[PATCH] batman-adv: Drop repeated words in comments
by Sven Eckelmann
checkpatch found various instances of "Possible repeated word" in various
comments.
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
---
net/batman-adv/bridge_loop_avoidance.c | 2 +-
net/batman-adv/fragmentation.c | 2 +-
net/batman-adv/hard-interface.c | 2 +-
net/batman-adv/multicast.c | 2 +-
net/batman-adv/network-coding.c | 2 +-
net/batman-adv/send.c | 2 +-
net/batman-adv/soft-interface.c | 4 ++--
7 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
index 91a04ca3..5c41cc52 100644
--- a/net/batman-adv/bridge_loop_avoidance.c
+++ b/net/batman-adv/bridge_loop_avoidance.c
@@ -1795,7 +1795,7 @@ batadv_bla_loopdetect_check(struct batadv_priv *bat_priv, struct sk_buff *skb,
ret = queue_work(batadv_event_workqueue, &backbone_gw->report_work);
- /* backbone_gw is unreferenced in the report work function function
+ /* backbone_gw is unreferenced in the report work function
* if queue_work() call was successful
*/
if (!ret)
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
index 9fdbe306..9a47ef8b 100644
--- a/net/batman-adv/fragmentation.c
+++ b/net/batman-adv/fragmentation.c
@@ -306,7 +306,7 @@ batadv_frag_merge_packets(struct hlist_head *chain)
* set *skb to merged packet; 2) Packet is buffered: Return true and set *skb
* to NULL; 3) Error: Return false and free skb.
*
- * Return: true when the packet is merged or buffered, false when skb is not not
+ * Return: true when the packet is merged or buffered, false when skb is not
* used.
*/
bool batadv_frag_skb_buffer(struct sk_buff **skb,
diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
index fa06b51c..715f169c 100644
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
@@ -599,7 +599,7 @@ int batadv_hardif_min_mtu(struct net_device *soft_iface)
/* report to the other components the maximum amount of bytes that
* batman-adv can send over the wire (without considering the payload
* overhead). For example, this value is used by TT to compute the
- * maximum local table table size
+ * maximum local table size
*/
atomic_set(&bat_priv->packet_size_max, min_mtu);
diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c
index bdc4a1fb..1622c3f5 100644
--- a/net/batman-adv/multicast.c
+++ b/net/batman-adv/multicast.c
@@ -207,7 +207,7 @@ static u8 batadv_mcast_mla_rtr_flags_bridge_get(struct batadv_priv *bat_priv,
return BATADV_MCAST_WANT_NO_RTR4 | BATADV_MCAST_WANT_NO_RTR6;
/* TODO: ask the bridge if a multicast router is present (the bridge
- * is capable of performing proper RFC4286 multicast multicast router
+ * is capable of performing proper RFC4286 multicast router
* discovery) instead of searching for a ff02::2 listener here
*/
ret = br_multicast_list_adjacent(dev, &bridge_mcast_list);
diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
index 48d70785..64619b7a 100644
--- a/net/batman-adv/network-coding.c
+++ b/net/batman-adv/network-coding.c
@@ -250,7 +250,7 @@ static void batadv_nc_path_put(struct batadv_nc_path *nc_path)
/**
* batadv_nc_packet_free() - frees nc packet
* @nc_packet: the nc packet to free
- * @dropped: whether the packet is freed because is is dropped
+ * @dropped: whether the packet is freed because is dropped
*/
static void batadv_nc_packet_free(struct batadv_nc_packet *nc_packet,
bool dropped)
diff --git a/net/batman-adv/send.c b/net/batman-adv/send.c
index d267b948..87017332 100644
--- a/net/batman-adv/send.c
+++ b/net/batman-adv/send.c
@@ -461,7 +461,7 @@ int batadv_send_skb_via_gw(struct batadv_priv *bat_priv, struct sk_buff *skb,
/**
* batadv_forw_packet_free() - free a forwarding packet
* @forw_packet: The packet to free
- * @dropped: whether the packet is freed because is is dropped
+ * @dropped: whether the packet is freed because is dropped
*
* This frees a forwarding packet and releases any resources it might
* have claimed.
