B.A.T.M.A.N August 2020

b.a.t.m.a.n@lists.open-mesh.org

17 participants
18 discussions

general protection fault in rt6_fill_node
by syzbot 11 Nov '20

11 Nov '20

Hello, syzbot found the following issue on: HEAD commit: d7223aa5 Merge branch 'l2tp-replace-custom-logging-code-wi.. git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=1399802e900000 kernel config: https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652 dashboard link: https://syzkaller.appspot.com/bug?extid=81af6e9b3c4b8bc874f8 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12949b5a900000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17b60e46900000 The issue was bisected to: commit 867d03bc238f62fcd28f287b9da8af5e483baeab Author: Robert Hancock <hancock(a)sedsystems.ca> Date: Thu Jun 6 22:28:14 2019 +0000 net: axienet: Add DMA registers to ethtool register dump bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1523f266900000 final oops: https://syzkaller.appspot.com/x/report.txt?x=1723f266900000 console output: https://syzkaller.appspot.com/x/log.txt?x=1323f266900000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+81af6e9b3c4b8bc874f8(a)syzkaller.appspotmail.com Fixes: 867d03bc238f ("net: axienet: Add DMA registers to ethtool register dump") IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] CPU: 1 PID: 7050 Comm: syz-executor648 Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:nexthop_is_blackhole include/net/nexthop.h:240 [inline] RIP: 0010:rt6_fill_node+0x1396/0x2940 net/ipv6/route.c:5584 Code: 3c 02 00 0f 85 ef 14 00 00 4d 8b 6d 10 e8 f2 1c 87 fa 49 8d bd 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 10 15 00 00 4d 8b ad 80 00 00 00 e8 34 4b 06 01 RSP: 0018:ffffc900063672b0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff8880a88bd800 RCX: ffffffff86ed2456 RDX: 0000000000000010 RSI: ffffffff86ed248e RDI: 0000000000000080 RBP: ffffc900063673e8 R08: 0000000000000001 R09: ffff8880a88bd847 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880a8ded940 R13: 0000000000000000 R14: ffff8880a899ea00 R15: 0000000000000000 FS: 00000000010e3880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000300 CR3: 00000000a8efa000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: inet6_rt_notify+0x14c/0x2b0 net/ipv6/route.c:6017 fib6_add_rt2node net/ipv6/ip6_fib.c:1246 [inline] fib6_add+0x2840/0x3ed0 net/ipv6/ip6_fib.c:1473 __ip6_ins_rt net/ipv6/route.c:1317 [inline] ip6_route_add+0x8b/0x150 net/ipv6/route.c:3744 inet6_rtm_newroute+0x152/0x160 net/ipv6/route.c:5360 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2353 ___sys_sendmsg+0xf3/0x170 net/socket.c:2407 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x443ef9 Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fff25138308 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443ef9 RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 RBP: 00007fff25138310 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000e25f R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace 46e9e8854602a8a3 ]--- RIP: 0010:nexthop_is_blackhole include/net/nexthop.h:240 [inline] RIP: 0010:rt6_fill_node+0x1396/0x2940 net/ipv6/route.c:5584 Code: 3c 02 00 0f 85 ef 14 00 00 4d 8b 6d 10 e8 f2 1c 87 fa 49 8d bd 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 10 15 00 00 4d 8b ad 80 00 00 00 e8 34 4b 06 01 RSP: 0018:ffffc900063672b0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff8880a88bd800 RCX: ffffffff86ed2456 RDX: 0000000000000010 RSI: ffffffff86ed248e RDI: 0000000000000080 RBP: ffffc900063673e8 R08: 0000000000000001 R09: ffff8880a88bd847 R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880a8ded940 R13: 0000000000000000 R14: ffff8880a899ea00 R15: 0000000000000000 FS: 00000000010e3880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000300 CR3: 00000000a8efa000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches

