On 6/25/17 3:56 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer
> ---
Acked-by: David Ahern
On 6/25/17 3:56 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer <mschif...@universe-factory.net>
> ---
Acked-by: David Ahern <dsah...@gmail.com>
On 6/25/17 3:56 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer <mschif...@universe-factory.net>
> ---
Acked-by: David Ahern <dsah...@gmail.com>
On 6/25/17 3:56 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer
> ---
Acked-by: David Ahern
On 6/25/17 3:56 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer
> ---
Acked-by: David Ahern
On 6/25/17 3:56 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer <mschif...@universe-factory.net>
Acked-by: David Ahern <dsah...@gmail.com>
On 6/25/17 3:56 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer
Acked-by: David Ahern
On 6/25/17 3:55 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer <mschif...@universe-factory.net>
> ---
Acked-by: David Ahern <dsah...@gmail.com>
On 6/25/17 3:55 PM, Matthias Schiffer wrote:
> Add support for extended error reporting.
>
> Signed-off-by: Matthias Schiffer
> ---
Acked-by: David Ahern
On 6/24/17 5:35 AM, Matthias Schiffer wrote:
> The following functions are extended with a netlink_ext_ack argument to
> allow extended error reporting:
>
> * validate
> * newlink
> * changelink
> * slave_validate
> * slave_changelink
I would prefer separate patches for validate, slave_validate,
On 6/24/17 5:35 AM, Matthias Schiffer wrote:
> The following functions are extended with a netlink_ext_ack argument to
> allow extended error reporting:
>
> * validate
> * newlink
> * changelink
> * slave_validate
> * slave_changelink
I would prefer separate patches for validate, slave_validate,
On 5/31/17 4:49 PM, Cong Wang wrote:
==
BUG: KASAN: use-after-free in ip6_dst_ifdown+0x3cc/0x400
net/ipv6/route.c:422
Read of size 8 at addr 88006afa4ad8 by task syz-executor6/23554
>>>
>>>
>>> This one is
On 5/31/17 4:49 PM, Cong Wang wrote:
==
BUG: KASAN: use-after-free in ip6_dst_ifdown+0x3cc/0x400
net/ipv6/route.c:422
Read of size 8 at addr 88006afa4ad8 by task syz-executor6/23554
>>>
>>>
>>> This one is
On 5/17/17 1:18 AM, Alexander Alemayhu wrote:
> I have looked into this but found it to be not easy and all attempts to
> change the Makefile has resulted in obscure errors :/
>
> Getting clang to output in a different directory was easy[0], but I guess
> this is not the right approach either.
On 5/17/17 1:18 AM, Alexander Alemayhu wrote:
> I have looked into this but found it to be not easy and all attempts to
> change the Makefile has resulted in obscure errors :/
>
> Getting clang to output in a different directory was easy[0], but I guess
> this is not the right approach either.
On 5/13/17 3:30 AM, Mickaël Salaün wrote:
>
> On 13/02/2017 02:43, David Ahern wrote:
>> On 2/12/17 2:23 PM, Mickaël Salaün wrote:
>>> diff --git a/samples/bpf/.gitignore b/samples/bpf/.gitignore
>>> new file mode 100644
>>> index ..a7562a5ef4c2
On 5/13/17 3:30 AM, Mickaël Salaün wrote:
>
> On 13/02/2017 02:43, David Ahern wrote:
>> On 2/12/17 2:23 PM, Mickaël Salaün wrote:
>>> diff --git a/samples/bpf/.gitignore b/samples/bpf/.gitignore
>>> new file mode 100644
>>> index ..a7562a5ef4c2
On 5/12/17 8:24 AM, David Miller wrote:
> From: Jan Moskyto Matejka
> Date: Fri, 12 May 2017 13:15:10 +0200
>
>> -int rt6_dump_route(struct rt6_info *rt, void *p_arg);
>> +int rt6_dump_route(struct rt6_info *rt, void *p_arg, int truncate);
>
> Please use "bool" and "true"/"false"
On 5/12/17 8:24 AM, David Miller wrote:
> From: Jan Moskyto Matejka
> Date: Fri, 12 May 2017 13:15:10 +0200
>
>> -int rt6_dump_route(struct rt6_info *rt, void *p_arg);
>> +int rt6_dump_route(struct rt6_info *rt, void *p_arg, int truncate);
>
> Please use "bool" and "true"/"false" for boolean
On 5/3/17 9:55 PM, Cong Wang wrote:
> Why not add a printk and play with my patch to see the difference?
