B.A.T.M.A.N

b.a.t.m.a.n@lists.open-mesh.org

15 participants
4308 discussions

can B.A.T.M.A.N. force a path through the network?
by giorgi.flavio.at＠gmail.com 13 Oct '21

13 Oct '21

Hi, I'm currently using B.A.T.M.A.N. to link 4 raspberry pi. I set up the network and it works correctly, the devices see each other and they can communicate. The problem is that I need to force the packets to follow a specified path through the network. For example, I need that a packet from device 1, goes through device 2 then 3, and finally 4. Since the protocol works at layer 2 it is not possible to change the IP routing tables. So my question is, is it possible to do something like this using B.A.T.M.A.N.? Thank you in advance. Best regards. Flavio

2 2

Bonding Alternating
by brian.edmisten＠viasat.com 22 Sep '21

22 Sep '21

Before Adding radios to my setup I connected to computers with three NICs each. I added all three interfaces to the mesh interface bat0 on each. I then run iperf across it and all the traffic seems to go on one interface. I run iperf3 with -p 4 so there are multiple streams. Changing it to bonding does not seem to change the behavior. batctl o - shows all three interfaces batctl n - shows three interfaces -This I thought seemed odd as its one neighbor across three links batctl tg - shows all clients Via one address If anyone can point me at what to look at next or what might be wrong would help. I am using BATMAN_V version 2019.4 in kernel 5.4.68.

3 10

Re: Some bugs in batmand(Github)
by Sven Eckelmann 06 Sep '21

06 Sep '21

On Monday, 6 September 2021 14:59:12 CEST Ryan Cai wrote: > I am Ryan Cai, coming from HK. Recently, I am looking at batmand, which is really cool. However, I found some potential improper locking bugs due to the unreleased locks like here, https://github.com/open-mesh-mirror/batmand/blob/df6fcb8706d325b3fd4c700049…, the lock could not correctly be released when the middle break statement is executed. The bug pattern also exists in [1]. Could you confirme these? I would love to create PR for these. [...] > [1] > https://github.com/open-mesh-mirror/batmand/blob/df6fcb8706d325b3fd4c700049… > https://github.com/open-mesh-mirror/batmand/blob/df6fcb8706d325b3fd4c700049… Please contact the maintainer Elektra and the mailing list about it [1]. Btw. I don't see how the break inside the loop should affect the unlocking. The pthread_mutex_unlock comes after the loop and not as part of the loop. And we are also not doing any work via Github. Please use the normal contribution [2] procedure and don't open PRs on random github repositories. Kind regards, Sven [1] https://www.open-mesh.org/projects/open-mesh/wiki/MailingList [2] https://www.open-mesh.org/projects/open-mesh/wiki/Contribute

1 0

Dynamic DHCP server assignment and spin-up on batman-adv mesh network
by tanner.perkins＠cnftech.com 02 Sep '21

02 Sep '21

If this is not the best place to ask questions regarding mesh networks utilizing the batman-adv kernel module, I apologies and please point me to where I need to be. I'm looking to set up distributed mesh network using the batman-adv Linux kernel module. However, I don't want to have to statically assign IP addresses to all my nodes therefore my first thought was to use DHCP. The problem arises in my scenario that any node could come and go in the mesh network as they move in and out range of the network. Therefore manually allocating a single or even a few DHCP servers isn't realistic as that DHCP server may drop out of the network at anytime. Is there a dynamic way to reassign the DHCP server based on the nodes still within the network when the previous DHCP server drops from the network? Thanks, -tdev