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
index 23833a0b..9d3974ba 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
@@ -649,7 +649,7 @@ static void batadv_softif_destroy_vlan(struct batadv_priv *bat_priv,
/**
* batadv_interface_add_vid() - ndo_add_vid API implementation
* @dev: the netdev of the mesh interface
- * @proto: protocol of the the vlan id
+ * @proto: protocol of the vlan id
* @vid: identifier of the new vlan
*
* Set up all the internal structures for handling the new vlan on top of the
@@ -707,7 +707,7 @@ static int batadv_interface_add_vid(struct net_device *dev, __be16 proto,
/**
* batadv_interface_kill_vid() - ndo_kill_vid API implementation
* @dev: the netdev of the mesh interface
- * @proto: protocol of the the vlan id
+ * @proto: protocol of the vlan id
* @vid: identifier of the deleted vlan
*
* Destroy all the internal structures used to handle the vlan identified by vid
--
2.20.1
2 years, 6 months
[PATCH] batman-adv: Fix own OGM check in aggregated OGMs
by Linus Lüssing
The own OGM check is currently misplaced and can lead to the following
issues:
For one thing we might receive an aggregated OGM from a neighbor node
which has our own OGM in the first place. We would then not only skip
our own OGM but erroneously also any other, following OGM in the
aggregate.
For another, we might receive an OGM aggregate which has our own OGM in
a place other then the first one. Then we would wrongly not skip this
OGM, leading to populating the orginator and gateway table with ourself.
The latter seems to not only be a cosmetic issue, but there were reports
that this causes issues with various subsystems of batman-adv, too. For
instance there were reports about issues with DAT and either disabling
DAT or aggregation seemed to solve it.
Fixing these issues by applying the own OGM check not on the first OGM
in an aggregate but for each OGM in an aggregate instead.
Fixes: 667996ebeab ("batman-adv: OGMv2 - implement originators logic")
Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue>
---
net/batman-adv/bat_v_ogm.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c
index 0f8495b9..717fe657 100644
--- a/net/batman-adv/bat_v_ogm.c
+++ b/net/batman-adv/bat_v_ogm.c
@@ -881,6 +881,12 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset,
ntohl(ogm_packet->seqno), ogm_throughput, ogm_packet->ttl,
ogm_packet->version, ntohs(ogm_packet->tvlv_len));
+ if (batadv_is_my_mac(bat_priv, ogm_packet->orig)) {
+ batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
+ "Drop packet: originator packet from ourself\n");
+ return;
+ }
+
/* If the throughput metric is 0, immediately drop the packet. No need
* to create orig_node / neigh_node for an unusable route.
*/
@@ -1008,11 +1014,6 @@ int batadv_v_ogm_packet_recv(struct sk_buff *skb,
if (batadv_is_my_mac(bat_priv, ethhdr->h_source))
goto free_skb;
- ogm_packet = (struct batadv_ogm2_packet *)skb->data;
-
- if (batadv_is_my_mac(bat_priv, ogm_packet->orig))
- goto free_skb;
-
batadv_inc_counter(bat_priv, BATADV_CNT_MGMT_RX);
batadv_add_counter(bat_priv, BATADV_CNT_MGMT_RX_BYTES,
skb->len + ETH_HLEN);
--
2.28.0.rc1
2 years, 6 months
batadv gw_mode client 0?
by Rob Cowart
Hi,
We've been using batman with alfred and MQTT on raspbian for about 3 years. We found it to be useful up to about 15 nodes, and then we'd saturate the wifi. Then we downgraded the driver and we can get slightly over 30. but something we found was all of our nodes were using gw_mode client 0, and we realized this isn't listed in the spec. Do you know what it does in that case, does it use the default of 20?