2 2

general protection fault in nexthop_is_blackhole
by syzbot 11 Nov '20

11 Nov '20

Hello, syzbot found the following issue on: HEAD commit: c3d8f220 Merge tag 'kbuild-fixes-v5.9' of git://git.kernel.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11c48c96900000 kernel config: https://syzkaller.appspot.com/x/.config?x=bb68b9e8a8cc842f dashboard link: https://syzkaller.appspot.com/bug?extid=b2c08a2f5cfef635cc3a compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d75e39900000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12aea519900000 The issue was bisected to: commit de47c5d8e11dda678e4354eeb4235e58e92f7cd2 Author: Hariprasad Kelam <hariprasad.kelam(a)gmail.com> Date: Sat Jun 8 09:00:50 2019 +0000 af_key: make use of BUG_ON macro bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10450972900000 final oops: https://syzkaller.appspot.com/x/report.txt?x=12450972900000 console output: https://syzkaller.appspot.com/x/log.txt?x=14450972900000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b2c08a2f5cfef635cc3a(a)syzkaller.appspotmail.com Fixes: de47c5d8e11d ("af_key: make use of BUG_ON macro") IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] CPU: 0 PID: 7050 Comm: syz-executor320 Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:nexthop_is_blackhole+0x145/0x250 include/net/nexthop.h:240 Code: 4d fa 49 83 c6 10 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 39 f0 8c fa 49 8b 1e 48 83 eb 80 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 1c f0 8c fa 48 8b 1b e8 e4 4e 02 RSP: 0018:ffffc900061172b8 EFLAGS: 00010202 RAX: 0000000000000010 RBX: 0000000000000080 RCX: ffff888091444300 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000001 R08: ffffffff8727dfc7 R09: ffffed1012299e09 R10: ffffed1012299e09 R11: 0000000000000000 R12: dffffc0000000000 R13: ffff8880919da280 R14: ffff8880a9576610 R15: dffffc0000000000 FS: 0000000001a89880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000300 CR3: 00000000a7555000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: rt6_fill_node+0xfe9/0x1f90 net/ipv6/route.c:5584 inet6_rt_notify+0x2ab/0x500 net/ipv6/route.c:6017 fib6_add_rt2node net/ipv6/ip6_fib.c:1246 [inline] fib6_add+0x203b/0x3bd0 net/ipv6/ip6_fib.c:1473 __ip6_ins_rt net/ipv6/route.c:1317 [inline] ip6_route_add+0x84/0x120 net/ipv6/route.c:3744 inet6_rtm_newroute+0x22f/0x2150 net/ipv6/route.c:5360 rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1330 netlink_sendmsg+0xa57/0xd70 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg net/socket.c:671 [inline] ____sys_sendmsg+0x519/0x800 net/socket.c:2353 ___sys_sendmsg net/socket.c:2407 [inline] __sys_sendmsg+0x2b1/0x360 net/socket.c:2440 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x443ef9 Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd64ccd428 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000443ef9 RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 RBP: 00007ffd64ccd430 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000b6f1 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace e62dc7d3de715e59 ]--- RIP: 0010:nexthop_is_blackhole+0x145/0x250 include/net/nexthop.h:240 Code: 4d fa 49 83 c6 10 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 39 f0 8c fa 49 8b 1e 48 83 eb 80 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 1c f0 8c fa 48 8b 1b e8 e4 4e 02 RSP: 0018:ffffc900061172b8 EFLAGS: 00010202 RAX: 0000000000000010 RBX: 0000000000000080 RCX: ffff888091444300 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000001 R08: ffffffff8727dfc7 R09: ffffed1012299e09 R10: ffffed1012299e09 R11: 0000000000000000 R12: dffffc0000000000 R13: ffff8880919da280 R14: ffff8880a9576610 R15: dffffc0000000000 FS: 0000000001a89880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000300 CR3: 00000000a7555000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches

2 2

Is it possible to send all batman-adv traffic through http proxy cache?
by Chuck Ritola 08 Sep '20

