* [B.A.T.M.A.N.] Kernel panic by BATMAN_V @WBMv9
@ 2016-05-06 8:50 Linus Lüssing
2016-05-06 11:21 ` Marek Lindner
0 siblings, 1 reply; 3+ messages in thread
From: Linus Lüssing @ 2016-05-06 8:50 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 106 bytes --]
Just dumping this here, got a plane to catch.
Guido can explain how you can trigger this.
Cheers, Linus
[-- Attachment #2: wbm-crash-batman-v.log --]
[-- Type: text/plain, Size: 16548 bytes --]
Time: 1462523738.517396
Modules: ath9k@873e0000+15476 ath9k_common@872e8000+4ace pppoe@8722a000+1fd0 ppp_async@87228000+18b0 iptable_nat@87215000+300 batman_adv@872c0000+20e70 ath9k_hw@87380000+52341 ath@87278000+4e35 pppox@87213000+54a ppp_generic@87238000+5082 nf_nat_ipv4@871f6000+e51 nf_conntrack_ipv6@87210000+1340 nf_conntrack_ipv4@87236000+1220 mac80211@87300000+6114a ipt_REJECT@87231000+390 ipt_MASQUERADE@87233000+270 cfg80211@87240000+34c53 xt_time@871ca000+660 xt_tcpudp@871cf000+6a0 xt_state@871cb000+2b0 xt_nat@871c9000+430 xt_multiport@871c5000+4a0 xt_mark@871c3000+2a0 xt_mac@871c0000+270 xt_limit@871f3000+3e0 xt_id@87182000+1e0 xt_conntrack@87186000+870 xt_comment@87180000+1e0 xt_TCPMSS@87181000+a30 xt_REDIRECT@8719f000+420 xt_LOG@87119000+300 xt_CT@87118000+8b0 slhc@87076000+10cb nf_reject_ipv4@87064000+723 nf_nat_masquerade_ipv4@87133000+56c nf_nat_ftp@8707f000+4b0 nf_nat@87130000+22ab nf_log_ipv4@870c8000+c40 nf_defrag_ipv6@8707c000+2377 nf_defrag_ipv4@87136000+326 nf_conntrack_rtcache@8718f000+990 nf_conntrack_ftp@871fa000+14a0 nf_conntrack@87190000+b9ab iptable_raw@8707a000+280 iptable_mangle@8706b000+3b0 iptable_filter@87066000+2a0 ip_tables@8706c000+24cd crc_ccitt@87074000+3fb compat@87070000+3163 ledtrig_usbdev@87079000+790 libcrc32c@87117000+247 ip6t_REJECT@870de000+4a0 nf_reject_ipv6@870cb000+767 nf_log_ipv6@870cd000+ce0 nf_log_common@870ca000+8ef ip6table_raw@8710b000+240 ip6table_mangle@870cf000+430 ip6table_filter@870f3000+260 ip6_tables@87110000+2441 x_tables@87108000+29f5 dummy@870f0000+560 ip6_tunnel@870d8000+4111 tunnel6@870f1000+65e tun@8712c000+3aef vfat@87bde000+1f00 fat@870e0000+b92f ipv6@87140000+3eb08 arc4@870b6000+520 crypto_blkcipher@870b0000+2907 usb_storage@87050000+928f uhci_hcd@87ba8000+4770 ohci_platform@87af5000+ac0 ohci_hcd@87b10000+56bf ehci_platform@87b6a000+d30 ehci_hcd@87b08000+7d5c sd_mod@87b98000+6410 scsi_mod@87b80000+14e87 gpio_button_hotplug@87b5e000+1170 ext4@87000000+4c13c jbd2@87b70000+b9c2 mbcache@87b66000+11cd usbcore@87b40000+1cbd4 nls_base@87b04000+1370 usb_common@87af6000+488 crc16@87af8000+3f7 crc32c_generic@87af7000+3a0 crypto_hash@87b00000+2602
<4>[ 12.160000] PCI: Enabling device 0000:00:00.0 (0000 -> 0002)
<7>[ 12.170000] ath: EEPROM regdomain: 0x0
<7>[ 12.170000] ath: EEPROM indicates default country code should be used
<7>[ 12.170000] ath: doing EEPROM country->regdmn map search
<7>[ 12.170000] ath: country maps to regdmn code: 0x3a
<7>[ 12.170000] ath: Country alpha2 being used: US
<7>[ 12.170000] ath: Regpair used: 0x3a
<7>[ 12.180000] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
<6>[ 12.180000] ieee80211 phy1: Atheros AR9300 Rev:4 mem=0xb0000000, irq=40
<5>[ 15.800000] random: nonblocking pool is initialized
<5>[ 19.810000] jffs2: notice: (1272) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
<6>[ 23.410000] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
<6>[ 23.430000] device eth0.1 entered promiscuous mode
<6>[ 23.430000] device eth0 entered promiscuous mode
<6>[ 23.450000] IPv6: ADDRCONF(NETDEV_UP): br-mgmt: link is not ready
<6>[ 23.490000] device eth0.3 entered promiscuous mode
<6>[ 23.530000] IPv6: ADDRCONF(NETDEV_UP): br-wiredtests: link is not ready
<6>[ 23.540000] IPv6: ADDRCONF(NETDEV_UP): eth0.2: link is not ready
<6>[ 24.540000] eth0: link up (1000Mbps/Full duplex)
<6>[ 24.540000] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
<6>[ 24.570000] br-mgmt: port 1(eth0.1) entered forwarding state
<6>[ 24.570000] br-mgmt: port 1(eth0.1) entered forwarding state
<6>[ 24.580000] IPv6: ADDRCONF(NETDEV_CHANGE): eth0.2: link becomes ready
<6>[ 24.580000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 24.590000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 24.600000] IPv6: ADDRCONF(NETDEV_CHANGE): br-mgmt: link becomes ready
<6>[ 24.610000] IPv6: ADDRCONF(NETDEV_CHANGE): br-wiredtests: link becomes ready
<6>[ 25.370000] IPv6: ADDRCONF(NETDEV_UP): wbm1: link is not ready
<6>[ 25.420000] wbm1: Created IBSS using preconfigured BSSID 02:ca:ff:ee:ba:be
<6>[ 25.430000] wbm1: Creating new IBSS network, BSSID 02:ca:ff:ee:ba:be
<6>[ 25.470000] IPv6: ADDRCONF(NETDEV_UP): mgmt0: link is not ready
<6>[ 25.810000] IPv6: ADDRCONF(NETDEV_CHANGE): wbm1: link becomes ready
<6>[ 25.820000] IPv6: ADDRCONF(NETDEV_CHANGE): mgmt0: link becomes ready
<6>[ 26.100000] batman_adv: bat0: Adding interface: mgmt0
<6>[ 26.100000] batman_adv: bat0: Interface activated: mgmt0
<6>[ 26.110000] 8021q: adding VLAN 0 to HW filter on device bat0
<6>[ 26.110000] device bat0 entered promiscuous mode
<6>[ 26.120000] br-mgmt: port 2(bat0) entered forwarding state
<6>[ 26.120000] br-mgmt: port 2(bat0) entered forwarding state
<6>[ 26.570000] br-mgmt: port 1(eth0.1) entered forwarding state
<6>[ 26.590000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 27.090000] batman_adv: bat0: distributed_arp_table: Changing from: enabled to: disabled
<6>[ 27.110000] batman_adv: bat0: Changing gw mode from: off to: client
<6>[ 27.110000] batman_adv: bat0: orig_interval: Changing from: 1000 to: 5000
<6>[ 28.120000] br-mgmt: port 2(bat0) entered forwarding state
<6>[ 1682.510000] br-wiredtests: port 1(eth0.3) entered disabled state
<6>[ 1682.520000] device eth0.3 left promiscuous mode
<6>[ 1682.520000] br-wiredtests: port 1(eth0.3) entered disabled state
<6>[ 1682.620000] IPv6: ADDRCONF(NETDEV_UP): eth0.3: link is not ready
<6>[ 1682.660000] device eth0.3 entered promiscuous mode
<6>[ 1682.700000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 1682.700000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 1683.100000] batman_adv: bat1: Adding interface: wbm1
<6>[ 1683.100000] batman_adv: bat1: Interface activated: wbm1
<6>[ 1683.110000] 8021q: adding VLAN 0 to HW filter on device bat1
<6>[ 1683.130000] batman_adv: bat1: Adding interface: lan_12
<6>[ 1683.130000] batman_adv: bat1: The MTU of interface lan_12 is too small (1496) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
<6>[ 1683.160000] batman_adv: bat1: Interface activated: lan_12
<6>[ 1683.260000] device bat1 entered promiscuous mode
<6>[ 1683.260000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 1683.270000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 1684.030000] batman_adv: bat1: distributed_arp_table: Changing from: enabled to: disabled
<6>[ 1684.700000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 1685.270000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 1981.530000] device bat1 left promiscuous mode
<6>[ 1981.540000] br-wiredtests: port 2(bat1) entered disabled state
<6>[ 1981.550000] br-wiredtests: port 1(eth0.3) entered disabled state
<6>[ 1981.570000] device eth0.3 left promiscuous mode
<6>[ 1981.570000] br-wiredtests: port 1(eth0.3) entered disabled state
<6>[ 1981.590000] IPv6: ADDRCONF(NETDEV_UP): eth0.3: link is not ready
<4>[ 1981.600000] batman_adv: The newly added mac address (64:70:02:3e:9e:7c) already exists on: lan_12
<4>[ 1981.610000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
<6>[ 1981.620000] device eth0.3 entered promiscuous mode
<6>[ 1981.650000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 1981.650000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 1981.700000] 8021q: adding VLAN 0 to HW filter on device bat1
<4>[ 1981.740000] batman_adv: The newly added mac address (64:70:02:3e:9e:7c) already exists on: lan_12
<4>[ 1981.750000] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
<6>[ 1981.940000] batman_adv: bat1: Interface deactivated: wbm1
<6>[ 1981.940000] batman_adv: bat1: Removing interface: wbm1
<6>[ 1982.000000] batman_adv: bat1: Interface deactivated: lan_12
<6>[ 1982.010000] batman_adv: bat1: Removing interface: lan_12
<6>[ 1983.650000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 2261.000000] Atheros AR8216/AR8236/AR8316 ag71xx-mdio.0:00: Port 1 is up
<6>[ 3719.000000] Atheros AR8216/AR8236/AR8316 ag71xx-mdio.0:00: Port 1 is down
<6>[ 3735.000000] Atheros AR8216/AR8236/AR8316 ag71xx-mdio.0:00: Port 1 is up
<6>[ 6286.160000] br-wiredtests: port 1(eth0.3) entered disabled state
<6>[ 6286.170000] device eth0.3 left promiscuous mode
<6>[ 6286.170000] br-wiredtests: port 1(eth0.3) entered disabled state
<6>[ 6286.190000] IPv6: ADDRCONF(NETDEV_UP): eth0.3: link is not ready
<6>[ 6286.200000] device eth0.3 entered promiscuous mode
<6>[ 6286.220000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 6286.230000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 6286.510000] batman_adv: bat1: Adding interface: wbm1
<6>[ 6286.510000] batman_adv: bat1: Interface activated: wbm1
<6>[ 6286.520000] 8021q: adding VLAN 0 to HW filter on device bat1
<6>[ 6286.600000] batman_adv: bat1: Adding interface: lan_12
<6>[ 6286.610000] batman_adv: bat1: The MTU of interface lan_12 is too small (1496) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
<6>[ 6286.630000] batman_adv: bat1: Interface activated: lan_12
<6>[ 6286.650000] device bat1 entered promiscuous mode
<6>[ 6286.660000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 6286.660000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 6287.640000] batman_adv: bat1: distributed_arp_table: Changing from: enabled to: disabled
<6>[ 6288.230000] br-wiredtests: port 1(eth0.3) entered forwarding state
<6>[ 6288.660000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 7011.790000] batman_adv: bat1: Interface deactivated: wbm1
<6>[ 7011.790000] batman_adv: bat1: Removing interface: wbm1
<4>[ 7011.800000] br-wiredtests: received packet on bat1 with own address as source address
<6>[ 7013.790000] batman_adv: bat1: Interface deactivated: lan_12
<6>[ 7013.790000] batman_adv: bat1: Removing interface: lan_12
<6>[ 7013.800000] br-wiredtests: port 2(bat1) entered disabled state
<6>[ 7013.810000] device bat1 left promiscuous mode
<6>[ 7013.820000] br-wiredtests: port 2(bat1) entered disabled state
<6>[ 7025.310000] batman_adv: bat1: Adding interface: wbm1
<6>[ 7025.320000] batman_adv: bat1: Interface activated: wbm1
<6>[ 7025.320000] 8021q: adding VLAN 0 to HW filter on device bat1
<6>[ 7025.350000] device bat1 entered promiscuous mode
<6>[ 7025.350000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 7025.360000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 7025.510000] batman_adv: bat1: distributed_arp_table: Changing from: enabled to: disabled
<6>[ 7027.360000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 7147.610000] batman_adv: bat1: Interface deactivated: wbm1
<6>[ 7147.610000] batman_adv: bat1: Removing interface: wbm1
<6>[ 7147.620000] br-wiredtests: port 2(bat1) entered disabled state
<6>[ 7147.630000] device bat1 left promiscuous mode
<6>[ 7147.630000] br-wiredtests: port 2(bat1) entered disabled state
<6>[ 7151.000000] batman_adv: bat1: Adding interface: lan_12
<6>[ 7151.000000] batman_adv: bat1: The MTU of interface lan_12 is too small (1496) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
<6>[ 7151.030000] batman_adv: bat1: Interface activated: lan_12
<6>[ 7151.030000] 8021q: adding VLAN 0 to HW filter on device bat1
<6>[ 7151.090000] device bat1 entered promiscuous mode
<6>[ 7151.090000] br-wiredtests: port 2(bat1) entered forwarding state
<6>[ 7151.100000] br-wiredtests: port 2(bat1) entered forwarding state
<4>[ 7151.100000] br-wiredtests: received packet on bat1 with own address as source address
<6>[ 7151.220000] batman_adv: bat1: distributed_arp_table: Changing from: enabled to: disabled
<6>[ 7153.100000] br-wiredtests: port 2(bat1) entered forwarding state
<4>[ 7161.020000] br-wiredtests: received packet on bat1 with own address as source address
<4>[ 7171.040000] br-wiredtests: received packet on bat1 with own address as source address
<4>[ 7181.060000] br-wiredtests: received packet on bat1 with own address as source address
<6>[ 7187.400000] batman_adv: bat1: Adding interface: wbm1
<6>[ 7187.410000] batman_adv: bat1: Interface activated: wbm1
<4>[ 7191.080000] br-wiredtests: received packet on bat1 with own address as source address
<4>[ 7201.100000] br-wiredtests: received packet on bat1 with own address as source address
<4>[ 7211.120000] br-wiredtests: received packet on bat1 with own address as source address
<4>[ 7221.140000] br-wiredtests: received packet on bat1 with own address as source address
<1>[ 7224.990000] CPU 0 Unable to handle kernel paging request at virtual address 01020100, epc == 872d000c, ra == 872d0004
<4>[ 7225.000000] Oops[#1]:
<4>[ 7225.000000] CPU: 0 PID: 13762 Comm: kworker/u2:1 Not tainted 3.18.29 #10
<4>[ 7225.000000] Workqueue: bat_events batadv_orig_node_put [batman_adv]
<4>[ 7225.000000] task: 879aa6c0 ti: 861e0000 task.ti: 861e0000
<4>[ 7225.000000] $ 0 : 00000000 00000000 86b76c80 01020100
<4>[ 7225.000000] $ 4 : 00000034 00000400 1100dc00 ffff00fe
<4>[ 7225.000000] $ 8 : 861e1fe0 0000dc00 00000015 000c002a
<4>[ 7225.000000] $12 : 00000001 0000000c 00000000 00000005
<4>[ 7225.000000] $16 : 8628e400 86b76500 86b20440 0000025a
<4>[ 7225.000000] $20 : 86278880 872e0000 00000000 00000034
<4>[ 7225.000000] $24 : 00000010 8006df08
<4>[ 7225.000000] $28 : 861e0000 861e1df0 00200200 872d0004
<4>[ 7225.000000] Hi : 00000009
<4>[ 7225.000000] Lo : 00004e20
<4>[ 7225.000000] epc : 872d000c batadv_orig_node_put+0x250/0x4a4 [batman_adv]
<4>[ 7225.000000] Not tainted
<4>[ 7225.000000] ra : 872d0004 batadv_orig_node_put+0x248/0x4a4 [batman_adv]
<4>[ 7225.000000] Status: 1100dc03 KERNEL EXL IE
<4>[ 7225.000000] Cause : 8080000c
<4>[ 7225.000000] BadVA : 01020100
<4>[ 7225.000000] PrId : 0001974c (MIPS 74Kc)
<4>[ 7225.000000] Modules linked in: ath9k ath9k_common pppoe ppp_async iptable_nat batman_adv ath9k_hw ath pppox ppp_generic nf_nat_ipv4 nf_conntrack_ipv6 nf_conntrack_ipv4 mac80211 ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_nat xt_multiport xt_mark xt_mac xt_limit xt_id xt_conntrack xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_CT slhc nf_reject_ipv4 nf_nat_masquerade_ipv4 nf_nat_ftp nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack_ftp nf_conntrack iptable_raw iptable_mangle iptable_filter ip_tables crc_ccitt compat ledtrig_usbdev libcrc32c ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables dummy ip6_tunnel tunnel6 tun vfat fat ipv6 arc4 crypto_blkcipher usb_storage uhci_hcd ohci_platform ohci_hcd ehci_platform ehci_hcd sd_mod scsi_mod gpio_button_hotplug ext4 jbd2 mbcache usbcore nls_base usb_common crc16 crc32c_generic crypto_hash
<4>[ 7225.000000] Process kworker/u2:1 (pid: 13762, threadinfo=861e0000, task=879aa6c0, tls=00000000)
<4>[ 7225.000000] Stack : 86900258 800993c0 86900240 860db710 86900240 87313c1c 00000000 00000000
<4>[ 7225.000000] 004038c0 86b76c80 86b20504 86b20504 87804a00 87188900 00000000 00000000
<4>[ 7225.000000] 87804a10 87804a00 00000088 872d022c 879aa6c0 80357590 00000000 8009c1c4
<4>[ 7225.000000] 86906380 86906380 86b20504 80091d30 80357590 80066648 00000000 8006df08
<4>[ 7225.000000] 861e1e78 87188e00 86906380 86906380 87804a00 86906398 80305420 00000001
<4>[ 7225.000000] ...