Thanks,
Rov
2 years, 6 months
Batman_V Originator Loop Issue
by lavincent15@gmail.com
Running batctl 2020.1-openwrt-1 [batman-adv: 2020.1-openwrt-2]
When running a two node network with one node connected to my lan and the other operating as an access point, my network works great. I can connect clients to my batman nodes and access my LAN.
When booting up a third node. My network works for 1 minute, then breaks down. My LAN cannot ping any of the batman nodes anymore.
I keep receiving messages like this: "[ 2900.755655] br-lan: received packet on bat0 with own address as source address (addr:8c:ae:4c:db:14:5c, vlan:0)" which signifies a bridge loop I think.
My originator messages look wrong as I can see my host originator messages along with all the neigbor nodes:
root@OpenWrt:/etc/config# batctl o -n
[B.A.T.M.A.N. adv 2020.1-openwrt-2, MainIF/MAC: mesh0/00:30:1a:4e:b8:26 (bat0/f2:07:f1:5f:e0:78 BATMAN_V)]
Originator last-seen ( throughput) Nexthop [outgoingIF]
* 00:30:1a:4e:b8:18 0.570s ( 86.7) 00:30:1a:4e:b8:2e [ mesh0]
00:30:1a:4e:b8:18 0.570s ( 21.6) 00:30:1a:4e:b8:18 [ mesh0]
* 00:30:1a:4e:b8:2e 1.510s ( 212.6) 00:30:1a:4e:b8:2e [ mesh0]
00:30:1a:4e:b8:2e 1.510s ( 38.9) 00:30:1a:4e:b8:18 [ mesh0]
00:30:1a:4e:b8:26 1.510s ( 38.9) 00:30:1a:4e:b8:18 [ mesh0]
* 00:30:1a:4e:b8:26 1.510s ( 108.9) 00:30:1a:4e:b8:2e [ mesh0]
root@OpenWrt:/etc/config# batctl n -n
[B.A.T.M.A.N. adv 2020.1-openwrt-2, MainIF/MAC: mesh0/00:30:1a:4e:b8:26 (bat0/f2:07:f1:5f:e0:78 BATMAN_V)]
IF Neighbor last-seen
00:30:1a:4e:b8:2e 0.490s ( 179.0) [ mesh0]
00:30:1a:4e:b8:18 0.380s ( 79.2) [ mesh0]
Here is my /etc/config/network:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc4:e092:8929::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.0.32'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.0.1'
list dns '8.8.8.8'
option ifname 'bat0 eth0'
config interface 'nwi_mesh0'
option mtu '2304'
option proto 'batadv_hardif'
option master 'bat0'
config interface 'bat0'
option proto 'batadv'
option routing_algo 'BATMAN_V'
option aggregated_ogms '1'
option ap_isolation '0'
option bonding '0'
option fragmentation '1'
option gw_mode 'server'
option log_level '0'
option orig_interval '1000'
option bridge_loop_avoidance '1'
option distributed_arp_table '1'
option multicast_mode '1'
option network_coding '0'
option hop_penalty '30'
option isolation_mark '0x00000000/0x00000000'
And here is my /etc/config/wireless
root@OpenWrt:/etc/config# cat wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc0/soc/1ffc000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
config wifi-iface 'mesh0'
option device 'radio0'
option ifname 'mesh0'
option network 'nwi_mesh0'
option mode 'mesh'
option mesh_fwding '0'
option mesh_id 'batman_mesh'
option encryption 'none'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'N2-Lander'
option encryption 'psk2'
option key 'finnjamin'
option ifname 'wlan0'
option network 'lan'
Any and all help is greatly appreciated
2 years, 6 months
Delay starting TCP connections across the mesh
by John Sager
I'm experimenting with a mesh network in the house. It has 4 nodes running
batman_adv (BATMAN_IV) on stock OpenWrt 19.07.3 (i.e batman-adv-2019.2) on
TP-Link WR902AC devices. The nodes mesh on 'mesh point' links on 2.4GHz and
one node connects to the home wired network.
In the scenario, I have a laptop connected to the AP on one of the mesh
nodes (not the gateway). I make a ssh connection from this to a host on the
wired network. There is a consistent delay of about 8 seconds before the
'password' prompt comes back from the remote host.