3 3

[syzbot] INFO: task hung in __xfs_buf_submit (2)
by syzbot 25 Aug '21

25 Aug '21

Hello, syzbot found the following issue on: HEAD commit: 6e764bcd1cf7 Merge tag 'for-linus' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10504885300000 kernel config: https://syzkaller.appspot.com/x/.config?x=2fd902af77ff1e56 dashboard link: https://syzkaller.appspot.com/bug?extid=4bb1622c9a583bb6f9f2 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.1 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14427606300000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149b3cce300000 The issue was bisected to: commit 887e975c4172d0d5670c39ead2f18ba1e4ec8133 Author: Mike Christie <mchristi(a)redhat.com> Date: Tue Aug 13 16:39:51 2019 +0000 nbd: add missing config put bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11980ad5300000 final oops: https://syzkaller.appspot.com/x/report.txt?x=13980ad5300000 console output: https://syzkaller.appspot.com/x/log.txt?x=15980ad5300000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+4bb1622c9a583bb6f9f2(a)syzkaller.appspotmail.com Fixes: 887e975c4172 ("nbd: add missing config put") INFO: task syz-executor519:8442 blocked for more than 143 seconds. Not tainted 5.14.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor519 state:D stack:22808 pid: 8442 ppid: 8441 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4681 [inline] __schedule+0xc07/0x11f0 kernel/sched/core.c:5938 schedule+0x14b/0x210 kernel/sched/core.c:6017 schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85 __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x48/0x60 kernel/sched/completion.c:138 xfs_buf_iowait fs/xfs/xfs_buf.c:1571 [inline] __xfs_buf_submit+0x39d/0x6d0 fs/xfs/xfs_buf.c:1636 xfs_buf_submit fs/xfs/xfs_buf.c:58 [inline] xfs_buf_read_uncached+0x1fa/0x390 fs/xfs/xfs_buf.c:884 xfs_readsb+0x1dc/0x670 fs/xfs/xfs_mount.c:178 xfs_fs_fill_super+0x483/0x1780 fs/xfs/xfs_super.c:1428 get_tree_bdev+0x406/0x630 fs/super.c:1293 vfs_get_tree+0x86/0x270 fs/super.c:1498 do_new_mount fs/namespace.c:2923 [inline] path_mount+0x1981/0x2c10 fs/namespace.c:3253 do_mount fs/namespace.c:3266 [inline] __do_sys_mount fs/namespace.c:3474 [inline] __se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3451 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x444239 RSP: 002b:00007ffd4feb56f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000444239 RDX: 0000000020000140 RSI: 0000000020000000 RDI: 00000000200000c0 RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffd4feb5898 R10: 0000000000008002 R11: 0000000000000246 R12: 0000000000403550 R13: 431bde82d7b634db R14: 00000000004b2018 R15: 00000000004004a0 Showing all locks held in the system: 1 lock held by khungtaskd/1644: #0: ffffffff8c717ec0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 arch/x86/pci/mmconfig_64.c:151 2 locks held by in:imklog/8141: #0: ffff888023be8870 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0 fs/file.c:974 #1: ffffffff8c717ec0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:266 1 lock held by syz-executor519/8442: #0: ffff888030e060e0 (&type->s_umount_key#49/1){+.+.