08 Sep '20

Is it possible to send all batman-adv ethernet traffic through an HTTP proxy cache such as Squid? This is for building a fairly large mesh network on amateur radio with some links having limited bandwidth. To improve performance a proxy cache would be installed inside each node, which stores to cache any HTTP responses tagged as cacheable and sniffs for HTTP requests through said switch for requests matching any cache entry. It then blocks the request from being forwarded and responds to the request itself with the cached data. I'm having difficulty figuring out how to get batman-adv to pass all of its raw ethernet traffic (presumably with mesh headers removed) through outside software such as Squid before performing its switching. Another consideration was ALFRED but it doesn't appear to be easily integratable with existing software.

3 3

Re: INFO: task hung in tls_sk_proto_close
by syzbot 29 Aug '20

29 Aug '20

syzbot has bisected this issue to: commit 02d21b59d5cc4b4b395bbc2a29319b8a529ebeff Author: Ido Schimmel <idosch(a)mellanox.com> Date: Wed Jan 23 14:32:59 2019 +0000 mlxsw: spectrum_nve: Enable VXLAN on Spectrum-2 bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14e89b05900000 start commit: 5438dd45 net_sched: fix error path in red_init() git tree: net final oops: https://syzkaller.appspot.com/x/report.txt?x=16e89b05900000 console output: https://syzkaller.appspot.com/x/log.txt?x=12e89b05900000 kernel config: https://syzkaller.appspot.com/x/.config?x=a0437fdd630bee11 dashboard link: https://syzkaller.appspot.com/bug?extid=ca1345cca66556f3d79b syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14acdfe5900000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1792598e900000 Reported-by: syzbot+ca1345cca66556f3d79b(a)syzkaller.appspotmail.com Fixes: 02d21b59d5cc ("mlxsw: spectrum_nve: Enable VXLAN on Spectrum-2") For information about bisection process see: https://goo.gl/tpsmEJ#bisection

1 0

[PATCH] batman-adv: bla: fix type misuse for backbone_gw hash indexing
by Linus Lüssing 27 Aug '20

27 Aug '20

From: Linus Lüssing <ll(a)simonwunderlich.de> It seems that due to a copy & paste error the void pointer in batadv_choose_backbone_gw() is cast to the wrong type. Fixing this by using "struct batadv_bla_backbone_gw" instead of "struct batadv_bla_claim" which better matches the caller's side. For now it seems that we were lucky because the two structs both have their orig/vid and addr/vid in the beginning. However I stumbled over this issue when I was trying to add some debug variables in front of "orig" in batadv_backbone_gw, which caused hash lookups to fail. Fixes: 7e15c9305ce0 ("batman-adv: don't rely on positions in struct for hashing") Signed-off-by: Linus Lüssing <ll(a)simonwunderlich.de> --- net/batman-adv/bridge_loop_avoidance.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c index b643dadc..4ba984bf 100644 --- a/net/batman-adv/bridge_loop_avoidance.c +++ b/net/batman-adv/bridge_loop_avoidance.c @@ -88,11 +88,12 @@ static inline u32 batadv_choose_claim(const void *data, u32 size) */ static inline u32 batadv_choose_backbone_gw(const void *data, u32 size) { - const struct batadv_bla_claim *claim = (struct batadv_bla_claim *)data; + const struct batadv_bla_backbone_gw *gw; u32 hash = 0; - hash = jhash(&claim->addr, sizeof(claim->addr), hash); - hash = jhash(&claim->vid, sizeof(claim->vid), hash); + gw = (struct batadv_bla_backbone_gw *)data; + hash = jhash(&gw->orig, sizeof(gw->orig), hash); + hash = jhash(&gw->vid, sizeof(gw->vid), hash); return hash % size; } -- 2.28.0.rc1

1 0

[PATCH 0/5] pull request for net-next: batman-adv 2020-08-24
by Simon Wunderlich 25 Aug '20