I rebuilt OpenWrt 19.07.3 for that device, and ticked all the debug options
for batman-adv. Running tcpdump on both soft and hard interfaces, and
trace-cmd to capture the debug info, I find the following:
The DNS request and response for the remote host name, and the consequent
ARP request and response go through within milliseconds. However the TCP SYN
is received by the bat0 interface but is not forwarded on the mesh0
interface. SYN re-sends after 1 sec, then 2 sec are not forwarded either.
Only the 3rd re-send (after another 4 sec) gets forwarded and then the ssh
session proceeds normally.
Looking at the code, and after adding extra batadv_dbg() calls, I discover
that the 'orig_node' returned by 'batadv_transtable_search()' on the dest
address is NULL so the SYN gets thrown away by 'batadv_send_skb_unicast()'.
It is only after receiving an OGM message with a TT update for the remote
host MAC from the gateway node that the local translation table gets
populated with the remote host's MAC. I should say that I've set the
'orig_interval' to 3000 to reduce batman traffic, so that probably has an
effect on the delay.
I do wonder why the ARP response is not used to populate the translation
table immediately, as an ARP response is always going to be followed
immediately by returning IP packets. The ARPs are snooped for the
distributed ARP table anyway so why not use that information for the
translation table too?
regards,
John Sager
2 years, 6 months
INFO: rcu detected stall in netlink_sendmsg (4)
by syzbot
Hello,
syzbot found the following crash on:
HEAD commit: ae661dec Merge branch 'ifla_xdp_expected_fd'
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=12245647e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=b5acf5ac38a50651
dashboard link: https://syzkaller.appspot.com/bug?extid=0fb70e87d8e0ac278fe9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0fb70e87d8e0ac278fe9(a)syzkaller.appspotmail.com
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 0-....: (1 GPs behind) idle=5c2/1/0x4000000000000002 softirq=376075/376076 fqs=5176
(t=10500 jiffies g=506061 q=176208)
NMI backtrace for cpu 0
CPU: 0 PID: 17281 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x231/0x27e lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
rcu_dump_cpu_stacks+0x169/0x1b3 kernel/rcu/tree_stall.h:254
print_cpu_stall kernel/rcu/tree_stall.h:475 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:549 [inline]
rcu_pending kernel/rcu/tree.c:3030 [inline]
rcu_sched_clock_irq.cold+0x518/0xc55 kernel/rcu/tree.c:2276
update_process_times+0x25/0x60 kernel/time/timer.c:1726
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:171
tick_sched_timer+0x4e/0x140 kernel/time/tick-sched.c:1314
__run_hrtimer kernel/time/hrtimer.c:1517 [inline]
__hrtimer_run_queues+0x32c/0xdd0 kernel/time/hrtimer.c:1579
hrtimer_interrupt+0x312/0x770 kernel/time/hrtimer.c:1641
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1119 [inline]
smp_apic_timer_interrupt+0x15b/0x600 arch/x86/kernel/apic/apic.c:1144
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:759 [inline]
RIP: 0010:lock_release+0x45f/0x7c0 kernel/locking/lockdep.c:4505
Code: 94 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 d0 02 00 00 48 83 3d 6d 1d 1b 08 00 0f 84 71 01 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00
RSP: 0018:ffffc90003d9ec30 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff12e7698 RBX: 1ffff920007b3d89 RCX: 1ffff110098769b9
RDX: dffffc0000000000 RSI: 1ffff110098769c5 RDI: 0000000000000282
RBP: ffff88804c3b4540 R08: 0000000000000004 R09: fffffbfff14cc269
R10: fffffbfff14cc268 R11: ffffffff8a661347 R12: bc95c6993a9665e0
R13: ffffffff87a36fb1 R14: ffff88804c3b4dd0 R15: 0000000000000003
__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:174 [inline]
_raw_spin_unlock_bh+0x12/0x30 kernel/locking/spinlock.c:207
spin_unlock_bh include/linux/spinlock.h:383 [inline]
batadv_tt_local_purge_pending_clients+0x2a1/0x3b0 net/batman-adv/translation-table.c:3914
batadv_tt_local_resize_to_mtu+0x96/0x130 net/batman-adv/translation-table.c:4198
batadv_update_min_mtu net/batman-adv/hard-interface.c:626 [inline]
batadv_hardif_activate_interface.part.0.cold+0xc6/0x294 net/batman-adv/hard-interface.c:653
batadv_hardif_activate_interface net/batman-adv/hard-interface.c:800 [inline]
batadv_hardif_enable_interface+0x9f2/0xaa0 net/batman-adv/hard-interface.c:792
batadv_softif_slave_add+0x92/0x150 net/batman-adv/soft-interface.c:859
do_set_master net/core/rtnetlink.c:2470 [inline]
do_set_master+0x1d7/0x230 net/core/rtnetlink.c:2443
do_setlink+0xaa2/0x3680 net/core/rtnetlink.c:2605
__rtnl_newlink+0xad5/0x1590 net/core/rtnetlink.c:3266
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3391
rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5454
netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2478
netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:672
____sys_sendmsg+0x6b9/0x7d0 net/socket.c:2343
___sys_sendmsg+0x100/0x170 net/socket.c:2397
__sys_sendmsg+0xec/0x1b0 net/socket.c:2430
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f043b72fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f043b7306d4 RCX: 000000000045c849
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009f5 R14: 00000000004ccac9 R15: 000000000076bf0c
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller(a)googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
2 years, 6 months
[PATCH maint] batman-adv: Avoid uninitialized chaddr when handling DHCP
by Sven Eckelmann
The gateway client code can try to optimize the delivery of DHCP packets to
avoid broadcasting them through the whole mesh. But also transmissions to
the client can be optimized by looking up the destination via the chaddr of
the DHCP packet.
But the chaddr is currently only done when chaddr is fully inside the
non-paged area of the skbuff. Otherwise it will not be initialized and the
unoptimized path should have been taken.
But the implementation didn't handle this correctly. It didn't retrieve the
correct chaddr but still tried to perform the TT lookup with this
uninitialized memory.
Reported-by: syzbot+ab16e463b903f5a37036(a)syzkaller.appspotmail.com
Fixes: 2d5b555644b2 ("batman-adv: send every DHCP packet as bat-unicast")
Signed-off-by: Sven Eckelmann <sven(a)narfation.org>
---
net/batman-adv/gateway_client.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index a18dcc68..ef3f85b5 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -703,8 +703,10 @@ batadv_gw_dhcp_recipient_get(struct sk_buff *skb, unsigned int *header_len,
chaddr_offset = *header_len + BATADV_DHCP_CHADDR_OFFSET;
/* store the client address if the message is going to a client */
- if (ret == BATADV_DHCP_TO_CLIENT &&
- pskb_may_pull(skb, chaddr_offset + ETH_ALEN)) {
+ if (ret == BATADV_DHCP_TO_CLIENT) {
+ if (!pskb_may_pull(skb, chaddr_offset + ETH_ALEN))
+ return BATADV_DHCP_NO;
+
/* check if the DHCP packet carries an Ethernet DHCP */
p = skb->data + *header_len + BATADV_DHCP_HTYPE_OFFSET;
if (*p != BATADV_DHCP_HTYPE_ETHERNET)
--
2.20.1
2 years, 6 months
INFO: rcu detected stall in seq_read (2)
by syzbot
Hello,
syzbot found the following issue on:
HEAD commit: 4fa640dc Merge tag 'vfio-v5.8-rc7' of git://github.com/awi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=145cac30900000
kernel config: https://syzkaller.appspot.com/x/.config?x=f87a5e4232fdb267
dashboard link: https://syzkaller.appspot.com/bug?extid=c28b5fee66fd3b7f766e
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17e23ac8900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1198c440900000