}-{3:3}, at: alloc_super+0x1c8/0x860 fs/super.c:229 ============================================= NMI backtrace for cpu 1 CPU: 1 PID: 1644 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1d3/0x29f lib/dump_stack.c:105 nmi_cpu_backtrace+0x16c/0x190 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x191/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xd06/0xd50 kernel/hung_task.c:295 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4862 Comm: systemd-journal Not tainted 5.14.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:check_wait_context kernel/locking/lockdep.c:4688 [inline] RIP: 0010:__lock_acquire+0x5fc/0x6100 kernel/locking/lockdep.c:4965 Code: 00 fc ff df 4c 8b 7c 24 58 4c 8b 64 24 50 48 81 c3 b8 00 00 00 48 89 d8 48 c1 e8 03 8a 04 10 84 c0 0f 85 c1 25 00 00 44 8a 33 <48> 8b 44 24 60 8a 04 10 84 c0 0f 85 d2 25 00 00 41 8b 1c 24 81 e3 RSP: 0018:ffffc9000162f940 EFLAGS: 00000046 RAX: 1ffffffff1f10400 RBX: ffffffff8f882478 RCX: ffffffff816219b8 RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffffff8faf3dd0 RBP: ffffc9000162fcd0 R08: dffffc0000000000 R09: fffffbfff1f5e7bb R10: fffffbfff1f5e7bb R11: 0000000000000000 R12: ffff888015bc5ed0 R13: ffff888015bc5eb8 R14: 00000000000c0000 R15: ffff888015bc54c0 FS: 00007f6e3c3a48c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6e39776000 CR3: 00000000213b3000 CR4: 00000000001506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625 do_write_seqcount_begin_nested include/linux/seqlock.h:520 [inline] do_write_seqcount_begin include/linux/seqlock.h:545 [inline] vtime_user_exit+0xb9/0x3e0 kernel/sched/cputime.c:719 __context_tracking_exit+0x7a/0xd0 kernel/context_tracking.c:160 user_exit_irqoff include/linux/context_tracking.h:47 [inline] __enter_from_user_mode kernel/entry/common.c:22 [inline] syscall_enter_from_user_mode+0x199/0x1b0 kernel/entry/common.c:104 do_syscall_64+0x1e/0xb0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f6e3b65f9c7 Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d c8 d4 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 d4 2b 00 f7 d8 64 89 01 48 RSP: 002b:00007ffebb868098 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 RAX: ffffffffffffffda RBX: 00007ffebb86b0c0 RCX: 00007f6e3b65f9c7 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055c77e4df9a3 RBP: 00007ffebb8681e0 R08: 000055c77e4d53e5 R09: 0000000000000018 R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 000055c77fce98a0 R15: 00007ffebb8686d0 ---------------- Code disassembly (best guess), 3 bytes skipped: 0: df 4c 8b 7c fisttps 0x7c(%rbx,%rcx,4) 4: 24 58 and $0x58,%al 6: 4c 8b 64 24 50 mov 0x50(%rsp),%r12 b: 48 81 c3 b8 00 00 00 add $0xb8,%rbx 12: 48 89 d8 mov %rbx,%rax 15: 48 c1 e8 03 shr $0x3,%rax 19: 8a 04 10 mov (%rax,%rdx,1),%al 1c: 84 c0 test %al,%al 1e: 0f 85 c1 25 00 00 jne 0x25e5 24: 44 8a 33 mov (%rbx),%r14b * 27: 48 8b 44 24 60 mov 0x60(%rsp),%rax <-- trapping instruction 2c: 8a 04 10 mov (%rax,%rdx,1),%al 2f: 84 c0 test %al,%al 31: 0f 85 d2 25 00 00 jne 0x2609 37: 41 8b 1c 24 mov (%r12),%ebx 3b: 81 .byte 0x81 3c: e3 .byte 0xe3 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches

2 1

Python script to setup batman networks
by Pranav Jerry 22 Aug '21

22 Aug '21

Hi! I have made a python script [1] to setup batman-adv networks using systemd-networkd. It requires iwd and systemd-networkd v248 or above. It starts an adhoc network on wlan0 (or any other wireless interface) and adds it to bat0. To allow non-mesh clients to connect to the mesh, if there are two WiFi adapters, the script starts an AP on one of the adapters. The script is supposed to be run as a systemd service, since it can ensure that the dependencies are started before it is run. The network is configured with systemd-networkd runtime configs (since it has not implemented configuration via D-Bus) and the iwd D-Bus API. All suggestions, criticism and contributions are welcome. [1]: https://git.disroot.org/pranav/naxalnet

1 0

[syzbot] KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
by syzbot 21 Aug '21

21 Aug '21

Hello, syzbot found the following issue on: HEAD commit: 614cb2751d31 Merge tag 'trace-v5.14-rc6' of git://git.kern.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=130112c5300000 kernel config: https://syzkaller.appspot.com/x/.config?x=f61012d0b1cd846f dashboard link: https://syzkaller.appspot.com/bug?extid=13146364637c7363a7de compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.1 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=104d7cc5300000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1333ce0e300000 The issue was bisected to: commit a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c Author: Arnd Bergmann <arnd(a)arndb.de> Date: Mon Mar 4 20:38:03 2019 +0000 net: ignore sysctl_devconf_inherit_init_net without SYSCTL bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13f970b6300000 final oops: https://syzkaller.appspot.com/x/report.txt?x=100570b6300000 console output: https://syzkaller.appspot.com/x/log.txt?x=17f970b6300000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+13146364637c7363a7de(a)syzkaller.appspotmail.com Fixes: a154d5d83d21 ("net: ignore sysctl_devconf_inherit_init_net without SYSCTL") ================================================================== BUG: KASAN: slab-out-of-bounds in ext4_write_inline_data fs/ext4/inline.c:245 [inline] BUG: KASAN: slab-out-of-bounds in ext4_write_inline_data_end+0x4d4/0x960 fs/ext4/inline.c:754 Write of size 70 at addr ffff8880195444ef by task syz-executor279/8426 CPU: 0 PID: 8426 Comm: syz-executor279 Not tainted 5.14.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:105 print_address_description+0x66/0x3b0 mm/kasan/report.c:233 __kasan_report mm/kasan/report.c:419 [inline] kasan_report+0x163/0x210 mm/kasan/report.c:436 check_region_inline mm/kasan/generic.c:135 [inline] kasan_check_range+0x2b5/0x2f0 mm/kasan/generic.c:189 memcpy+0x3c/0x60 mm/kasan/shadow.c:66 ext4_write_inline_data fs/ext4/inline.c:245 [inline] ext4_write_inline_data_end+0x4d4/0x960 fs/ext4/inline.c:754 ext4_write_end+0x1ff/0xbd0 fs/ext4/inode.c:1290 generic_perform_write+0x361/0x580 mm/filemap.c:3667 ext4_buffered_write_iter+0x41c/0x590 fs/ext4/file.c:269 ext4_file_write_iter+0x8f7/0x1b90 fs/ext4/file.c:519 call_write_iter include/linux/fs.h:2114 [inline] new_sync_write fs/read_write.c:518 [inline] vfs_write+0xa39/0xc90 fs/read_write.c:605 ksys_write+0x171/0x2a0 fs/read_write.c:658 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x44ac89 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff12e8852f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00000000004ce4d0 RCX: 000000000044ac89 RDX: 0000000000000082 RSI: 0000000020000180 RDI: 0000000000000006 RBP: 000000000049de98 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e R13: 024645fc87234f45 R14: 26e1d8b70aefbc5b R15: 00000000004ce4d8 Allocated by task 1: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] __kasan_slab_alloc+0x96/0xd0 mm/kasan/common.c:467 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:2959 [inline] slab_alloc mm/slub.c:2967 [inline] kmem_cache_alloc+0x1d1/0x340 mm/slub.c:2972 kmem_cache_zalloc include/linux/slab.h:711 [inline] acpi_os_acquire_object include/acpi/platform/aclinuxex.h:67 [inline] acpi_ut_allocate_object_desc_dbg+0xd8/0x165 drivers/acpi/acpica/utobject.c:359 acpi_ut_create_internal_object_dbg+0x21/0x195 