I have other things to do. If you believe your patch fixes the problem,
send it and let Andrey verify.
On 5/3/17 9:55 PM, Cong Wang wrote:
> Why not add a printk and play with my patch to see the difference?
I have other things to do. If you believe your patch fixes the problem,
send it and let Andrey verify.
On 5/3/17 5:35 PM, Cong Wang wrote:
> Ah, we need:
>
> @@ -4024,7 +4027,7 @@ static struct pernet_operations ip6_route_net_late_ops
> = {
>
> static struct notifier_block ip6_route_dev_notifier = {
> .notifier_call = ip6_route_dev_notify,
> - .priority = 0,
> + .priority =
On 5/3/17 5:35 PM, Cong Wang wrote:
> Ah, we need:
>
> @@ -4024,7 +4027,7 @@ static struct pernet_operations ip6_route_net_late_ops
> = {
>
> static struct notifier_block ip6_route_dev_notifier = {
> .notifier_call = ip6_route_dev_notify,
> - .priority = 0,
> + .priority =
On 5/3/17 4:02 PM, Cong Wang wrote:
> On Wed, May 3, 2017 at 11:22 AM, David Ahern <dsah...@gmail.com> wrote:
>> On 5/3/17 11:02 AM, Cong Wang wrote:
>>> A quick glance shows we need to simply check local->rt6i_idev
>>> since we do the same check for sprt right
On 5/3/17 4:02 PM, Cong Wang wrote:
> On Wed, May 3, 2017 at 11:22 AM, David Ahern wrote:
>> On 5/3/17 11:02 AM, Cong Wang wrote:
>>> A quick glance shows we need to simply check local->rt6i_idev
>>> since we do the same check for sprt right above.
>>
>
On 5/3/17 11:02 AM, Cong Wang wrote:
> A quick glance shows we need to simply check local->rt6i_idev
> since we do the same check for sprt right above.
As I recall, rt6i_idev is set for all routes except null_entry and it is
not set on null_entry only because of initialization order.
>
> diff
On 5/3/17 11:02 AM, Cong Wang wrote:
> A quick glance shows we need to simply check local->rt6i_idev
> since we do the same check for sprt right above.
As I recall, rt6i_idev is set for all routes except null_entry and it is
not set on null_entry only because of initialization order.
>
> diff
On 5/2/17 10:58 AM, Andrey Konovalov wrote:
> Do you have a patch that I could test?
not yet.
>
> I also reported another issue recently, that might also be related to this
> one:
> https://groups.google.com/forum/#!topic/syzkaller/Rt0pgY4wfiw
different problem. I can still trigger this one
On 5/2/17 10:58 AM, Andrey Konovalov wrote:
> Do you have a patch that I could test?
not yet.
>
> I also reported another issue recently, that might also be related to this
> one:
> https://groups.google.com/forum/#!topic/syzkaller/Rt0pgY4wfiw
different problem. I can still trigger this one
On 4/26/17 9:15 AM, Andrey Konovalov wrote:
> +David
>
> I've enabled CONFIG_DEBUG_OBJECTS_RCU_HEAD and this is what I get.
>
> Apparently the rcu warning is related to the fib6_del_route bug I've
> been trying to reproduce:
>
On 4/26/17 9:15 AM, Andrey Konovalov wrote:
> +David
>
> I've enabled CONFIG_DEBUG_OBJECTS_RCU_HEAD and this is what I get.
