ffffffff83577e97>] [<ffffffff83577e97>]
addrconf_rt_table+0x127/0x290 net/ipv6/addrconf.c:2223
RSP: 0018:ffff8801d9a47520 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000200 RCX: ffff8801d9a38000
RDX: 0000000000000056 RSI: 0000000000000004 RDI: 00000000000002b0
RBP: ffff8801d9a47550 R08: ffff8801d9a38988 R09: 0000000000000001
R10: 0000000000000000 R11: 1ffff1003b34712c R12: 0000000000000000
R13: 00000000000000fe R14: ffff8801d694b300 R15: ffff8801b664c190
FS: 0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe90dfb2a4 CR3: 00000001c66f7000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff83577d70 ffff8801d694b300 0000000000000000 ffff8801b5398000
ffff8801bbdbad00 ffff8801b664c190 ffff8801d9a47598 ffffffff83578783
0000000000000000 ffff880100000080 ffff8801b664c000 ffff8801b664c190
Call Trace:
[<ffffffff83578783>] addrconf_get_prefix_route+0x33/0x270
net/ipv6/addrconf.c:2277
[<ffffffff83578f98>] __ipv6_ifa_notify+0x5d8/0x790 net/ipv6/addrconf.c:5496
[<ffffffff8357a82f>] addrconf_ifdown+0x94f/0x10e0 net/ipv6/addrconf.c:3689
[<ffffffff83581ab8>] addrconf_notify+0x7f8/0x2160 net/ipv6/addrconf.c:3493
[<ffffffff8119f574>] notifier_call_chain+0xb4/0x1d0 kernel/notifier.c:93
[<ffffffff8119f6fd>] __raw_notifier_call_chain kernel/notifier.c:394
[inline]
[<ffffffff8119f6fd>] raw_notifier_call_chain+0x2d/0x40
kernel/notifier.c:401
[<ffffffff83064eb5>] call_netdevice_notifiers_info+0x55/0x70
net/core/dev.c:1647
[<ffffffff8306afc4>] call_netdevice_notifiers net/core/dev.c:1663 [inline]
[<ffffffff8306afc4>] rollback_registered_many+0x5a4/0x920
net/core/dev.c:6832
[<ffffffff8306e5db>] unregister_netdevice_many.part.106+0x1b/0x110
net/core/dev.c:7879
[<ffffffff8306ea73>] unregister_netdevice_many net/core/dev.c:7878 [inline]
[<ffffffff8306ea73>] default_device_exit_batch+0x353/0x410
net/core/dev.c:8337
[<ffffffff83055cd5>] ops_exit_list.isra.6+0x105/0x160
net/core/net_namespace.c:139
[<ffffffff83058b51>] cleanup_net+0x321/0x630 net/core/net_namespace.c:473
[<ffffffff8118ae31>] process_one_work+0x7e1/0x1500 kernel/workqueue.c:2092
[<ffffffff8118bc26>] worker_thread+0xd6/0x10a0 kernel/workqueue.c:2226
[<ffffffff8119ad5d>] kthread+0x26d/0x300 kernel/kthread.c:211
[<ffffffff839f481c>] ret_from_fork+0x5c/0x70 arch/x86/entry/entry_64.S:373
Code: 83 be 01 00 00 00 48 c7 c7 20 ef 6d 84 e8 92 12 cc fd 49 8d bc 24 b0
02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02
84 c0 74 08 3c 03 0f 8e 34 01 00 00 45 8b bc 24 b0
RIP [<ffffffff83577e97>] addrconf_rt_table+0x127/0x290
net/ipv6/addrconf.c:2223
RSP <ffff8801d9a47520>
---[ end trace 89f6992350bc4f2e ]---
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches