Hi Tommi,
I am not sure, but is seems like the following patch is what you need:
commit 9b3009604b8e ("tipc: add net device to skb before UDP xmit")
This was applied in tipc 4.5.Is this a stooping problem for you? BR ///jon > -----Original Message----- > From: netdev-ow...@vger.kernel.org [mailto:netdev- > ow...@vger.kernel.org] On Behalf Of Tommi Rantala > Sent: Monday, November 13, 2017 11:23 > To: Jon Maloy <jon.ma...@ericsson.com>; Ying Xue > <ying....@windriver.com>; David S. Miller <da...@davemloft.net>; > netdev@vger.kernel.org; tipc-discuss...@lists.sourceforge.net; linux- > ker...@vger.kernel.org > Subject: tipc_udp_send_msg oops in 4.4 when setting link tolerance > > Hi, > > I always get an instant TIPC oops in 4.4, when I try to set the link tolerance > (with LINKNAME != "broadcast-link"): > > $ tipc link set tolerance 1000 link $LINKNAME > > Any idea what's going on? Some tipc patch missing in 4.4? > > In 4.9 the "tipc" command executes just fine, but I've seen a few times that > later some random process crashes with "BUG: Bad page state". KASAN does > not report anything before it happens. > > 4.14 is OK, could not reproduce these problems with it. > > > > > tipc_udp_send_msg+0x102/0x4f0 > > matches to: > tipc_udp_send_msg at linux-stable/net/tipc/udp_media.c:172 > > static int tipc_udp_send_msg(struct net *net, struct sk_buff *skb, > struct tipc_bearer *b, > struct tipc_media_addr *dest) { > int ttl, err = 0; > struct udp_bearer *ub; > struct udp_media_addr *dst = (struct udp_media_addr *)&dest->value; > struct udp_media_addr *src = (struct udp_media_addr *)&b- > >addr.value; > struct rtable *rt; > > if (skb_headroom(skb) < UDP_MIN_HEADROOM) { > err = pskb_expand_head(skb, UDP_MIN_HEADROOM, 0, > GFP_ATOMIC); > if (err) > goto tx_error; > } > > skb_set_inner_protocol(skb, htons(ETH_P_TIPC)); > ub = rcu_dereference_rtnl(b->media_ptr); > if (!ub) { > err = -ENODEV; > goto tx_error; > } > if (dst->proto == htons(ETH_P_IP)) { <------ HERE > > > > [ 111.423647] > ========================================================== > ======== > [ 111.424826] BUG: KASAN: null-ptr-deref on address (null) > [ 111.425538] Read of size 2 by task tipc/2643 [ 111.426215] CPU: 3 PID: > 2643 > Comm: tipc Not tainted 4.4.97-pc64 #1 [ 111.428081] 0000000000000000 > ffff880026327478 ffffffff8248005e > 0000000000000002 > [ 111.429476] ffff880047ad5ac0 ffff8800263274f8 ffffffff8227f5af > 0000000265711040 > [ 111.430728] 0000000000000000 0000000000000297 ffffffffa0387fd2 > 02090220ffffffff [ 111.432051] Call Trace: > [ 111.432472] [<ffffffff8248005e>] dump_stack+0x86/0xc8 [ 111.433208] > [<ffffffff8227f5af>] kasan_report.part.2+0x41f/0x520 [ 111.434040] > [<ffffffffa0387fd2>] ? tipc_udp_send_msg+0x102/0x4f0 [tipc] [ 111.434908] > [<ffffffff8227f965>] kasan_report+0x25/0x30 [ 111.435647] > [<ffffffff8227e3a6>] __asan_load2+0x66/0x70 [ 111.436391] > [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [ 111.437334] > [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.438301] > [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.439328] > [<ffffffff8227e04c>] ? > __kmalloc_node_track_caller+0xac/0x230 > [ 111.440493] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ > 111.441479] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [ > 111.442628] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.443598] > [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.444610] > [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.445539] [<ffffffff8275fab3>] > ? __alloc_skb+0x2b3/0x310 [ 111.446560] [<ffffffff8275f800>] ? > skb_complete_tx_timestamp+0x110/0x110 > [ 111.447695] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0 [ > 111.448735] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.449608] > [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.450524] > [<ffffffffa03665e8>] ? > tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.451946] > [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [ 111.453078] > [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [ 111.454218] > [<ffffffffa036a4f0>] ? > tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.455542] > [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.456659] > [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [ > 111.457831] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [ > 111.458884] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [ > 111.459931] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.460892] > [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.461948] > [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [ 111.463107] > [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.463987] > [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180 > [ 111.465048] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [ > 111.465986] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180 > [ 111.467045] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [ > 111.468067] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [ 111.468994] > [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.469939] > [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.470954] > [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.471798] [<ffffffff827d0a27>] > netlink_unicast+0x2e7/0x3a0 [ 111.472806] [<ffffffff827d0740>] ? > netlink_attachskb+0x330/0x330 [ 111.473845] [<ffffffff8249b731>] ? > copy_from_iter+0xf1/0x3b0 [ 111.474847] [<ffffffff827d0f8d>] > netlink_sendmsg+0x4ad/0x620 [ 111.475788] [<ffffffff827d0ae0>] ? > netlink_unicast+0x3a0/0x3a0 [ 111.476793] [<ffffffff822c0683>] ? > __fdget+0x13/0x20 [ 111.477723] [<ffffffff82751575>] ? > sockfd_lookup_light+0x95/0xb0 [ 111.478773] [<ffffffff827538fc>] > SYSC_sendto+0x1bc/0x290 [ 111.479659] [<ffffffff82753740>] ? > sock_write_iter+0x200/0x200 [ 111.480692] [<ffffffff822c0683>] ? > __fdget+0x13/0x20 [ 111.481559] [<ffffffff82751575>] ? > sockfd_lookup_light+0x95/0xb0 [ 111.482591] [<ffffffff827caf71>] ? > netlink_getname+0xb1/0x110 [ 111.483570] [<ffffffff82750b0c>] ? > move_addr_to_user+0x5c/0x70 [ 111.484539] [<ffffffff82751706>] ? > SYSC_getsockname+0x176/0x190 [ 111.485540] [<ffffffff82751590>] ? > sockfd_lookup_light+0xb0/0xb0 [ 111.486558] [<ffffffff82753225>] ? > SYSC_bind+0xe5/0x180 [ 