The issue was bisected to:
commit 53e233ea2fa9fa7e2405e95070981f327d90e519
Author: Vasundhara Volam <vasundhara-v.volam(a)broadcom.com>
Date: Thu Oct 4 05:43:52 2018 +0000
devlink: Add Documentation/networking/devlink-params-bnxt.txt
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15e22b94900000
final oops: https://syzkaller.appspot.com/x/report.txt?x=17e22b94900000
console output: https://syzkaller.appspot.com/x/log.txt?x=13e22b94900000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c28b5fee66fd3b7f766e(a)syzkaller.appspotmail.com
Fixes: 53e233ea2fa9 ("devlink: Add Documentation/networking/devlink-params-bnxt.txt")
hrtimer: interrupt took 6305559 ns
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 1-...!: (1 GPs behind) idle=91e/1/0x4000000000000000 softirq=10105/10107 fqs=1
(t=18319 jiffies g=8905 q=457)
NMI backtrace for cpu 1
CPU: 1 PID: 4008 Comm: systemd-journal Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18f/0x20d lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1b3/0x223 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
rcu_dump_cpu_stacks+0x194/0x1cf kernel/rcu/tree_stall.h:320
print_cpu_stall kernel/rcu/tree_stall.h:553 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:627 [inline]
rcu_pending kernel/rcu/tree.c:3489 [inline]
rcu_sched_clock_irq.cold+0x5b3/0xccc kernel/rcu/tree.c:2504
update_process_times+0x25/0x60 kernel/time/timer.c:1737
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:176
tick_sched_timer+0x108/0x290 kernel/time/tick-sched.c:1320
__run_hrtimer kernel/time/hrtimer.c:1520 [inline]
__hrtimer_run_queues+0x1d5/0xfc0 kernel/time/hrtimer.c:1584
hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1646
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
__sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:711
</IRQ>
__run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
sysvec_apic_timer_interrupt+0xe0/0x120 arch/x86/kernel/apic/apic.c:1091
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:585
RIP: 0010:format_decode+0x0/0xad0 lib/vsprintf.c:2329
Code: c7 c7 10 05 af 8a be 10 00 00 00 e8 5a c3 46 00 48 c7 c7 20 78 0d 8a e9 6e f2 e2 fd 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 <41> 57 41 56 41 55 41 54 55 48 89 f5 53 48 bb 00 00 00 00 00 fc ff
RSP: 0018:ffffc90001077a10 EFLAGS: 00000293
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff83b0a497
RDX: ffff888093224040 RSI: ffffc90001077a80 RDI: ffffffff884e6293
RBP: ffffffff884e6293 R08: 0000000000000001 R09: ffff8880952a63d1
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880952a63d2
R13: ffffffff884e6293 R14: 0000000000000025 R15: ffffc90001077b30
vsnprintf+0x155/0x14f0 lib/vsprintf.c:2572
seq_vprintf fs/seq_file.c:379 [inline]
seq_printf+0x195/0x240 fs/seq_file.c:394
proc_pid_status+0x1c6d/0x24b0 fs/proc/array.c:424
proc_single_show+0x116/0x1e0 fs/proc/base.c:766
seq_read+0x432/0x1070 fs/seq_file.c:208
vfs_read+0x1df/0x520 fs/read_write.c:479
ksys_read+0x12d/0x250 fs/read_write.c:607
do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f0fc43d9910
Code: Bad RIP value.
RSP: 002b:00007ffdcb193978 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 000055b1476b96f0 RCX: 00007f0fc43d9910
RDX: 0000000000000800 RSI: 000055b1476b8b00 RDI: 0000000000000013
RBP: 00007f0fc4694440 R08: 00007f0fc4697fc8 R09: 0000000000000410
R10: 000055b1476b96f0 R11: 0000000000000246 R12: 0000000000000800
R13: 0000000000000d68 R14: 000055b1476b8b00 R15: 00007f0fc4693900
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller(a)googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
2 years, 6 months
[PATCH] net: batman-adv: types.h: delete duplicated words
by Randy Dunlap
Delete the doubled word "time" in a comment.