25 Aug '20

Hi David, here is a small cleanup pull request of batman-adv to go into net-next. Please pull or let me know of any problem! Thank you, Simon The following changes since commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5: Linux 5.9-rc1 (2020-08-16 13:04:57 -0700) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-next-for-davem-20200824 for you to fetch changes up to 0093870aa891594d170e1dc9aa192a30d530d755: batman-adv: Migrate to linux/prandom.h (2020-08-18 19:39:54 +0200) ---------------------------------------------------------------- This cleanup patchset includes the following patches: - bump version strings, by Simon Wunderlich - Drop unused function batadv_hardif_remove_interfaces(), by Sven Eckelmann - delete duplicated words, by Randy Dunlap - Drop (even more) repeated words in comments, by Sven Eckelmann - Migrate to linux/prandom.h, by Sven Eckelmann ---------------------------------------------------------------- Randy Dunlap (1): batman-adv: types.h: delete duplicated words Simon Wunderlich (1): batman-adv: Start new development cycle Sven Eckelmann (3): batman-adv: Drop unused function batadv_hardif_remove_interfaces() batman-adv: Drop repeated words in comments batman-adv: Migrate to linux/prandom.h net/batman-adv/bat_iv_ogm.c | 1 + net/batman-adv/bat_v_elp.c | 1 + net/batman-adv/bat_v_ogm.c | 1 + net/batman-adv/bridge_loop_avoidance.c | 2 +- net/batman-adv/fragmentation.c | 2 +- net/batman-adv/hard-interface.c | 19 +------------------ net/batman-adv/hard-interface.h | 1 - net/batman-adv/main.c | 1 - net/batman-adv/main.h | 2 +- net/batman-adv/multicast.c | 2 +- net/batman-adv/network-coding.c | 4 ++-- net/batman-adv/send.c | 2 +- net/batman-adv/soft-interface.c | 4 ++-- net/batman-adv/types.h | 4 ++-- 14 files changed, 15 insertions(+), 31 deletions(-)

2 6

[PATCH 0/3] pull request for net: batman-adv 2020-08-24
by Simon Wunderlich 25 Aug '20

25 Aug '20

Hi David, here are some bugfixes which we would like to have integrated into net. Please pull or let me know of any problem! Thank you, Simon The following changes since commit 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5: Linux 5.9-rc1 (2020-08-16 13:04:57 -0700) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-net-for-davem-20200824 for you to fetch changes up to 279e89b2281af3b1a9f04906e157992c19c9f163: batman-adv: bla: use netif_rx_ni when not in interrupt context (2020-08-18 19:40:03 +0200) ---------------------------------------------------------------- Here are some batman-adv bugfixes: - Avoid uninitialized memory access when handling DHCP, by Sven Eckelmann - Fix check for own OGM in OGM receive handler, by Linus Luessing - Fix netif_rx access for non-interrupt context in BLA, by Jussi Kivilinna ---------------------------------------------------------------- Jussi Kivilinna (1): batman-adv: bla: use netif_rx_ni when not in interrupt context Linus Lüssing (1): batman-adv: Fix own OGM check in aggregated OGMs Sven Eckelmann (1): batman-adv: Avoid uninitialized chaddr when handling DHCP net/batman-adv/bat_v_ogm.c | 11 ++++++----- net/batman-adv/bridge_loop_avoidance.c | 5 ++++- net/batman-adv/gateway_client.c | 6 ++++-- 3 files changed, 14 insertions(+), 8 deletions(-)

2 4

[PATCH 0/8] net: batman-adv: delete duplicated words + other fixes
by Randy Dunlap 24 Aug '20

24 Aug '20

Drop repeated words in net/batman-adv/. Cc: Marek Lindner <mareklindner(a)neomailbox.ch> Cc: Simon Wunderlich <sw(a)simonwunderlich.de> Cc: Antonio Quartulli <a(a)unstable.cc> Cc: Sven Eckelmann <sven(a)narfation.org> Cc: b.a.t.m.a.n(a)lists.open-mesh.org Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Jakub Kicinski <kuba(a)kernel.org> net/batman-adv/bridge_loop_avoidance.c | 2 +- net/batman-adv/fragmentation.c | 2 +- net/batman-adv/hard-interface.c | 2 +- net/batman-adv/multicast.c | 2 +- net/batman-adv/network-coding.c | 2 +- net/batman-adv/send.c | 2 +- net/batman-adv/soft-interface.c | 4 ++-- net/batman-adv/types.h | 4 ++-- 8 files changed, 10 insertions(+), 10 deletions(-)

3 12

[PATCH] batman-adv: bla: use netif_rx_ni when not in interrupt context
by Jussi Kivilinna 19 Aug '20

19 Aug '20

batadv_bla_send_claim() gets called from worker thread context through batadv_bla_periodic_work(), thus netif_rx_ni needs to be used in that case. This fixes "NOHZ: local_softirq_pending 08" log messages seen when batman-adv is enabled. Signed-off-by: Jussi Kivilinna <jussi.kivilinna(a)haltian.com> --- net/batman-adv/bridge_loop_avoidance.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c index 5c41cc52bc53..ab6cec3c7586 100644 --- a/net/batman-adv/bridge_loop_avoidance.c +++ b/net/batman-adv/bridge_loop_avoidance.c @@ -437,7 +437,10 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, u8 *mac, batadv_add_counter(bat_priv, BATADV_CNT_RX_BYTES, skb->len + ETH_HLEN); - netif_rx(skb); + if (in_interrupt()) + netif_rx(skb); + else + netif_rx_ni(skb); out: if (primary_if) batadv_hardif_put(primary_if); -- 2.25.1

