WARNING in fib6_repair_tree
18 views
Skip to first unread message
syzbot
Apr 13, 2019, 8:00:34 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 71f14697 Merge 4.9.79 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1461a8c5800000
kernel config: https://syzkaller.appspot.com/x/.config?x=5a2039cccef28416
dashboard link: https://syzkaller.appspot.com/bug?extid=3ccedeb607430489c745
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17727dd5800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102f33d5800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3ccede...@syzkaller.appspotmail.com
syzkaller552444 uses obsolete (PF_INET,SOCK_PACKET)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4063 at net/ipv6/ip6_fib.c:1320
fib6_repair_tree+0x57a/0x7c0 net/ipv6/ip6_fib.c:1320
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 4063 Comm: syzkaller552444 Not tainted 4.9.79-g71f1469 #25
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801c61e71e0 ffffffff81d94829 ffffffff83a47c40 ffff8801c61e72b8
ffffffff83f4b700 ffffffff8346d8ba 0000000000000009 ffff8801c61e72a8
ffffffff8142f531 0000000041b58ab3 ffffffff8418ab10 ffffffff8142f375
Call Trace:
[<ffffffff81d94829>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d94829>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8142f531>] panic+0x1bc/0x3a8 kernel/panic.c:179
[<ffffffff81131164>] __warn+0x1c4/0x1e0 kernel/panic.c:542
[<ffffffff811313cc>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff8346d8ba>] fib6_repair_tree+0x57a/0x7c0 net/ipv6/ip6_fib.c:1320
[<ffffffff8347474a>] fib6_del_route net/ipv6/ip6_fib.c:1459 [inline]
[<ffffffff8347474a>] fib6_del+0x88a/0xa30 net/ipv6/ip6_fib.c:1505
[<ffffffff83474c26>] fib6_clean_node+0x336/0x4a0 net/ipv6/ip6_fib.c:1657
[<ffffffff8346bafb>] fib6_walk_continue+0x39b/0x620 net/ipv6/ip6_fib.c:1583
[<ffffffff8346e499>] fib6_walk+0xd9/0x150 net/ipv6/ip6_fib.c:1628
[<ffffffff8346e5f5>] fib6_clean_tree+0xe5/0x130 net/ipv6/ip6_fib.c:1702
[<ffffffff8346f569>] __fib6_clean_all+0xf9/0x230 net/ipv6/ip6_fib.c:1718
[<ffffffff83474db7>] fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1729
[<ffffffff8346a551>] rt6_ifdown+0xa1/0x7f0 net/ipv6/route.c:2715
[<ffffffff83444e50>] addrconf_ifdown+0xd0/0x10f0 net/ipv6/addrconf.c:3566
[<ffffffff8344cd58>] addrconf_notify+0x948/0x2230 net/ipv6/addrconf.c:3490
[<ffffffff8119efe0>] notifier_call_chain+0x90/0x1a0 kernel/notifier.c:93
[<ffffffff8119f16d>] __raw_notifier_call_chain kernel/notifier.c:394
[inline]
[<ffffffff8119f16d>] raw_notifier_call_chain+0x2d/0x40
kernel/notifier.c:401
[<ffffffff82f29dd1>] call_netdevice_notifiers_info+0x51/0x90
net/core/dev.c:1647
[<ffffffff82f2a166>] call_netdevice_notifiers net/core/dev.c:1663 [inline]
[<ffffffff82f2a166>] dev_set_mtu+0x216/0x3b0 net/core/dev.c:6577
[<ffffffff82f9a5ae>] dev_ifsioc+0x46e/0x820 net/core/dev_ioctl.c:262
[<ffffffff82f9acd5>] dev_ioctl+0x1d5/0xd40 net/core/dev_ioctl.c:533
[<ffffffff82ed1f24>] sock_do_ioctl+0x94/0xb0 net/socket.c:899
[<ffffffff82ed2940>] sock_ioctl+0x2e0/0x3d0 net/socket.c:978
[<ffffffff815ae42a>] vfs_ioctl fs/ioctl.c:43 [inline]
[<ffffffff815ae42a>] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679
[<ffffffff815af44f>] SYSC_ioctl fs/ioctl.c:694 [inline]
[<ffffffff815af44f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
[<ffffffff838b346e>] entry_SYSCALL_64_fastpath+0x29/0xe8
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 71f14697 Merge 4.9.79 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1461a8c5800000