<4>[ 7225.000000] Call Trace:
<4>[ 7225.000000] [<872d000c>] batadv_orig_node_put+0x250/0x4a4 [batman_adv]
<4>[ 7225.000000] [<872d0004>] batadv_orig_node_put+0x248/0x4a4 [batman_adv]
<4>[ 7225.000000]
<4>[ 7225.000000]
<4>[ 7225.000000] Code: 02e02021 8e220000 8e230004 <10400002> ac620000 ac430004 ae3e0004 0dcb3c95 02202021
<4>[ 7225.250000] ---[ end trace 3c49293b9d62884b ]---
===================================
Time: 1462523738.526930
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] Kernel panic by BATMAN_V @WBMv9
2016-05-06 8:50 [B.A.T.M.A.N.] Kernel panic by BATMAN_V @WBMv9 Linus Lüssing
@ 2016-05-06 11:21 ` Marek Lindner
2016-05-06 19:00 ` Antonio Quartulli
0 siblings, 1 reply; 3+ messages in thread
From: Marek Lindner @ 2016-05-06 11:21 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking,
Gui Iribarren
[-- Attachment #1: Type: text/plain, Size: 329 bytes --]
On Friday, May 06, 2016 09:50:16 Linus Lüssing wrote:
> Just dumping this here, got a plane to catch.
>
> Guido can explain how you can trigger this.
Thanks Linus! Unfortunately, this kernel backtrace does not yield much
information. We'll continue deep diving into the matter today.
Safe travels!
Cheers,
Marek
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [B.A.T.M.A.N.] Kernel panic by BATMAN_V @WBMv9
2016-05-06 11:21 ` Marek Lindner
@ 2016-05-06 19:00 ` Antonio Quartulli
0 siblings, 0 replies; 3+ messages in thread
From: Antonio Quartulli @ 2016-05-06 19:00 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking
[-- Attachment #1.1: Type: text/plain, Size: 636 bytes --]
Attached you have the crash log with way more debugging
information after reproducing the issue on my VM with my debugging kernel.
The crash was reproduced using maint.
Cheers,
On Fri, May 06, 2016 at 07:21:59PM +0800, Marek Lindner wrote:
> On Friday, May 06, 2016 09:50:16 Linus Lüssing wrote:
> > Just dumping this here, got a plane to catch.
> >
> > Guido can explain how you can trigger this.
>
> Thanks Linus! Unfortunately, this kernel backtrace does not yield much
> information. We'll continue deep diving into the matter today.
>
> Safe travels!
>
> Cheers,
> Marek
--
Antonio Quartulli
[-- Attachment #1.2: use-after-free.txt --]
[-- Type: text/plain, Size: 40303 bytes --]
root@localhost:~# ================================================================== [1739/1771]
BUG: KASAN: use-after-free in _batadv_purge_orig+0x298/0x920 [batman_adv] at addr ffff88000b9ac7c0
Read of size 8 by task kworker/u2:0/6
=============================================================================
BUG kmalloc-192 (Tainted: G O ): kasan: bad access detected
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Allocated in batadv_neigh_node_new+0x24b/0x780 [batman_adv] age=633 cpu=0 pid=1
___slab_alloc.constprop.28+0x37c/0x3a0
__slab_alloc.constprop.27+0x40/0x90
kmem_cache_alloc+0x117/0x150
batadv_neigh_node_new+0x24b/0x780 [batman_adv]
batadv_v_elp_packet_recv+0x22f/0x3e0 [batman_adv]
batadv_batman_skb_recv+0x1e7/0x210 [batman_adv]
__netif_receive_skb_core+0x8d9/0xb60
__netif_receive_skb+0x32/0xc0
netif_receive_skb_internal+0x65/0x150
napi_gro_receive+0xa3/0x110
virtnet_receive+0x414/0xe40
virtnet_poll+0x1d/0xa0
net_rx_action+0x3a6/0x500
__do_softirq+0x168/0x2e9
irq_exit+0x90/0xa0
do_IRQ+0x6d/0x130
INFO: Freed in __rcu_process_callbacks+0xaa/0x1f0 age=16 cpu=0 pid=3
__slab_free+0x247/0x3a0
kfree+0x1a2/0x1c0
__rcu_process_callbacks+0xaa/0x1f0
rcu_process_callbacks+0x10/0x20
__do_softirq+0x168/0x2e9
run_ksoftirqd+0x1f/0x60
smpboot_thread_fn+0x1d2/0x2f0
kthread+0x193/0x1b0
ret_from_fork+0x22/0x50
INFO: Slab 0xffffea00002e6b00 objects=8 used=6 fp=0xffff88000b9ac7c0 flags=0x4000000000000080
INFO: Object 0xffff88000b9ac7c0 @offset=1984 fp=0xffff88000b9ac5d0
Bytes b4 ffff88000b9ac7b0: 00 00 00 00 03 00 00 00 03 e5 fe ff 00 00 00 00 ................
Object ffff88000b9ac7c0: d0 c5 9a 0b 00 88 ff ff f0 b1 1a 09 00 88 ff ff ................
Object ffff88000b9ac7d0: 80 c9 8a 0b 00 88 ff ff 00 ad be ef 02 02 00 00 ................
Object ffff88000b9ac7e0: 20 e3 12 0a 00 88 ff ff 01 00 00 00 ad 4e ad de ............N..
Object ffff88000b9ac7f0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
Object ffff88000b9ac800: 60 43 05 a0 ff ff ff ff 50 6e 81 82 ff ff ff ff `C......Pn......
Object ffff88000b9ac810: 00 00 00 00 00 00 00 00 00 fd 03 a0 ff ff ff ff ................
Object ffff88000b9ac820: 00 00 00 00 00 00 00 00 d3 04 02 a0 ff ff ff ff ................
Object ffff88000b9ac830: f0 59 1f 0c 00 88 ff ff 02 e5 fe ff 00 00 00 00 .Y..............