drivers/acpi/acpica/utobject.c:69 acpi_ds_build_internal_object+0x15f/0x732 drivers/acpi/acpica/dsobject.c:94 acpi_ds_create_node+0xe9/0x1a8 drivers/acpi/acpica/dsobject.c:281 acpi_ds_load2_end_op+0x7d0/0xebc drivers/acpi/acpica/dswload2.c:618 acpi_ds_exec_end_op+0x6ce/0x11d4 drivers/acpi/acpica/dswexec.c:637 acpi_ps_parse_loop+0xd9f/0x1cf0 drivers/acpi/acpica/psloop.c:525 acpi_ps_parse_aml+0x1d5/0x955 drivers/acpi/acpica/psparse.c:475 acpi_ps_execute_table+0x317/0x3ef drivers/acpi/acpica/psxface.c:295 acpi_ns_execute_table+0x436/0x5bf drivers/acpi/acpica/nsparse.c:116 acpi_ns_load_table+0x5e/0x120 drivers/acpi/acpica/nsload.c:71 acpi_tb_load_namespace+0x456/0x6b9 drivers/acpi/acpica/tbxfload.c:186 acpi_load_tables+0x45/0xf5 drivers/acpi/acpica/tbxfload.c:59 acpi_bus_init+0x9a/0x993 drivers/acpi/bus.c:1213 acpi_init+0x8c/0x22c drivers/acpi/bus.c:1324 do_one_initcall+0x197/0x3f0 init/main.c:1287 do_initcall_level+0x14a/0x1f5 init/main.c:1360 do_initcalls+0x4b/0x8c init/main.c:1376 kernel_init_freeable+0x3f1/0x57e init/main.c:1598 kernel_init+0x19/0x2a0 init/main.c:1490 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 The buggy address belongs to the object at ffff8880195444e0 which belongs to the cache Acpi-Operand of size 72 The buggy address is located 15 bytes inside of 72-byte region [ffff8880195444e0, ffff888019544528) The buggy address belongs to the page: page:ffffea0000655100 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888019544068 pfn:0x19544 flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000200 ffffea0000654f88 ffffea0000654e08 ffff8880110c2b40 raw: ffff888019544068 000000000027001d 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 3012488798, free_ts 0 prep_new_page mm/page_alloc.c:2436 [inline] get_page_from_freelist+0x779/0xa30 mm/page_alloc.c:4169 __alloc_pages+0x26c/0x5f0 mm/page_alloc.c:5391 alloc_page_interleave+0x22/0x1c0 mm/mempolicy.c:2119 alloc_slab_page mm/slub.c:1691 [inline] allocate_slab+0xf1/0x540 mm/slub.c:1831 new_slab mm/slub.c:1894 [inline] new_slab_objects mm/slub.c:2640 [inline] ___slab_alloc+0x1cf/0x350 mm/slub.c:2803 __slab_alloc mm/slub.c:2843 [inline] slab_alloc_node mm/slub.c:2925 [inline] slab_alloc mm/slub.c:2967 [inline] kmem_cache_alloc+0x299/0x340 mm/slub.c:2972 kmem_cache_zalloc include/linux/slab.h:711 [inline] acpi_os_acquire_object include/acpi/platform/aclinuxex.h:67 [inline] acpi_ut_allocate_object_desc_dbg+0xd8/0x165 drivers/acpi/acpica/utobject.c:359 acpi_ut_create_internal_object_dbg+0x21/0x195 drivers/acpi/acpica/utobject.c:69 acpi_ds_build_internal_object+0x15f/0x732 drivers/acpi/acpica/dsobject.c:94 acpi_ds_create_node+0xe9/0x1a8 drivers/acpi/acpica/dsobject.c:281 acpi_ds_load2_end_op+0x7d0/0xebc drivers/acpi/acpica/dswload2.c:618 acpi_ds_exec_end_op+0x6ce/0x11d4 drivers/acpi/acpica/dswexec.c:637 acpi_ps_parse_loop+0xd9f/0x1cf0 drivers/acpi/acpica/psloop.c:525 acpi_ps_parse_aml+0x1d5/0x955 drivers/acpi/acpica/psparse.c:475 acpi_ps_execute_table+0x317/0x3ef drivers/acpi/acpica/psxface.c:295 acpi_ns_execute_table+0x436/0x5bf drivers/acpi/acpica/nsparse.c:116 page_owner free stack trace missing Memory state around the buggy address: ffff888019544400: fc fc 00 00 00 00 00 00 00 00 00 fc fc fc fc 00 ffff888019544480: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 >ffff888019544500: 00 00 00 00 00 fc fc fc fc fb fb fb fb fb fb fb ^ ffff888019544580: fb fb fc fc fc fc 00 00 00 00 00 00 00 00 00 fc ffff888019544600: fc fc fc 00 00 00 00 00 00 00 00 00 fc fc fc fc ================================================================== ---------------- Code disassembly (best guess), 1 bytes skipped: 0: ff c3 inc %ebx 2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) 9: 00 00 00 c: 0f 1f 40 00 nopl 0x0(%rax) 10: 48 89 f8 mov %rdi,%rax 13: 48 89 f7 mov %rsi,%rdi 16: 48 89 d6 mov %rdx,%rsi 19: 48 89 ca mov %rcx,%rdx 1c: 4d 89 c2 mov %r8,%r10 1f: 4d 89 c8 mov %r9,%r8 22: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9 27: 0f 05 syscall 29: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 2f: 73 01 jae 0x32 31: c3 retq 32: 48 c7 c1 b8 ff ff ff mov $0xffffffffffffffb8,%rcx 39: f7 d8 neg %eax 3b: 64 89 01 mov %eax,%fs:(%rcx) 3e: 48 rex.W --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches

2 1

[PATCH 0/6] (updated) pull request for net-next: batman-adv 2021-08-20
by Simon Wunderlich 20 Aug '21

20 Aug '21

Hi Jakub, here is the updated pull request of batman-adv, with the missing sign-off added which you pointed out yesterday. Please pull or let me know of any problem! Thank you, Simon The following changes since commit b37a466837393af72fe8bcb8f1436410f3f173f3: netdevice: add the case if dev is NULL (2021-08-05 13:29:26 +0100) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-next-pullrequest-20210820 for you to fetch changes up to a006aa51ea27fa64afc7990f8f100ff0baa92413: batman-adv: bcast: remove remaining skb-copy calls (2021-08-20 08:17:10 +0200) ---------------------------------------------------------------- This (updated) cleanup patchset includes the following patches: - bump version strings, by Simon Wunderlich - update docs about move IRC channel away from freenode, by Sven Eckelmann (updated, added missing sign-off) - Switch to kstrtox.h for kstrtou64, by Sven Eckelmann - Update NULL checks, by Sven Eckelmann (2 patches) - remove remaining skb-copy calls for broadcast packets, by Linus Lüssing ---------------------------------------------------------------- Linus Lüssing (1): batman-adv: bcast: remove remaining skb-copy calls Simon Wunderlich (1): batman-adv: Start new development cycle Sven Eckelmann (4): batman-adv: Move IRC channel to hackint.org batman-adv: Switch to kstrtox.h for kstrtou64 batman-adv: Check ptr for NULL before reducing its refcnt batman-adv: Drop NULL check before dropping references Documentation/networking/batman-adv.rst | 2 +- MAINTAINERS | 2 +- net/batman-adv/bat_iv_ogm.c | 75 ++++++++--------------- net/batman-adv/bat_v.c | 30 ++++------ net/batman-adv/bat_v_elp.c | 9 +-- net/batman-adv/bat_v_ogm.c | 39 ++++-------- net/batman-adv/bridge_loop_avoidance.c | 33 +++++------ net/batman-adv/distributed-arp-table.c | 24 ++++---- net/batman-adv/fragmentation.c | 6 +- net/batman-adv/gateway_client.c | 57 +++++------------- net/batman-adv/gateway_client.h | 16 ++++- net/batman-adv/gateway_common.c | 2 +- net/batman-adv/hard-interface.c | 21 +++---- net/batman-adv/hard-interface.h | 3 + net/batman-adv/main.h | 2 +- net/batman-adv/multicast.c | 2 +- net/batman-adv/netlink.c | 6 +- net/batman-adv/network-coding.c | 24 ++++---- net/batman-adv/originator.c | 102 +++++--------------------------- net/batman-adv/originator.h | 96 +++++++++++++++++++++++++++--- net/batman-adv/routing.c | 39 ++++-------- net/batman-adv/send.c | 33 ++++++----- net/batman-adv/soft-interface.c | 27 ++------- net/batman-adv/soft-interface.h | 16 ++++- net/batman-adv/tp_meter.c | 27 ++++----- net/batman-adv/translation-table.c | 100 +++++++++++-------------------- net/batman-adv/translation-table.h | 18 +++++- net/batman-adv/tvlv.c | 9 ++- 28 files changed, 364 insertions(+), 456 deletions(-)