kernel config: https://syzkaller.appspot.com/x/.config?x=5a2039cccef28416
dashboard link: https://syzkaller.appspot.com/bug?extid=3ccedeb607430489c745
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17727dd5800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102f33d5800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3ccede...@syzkaller.appspotmail.com
syzkaller552444 uses obsolete (PF_INET,SOCK_PACKET)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4063 at net/ipv6/ip6_fib.c:1320
fib6_repair_tree+0x57a/0x7c0 net/ipv6/ip6_fib.c:1320
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 4063 Comm: syzkaller552444 Not tainted 4.9.79-g71f1469 #25
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801c61e71e0 ffffffff81d94829 ffffffff83a47c40 ffff8801c61e72b8
ffffffff83f4b700 ffffffff8346d8ba 0000000000000009 ffff8801c61e72a8
ffffffff8142f531 0000000041b58ab3 ffffffff8418ab10 ffffffff8142f375
Call Trace:
[<ffffffff81d94829>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d94829>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8142f531>] panic+0x1bc/0x3a8 kernel/panic.c:179
[<ffffffff81131164>] __warn+0x1c4/0x1e0 kernel/panic.c:542
[<ffffffff811313cc>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff8346d8ba>] fib6_repair_tree+0x57a/0x7c0 net/ipv6/ip6_fib.c:1320
[<ffffffff8347474a>] fib6_del_route net/ipv6/ip6_fib.c:1459 [inline]
[<ffffffff8347474a>] fib6_del+0x88a/0xa30 net/ipv6/ip6_fib.c:1505
[<ffffffff83474c26>] fib6_clean_node+0x336/0x4a0 net/ipv6/ip6_fib.c:1657
[<ffffffff8346bafb>] fib6_walk_continue+0x39b/0x620 net/ipv6/ip6_fib.c:1583
[<ffffffff8346e499>] fib6_walk+0xd9/0x150 net/ipv6/ip6_fib.c:1628
[<ffffffff8346e5f5>] fib6_clean_tree+0xe5/0x130 net/ipv6/ip6_fib.c:1702
[<ffffffff8346f569>] __fib6_clean_all+0xf9/0x230 net/ipv6/ip6_fib.c:1718
[<ffffffff83474db7>] fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1729
[<ffffffff8346a551>] rt6_ifdown+0xa1/0x7f0 net/ipv6/route.c:2715
[<ffffffff83444e50>] addrconf_ifdown+0xd0/0x10f0 net/ipv6/addrconf.c:3566
[<ffffffff8344cd58>] addrconf_notify+0x948/0x2230 net/ipv6/addrconf.c:3490
[<ffffffff8119efe0>] notifier_call_chain+0x90/0x1a0 kernel/notifier.c:93
[<ffffffff8119f16d>] __raw_notifier_call_chain kernel/notifier.c:394
[inline]
[<ffffffff8119f16d>] raw_notifier_call_chain+0x2d/0x40
kernel/notifier.c:401
[<ffffffff82f29dd1>] call_netdevice_notifiers_info+0x51/0x90
net/core/dev.c:1647
[<ffffffff82f2a166>] call_netdevice_notifiers net/core/dev.c:1663 [inline]
[<ffffffff82f2a166>] dev_set_mtu+0x216/0x3b0 net/core/dev.c:6577
[<ffffffff82f9a5ae>] dev_ifsioc+0x46e/0x820 net/core/dev_ioctl.c:262
[<ffffffff82f9acd5>] dev_ioctl+0x1d5/0xd40 net/core/dev_ioctl.c:533
[<ffffffff82ed1f24>] sock_do_ioctl+0x94/0xb0 net/socket.c:899
[<ffffffff82ed2940>] sock_ioctl+0x2e0/0x3d0 net/socket.c:978
[<ffffffff815ae42a>] vfs_ioctl fs/ioctl.c:43 [inline]
[<ffffffff815ae42a>] do_vfs_ioctl+0x1aa/0x1140 fs/ioctl.c:679
[<ffffffff815af44f>] SYSC_ioctl fs/ioctl.c:694 [inline]
[<ffffffff815af44f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
[<ffffffff838b346e>] entry_SYSCALL_64_fastpath+0x29/0xe8
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 13, 2019, 8:00:39 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: fe09418d Merge 4.4.114 into android-4.4
syzbot found the following crash on:
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=13a22a15800000
kernel config: https://syzkaller.appspot.com/x/.config?x=51f4476befd65731