3 3

inconsistent lock state in sco_sock_timeout
by syzbot 17 Aug '20

17 Aug '20

Hello, syzbot found the following issue on: HEAD commit: 2cc3c4b3 Merge tag 'io_uring-5.9-2020-08-15' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10cf6aa6900000 kernel config: https://syzkaller.appspot.com/x/.config?x=19f02fc5c511a391 dashboard link: https://syzkaller.appspot.com/bug?extid=2f6d7c28bb4bf7e82060 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13071491900000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ec5be2900000 The issue was bisected to: commit 331c56ac73846fa267c04ee6aa9a00bb5fed9440 Author: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Mon Aug 12 21:51:27 2019 +0000 net: phy: add phy_speed_down_core and phy_resolve_min_speed bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1623bea6900000 final oops: https://syzkaller.appspot.com/x/report.txt?x=1523bea6900000 console output: https://syzkaller.appspot.com/x/log.txt?x=1123bea6900000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2f6d7c28bb4bf7e82060(a)syzkaller.appspotmail.com Fixes: 331c56ac7384 ("net: phy: add phy_speed_down_core and phy_resolve_min_speed") ================================ WARNING: inconsistent lock state 5.8.0-syzkaller #0 Not tainted -------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes: ffff888088b810a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline] ffff888088b810a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: sco_sock_timeout+0x2b/0x280 net/bluetooth/sco.c:83 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x160/0x730 kernel/locking/lockdep.c:5005 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] sco_conn_del+0x100/0x710 net/bluetooth/sco.c:176 hci_disconn_cfm include/net/bluetooth/hci_core.h:1438 [inline] hci_conn_hash_flush+0x127/0x200 net/bluetooth/hci_conn.c:1557 hci_dev_do_close+0xb7b/0x1040 net/bluetooth/hci_core.c:1770 hci_unregister_dev+0x185/0x1590 net/bluetooth/hci_core.c:3790 vhci_release+0x73/0xc0 drivers/bluetooth/hci_vhci.c:340 __fput+0x34f/0x7b0 fs/file_table.c:281 task_work_run+0x137/0x1c0 kernel/task_work.c:141 exit_task_work include/linux/task_work.h:25 [inline] do_exit+0x5f3/0x1f20 kernel/exit.c:806 do_group_exit+0x161/0x2d0 kernel/exit.c:903 get_signal+0x13bb/0x1d50 kernel/signal.c:2757 arch_do_signal+0x33/0x610 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:135 [inline] exit_to_user_mode_prepare+0x8d/0x1b0 kernel/entry/common.c:166 syscall_exit_to_user_mode+0x5e/0x1a0 kernel/entry/common.c:241 entry_SYSCALL_64_after_hwframe+0x44/0xa9 irq event stamp: 1760434 hardirqs last enabled at (1760434): [<ffffffff882bbc5f>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1760434): [<ffffffff882bbc5f>] _raw_spin_unlock_irq+0x1f/0x80 kernel/locking/spinlock.c:199 hardirqs last disabled at (1760433): [<ffffffff882bbab1>] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline] hardirqs last disabled at (1760433): [<ffffffff882bbab1>] _raw_spin_lock_irq+0x41/0x80 kernel/locking/spinlock.c:167 softirqs last enabled at (1760422): [<ffffffff88292264>] sysvec_apic_timer_interrupt+0x14/0xf0 arch/x86/kernel/apic/apic.c:1091 softirqs last disabled at (1760423): [<ffffffff88400f2f>] asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(slock-AF_BLUETOOTH-BTPROTO_SCO); <Interrupt> lock(slock-AF_BLUETOOTH-BTPROTO_SCO); *** DEADLOCK *** 1 lock held by swapper/1/0: #0: ffffc90000da8dc0 ((&sk->sk_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:45 [inline] #0: ffffc90000da8dc0 ((&sk->sk_timer)){+.-.}-{0:0}, at: call_timer_fn+0x57/0x160 kernel/time/timer.c:1403 stack backtrace: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1f0/0x31e lib/dump_stack.c:118 print_usage_bug+0x1117/0x11d0 kernel/locking/lockdep.c:3350 mark_lock_irq arch/x86/include/asm/paravirt.h:661 [inline] mark_lock+0x10e2/0x1b00 kernel/locking/lockdep.c:4006 mark_usage kernel/locking/lockdep.c:3905 [inline] __lock_acquire+0xa99/0x2ab0 kernel/locking/lockdep.c:4380 lock_acquire+0x160/0x730 kernel/locking/lockdep.c:5005 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] sco_sock_timeout+0x2b/0x280 net/bluetooth/sco.c:83 call_timer_fn+0x91/0x160 kernel/time/timer.c:1413 expire_timers kernel/time/timer.c:1458 [inline] __run_timers+0x65e/0x830 kernel/time/timer.c:1755 run_timer_softirq+0x46/0x80 kernel/time/timer.c:1768 __do_softirq+0x236/0x66c kernel/softirq.c:298 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 </IRQ> __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x91/0xe0 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu+0x1e1/0x1f0 kernel/softirq.c:423 irq_exit_rcu+0x5/0x10 kernel/softirq.c:435 sysvec_apic_timer_interrupt+0xd5/0xf0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 RIP: 0010:tick_nohz_idle_exit+0x2f2/0x3a0 kernel/time/tick-sched.c:1213 Code: 30 00 74 0c 48 c7 c7 08 15 4d 89 e8 f8 0b 4c 00 48 83 3d 48 52 e4 07 00 0f 84 a6 00 00 00 e8 95 37 0c 00 fb 66 0f 1f 44 00 00 <48> 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 7a 37 0c 00 0f 0b RSP: 0018:ffffc90000d3fe68 EFLAGS: 00000293 RAX: ffffffff8168c2cb RBX: ffff8880ae927f80 RCX: ffff8880a9a3e340 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8168c29a RBP: 000000b26607d004 R08: ffffffff817abce0 R09: ffffed1015d26c6c R10: ffffed1015d26c6c R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880ae927f54 R14: dffffc0000000000 R15: 1ffff11015d24fea do_idle+0x5fe/0x650 kernel/sched/idle.c:289 cpu_startup_entry+0x15/0x20 kernel/sched/idle.c:372 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

B.A.T.M.A.N August 2020