Delete the doubled word "address" in a comment.
Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org>
Cc: Marek Lindner <mareklindner(a)neomailbox.ch>
Cc: Simon Wunderlich <sw(a)simonwunderlich.de>
Cc: Antonio Quartulli <a(a)unstable.cc>
Cc: Sven Eckelmann <sven(a)narfation.org>
Cc: b.a.t.m.a.n(a)lists.open-mesh.org
---
net/batman-adv/types.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- linux-next-20200717.orig/net/batman-adv/types.h
+++ linux-next-20200717/net/batman-adv/types.h
@@ -1492,7 +1492,7 @@ struct batadv_tp_vars {
/** @unacked_lock: protect unacked_list */
spinlock_t unacked_lock;
- /** @last_recv_time: time time (jiffies) a msg was received */
+ /** @last_recv_time: time (jiffies) a msg was received */
unsigned long last_recv_time;
/** @refcount: number of context where the object is used */
@@ -1996,7 +1996,7 @@ struct batadv_tt_change_node {
*/
struct batadv_tt_req_node {
/**
- * @addr: mac address address of the originator this request was sent to
+ * @addr: mac address of the originator this request was sent to
*/
u8 addr[ETH_ALEN];
2 years, 6 months
KMSAN: uninit-value in batadv_tt_hash_find
by syzbot
Hello,
syzbot found the following crash on:
HEAD commit: f0d5ec90 kmsan: apply __no_sanitize_memory to dotraplinkag..
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=10c0883b100000
kernel config: https://syzkaller.appspot.com/x/.config?x=86e4f8af239686c6
dashboard link: https://syzkaller.appspot.com/bug?extid=ab16e463b903f5a37036
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
userspace arch: i386
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ab16e463b903f5a37036(a)syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in __read_once_size include/linux/compiler.h:206 [inline]
BUG: KMSAN: uninit-value in batadv_tt_hash_find+0x38a/0x810 net/batman-adv/translation-table.c:144
CPU: 0 PID: 23320 Comm: syz-executor.5 Not tainted 5.7.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x220 lib/dump_stack.c:118
kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121
__msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
__read_once_size include/linux/compiler.h:206 [inline]
batadv_tt_hash_find+0x38a/0x810 net/batman-adv/translation-table.c:144
batadv_tt_global_hash_find net/batman-adv/translation-table.c:203 [inline]
batadv_transtable_search+0x292/0xa00 net/batman-adv/translation-table.c:2618
batadv_send_skb_via_tt_generic+0x181/0x290 net/batman-adv/send.c:423
batadv_send_skb_via_tt net/batman-adv/send.h:82 [inline]
batadv_interface_tx+0x1b3d/0x2450 net/batman-adv/soft-interface.c:378
__netdev_start_xmit include/linux/netdevice.h:4533 [inline]
netdev_start_xmit include/linux/netdevice.h:4547 [inline]
xmit_one net/core/dev.c:3477 [inline]
dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3493
__dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4052
dev_queue_xmit+0x4b/0x60 net/core/dev.c:4085
neigh_hh_output include/net/neighbour.h:499 [inline]
neigh_output include/net/neighbour.h:508 [inline]
ip_finish_output2+0x20fd/0x2610 net/ipv4/ip_output.c:228
ip_do_fragment+0x2c98/0x3570 net/ipv4/ip_output.c:849
ip_fragment+0x242/0x400 net/ipv4/ip_output.c:585
__ip_finish_output+0xd34/0xd80 net/ipv4/ip_output.c:304
ip_finish_output+0x166/0x410 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip_mc_output+0xfbf/0x1090 net/ipv4/ip_output.c:415
dst_output include/net/dst.h:435 [inline]
ip_local_out net/ipv4/ip_output.c:125 [inline]
ip_send_skb+0x179/0x360 net/ipv4/ip_output.c:1560
udp_send_skb+0x1046/0x18b0 net/ipv4/udp.c:891
udp_sendmsg+0x3bb5/0x4100 net/ipv4/udp.c:1178