2 7

[PATCH 0/6] pull request for net-next: batman-adv 2021-08-19
by Simon Wunderlich 19 Aug '21

19 Aug '21

Hi Jakub, hi David, here is a little cleanup pull request of batman-adv to go into net-next. Please pull or let me know of any problem! Thank you, Simon The following changes since commit b37a466837393af72fe8bcb8f1436410f3f173f3: netdevice: add the case if dev is NULL (2021-08-05 13:29:26 +0100) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-next-pullrequest-20210819 for you to fetch changes up to 808cfdfad57999c85f9ab13499a38d136d032232: batman-adv: bcast: remove remaining skb-copy calls (2021-08-18 18:39:00 +0200) ---------------------------------------------------------------- This cleanup patchset includes the following patches: - bump version strings, by Simon Wunderlich - update docs about move IRC channel away from freenode, by Sven Eckelmann - Switch to kstrtox.h for kstrtou64, by Sven Eckelmann - Update NULL checks, by Sven Eckelmann (2 patches) - remove remaining skb-copy calls for broadcast packets, by Linus Lüssing ---------------------------------------------------------------- Linus Lüssing (1): batman-adv: bcast: remove remaining skb-copy calls Simon Wunderlich (1): batman-adv: Start new development cycle Sven Eckelmann (4): batman-adv: Move IRC channel to hackint.org batman-adv: Switch to kstrtox.h for kstrtou64 batman-adv: Check ptr for NULL before reducing its refcnt batman-adv: Drop NULL check before dropping references Documentation/networking/batman-adv.rst | 2 +- MAINTAINERS | 2 +- net/batman-adv/bat_iv_ogm.c | 75 ++++++++--------------- net/batman-adv/bat_v.c | 30 ++++------ net/batman-adv/bat_v_elp.c | 9 +-- net/batman-adv/bat_v_ogm.c | 39 ++++-------- net/batman-adv/bridge_loop_avoidance.c | 33 +++++------ net/batman-adv/distributed-arp-table.c | 24 ++++---- net/batman-adv/fragmentation.c | 6 +- net/batman-adv/gateway_client.c | 57 +++++------------- net/batman-adv/gateway_client.h | 16 ++++- net/batman-adv/gateway_common.c | 2 +- net/batman-adv/hard-interface.c | 21 +++---- net/batman-adv/hard-interface.h | 3 + net/batman-adv/main.h | 2 +- net/batman-adv/multicast.c | 2 +- net/batman-adv/netlink.c | 6 +- net/batman-adv/network-coding.c | 24 ++++---- net/batman-adv/originator.c | 102 +++++--------------------------- net/batman-adv/originator.h | 96 +++++++++++++++++++++++++++--- net/batman-adv/routing.c | 39 ++++-------- net/batman-adv/send.c | 33 ++++++----- net/batman-adv/soft-interface.c | 27 ++------- net/batman-adv/soft-interface.h | 16 ++++- net/batman-adv/tp_meter.c | 27 ++++----- net/batman-adv/translation-table.c | 100 +++++++++++-------------------- net/batman-adv/translation-table.h | 18 +++++- net/batman-adv/tvlv.c | 9 ++- 28 files changed, 364 insertions(+), 456 deletions(-)