Object ffff88000b9ac840: d0 c5 9a 0b 00 88 ff ff 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac850: 00 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 ................
Object ffff88000b9ac860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B O 4.6.0-rc5+ #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191116- 04/01/2014
Workqueue: bat_events batadv_purge_orig [batman_adv]
ffffea00002e6b00 0000000042350634 ffff88000d12fa40 ffffffff81322869
ffff88000d12fa70 ffffffff8116f06d ffff88000d002000 ffffea00002e6b00
ffff88000b9ac7c0 0000000000000000 ffff88000d12fa98 ffffffff81170fdf
Call Trace:
[<ffffffff81322869>] dump_stack+0x19/0x20
[<ffffffff8116f06d>] print_trailer+0x10d/0x1a0
[<ffffffff81170fdf>] object_err+0x2f/0x40
[<ffffffff811754bc>] kasan_report_error+0x22c/0x550
[<ffffffff810a63e6>] ? mark_held_locks+0x96/0xc0
[<ffffffff81062266>] ? __local_bh_enable_ip+0x66/0xb0
[<ffffffff81175d52>] kasan_report+0x52/0x60
[<ffffffffa001f128>] ? _batadv_purge_orig+0x298/0x920 [batman_adv]
[<ffffffff811745fd>] __asan_load8+0x5d/0x70
[<ffffffffa001f128>] _batadv_purge_orig+0x298/0x920 [batman_adv]
[<ffffffffa001f7c4>] batadv_purge_orig+0x14/0x40 [batman_adv]
[<ffffffff8107fd62>] process_one_work+0x3e2/0x7e0
[<ffffffff8107fccc>] ? process_one_work+0x34c/0x7e0
[<ffffffff8107f980>] ? cancel_delayed_work_sync+0x10/0x10
[<ffffffff810a98b5>] ? check_flags.part.26+0x65/0x280
[<ffffffff810801e5>] worker_thread+0x85/0x720
[<ffffffff81080160>] ? process_one_work+0x7e0/0x7e0
[<ffffffff81088a53>] kthread+0x193/0x1b0
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
[<ffffffff8108de9c>] ? finish_task_switch+0xdc/0x280
[<ffffffff81745b32>] ret_from_fork+0x22/0x50
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
Memory state around the buggy address:
ffff88000b9ac680: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88000b9ac780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff88000b9ac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88000b9ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
================================================================== [1651/1771]
BUG: KASAN: use-after-free in _batadv_purge_orig+0x2a5/0x920 [batman_adv] at addr ffff88000b9ac838
Read of size 8 by task kworker/u2:0/6
=============================================================================
BUG kmalloc-192 (Tainted: G B O ): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in batadv_neigh_node_new+0x24b/0x780 [batman_adv] age=634 cpu=0 pid=1
___slab_alloc.constprop.28+0x37c/0x3a0
__slab_alloc.constprop.27+0x40/0x90
kmem_cache_alloc+0x117/0x150
batadv_neigh_node_new+0x24b/0x780 [batman_adv]
batadv_v_elp_packet_recv+0x22f/0x3e0 [batman_adv]
batadv_batman_skb_recv+0x1e7/0x210 [batman_adv]
__netif_receive_skb_core+0x8d9/0xb60
__netif_receive_skb+0x32/0xc0
netif_receive_skb_internal+0x65/0x150
napi_gro_receive+0xa3/0x110
virtnet_receive+0x414/0xe40
virtnet_poll+0x1d/0xa0
net_rx_action+0x3a6/0x500
__do_softirq+0x168/0x2e9
irq_exit+0x90/0xa0
do_IRQ+0x6d/0x130
INFO: Freed in __rcu_process_callbacks+0xaa/0x1f0 age=17 cpu=0 pid=3
__slab_free+0x247/0x3a0
kfree+0x1a2/0x1c0
__rcu_process_callbacks+0xaa/0x1f0
rcu_process_callbacks+0x10/0x20
__do_softirq+0x168/0x2e9
run_ksoftirqd+0x1f/0x60
smpboot_thread_fn+0x1d2/0x2f0
kthread+0x193/0x1b0
ret_from_fork+0x22/0x50
INFO: Slab 0xffffea00002e6b00 objects=8 used=6 fp=0xffff88000b9ac7c0 flags=0x4000000000000080
INFO: Object 0xffff88000b9ac7c0 @offset=1984 fp=0xffff88000b9ac5d0
Bytes b4 ffff88000b9ac7b0: 00 00 00 00 03 00 00 00 03 e5 fe ff 00 00 00 00 ................
Object ffff88000b9ac7c0: d0 c5 9a 0b 00 88 ff ff f0 b1 1a 09 00 88 ff ff ................
Object ffff88000b9ac7d0: 80 c9 8a 0b 00 88 ff ff 00 ad be ef 02 02 00 00 ................
Object ffff88000b9ac7e0: 20 e3 12 0a 00 88 ff ff 01 00 00 00 ad 4e ad de ............N..
Object ffff88000b9ac7f0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
Object ffff88000b9ac800: 60 43 05 a0 ff ff ff ff 50 6e 81 82 ff ff ff ff `C......Pn......
Object ffff88000b9ac810: 00 00 00 00 00 00 00 00 00 fd 03 a0 ff ff ff ff ................
Object ffff88000b9ac820: 00 00 00 00 00 00 00 00 d3 04 02 a0 ff ff ff ff ................
Object ffff88000b9ac830: f0 59 1f 0c 00 88 ff ff 02 e5 fe ff 00 00 00 00 .Y..............
Object ffff88000b9ac840: d0 c5 9a 0b 00 88 ff ff 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac850: 00 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 ................
Object ffff88000b9ac860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B O 4.6.0-rc5+ #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191116- 04/01/2014
Workqueue: bat_events batadv_purge_orig [batman_adv]
ffffea00002e6b00 0000000042350634 ffff88000d12fa40 ffffffff81322869
ffff88000d12fa70 ffffffff8116f06d ffff88000d002000 ffffea00002e6b00
ffff88000b9ac7c0 0000000000000000 ffff88000d12fa98 ffffffff81170fdf
Call Trace:
[<ffffffff81322869>] dump_stack+0x19/0x20
[<ffffffff8116f06d>] print_trailer+0x10d/0x1a0
[<ffffffff81170fdf>] object_err+0x2f/0x40
[<ffffffff811754bc>] kasan_report_error+0x22c/0x550
[<ffffffff81175d52>] kasan_report+0x52/0x60 [1590/1771]
[<ffffffffa001f135>] ? _batadv_purge_orig+0x2a5/0x920 [batman_adv]
[<ffffffff811745fd>] __asan_load8+0x5d/0x70
[<ffffffffa001f135>] _batadv_purge_orig+0x2a5/0x920 [batman_adv]
[<ffffffffa001f7c4>] batadv_purge_orig+0x14/0x40 [batman_adv]
[<ffffffff8107fd62>] process_one_work+0x3e2/0x7e0
[<ffffffff8107fccc>] ? process_one_work+0x34c/0x7e0
[<ffffffff8107f980>] ? cancel_delayed_work_sync+0x10/0x10
[<ffffffff810a98b5>] ? check_flags.part.26+0x65/0x280
[<ffffffff810801e5>] worker_thread+0x85/0x720
[<ffffffff81080160>] ? process_one_work+0x7e0/0x7e0
[<ffffffff81088a53>] kthread+0x193/0x1b0
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
[<ffffffff8108de9c>] ? finish_task_switch+0xdc/0x280
[<ffffffff81745b32>] ret_from_fork+0x22/0x50
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
Memory state around the buggy address:
ffff88000b9ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
>ffff88000b9ac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88000b9ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: use-after-free in _batadv_purge_orig+0x2b2/0x920 [batman_adv] at addr ffff88000b9ac830
Read of size 8 by task kworker/u2:0/6
=============================================================================
BUG kmalloc-192 (Tainted: G B O ): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in batadv_neigh_node_new+0x24b/0x780 [batman_adv] age=635 cpu=0 pid=1
___slab_alloc.constprop.28+0x37c/0x3a0
__slab_alloc.constprop.27+0x40/0x90
kmem_cache_alloc+0x117/0x150
batadv_neigh_node_new+0x24b/0x780 [batman_adv]
batadv_v_elp_packet_recv+0x22f/0x3e0 [batman_adv]
batadv_batman_skb_recv+0x1e7/0x210 [batman_adv]
__netif_receive_skb_core+0x8d9/0xb60
__netif_receive_skb+0x32/0xc0
netif_receive_skb_internal+0x65/0x150
napi_gro_receive+0xa3/0x110
virtnet_receive+0x414/0xe40
virtnet_poll+0x1d/0xa0
net_rx_action+0x3a6/0x500
__do_softirq+0x168/0x2e9
irq_exit+0x90/0xa0
do_IRQ+0x6d/0x130
INFO: Freed in __rcu_process_callbacks+0xaa/0x1f0 age=18 cpu=0 pid=3
__slab_free+0x247/0x3a0
kfree+0x1a2/0x1c0
__rcu_process_callbacks+0xaa/0x1f0
rcu_process_callbacks+0x10/0x20
__do_softirq+0x168/0x2e9
run_ksoftirqd+0x1f/0x60
smpboot_thread_fn+0x1d2/0x2f0
kthread+0x193/0x1b0
ret_from_fork+0x22/0x50
INFO: Slab 0xffffea00002e6b00 objects=8 used=6 fp=0xffff88000b9ac7c0 flags=0x4000000000000080
INFO: Object 0xffff88000b9ac7c0 @offset=1984 fp=0xffff88000b9ac5d0
Bytes b4 ffff88000b9ac7b0: 00 00 00 00 03 00 00 00 03 e5 fe ff 00 00 00 00 ............[1529/1771]
Object ffff88000b9ac7c0: d0 c5 9a 0b 00 88 ff ff f0 b1 1a 09 00 88 ff ff ................