inet_sendmsg+0x276/0x2e0 net/ipv4/af_inet.c:807
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg net/socket.c:672 [inline]
____sys_sendmsg+0x1056/0x1350 net/socket.c:2362
___sys_sendmsg net/socket.c:2416 [inline]
__sys_sendmmsg+0x863/0xd60 net/socket.c:2499
__compat_sys_sendmmsg net/compat.c:672 [inline]
__do_compat_sys_sendmmsg net/compat.c:679 [inline]
__se_compat_sys_sendmmsg+0xcd/0xf0 net/compat.c:676
__ia32_compat_sys_sendmmsg+0x56/0x70 net/compat.c:676
do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
do_fast_syscall_32+0x3bf/0x6d0 arch/x86/entry/common.c:398
entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f3add9
Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f5d140cc EFLAGS: 00000296 ORIG_RAX: 0000000000000159
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020007f80
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Uninit was stored to memory at:
kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline]
kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310
__msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165
ether_addr_copy include/linux/etherdevice.h:279 [inline]
batadv_tt_hash_find+0x333/0x810 net/batman-adv/translation-table.c:137
batadv_tt_global_hash_find net/batman-adv/translation-table.c:203 [inline]
batadv_transtable_search+0x292/0xa00 net/batman-adv/translation-table.c:2618
batadv_send_skb_via_tt_generic+0x181/0x290 net/batman-adv/send.c:423
batadv_send_skb_via_tt net/batman-adv/send.h:82 [inline]
batadv_interface_tx+0x1b3d/0x2450 net/batman-adv/soft-interface.c:378
__netdev_start_xmit include/linux/netdevice.h:4533 [inline]
netdev_start_xmit include/linux/netdevice.h:4547 [inline]
xmit_one net/core/dev.c:3477 [inline]
dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3493
__dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4052
dev_queue_xmit+0x4b/0x60 net/core/dev.c:4085
neigh_hh_output include/net/neighbour.h:499 [inline]
neigh_output include/net/neighbour.h:508 [inline]
ip_finish_output2+0x20fd/0x2610 net/ipv4/ip_output.c:228
ip_do_fragment+0x2c98/0x3570 net/ipv4/ip_output.c:849
ip_fragment+0x242/0x400 net/ipv4/ip_output.c:585
__ip_finish_output+0xd34/0xd80 net/ipv4/ip_output.c:304
ip_finish_output+0x166/0x410 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip_mc_output+0xfbf/0x1090 net/ipv4/ip_output.c:415
dst_output include/net/dst.h:435 [inline]
ip_local_out net/ipv4/ip_output.c:125 [inline]
ip_send_skb+0x179/0x360 net/ipv4/ip_output.c:1560
udp_send_skb+0x1046/0x18b0 net/ipv4/udp.c:891
udp_sendmsg+0x3bb5/0x4100 net/ipv4/udp.c:1178
inet_sendmsg+0x276/0x2e0 net/ipv4/af_inet.c:807
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg net/socket.c:672 [inline]
____sys_sendmsg+0x1056/0x1350 net/socket.c:2362
___sys_sendmsg net/socket.c:2416 [inline]
__sys_sendmmsg+0x863/0xd60 net/socket.c:2499
__compat_sys_sendmmsg net/compat.c:672 [inline]
__do_compat_sys_sendmmsg net/compat.c:679 [inline]
__se_compat_sys_sendmmsg+0xcd/0xf0 net/compat.c:676
__ia32_compat_sys_sendmmsg+0x56/0x70 net/compat.c:676
do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline]
do_fast_syscall_32+0x3bf/0x6d0 arch/x86/entry/common.c:398
entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139
Local variable ----chaddr@batadv_interface_tx created at:
batadv_interface_tx+0x66/0x2450 net/batman-adv/soft-interface.c:191
batadv_interface_tx+0x66/0x2450 net/batman-adv/soft-interface.c:191
=====================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller(a)googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
2 years, 6 months