2 7

[PATCH v4] batman-adv: bcast: remove remaining skb-copy calls
by Sven Eckelmann 18 Aug '21

18 Aug '21

From: Linus Lüssing <linus.luessing(a)c0d3.blue> We currently have two code paths for broadcast packets: A) self-generated, via batadv_interface_tx()-> batadv_send_bcast_packet(). B) received/forwarded, via batadv_recv_bcast_packet()-> batadv_forw_bcast_packet(). For A), self-generated broadcast packets: the only modifications to the skb data is the ethernet header which is added/pushed to the skb in batadv_send_broadcast_skb()->batadv_send_skb_packet(). However before doing so, batadv_skb_head_push() is called which calls skb_cow_head() to unshare the space for the to be pushed ethernet header. So for this case, it is safe to use skb clones. For B), received/forwarded packets: the same applies as in A) for the to be forwarded packets. Only the ethernet header is added. However after (queueing for) forwarding the packet in batadv_recv_bcast_packet()->batadv_forw_bcast_packet(), a packet is additionally decapsulated and is sent up the stack through batadv_recv_bcast_packet()->batadv_interface_rx(). Protocols higher up the stack are already required to check if the packet is shared and create a copy for further modifications. When the next (protocol) layer works correctly, it cannot happen that ot tries to operate on the data behind the skb clone which is still queued up for forwarding. Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> Co-authored-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- v3: * newly added this patch, to move skb_copy()->skb_clone() changes from PATCH 01/03 to a separate patch with its own explanation v4: * dropped skb_cow call in __batadv_forw_bcast_packet and adjusted the text for B) to explain the reasoning behind it net/batman-adv/send.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/net/batman-adv/send.c b/net/batman-adv/send.c index 0b9dd29d..b1cb9eb3 100644 --- a/net/batman-adv/send.c +++ b/net/batman-adv/send.c @@ -748,6 +748,10 @@ void batadv_forw_packet_ogmv1_queue(struct batadv_priv *bat_priv, * Adds a broadcast packet to the queue and sets up timers. Broadcast packets * are sent multiple times to increase probability for being received. * + * This call clones the given skb, hence the caller needs to take into + * account that the data segment of the original skb might not be + * modifiable anymore. + * * Return: NETDEV_TX_OK on success and NETDEV_TX_BUSY on errors. */ static int batadv_forw_bcast_packet_to_list(struct batadv_priv *bat_priv, @@ -761,7 +765,7 @@ static int batadv_forw_bcast_packet_to_list(struct batadv_priv *bat_priv, unsigned long send_time = jiffies; struct sk_buff *newskb; - newskb = skb_copy(skb, GFP_ATOMIC); + newskb = skb_clone(skb, GFP_ATOMIC); if (!newskb) goto err; @@ -800,6 +804,10 @@ static int batadv_forw_bcast_packet_to_list(struct batadv_priv *bat_priv, * or if a delay is given after that. Furthermore, queues additional * retransmissions if this interface is a wireless one. * + * This call clones the given skb, hence the caller needs to take into + * account that the data segment of the original skb might not be + * modifiable anymore. + * * Return: NETDEV_TX_OK on success and NETDEV_TX_BUSY on errors. */ static int batadv_forw_bcast_packet_if(struct batadv_priv *bat_priv, @@ -814,7 +822,7 @@ static int batadv_forw_bcast_packet_if(struct batadv_priv *bat_priv, int ret = NETDEV_TX_OK; if (!delay) { - newskb = skb_copy(skb, GFP_ATOMIC); + newskb = skb_clone(skb, GFP_ATOMIC); if (!newskb) return NETDEV_TX_BUSY; -- 2.30.2

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

B.A.T.M.A.N