Object ffff88000b9ac7d0: 80 c9 8a 0b 00 88 ff ff 00 ad be ef 02 02 00 00 ................
Object ffff88000b9ac7e0: 20 e3 12 0a 00 88 ff ff 01 00 00 00 ad 4e ad de ............N..
Object ffff88000b9ac7f0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
Object ffff88000b9ac800: 60 43 05 a0 ff ff ff ff 50 6e 81 82 ff ff ff ff `C......Pn......
Object ffff88000b9ac810: 00 00 00 00 00 00 00 00 00 fd 03 a0 ff ff ff ff ................
Object ffff88000b9ac820: 00 00 00 00 00 00 00 00 d3 04 02 a0 ff ff ff ff ................
Object ffff88000b9ac830: f0 59 1f 0c 00 88 ff ff 02 e5 fe ff 00 00 00 00 .Y..............
Object ffff88000b9ac840: d0 c5 9a 0b 00 88 ff ff 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac850: 00 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 ................
Object ffff88000b9ac860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B O 4.6.0-rc5+ #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191116- 04/01/2014
Workqueue: bat_events batadv_purge_orig [batman_adv]
ffffea00002e6b00 0000000042350634 ffff88000d12fa40 ffffffff81322869
ffff88000d12fa70 ffffffff8116f06d ffff88000d002000 ffffea00002e6b00
ffff88000b9ac7c0 0000000000000000 ffff88000d12fa98 ffffffff81170fdf
Call Trace:
[<ffffffff81322869>] dump_stack+0x19/0x20
[<ffffffff8116f06d>] print_trailer+0x10d/0x1a0
[<ffffffff81170fdf>] object_err+0x2f/0x40
[<ffffffff811754bc>] kasan_report_error+0x22c/0x550
[<ffffffff81175d52>] kasan_report+0x52/0x60
[<ffffffffa001f142>] ? _batadv_purge_orig+0x2b2/0x920 [batman_adv]
[<ffffffff811745fd>] __asan_load8+0x5d/0x70
[<ffffffffa001f142>] _batadv_purge_orig+0x2b2/0x920 [batman_adv]
[<ffffffffa001f7c4>] batadv_purge_orig+0x14/0x40 [batman_adv]
[<ffffffff8107fd62>] process_one_work+0x3e2/0x7e0
[<ffffffff8107fccc>] ? process_one_work+0x34c/0x7e0
[<ffffffff8107f980>] ? cancel_delayed_work_sync+0x10/0x10
[<ffffffff810a98b5>] ? check_flags.part.26+0x65/0x280
[<ffffffff810801e5>] worker_thread+0x85/0x720
[<ffffffff81080160>] ? process_one_work+0x7e0/0x7e0
[<ffffffff81088a53>] kthread+0x193/0x1b0
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
[<ffffffff8108de9c>] ? finish_task_switch+0xdc/0x280
[<ffffffff81745b32>] ret_from_fork+0x22/0x50
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
Memory state around the buggy address:
ffff88000b9ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
>ffff88000b9ac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88000b9ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: use-after-free in do_raw_spin_trylock+0x11/0x80 at addr ffff88000b9ac7e8
Read of size 4 by task kworker/u2:0/6
=============================================================================
BUG kmalloc-192 (Tainted: G B O ): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in batadv_neigh_node_new+0x24b/0x780 [batman_adv] age=636 cpu=0 pid=1
___slab_alloc.constprop.28+0x37c/0x3a0
__slab_alloc.constprop.27+0x40/0x90
kmem_cache_alloc+0x117/0x150
batadv_neigh_node_new+0x24b/0x780 [batman_adv]
batadv_v_elp_packet_recv+0x22f/0x3e0 [batman_adv]
batadv_batman_skb_recv+0x1e7/0x210 [batman_adv] [1468/1771]
__netif_receive_skb_core+0x8d9/0xb60
__netif_receive_skb+0x32/0xc0
netif_receive_skb_internal+0x65/0x150
napi_gro_receive+0xa3/0x110
virtnet_receive+0x414/0xe40
virtnet_poll+0x1d/0xa0
net_rx_action+0x3a6/0x500
__do_softirq+0x168/0x2e9
irq_exit+0x90/0xa0
do_IRQ+0x6d/0x130
INFO: Freed in __rcu_process_callbacks+0xaa/0x1f0 age=19 cpu=0 pid=3
__slab_free+0x247/0x3a0
kfree+0x1a2/0x1c0
__rcu_process_callbacks+0xaa/0x1f0
rcu_process_callbacks+0x10/0x20
__do_softirq+0x168/0x2e9
run_ksoftirqd+0x1f/0x60
smpboot_thread_fn+0x1d2/0x2f0
kthread+0x193/0x1b0
ret_from_fork+0x22/0x50
INFO: Slab 0xffffea00002e6b00 objects=8 used=6 fp=0xffff88000b9ac7c0 flags=0x4000000000000080
INFO: Object 0xffff88000b9ac7c0 @offset=1984 fp=0xffff88000b9ac5d0
Bytes b4 ffff88000b9ac7b0: 00 00 00 00 03 00 00 00 03 e5 fe ff 00 00 00 00 ................
Object ffff88000b9ac7c0: d0 c5 9a 0b 00 88 ff ff f0 b1 1a 09 00 88 ff ff ................
Object ffff88000b9ac7d0: 80 c9 8a 0b 00 88 ff ff 00 ad be ef 02 02 00 00 ................
Object ffff88000b9ac7e0: 20 e3 12 0a 00 88 ff ff 01 00 00 00 ad 4e ad de ............N..
Object ffff88000b9ac7f0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
Object ffff88000b9ac800: 60 43 05 a0 ff ff ff ff 50 6e 81 82 ff ff ff ff `C......Pn......
Object ffff88000b9ac810: 00 00 00 00 00 00 00 00 00 fd 03 a0 ff ff ff ff ................
Object ffff88000b9ac820: 00 00 00 00 00 00 00 00 d3 04 02 a0 ff ff ff ff ................
Object ffff88000b9ac830: f0 59 1f 0c 00 88 ff ff 02 e5 fe ff 00 00 00 00 .Y..............
Object ffff88000b9ac840: d0 c5 9a 0b 00 88 ff ff 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac850: 00 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 ................
