WARNING in batadv_iv_send_outstanding_bat_ogm_packet
5 views
Skip to first unread message
syzbot
Oct 6, 2019, 7:00:08 PM10/6/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: db189223 Linux 4.14.147
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1042e457600000
kernel config: https://syzkaller.appspot.com/x/.config?x=14d726467704dd7
dashboard link: https://syzkaller.appspot.com/bug?extid=12cdaae96345195ce32e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d7f12b600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+12cdaa...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f265ec836d4
R13: 00000000004c7bd5 R14: 00000000004dd968 R15: 0000000000000006
------------[ cut here ]------------
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
WARNING: CPU: 0 PID: 96 at net/batman-adv/bat_iv_ogm.c:555
batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:555 [inline]
WARNING: CPU: 0 PID: 96 at net/batman-adv/bat_iv_ogm.c:555
batadv_iv_send_outstanding_bat_ogm_packet+0x5a2/0x680
net/batman-adv/bat_iv_ogm.c:1797
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 96 Comm: kworker/u4:2 Not tainted 4.14.147 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
panic+0x1f2/0x426 kernel/panic.c:182
__warn.cold+0x2f/0x36 kernel/panic.c:546
report_bug+0x216/0x254 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x1bb/0x310 arch/x86/kernel/traps.c:295
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:555 [inline]
RIP: 0010:batadv_iv_send_outstanding_bat_ogm_packet+0x5a2/0x680
net/batman-adv/bat_iv_ogm.c:1797
RSP: 0018:ffff8880a99afcc8 EFLAGS: 00010297
RAX: ffff8880a99a01c0 RBX: ffff8880a5e80408 RCX: ffff8880a99a0a40
RDX: 0000000000000000 RSI: ffffffff8778f720 RDI: ffff888093feaae8
RBP: ffff8880a99afd38 R08: 0000000000006eb1 R09: ffffffff88cb7a08
R10: ffff8880a99a0a68 R11: ffff8880a99a01c0 R12: ffff888094818600
R13: ffff8880a5e803c0 R14: ffff8880902af000 R15: ffff888093feaa80
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
CPU: 1 PID: 7118 Comm: syz-executor.2 Not tainted 4.14.147 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
should_failslab+0xdb/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
__do_kmalloc mm/slab.c:3718 [inline]
__kmalloc_track_caller+0x2ec/0x790 mm/slab.c:3735
kstrdup+0x3a/0x70 mm/util.c:56
kstrdup_const+0x48/0x60 mm/util.c:77
__kernfs_new_node+0x2f/0x420 fs/kernfs/dir.c:629
kernfs_new_node+0x80/0xf0 fs/kernfs/dir.c:678
kernfs_create_link+0x2c/0x170 fs/kernfs/symlink.c:32
sysfs_do_create_link_sd.isra.0+0x90/0x120 fs/sysfs/symlink.c:44
sysfs_do_create_link fs/sysfs/symlink.c:80 [inline]
sysfs_create_link+0x65/0xc0 fs/sysfs/symlink.c:92
netdev_adjacent_sysfs_add+0xa7/0xd0 net/core/dev.c:6110
__netdev_adjacent_dev_insert net/core/dev.c:6165 [inline]
__netdev_adjacent_dev_insert+0x487/0x6a0 net/core/dev.c:6133
__netdev_adjacent_dev_link_lists net/core/dev.c:6247 [inline]
__netdev_adjacent_dev_link_neighbour net/core/dev.c:6271 [inline]
__netdev_upper_dev_link+0x1be/0x230 net/core/dev.c:6318
netdev_master_upper_dev_link+0x32/0x40 net/core/dev.c:6371
batadv_hardif_enable_interface+0x1f1/0xa00
net/batman-adv/hard-interface.c:741
batadv_softif_slave_add+0x8b/0xf0 net/batman-adv/soft-interface.c:889
do_set_master net/core/rtnetlink.c:1940 [inline]
do_set_master+0x19f/0x200 net/core/rtnetlink.c:1915
do_setlink+0x99f/0x2d50 net/core/rtnetlink.c:2077
rtnl_newlink+0x11a7/0x1700 net/core/rtnetlink.c:2630
rtnetlink_rcv_msg+0x3eb/0xb70 net/core/rtnetlink.c:4285
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x45d/0x640 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459a59
RSP: 002b:00007faab91c2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007faab91c2c90 RCX: 0000000000459a59
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007faab91c36d4
R13: 00000000004c7bd5 R14: 00000000004dd968 R15: 0000000000000006
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: db189223 Linux 4.14.147
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1042e457600000