dashboard link: https://syzkaller.appspot.com/bug?extid=4280a1cb1963953f96b1
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16e6f215800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f38305800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
syzkaller130919 uses obsolete (PF_INET,SOCK_PACKET)
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3866 at net/ipv6/ip6_fib.c:1315
fib6_repair_tree+0x558/0x790 net/ipv6/ip6_fib.c:1315()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 3866 Comm: syzkaller130919 Not tainted 4.4.114-gfe09418 #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 e3c323b17f31ccf1 ffff8801d999f2f0 ffffffff81d02e6d
Google 01/01/2011
ffffffff83843a40 ffff8801d999f3c8 ffffffff83d10c80 0000000000000009
0000000000000523 ffff8801d999f3b8 ffffffff8141a1da 0000000041b58ab3
Call Trace:
[<ffffffff81d02e6d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d02e6d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff8141a1da>] panic+0x1aa/0x388 kernel/panic.c:112
[<ffffffff8112d8d5>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455
[<ffffffff8112db39>] warn_slowpath_null+0x29/0x30 kernel/panic.c:492
[<ffffffff8334f488>] fib6_repair_tree+0x558/0x790 net/ipv6/ip6_fib.c:1315
[<ffffffff83355acf>] fib6_del_route net/ipv6/ip6_fib.c:1454 [inline]
[<ffffffff83355acf>] fib6_del+0x85f/0xa00 net/ipv6/ip6_fib.c:1500
[<ffffffff83355faa>] fib6_clean_node+0x33a/0x4e0 net/ipv6/ip6_fib.c:1652
[<ffffffff8334d3db>] fib6_walk_continue+0x39b/0x620 net/ipv6/ip6_fib.c:1578
[<ffffffff8334d779>] fib6_walk+0x89/0xd0 net/ipv6/ip6_fib.c:1623
[<ffffffff8334d8a2>] fib6_clean_tree+0xe2/0x130 net/ipv6/ip6_fib.c:1697
[<ffffffff833509fe>] __fib6_clean_all+0xfe/0x230 net/ipv6/ip6_fib.c:1713
[<ffffffff83356177>] fib6_clean_all+0x27/0x30 net/ipv6/ip6_fib.c:1724
[<ffffffff8334bdd1>] rt6_ifdown+0xa1/0x850 net/ipv6/route.c:2630
[<ffffffff83329245>] addrconf_ifdown+0x75/0xa00 net/ipv6/addrconf.c:3393
[<ffffffff833301ea>] addrconf_notify+0x76a/0x1b80 net/ipv6/addrconf.c:3336
[<ffffffff81194045>] notifier_call_chain+0x95/0x1b0 kernel/notifier.c:93
[<ffffffff811941dd>] __raw_notifier_call_chain kernel/notifier.c:394
[inline]
[<ffffffff811941dd>] raw_notifier_call_chain+0x2d/0x40
kernel/notifier.c:401
[<ffffffff82e37ce1>] call_netdevice_notifiers_info+0x51/0x90
net/core/dev.c:1643
[<ffffffff82e38076>] call_netdevice_notifiers net/core/dev.c:1659 [inline]
[<ffffffff82e38076>] dev_set_mtu+0x216/0x3b0 net/core/dev.c:6130
[<ffffffff82e99f30>] dev_ifsioc+0x450/0x800 net/core/dev_ioctl.c:262
[<ffffffff82e9a643>] dev_ioctl+0x1c3/0xce0 net/core/dev_ioctl.c:533
[<ffffffff82de4a34>] sock_do_ioctl+0x94/0xb0 net/socket.c:890
[<ffffffff82de5400>] sock_ioctl+0x2e0/0x3d0 net/socket.c:969
[<ffffffff81558f8a>] vfs_ioctl fs/ioctl.c:43 [inline]
[<ffffffff81558f8a>] do_vfs_ioctl+0x7aa/0xee0 fs/ioctl.c:607
[<ffffffff8155974f>] SYSC_ioctl fs/ioctl.c:622 [inline]
[<ffffffff8155974f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:613
[<ffffffff8377341f>] entry_SYSCALL_64_fastpath+0x1c/0x98
Vasily Averin
Dec 23, 2020, 5:52:34 AM12/23/20
to syzkaller-android-bugs
fix requires backport of following upstream patch
commit 4512c43eac7e007d982e7ea45152ea6f3f4d1921
commit 4512c43eac7e007d982e7ea45152ea6f3f4d1921
Author: Wei Wang <wei...@google.com>
Date: Mon Jan 8 10:34:00 2018 -0800
ipv6: remove null_entry before adding default route
Thank you,
Vasily Averin
Reply all
Reply to author
Forward
0 new messages