111.487548] [<ffffffff82753140>] ? > __sock_recv_ts_and_drops+0x260/0x260 > [ 111.488700] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.489596] > [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.490553] > [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.491437] > [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.492505] > [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.493557] > [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.494629] > [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.495588] > [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d > [ 111.496697] > ========================================================== > ======== > [ 111.498005] Disabling lock debugging due to kernel taint [ 111.499059] > BUG: unable to handle kernel NULL pointer dereference at > (null) > [ 111.500698] IP: [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 > [tipc] [ 111.502027] PGD 4b01c067 PUD 1f0a5067 PMD 0 [ 111.503053] Oops: > 0000 [#1] SMP KASAN [ 111.503980] Modules linked in: ip6table_mangle > ip6_tables iptable_mangle iptable_filter ip_tables x_tables tipc > ip6_udp_tunnel udp_tunnel fuse isofs aesni_intel aes_x86_64 glue_helper > lrw gf128mul ablk_helper cryptd ata_piix i6300esb sch_fq_codel > nf_conntrack_proto_sctp nf_conntrack autofs4 > [ 111.509927] CPU: 3 PID: 2643 Comm: tipc Tainted: G B > 4.4.97-pc64 #1 > [ 111.511249] Hardware name: Fedora Project OpenStack Nova, BIOS > seabios-1.7.5-11.el7.tis.1 04/01/2014 > [ 111.512935] task: ffff880047ad5ac0 ti: ffff880026320000 task.ti: > ffff880026320000 > [ 111.514283] RIP: 0010:[<ffffffffa0387fd2>] [<ffffffffa0387fd2>] > tipc_udp_send_msg+0x102/0x4f0 [tipc] > [ 111.515960] RSP: 0018:ffff880026327528 EFLAGS: 00010292 [ 111.516832] > RAX: ffff880047ad5ac0 RBX: ffff880065711040 RCX: > 0000000000000000 > [ 111.517992] RDX: 1ffffffff06b9196 RSI: 0000000000000297 RDI: > 0000000000000297 > [ 111.519117] RBP: ffff8800263276f0 R08: 0000000000000000 R09: > fffffbfff069f014 > [ 111.520228] R10: dffffc0000000001 R11: ffff88006bc02a00 R12: > 1ffff10004c64eb1 > [ 111.521361] R13: ffff88005ad07750 R14: 0000000000000000 R15: > ffff88005154d9e0 > [ 111.522538] FS: 00007f467f3ac700(0000) GS:ffff88006c380000(0000) > knlGS:0000000000000000 > [ 111.523960] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ > 111.524947] CR2: 0000000000000000 CR3: 000000001f076000 CR4: > 00000000001406e0 > [ 111.526084] Stack: > [ 111.526551] 1ffff1000a2c11d8 ffff880026327550 ffffffff8227eb1e > ffff880051608cc0 > [ 111.528272] ffff88006bc02a00 ffff880026327560 ffffffff8227edfd > ffff8800263275b0 > [ 111.529886] ffffffff8227e04c ffff880026327590 ffffffff8227eb1e > ffffffff832dfec0 > [ 111.531535] Call Trace: > [ 111.532106] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ > 111.533075] [<ffffffff8227edfd>] ? kasan_slab_alloc+0xd/0x10 [ 111.534041] > [<ffffffff8227e04c>] ? > __kmalloc_node_track_caller+0xac/0x230 > [ 111.535102] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ > 111.536047] [<ffffffffa0387ed0>] ? tipc_udp_disable+0xe0/0xe0 [tipc] [ > 111.537186] [<ffffffff8227eb1e>] ? kasan_kmalloc+0x5e/0x70 [ 111.538139] > [<ffffffff8227ef52>] ? kasan_krealloc+0x62/0x80 [ 111.539106] > [<ffffffff8227ebf8>] ? memset+0x28/0x30 [ 111.539946] [<ffffffff8275fab3>] > ? __alloc_skb+0x2b3/0x310 [ 111.540876] [<ffffffff8275f800>] ? > skb_complete_tx_timestamp+0x110/0x110 > [ 111.541954] [<ffffffff82147a16>] ? __module_text_address+0x16/0xa0 [ > 111.542978] [<ffffffff8275e3fb>] ? skb_put+0x8b/0xd0 [ 111.543914] > [<ffffffff8227ec76>] ? memcpy+0x36/0x40 [ 111.544817] > [<ffffffffa03665e8>] ? > tipc_link_build_proto_msg+0x398/0x4c0 [tipc] [ 111.546199] > [<ffffffffa0364920>] tipc_bearer_xmit_skb+0xa0/0xb0 [tipc] [ 111.547355] > [<ffffffffa036a60b>] tipc_link_proto_xmit+0x11b/0x160 [tipc] [ 111.548482] > [<ffffffffa036a4f0>] ? > tipc_link_build_reset_msg+0x50/0x50 [tipc] [ 111.549763] > [<ffffffffa036c5be>] tipc_nl_link_set+0x1ee/0x3b0 [tipc] [ 111.550822] > [<ffffffffa036c3d0>] ? tipc_nl_parse_link_prop+0xd0/0xd0 [tipc] [ > 111.551921] [<ffffffff82190a29>] ? is_ftrace_trampoline+0x59/0x90 [ > 111.552961] [<ffffffff820b15a5>] ? __kernel_text_address+0x65/0x80 [ > 111.554010] [<ffffffff824ba386>] ? nla_parse+0xb6/0x140 [ 111.554906] > [<ffffffff827d20ee>] genl_family_rcv_msg+0x37e/0x5e0 [ 111.555954] > [<ffffffffa0380005>] ? set_orig_addr.isra.53+0xe5/0x120 [tipc] [ 111.557104] > [<ffffffff827d1d70>] ? genl_rcv+0x40/0x40 [ 111.557949] > [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180 > [ 111.559030] [<ffffffff8227a39d>] ? ___slab_alloc+0x43d/0x460 [ > 111.559983] [<ffffffff82278864>] ? alloc_debug_processing+0x154/0x180 > [ 111.561058] [<ffffffff827cde5c>] ? netlink_lookup+0x19c/0x220 [ > 111.562038] [<ffffffff827d2428>] genl_rcv_msg+0xd8/0x110 [ 111.562966] > [<ffffffff827d143b>] netlink_rcv_skb+0x14b/0x180 [ 111.563930] > [<ffffffff827d2350>] ? genl_family_rcv_msg+0x5e0/0x5e0 [ 111.564949] > [<ffffffff827d1d58>] genl_rcv+0x28/0x40 [ 111.565818] [<ffffffff827d0a27>] > netlink_unicast+0x2e7/0x3a0 [ 111.566759] [<ffffffff827d0740>] ? > netlink_attachskb+0x330/0x330 [ 111.567765] [<ffffffff8249b731>] ? > copy_from_iter+0xf1/0x3b0 [ 111.568707] [<ffffffff827d0f8d>] > netlink_sendmsg+0x4ad/0x620 [ 111.569706] [<ffffffff827d0ae0>] ? > netlink_unicast+0x3a0/0x3a0 [ 111.570658] [<ffffffff822c0683>] ? > __fdget+0x13/0x20 [ 111.571548] [<ffffffff82751575>] ? > sockfd_lookup_light+0x95/0xb0 [ 111.572541] [<ffffffff827538fc>] > SYSC_sendto+0x1bc/0x290 [ 111.573459] [<ffffffff82753740>] ? > sock_write_iter+0x200/0x200 [ 111.574435] [<ffffffff822c0683>] ? > __fdget+0x13/0x20 [ 111.575330] [<ffffffff82751575>] ? > sockfd_lookup_light+0x95/0xb0 [ 111.576354] [<ffffffff827caf71>] ? > netlink_getname+0xb1/0x110 [ 111.577371] [<ffffffff82750b0c>] ? > move_addr_to_user+0x5c/0x70 [ 111.578385] [<ffffffff82751706>] ? > SYSC_getsockname+0x176/0x190 [ 111.579407] [<ffffffff82751590>] ? > sockfd_lookup_light+0xb0/0xb0 [ 111.580431] [<ffffffff82753225>] ? > SYSC_bind+0xe5/0x180 [ 111.581369] [<ffffffff82753140>] ? > __sock_recv_ts_and_drops+0x260/0x260 > [ 111.582518] [<ffffffff822c132b>] ? fd_install+0x3b/0x50 [ 111.583450] > [<ffffffff827514b4>] ? sock_map_fd+0x44/0x70 [ 111.584417] > [<ffffffff82753f4c>] ? SyS_socket+0xcc/0x120 [ 