Object ffff88000b9ac860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B O 4.6.0-rc5+ #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191116- 04/01/2014
Workqueue: bat_events batadv_purge_orig [batman_adv]
ffffea00002e6b00 0000000042350634 ffff88000d12f9f0 ffffffff81322869
ffff88000d12fa20 ffffffff8116f06d ffff88000d002000 ffffea00002e6b00
ffff88000b9ac7c0 0000000000000000 ffff88000d12fa48 ffffffff81170fdf
Call Trace:
[<ffffffff81322869>] dump_stack+0x19/0x20
[<ffffffff8116f06d>] print_trailer+0x10d/0x1a0
[<ffffffff81170fdf>] object_err+0x2f/0x40
[<ffffffff811754bc>] kasan_report_error+0x22c/0x550
[<ffffffff81745066>] ? _raw_spin_unlock_irqrestore+0x36/0x60
[<ffffffff81175d52>] kasan_report+0x52/0x60
[<ffffffff810b0ce1>] ? do_raw_spin_trylock+0x11/0x80
[<ffffffff81174510>] __asan_load4+0x60/0x70
[<ffffffff810b0ce1>] do_raw_spin_trylock+0x11/0x80
[<ffffffff81744d58>] _raw_spin_lock_bh+0x48/0x80
[<ffffffffa001f18c>] ? _batadv_purge_orig+0x2fc/0x920 [batman_adv]
[<ffffffffa001f18c>] _batadv_purge_orig+0x2fc/0x920 [batman_adv]
[<ffffffffa001f7c4>] batadv_purge_orig+0x14/0x40 [batman_adv]
[<ffffffff8107fd62>] process_one_work+0x3e2/0x7e0
[<ffffffff8107fccc>] ? process_one_work+0x34c/0x7e0
[<ffffffff8107f980>] ? cancel_delayed_work_sync+0x10/0x10
[<ffffffff810a98b5>] ? check_flags.part.26+0x65/0x280
[<ffffffff810801e5>] worker_thread+0x85/0x720 [1407/1771]
[<ffffffff81080160>] ? process_one_work+0x7e0/0x7e0
[<ffffffff81088a53>] kthread+0x193/0x1b0
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
[<ffffffff8108de9c>] ? finish_task_switch+0xdc/0x280
[<ffffffff81745b32>] ret_from_fork+0x22/0x50
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
Memory state around the buggy address:
ffff88000b9ac680: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88000b9ac780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff88000b9ac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88000b9ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: use-after-free in do_raw_spin_trylock+0x1c/0x80 at addr ffff88000b9ac7e8
Write of size 4 by task kworker/u2:0/6
=============================================================================
BUG kmalloc-192 (Tainted: G B O ): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in batadv_neigh_node_new+0x24b/0x780 [batman_adv] age=637 cpu=0 pid=1
___slab_alloc.constprop.28+0x37c/0x3a0
__slab_alloc.constprop.27+0x40/0x90
kmem_cache_alloc+0x117/0x150
batadv_neigh_node_new+0x24b/0x780 [batman_adv]
batadv_v_elp_packet_recv+0x22f/0x3e0 [batman_adv]
batadv_batman_skb_recv+0x1e7/0x210 [batman_adv]
__netif_receive_skb_core+0x8d9/0xb60
__netif_receive_skb+0x32/0xc0
netif_receive_skb_internal+0x65/0x150
napi_gro_receive+0xa3/0x110
virtnet_receive+0x414/0xe40
virtnet_poll+0x1d/0xa0
net_rx_action+0x3a6/0x500
__do_softirq+0x168/0x2e9
irq_exit+0x90/0xa0
do_IRQ+0x6d/0x130
INFO: Freed in __rcu_process_callbacks+0xaa/0x1f0 age=20 cpu=0 pid=3
__slab_free+0x247/0x3a0
kfree+0x1a2/0x1c0
__rcu_process_callbacks+0xaa/0x1f0
rcu_process_callbacks+0x10/0x20
__do_softirq+0x168/0x2e9
run_ksoftirqd+0x1f/0x60
smpboot_thread_fn+0x1d2/0x2f0
kthread+0x193/0x1b0
ret_from_fork+0x22/0x50
INFO: Slab 0xffffea00002e6b00 objects=8 used=6 fp=0xffff88000b9ac7c0 flags=0x4000000000000080
INFO: Object 0xffff88000b9ac7c0 @offset=1984 fp=0xffff88000b9ac5d0
Bytes b4 ffff88000b9ac7b0: 00 00 00 00 03 00 00 00 03 e5 fe ff 00 00 00 00 ................
Object ffff88000b9ac7c0: d0 c5 9a 0b 00 88 ff ff f0 b1 1a 09 00 88 ff ff ................
Object ffff88000b9ac7d0: 80 c9 8a 0b 00 88 ff ff 00 ad be ef 02 02 00 00 ................
Object ffff88000b9ac7e0: 20 e3 12 0a 00 88 ff ff 01 00 00 00 ad 4e ad de ............N..
Object ffff88000b9ac7f0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
Object ffff88000b9ac800: 60 43 05 a0 ff ff ff ff 50 6e 81 82 ff ff ff ff `C......Pn......
Object ffff88000b9ac810: 00 00 00 00 00 00 00 00 00 fd 03 a0 ff ff ff ff ................
Object ffff88000b9ac820: 00 00 00 00 00 00 00 00 d3 04 02 a0 ff ff ff ff ................
Object ffff88000b9ac830: f0 59 1f 0c 00 88 ff ff 02 e5 fe ff 00 00 00 00 .Y..............
Object ffff88000b9ac840: d0 c5 9a 0b 00 88 ff ff 00 00 00 00 00 00 00 00 ..............[1346/1771]
Object ffff88000b9ac850: 00 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 ................
Object ffff88000b9ac860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B O 4.6.0-rc5+ #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191116- 04/01/2014
Workqueue: bat_events batadv_purge_orig [batman_adv]
ffffea00002e6b00 0000000042350634 ffff88000d12f9f0 ffffffff81322869
ffff88000d12fa20 ffffffff8116f06d ffff88000d002000 ffffea00002e6b00
ffff88000b9ac7c0 0000000000000000 ffff88000d12fa48 ffffffff81170fdf
Call Trace:
[<ffffffff81322869>] dump_stack+0x19/0x20
[<ffffffff8116f06d>] print_trailer+0x10d/0x1a0
[<ffffffff81170fdf>] object_err+0x2f/0x40
[<ffffffff811754bc>] kasan_report_error+0x22c/0x550
[<ffffffff81175d52>] kasan_report+0x52/0x60
[<ffffffff810b0cec>] ? do_raw_spin_trylock+0x1c/0x80
[<ffffffff81174583>] __asan_store4+0x63/0x80
[<ffffffff810b0cec>] do_raw_spin_trylock+0x1c/0x80
[<ffffffff81744d58>] _raw_spin_lock_bh+0x48/0x80
[<ffffffffa001f18c>] ? _batadv_purge_orig+0x2fc/0x920 [batman_adv]
[<ffffffffa001f18c>] _batadv_purge_orig+0x2fc/0x920 [batman_adv]
[<ffffffffa001f7c4>] batadv_purge_orig+0x14/0x40 [batman_adv]
[<ffffffff8107fd62>] process_one_work+0x3e2/0x7e0
[<ffffffff8107fccc>] ? process_one_work+0x34c/0x7e0
[<ffffffff8107f980>] ? cancel_delayed_work_sync+0x10/0x10
[<ffffffff810a98b5>] ? check_flags.part.26+0x65/0x280
[<ffffffff810801e5>] worker_thread+0x85/0x720
[<ffffffff81080160>] ? process_one_work+0x7e0/0x7e0
[<ffffffff81088a53>] kthread+0x193/0x1b0
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
[<ffffffff8108de9c>] ? finish_task_switch+0xdc/0x280
[<ffffffff81745b32>] ret_from_fork+0x22/0x50
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
Memory state around the buggy address:
ffff88000b9ac680: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88000b9ac780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff88000b9ac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88000b9ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: use-after-free in do_raw_spin_trylock+0x3f/0x80 at addr ffff88000b9ac7f0
Write of size 4 by task kworker/u2:0/6
=============================================================================
BUG kmalloc-192 (Tainted: G B O ): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in batadv_neigh_node_new+0x24b/0x780 [batman_adv] age=638 cpu=0 pid=1
___slab_alloc.constprop.28+0x37c/0x3a0
__slab_alloc.constprop.27+0x40/0x90
kmem_cache_alloc+0x117/0x150
batadv_neigh_node_new+0x24b/0x780 [batman_adv]
batadv_v_elp_packet_recv+0x22f/0x3e0 [batman_adv]
batadv_batman_skb_recv+0x1e7/0x210 [batman_adv]
__netif_receive_skb_core+0x8d9/0xb60
__netif_receive_skb+0x32/0xc0
netif_receive_skb_internal+0x65/0x150
napi_gro_receive+0xa3/0x110
virtnet_receive+0x414/0xe40
virtnet_poll+0x1d/0xa0 [1285/1771]
net_rx_action+0x3a6/0x500
__do_softirq+0x168/0x2e9
irq_exit+0x90/0xa0
do_IRQ+0x6d/0x130
INFO: Freed in __rcu_process_callbacks+0xaa/0x1f0 age=21 cpu=0 pid=3
__slab_free+0x247/0x3a0
kfree+0x1a2/0x1c0
__rcu_process_callbacks+0xaa/0x1f0
rcu_process_callbacks+0x10/0x20
__do_softirq+0x168/0x2e9
run_ksoftirqd+0x1f/0x60
smpboot_thread_fn+0x1d2/0x2f0
kthread+0x193/0x1b0
ret_from_fork+0x22/0x50
INFO: Slab 0xffffea00002e6b00 objects=8 used=6 fp=0xffff88000b9ac7c0 flags=0x4000000000000080
INFO: Object 0xffff88000b9ac7c0 @offset=1984 fp=0xffff88000b9ac5d0
Bytes b4 ffff88000b9ac7b0: 00 00 00 00 03 00 00 00 03 e5 fe ff 00 00 00 00 ................