kernel config: https://syzkaller.appspot.com/x/.config?x=14d726467704dd7
dashboard link: https://syzkaller.appspot.com/bug?extid=12cdaae96345195ce32e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d7f12b600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+12cdaa...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f265ec836d4
R13: 00000000004c7bd5 R14: 00000000004dd968 R15: 0000000000000006
------------[ cut here ]------------
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
WARNING: CPU: 0 PID: 96 at net/batman-adv/bat_iv_ogm.c:555
batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:555 [inline]
WARNING: CPU: 0 PID: 96 at net/batman-adv/bat_iv_ogm.c:555
batadv_iv_send_outstanding_bat_ogm_packet+0x5a2/0x680
net/batman-adv/bat_iv_ogm.c:1797
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 96 Comm: kworker/u4:2 Not tainted 4.14.147 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
panic+0x1f2/0x426 kernel/panic.c:182
__warn.cold+0x2f/0x36 kernel/panic.c:546
report_bug+0x216/0x254 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x1bb/0x310 arch/x86/kernel/traps.c:295
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:555 [inline]
RIP: 0010:batadv_iv_send_outstanding_bat_ogm_packet+0x5a2/0x680
net/batman-adv/bat_iv_ogm.c:1797
RSP: 0018:ffff8880a99afcc8 EFLAGS: 00010297
RAX: ffff8880a99a01c0 RBX: ffff8880a5e80408 RCX: ffff8880a99a0a40
RDX: 0000000000000000 RSI: ffffffff8778f720 RDI: ffff888093feaae8
RBP: ffff8880a99afd38 R08: 0000000000006eb1 R09: ffffffff88cb7a08
R10: ffff8880a99a0a68 R11: ffff8880a99a01c0 R12: ffff888094818600
R13: ffff8880a5e803c0 R14: ffff8880902af000 R15: ffff888093feaa80
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
CPU: 1 PID: 7118 Comm: syz-executor.2 Not tainted 4.14.147 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
should_failslab+0xdb/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
__do_kmalloc mm/slab.c:3718 [inline]
__kmalloc_track_caller+0x2ec/0x790 mm/slab.c:3735
kstrdup+0x3a/0x70 mm/util.c:56
kstrdup_const+0x48/0x60 mm/util.c:77
__kernfs_new_node+0x2f/0x420 fs/kernfs/dir.c:629
kernfs_new_node+0x80/0xf0 fs/kernfs/dir.c:678
kernfs_create_link+0x2c/0x170 fs/kernfs/symlink.c:32
sysfs_do_create_link_sd.isra.0+0x90/0x120 fs/sysfs/symlink.c:44
sysfs_do_create_link fs/sysfs/symlink.c:80 [inline]
sysfs_create_link+0x65/0xc0 fs/sysfs/symlink.c:92
netdev_adjacent_sysfs_add+0xa7/0xd0 net/core/dev.c:6110
__netdev_adjacent_dev_insert net/core/dev.c:6165 [inline]
__netdev_adjacent_dev_insert+0x487/0x6a0 net/core/dev.c:6133
__netdev_adjacent_dev_link_lists net/core/dev.c:6247 [inline]
__netdev_adjacent_dev_link_neighbour net/core/dev.c:6271 [inline]
__netdev_upper_dev_link+0x1be/0x230 net/core/dev.c:6318
netdev_master_upper_dev_link+0x32/0x40 net/core/dev.c:6371
batadv_hardif_enable_interface+0x1f1/0xa00
net/batman-adv/hard-interface.c:741
batadv_softif_slave_add+0x8b/0xf0 net/batman-adv/soft-interface.c:889
do_set_master net/core/rtnetlink.c:1940 [inline]
do_set_master+0x19f/0x200 net/core/rtnetlink.c:1915
do_setlink+0x99f/0x2d50 net/core/rtnetlink.c:2077
rtnl_newlink+0x11a7/0x1700 net/core/rtnetlink.c:2630
rtnetlink_rcv_msg+0x3eb/0xb70 net/core/rtnetlink.c:4285
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x45d/0x640 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459a59
RSP: 002b:00007faab91c2c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007faab91c2c90 RCX: 0000000000459a59
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007faab91c36d4
R13: 00000000004c7bd5 R14: 00000000004dd968 R15: 0000000000000006
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Oct 12, 2019, 11:28:06 AM10/12/19
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: e132c8d7 Linux 4.14.149
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=135397bf600000
kernel config: https://syzkaller.appspot.com/x/.config?x=65c18705ca007f2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=177b814f600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+12cdaa...@syzkaller.appspotmail.com