111.585353] > [<ffffffff82753e80>] ? move_addr_to_kernel+0x40/0x40 [ 111.586405] > [<ffffffff820022b6>] ? exit_to_usermode_loop+0x86/0x120 [ 111.587434] > [<ffffffff82002017>] ? trace_hardirqs_on_thunk+0x17/0x19 [ 111.588511] > [<ffffffff827544ce>] SyS_sendto+0xe/0x10 [ 111.589378] > [<ffffffff829299ae>] entry_SYSCALL_64_fastpath+0x12/0x6d > [ 111.590420] Code: 00 00 e8 e2 64 ef e1 4c 89 ef 80 a3 93 00 00 00 f7 > e8 43 65 ef e1 4d 8b 7d 00 4d 85 ff 0f 84 db 03 00 00 4c 89 f7 e8 6e 63 ef e1 > <66> 41 83 3e 08 0f 84 80 01 00 00 48 8d bc 24 20 01 00 00 31 c0 [ > 111.598579] > RIP [<ffffffffa0387fd2>] tipc_udp_send_msg+0x102/0x4f0 [tipc] [ > 111.599831] RSP <ffff880026327528> [ 111.600538] CR2: 0000000000000000 [ > 111.601202] ---[ end trace 827dd66f798de44a ]--- [ 111.602025] Kernel panic - > not syncing: Fatal exception in interrupt [ 111.614704] Kernel Offset: > disabled > [ 111.615249] Rebooting in 60 seconds.. > > > > > > [ 31.985039] BUG: Bad page state in process ___ pfn:400c0 > [ 31.985680] page:ffffea0001003000 count:0 mapcount:0 > mapping:000000000000003c index:0x0 > [ 31.986619] flags: 0x10000(mappedtodisk) > [ 31.987081] page dumped because: PAGE_FLAGS_CHECK_AT_PREP flag set > [ 31.987701] bad because of flags: 0x10000(mappedtodisk) > [ 31.988268] Modules linked in: iptable_filter ip_tables x_tables tipc ... > [ 31.991804] CPU: 3 PID: 2716 Not tainted 4.9.52 #1 > [ 31.993608] ffffc90003023b28 ffffffff822ee180 ffffea0001003000 > ffffffff827b76c8 > [ 31.994792] ffffc90003023b50 ffffffff8215c5e4 0000000000010000 > ffffea0001000000 > [ 31.995986] 0000000000000009 ffffc90003023b60 ffffffff8215c71f > ffffc90003023c28 > [ 31.997380] Call Trace: > [ 31.997780] [<ffffffff822ee180>] dump_stack+0x86/0xc6 > [ 31.998460] [<ffffffff8215c5e4>] bad_page+0xc4/0x130 > [ 31.999160] [<ffffffff8215c71f>] check_new_page_bad+0x5f/0x70 > [ 31.999968] [<ffffffff8215fe5a>] get_page_from_freelist+0x7ca/0xb20 > [ 32.000782] [<ffffffff8216123c>] __alloc_pages_nodemask+0xdc/0x220 > [ 32.001621] [<ffffffff821a4c18>] alloc_fresh_huge_page+0x68/0xc0 > [ 32.002407] [<ffffffff821a590f>] set_max_huge_pages+0x4df/0x530 > [ 32.003176] [<ffffffff8230698c>] ? _kstrtoull+0x2c/0x70 > [ 32.003841] [<ffffffff821a59ec>] nr_hugepages_store_common+0x8c/0xf0 > [ 32.004619] [<ffffffff821c2626>] ? > mem_cgroup_commit_charge+0x66/0x430 > [ 32.005384] [<ffffffff821a5a83>] nr_hugepages_store+0x13/0x20 > [ 32.006176] [<ffffffff822f02bf>] kobj_attr_store+0xf/0x20 > [ 32.006838] [<ffffffff82237877>] sysfs_kf_write+0x37/0x40 > [ 32.007534] [<ffffffff82236bcc>] kernfs_fop_write+0x11c/0x1b0 > [ 32.008258] [<ffffffff821c7068>] __vfs_write+0x28/0x120 > [ 32.008931] [<ffffffff820fb23d>] ? __audit_syscall_entry+0xad/0xf0 > [ 32.009681] [<ffffffff821c7735>] vfs_write+0xb5/0x1a0 > [ 32.010308] [<ffffffff821c8a96>] SyS_write+0x46/0xa0 > [ 32.010917] [<ffffffff8204b8fa>] ? trace_do_page_fault+0x5a/0x140 > [ 32.011741] [<ffffffff82002bfe>] do_syscall_64+0x7e/0x1a0 > [ 32.012476] [<ffffffff825dc0c4>] entry_SYSCALL64_slow_path+0x25/0x25 > [ 32.013244] Disabling lock debugging due to kernel taint > [ 34.055994] ip6_tables: (C) 2000-2006 Netfilter Core Team > > > -Tommi