Object ffff88000b9ac7c0: d0 c5 9a 0b 00 88 ff ff f0 b1 1a 09 00 88 ff ff ................
Object ffff88000b9ac7d0: 80 c9 8a 0b 00 88 ff ff 00 ad be ef 02 02 00 00 ................
Object ffff88000b9ac7e0: 20 e3 12 0a 00 88 ff ff 00 00 00 00 ad 4e ad de ............N..
Object ffff88000b9ac7f0: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................
Object ffff88000b9ac800: 60 43 05 a0 ff ff ff ff 50 6e 81 82 ff ff ff ff `C......Pn......
Object ffff88000b9ac810: 00 00 00 00 00 00 00 00 00 fd 03 a0 ff ff ff ff ................
Object ffff88000b9ac820: 00 00 00 00 00 00 00 00 d3 04 02 a0 ff ff ff ff ................
Object ffff88000b9ac830: f0 59 1f 0c 00 88 ff ff 02 e5 fe ff 00 00 00 00 .Y..............
Object ffff88000b9ac840: d0 c5 9a 0b 00 88 ff ff 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac850: 00 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 ................
Object ffff88000b9ac860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B O 4.6.0-rc5+ #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191116- 04/01/2014
Workqueue: bat_events batadv_purge_orig [batman_adv]
ffffea00002e6b00 0000000042350634 ffff88000d12f9f0 ffffffff81322869
ffff88000d12fa20 ffffffff8116f06d ffff88000d002000 ffffea00002e6b00
ffff88000b9ac7c0 0000000000000000 ffff88000d12fa48 ffffffff81170fdf
Call Trace:
[<ffffffff81322869>] dump_stack+0x19/0x20
[<ffffffff8116f06d>] print_trailer+0x10d/0x1a0
[<ffffffff81170fdf>] object_err+0x2f/0x40
[<ffffffff811754bc>] kasan_report_error+0x22c/0x550
[<ffffffff81175d52>] kasan_report+0x52/0x60
[<ffffffff810b0d0f>] ? do_raw_spin_trylock+0x3f/0x80
[<ffffffff81174583>] __asan_store4+0x63/0x80
[<ffffffff810b0d0f>] do_raw_spin_trylock+0x3f/0x80
[<ffffffff81744d58>] _raw_spin_lock_bh+0x48/0x80
[<ffffffffa001f18c>] ? _batadv_purge_orig+0x2fc/0x920 [batman_adv]
[<ffffffffa001f18c>] _batadv_purge_orig+0x2fc/0x920 [batman_adv]
[<ffffffffa001f7c4>] batadv_purge_orig+0x14/0x40 [batman_adv]
[<ffffffff8107fd62>] process_one_work+0x3e2/0x7e0
[<ffffffff8107fccc>] ? process_one_work+0x34c/0x7e0
[<ffffffff8107f980>] ? cancel_delayed_work_sync+0x10/0x10
[<ffffffff810a98b5>] ? check_flags.part.26+0x65/0x280
[<ffffffff810801e5>] worker_thread+0x85/0x720
[<ffffffff81080160>] ? process_one_work+0x7e0/0x7e0
[<ffffffff81088a53>] kthread+0x193/0x1b0
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
[<ffffffff8108de9c>] ? finish_task_switch+0xdc/0x280
[<ffffffff81745b32>] ret_from_fork+0x22/0x50
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
Memory state around the buggy address: [1224/1771]
ffff88000b9ac680: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88000b9ac780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff88000b9ac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88000b9ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: use-after-free in do_raw_spin_trylock+0x4f/0x80 at addr ffff88000b9ac7f8
Write of size 8 by task kworker/u2:0/6
=============================================================================
BUG kmalloc-192 (Tainted: G B O ): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in batadv_neigh_node_new+0x24b/0x780 [batman_adv] age=639 cpu=0 pid=1
___slab_alloc.constprop.28+0x37c/0x3a0
__slab_alloc.constprop.27+0x40/0x90
kmem_cache_alloc+0x117/0x150
batadv_neigh_node_new+0x24b/0x780 [batman_adv]
batadv_v_elp_packet_recv+0x22f/0x3e0 [batman_adv]
batadv_batman_skb_recv+0x1e7/0x210 [batman_adv]
__netif_receive_skb_core+0x8d9/0xb60
__netif_receive_skb+0x32/0xc0
netif_receive_skb_internal+0x65/0x150
napi_gro_receive+0xa3/0x110
virtnet_receive+0x414/0xe40
virtnet_poll+0x1d/0xa0
net_rx_action+0x3a6/0x500
__do_softirq+0x168/0x2e9
irq_exit+0x90/0xa0
do_IRQ+0x6d/0x130
INFO: Freed in __rcu_process_callbacks+0xaa/0x1f0 age=22 cpu=0 pid=3
__slab_free+0x247/0x3a0
kfree+0x1a2/0x1c0
__rcu_process_callbacks+0xaa/0x1f0
rcu_process_callbacks+0x10/0x20
__do_softirq+0x168/0x2e9
run_ksoftirqd+0x1f/0x60
smpboot_thread_fn+0x1d2/0x2f0
kthread+0x193/0x1b0
ret_from_fork+0x22/0x50
INFO: Slab 0xffffea00002e6b00 objects=8 used=6 fp=0xffff88000b9ac7c0 flags=0x4000000000000080
INFO: Object 0xffff88000b9ac7c0 @offset=1984 fp=0xffff88000b9ac5d0
Bytes b4 ffff88000b9ac7b0: 00 00 00 00 03 00 00 00 03 e5 fe ff 00 00 00 00 ................
Object ffff88000b9ac7c0: d0 c5 9a 0b 00 88 ff ff f0 b1 1a 09 00 88 ff ff ................
Object ffff88000b9ac7d0: 80 c9 8a 0b 00 88 ff ff 00 ad be ef 02 02 00 00 ................
Object ffff88000b9ac7e0: 20 e3 12 0a 00 88 ff ff 00 00 00 00 ad 4e ad de ............N..
Object ffff88000b9ac7f0: 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ................
Object ffff88000b9ac800: 60 43 05 a0 ff ff ff ff 50 6e 81 82 ff ff ff ff `C......Pn......
Object ffff88000b9ac810: 00 00 00 00 00 00 00 00 00 fd 03 a0 ff ff ff ff ................
Object ffff88000b9ac820: 00 00 00 00 00 00 00 00 d3 04 02 a0 ff ff ff ff ................
Object ffff88000b9ac830: f0 59 1f 0c 00 88 ff ff 02 e5 fe ff 00 00 00 00 .Y..............
Object ffff88000b9ac840: d0 c5 9a 0b 00 88 ff ff 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac850: 00 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 ................