RBP: 0000000000018c59 R08: 0000000000000002 R09: 0000000000003831
R10: 0000000000008010 R11: 0000000000000246 R12: 0000000000000003
R13: 00000000006d5dc8 R14: 00000000006d6440 R15: 0000000000000000
------------[ cut here ]------------
IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
WARNING: CPU: 0 PID: 5 at net/batman-adv/bat_iv_ogm.c:555
batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:555 [inline]
WARNING: CPU: 0 PID: 5 at net/batman-adv/bat_iv_ogm.c:555
IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
working HSR network
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully
working HSR network
RAX: ffff8880a9cc2140 RBX: ffff88809b8a4ac8 RCX: ffff8880a9cc29c0
RDX: 0000000000000000 RSI: ffffffff8778f720 RDI: ffff8880708e7828
RBP: ffff8880a9cd7d38 R08: 0000000000001820 R09: ffffffff88c8b580
R10: ffff8880a9cc29e8 R11: ffff8880a9cc2140 R12: ffff8880720b1b80
R13: ffff88809b8a4a80 R14: ffff888097d43d00 R15: ffff8880708e77c0
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
HEAD commit: e132c8d7 Linux 4.14.149
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=135397bf600000
kernel config: https://syzkaller.appspot.com/x/.config?x=65c18705ca007f2
dashboard link: https://syzkaller.appspot.com/bug?extid=12cdaae96345195ce32e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=114d9dc7600000
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=177b814f600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+12cdaa...@syzkaller.appspotmail.com
R10: 0000000000008010 R11: 0000000000000246 R12: 0000000000000003
R13: 00000000006d5dc8 R14: 00000000006d6440 R15: 0000000000000000
------------[ cut here ]------------
IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
WARNING: CPU: 0 PID: 5 at net/batman-adv/bat_iv_ogm.c:555
batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:555 [inline]
WARNING: CPU: 0 PID: 5 at net/batman-adv/bat_iv_ogm.c:555
batadv_iv_send_outstanding_bat_ogm_packet+0x5a2/0x680
net/batman-adv/bat_iv_ogm.c:1797
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.149 #0
net/batman-adv/bat_iv_ogm.c:1797
Kernel panic - not syncing: panic_on_warn set ...
IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
panic+0x1f2/0x426 kernel/panic.c:182
__warn.cold+0x2f/0x36 kernel/panic.c:546
report_bug+0x216/0x254 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x1bb/0x310 arch/x86/kernel/traps.c:295
hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully
Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
panic+0x1f2/0x426 kernel/panic.c:182
__warn.cold+0x2f/0x36 kernel/panic.c:546
report_bug+0x216/0x254 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x1bb/0x310 arch/x86/kernel/traps.c:295
working HSR network
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:555 [inline]
RIP: 0010:batadv_iv_send_outstanding_bat_ogm_packet+0x5a2/0x680
net/batman-adv/bat_iv_ogm.c:1797
RSP: 0018:ffff8880a9cd7cc8 EFLAGS: 00010297
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:963
RIP: 0010:batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:555 [inline]
RIP: 0010:batadv_iv_send_outstanding_bat_ogm_packet+0x5a2/0x680
net/batman-adv/bat_iv_ogm.c:1797
hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully
working HSR network
RAX: ffff8880a9cc2140 RBX: ffff88809b8a4ac8 RCX: ffff8880a9cc29c0
RDX: 0000000000000000 RSI: ffffffff8778f720 RDI: ffff8880708e7828
RBP: ffff8880a9cd7d38 R08: 0000000000001820 R09: ffffffff88c8b580
R10: ffff8880a9cc29e8 R11: ffff8880a9cc2140 R12: ffff8880720b1b80
R13: ffff88809b8a4a80 R14: ffff888097d43d00 R15: ffff8880708e77c0
IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
process_one_work+0x863/0x1600 kernel/workqueue.c:2114
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
kthread+0x319/0x430 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Reply all
Reply to author
Forward
0 new messages