Object ffff88000b9ac860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B O 4.6.0-rc5+ #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191116- 04/01/2014
Workqueue: bat_events batadv_purge_orig [batman_adv]
ffffea00002e6b00 0000000042350634 ffff88000d12f9f0 ffffffff81322869 [1163/1771]
ffff88000d12fa20 ffffffff8116f06d ffff88000d002000 ffffea00002e6b00
ffff88000b9ac7c0 0000000000000000 ffff88000d12fa48 ffffffff81170fdf
Call Trace:
[<ffffffff81322869>] dump_stack+0x19/0x20
[<ffffffff8116f06d>] print_trailer+0x10d/0x1a0
[<ffffffff81170fdf>] object_err+0x2f/0x40
[<ffffffff811754bc>] kasan_report_error+0x22c/0x550
[<ffffffff81175d52>] kasan_report+0x52/0x60
[<ffffffff810b0d1f>] ? do_raw_spin_trylock+0x4f/0x80
[<ffffffff81174670>] __asan_store8+0x60/0x70
[<ffffffff810b0d1f>] do_raw_spin_trylock+0x4f/0x80
[<ffffffff81744d58>] _raw_spin_lock_bh+0x48/0x80
[<ffffffffa001f18c>] ? _batadv_purge_orig+0x2fc/0x920 [batman_adv]
[<ffffffffa001f18c>] _batadv_purge_orig+0x2fc/0x920 [batman_adv]
[<ffffffffa001f7c4>] batadv_purge_orig+0x14/0x40 [batman_adv]
[<ffffffff8107fd62>] process_one_work+0x3e2/0x7e0
[<ffffffff8107fccc>] ? process_one_work+0x34c/0x7e0
[<ffffffff8107f980>] ? cancel_delayed_work_sync+0x10/0x10
[<ffffffff810a98b5>] ? check_flags.part.26+0x65/0x280
[<ffffffff810801e5>] worker_thread+0x85/0x720
[<ffffffff81080160>] ? process_one_work+0x7e0/0x7e0
[<ffffffff81088a53>] kthread+0x193/0x1b0
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
[<ffffffff8108de9c>] ? finish_task_switch+0xdc/0x280
[<ffffffff81745b32>] ret_from_fork+0x22/0x50
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
Memory state around the buggy address:
ffff88000b9ac680: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88000b9ac780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff88000b9ac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88000b9ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
==================================================================
BUG: KASAN: use-after-free in _batadv_purge_orig+0x305/0x920 [batman_adv] at addr ffff88000b9ac7e0
Read of size 8 by task kworker/u2:0/6
=============================================================================
BUG kmalloc-192 (Tainted: G B O ): kasan: bad access detected
-----------------------------------------------------------------------------
INFO: Allocated in batadv_neigh_node_new+0x24b/0x780 [batman_adv] age=640 cpu=0 pid=1
___slab_alloc.constprop.28+0x37c/0x3a0
__slab_alloc.constprop.27+0x40/0x90
kmem_cache_alloc+0x117/0x150
batadv_neigh_node_new+0x24b/0x780 [batman_adv]
batadv_v_elp_packet_recv+0x22f/0x3e0 [batman_adv]
batadv_batman_skb_recv+0x1e7/0x210 [batman_adv]
__netif_receive_skb_core+0x8d9/0xb60
__netif_receive_skb+0x32/0xc0
netif_receive_skb_internal+0x65/0x150
napi_gro_receive+0xa3/0x110
virtnet_receive+0x414/0xe40
virtnet_poll+0x1d/0xa0
net_rx_action+0x3a6/0x500
__do_softirq+0x168/0x2e9
irq_exit+0x90/0xa0
do_IRQ+0x6d/0x130
INFO: Freed in __rcu_process_callbacks+0xaa/0x1f0 age=23 cpu=0 pid=3
__slab_free+0x247/0x3a0
kfree+0x1a2/0x1c0 [1102/1771]
__rcu_process_callbacks+0xaa/0x1f0
rcu_process_callbacks+0x10/0x20
__do_softirq+0x168/0x2e9
run_ksoftirqd+0x1f/0x60
smpboot_thread_fn+0x1d2/0x2f0
kthread+0x193/0x1b0
ret_from_fork+0x22/0x50
INFO: Slab 0xffffea00002e6b00 objects=8 used=6 fp=0xffff88000b9ac7c0 flags=0x4000000000000080
INFO: Object 0xffff88000b9ac7c0 @offset=1984 fp=0xffff88000b9ac5d0
Bytes b4 ffff88000b9ac7b0: 00 00 00 00 03 00 00 00 03 e5 fe ff 00 00 00 00 ................
Object ffff88000b9ac7c0: d0 c5 9a 0b 00 88 ff ff f0 b1 1a 09 00 88 ff ff ................
Object ffff88000b9ac7d0: 80 c9 8a 0b 00 88 ff ff 00 ad be ef 02 02 00 00 ................
Object ffff88000b9ac7e0: 20 e3 12 0a 00 88 ff ff 00 00 00 00 ad 4e ad de ............N..
Object ffff88000b9ac7f0: 00 00 00 00 00 00 00 00 00 00 12 0d 00 88 ff ff ................
Object ffff88000b9ac800: 60 43 05 a0 ff ff ff ff 50 6e 81 82 ff ff ff ff `C......Pn......
Object ffff88000b9ac810: 00 00 00 00 00 00 00 00 00 fd 03 a0 ff ff ff ff ................
Object ffff88000b9ac820: 00 00 00 00 00 00 00 00 d3 04 02 a0 ff ff ff ff ................
Object ffff88000b9ac830: f0 59 1f 0c 00 88 ff ff 02 e5 fe ff 00 00 00 00 .Y..............
Object ffff88000b9ac840: d0 c5 9a 0b 00 88 ff ff 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac850: 00 00 00 00 00 00 00 00 90 00 00 00 00 00 00 00 ................
Object ffff88000b9ac860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Object ffff88000b9ac870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
CPU: 0 PID: 6 Comm: kworker/u2:0 Tainted: G B O 4.6.0-rc5+ #78
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.2-20150714_191116- 04/01/2014
Workqueue: bat_events batadv_purge_orig [batman_adv]
ffffea00002e6b00 0000000042350634 ffff88000d12fa40 ffffffff81322869
ffff88000d12fa70 ffffffff8116f06d ffff88000d002000 ffffea00002e6b00
ffff88000b9ac7c0 0000000000000000 ffff88000d12fa98 ffffffff81170fdf
Call Trace:
[<ffffffff81322869>] dump_stack+0x19/0x20
[<ffffffff8116f06d>] print_trailer+0x10d/0x1a0
[<ffffffff81170fdf>] object_err+0x2f/0x40
[<ffffffff811754bc>] kasan_report_error+0x22c/0x550
[<ffffffff81175d52>] ? kasan_report+0x52/0x60
[<ffffffff81175d52>] kasan_report+0x52/0x60
[<ffffffffa001f195>] ? _batadv_purge_orig+0x305/0x920 [batman_adv]
[<ffffffff811745fd>] __asan_load8+0x5d/0x70
[<ffffffffa001f195>] _batadv_purge_orig+0x305/0x920 [batman_adv]
[<ffffffffa001f7c4>] batadv_purge_orig+0x14/0x40 [batman_adv]
[<ffffffff8107fd62>] process_one_work+0x3e2/0x7e0
[<ffffffff8107fccc>] ? process_one_work+0x34c/0x7e0
[<ffffffff8107f980>] ? cancel_delayed_work_sync+0x10/0x10
[<ffffffff810a98b5>] ? check_flags.part.26+0x65/0x280
[<ffffffff810801e5>] worker_thread+0x85/0x720
[<ffffffff81080160>] ? process_one_work+0x7e0/0x7e0
[<ffffffff81088a53>] kthread+0x193/0x1b0
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
[<ffffffff8108de9c>] ? finish_task_switch+0xdc/0x280
[<ffffffff81745b32>] ret_from_fork+0x22/0x50
[<ffffffff810888c0>] ? kthread_create_on_node+0x340/0x340
Memory state around the buggy address:
ffff88000b9ac680: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff88000b9ac700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88000b9ac780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
^
ffff88000b9ac800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88000b9ac880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-05-06 19:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-06 8:50 [B.A.T.M.A.N.] Kernel panic by BATMAN_V @WBMv9 Linus Lüssing
2016-05-06 11:21 ` Marek Lindner
2016-05-06 19:00 ` Antonio Quartulli
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.