>
> Apparently the rcu warning is related to the fib6_del_route bug I've
> been trying to reproduce:
>
On 4/27/17 8:49 PM, Steven Rostedt wrote:
> On Thu, 27 Apr 2017 20:13:43 -0600
> David Ahern <dsah...@gmail.com> wrote:
>
>> On 4/27/17 7:41 PM, Steven Rostedt wrote:
>>> On Thu, 27 Apr 2017 19:31:12 -0500
>>> David Carrillo-Cisneros <davi...@goog
On 4/27/17 8:49 PM, Steven Rostedt wrote:
> On Thu, 27 Apr 2017 20:13:43 -0600
> David Ahern wrote:
>
>> On 4/27/17 7:41 PM, Steven Rostedt wrote:
>>> On Thu, 27 Apr 2017 19:31:12 -0500
>>> David Carrillo-Cisneros wrote:
>>>
>>>>
On 4/27/17 7:41 PM, Steven Rostedt wrote:
> On Thu, 27 Apr 2017 19:31:12 -0500
> David Carrillo-Cisneros wrote:
>
>> When processing tracepoint events, perf report outputs warnings about
>> field not founds. The warnings are usually hidden by perf report UI
>> and appear when
On 4/27/17 7:41 PM, Steven Rostedt wrote:
> On Thu, 27 Apr 2017 19:31:12 -0500
> David Carrillo-Cisneros wrote:
>
>> When processing tracepoint events, perf report outputs warnings about
>> field not founds. The warnings are usually hidden by perf report UI
>> and appear when using the --stdio
On 4/24/17 3:48 AM, Lorenzo Colitti wrote:
> For non-stable kernels, it seems that the proper fix would be:
>
> 1. Ensure that when an RA creates a route, it properly sets
> rtm_protocol at time of route creation.
> 2. When we dump routes to userspace, we don't overwrite the rtm_protocol.
+1
On 4/24/17 3:48 AM, Lorenzo Colitti wrote:
> For non-stable kernels, it seems that the proper fix would be:
>
> 1. Ensure that when an RA creates a route, it properly sets
> rtm_protocol at time of route creation.
> 2. When we dump routes to userspace, we don't overwrite the rtm_protocol.
+1
On 4/25/17 10:38 AM, Andrey Konovalov wrote:
> I'll keep fuzzing in the meantime to make sure.
> Maybe I'll be able to collect more reports or even another reproducer.
start a new email thread for each stack trace. I'll write a debug patch
for the trace you hit today.
On 4/25/17 10:38 AM, Andrey Konovalov wrote:
> I'll keep fuzzing in the meantime to make sure.
> Maybe I'll be able to collect more reports or even another reproducer.
start a new email thread for each stack trace. I'll write a debug patch
for the trace you hit today.
On 3/7/17 2:21 AM, Dmitry Vyukov wrote:
> [ cut here ]
> WARNING: CPU: 2 PID: 3990 at net/ipv6/ip6_fib.c:991
> fib6_add+0x2e12/0x3290 net/ipv6/ip6_fib.c:991 net/ipv6/ip6_fib.c:991
> Kernel panic - not syncing: panic_on_warn set ...
>
> CPU: 2 PID: 3990 Comm: kworker/2:4
On 3/7/17 2:21 AM, Dmitry Vyukov wrote:
> [ cut here ]
> WARNING: CPU: 2 PID: 3990 at net/ipv6/ip6_fib.c:991
> fib6_add+0x2e12/0x3290 net/ipv6/ip6_fib.c:991 net/ipv6/ip6_fib.c:991
> Kernel panic - not syncing: panic_on_warn set ...
>
> CPU: 2 PID: 3990 Comm: kworker/2:4
On 3/4/17 11:57 AM, Dmitry Vyukov wrote:
> ==
> BUG: KASAN: slab-out-of-bounds in rt6_dump_route+0x293/0x2f0
> net/ipv6/route.c:3551 at addr 88007e523694
> Read of size 4 by task syz-executor3/24426
> CPU: 2 PID: 24426 Comm:
On 3/4/17 11:57 AM, Dmitry Vyukov wrote:
> ==
> BUG: KASAN: slab-out-of-bounds in rt6_dump_route+0x293/0x2f0
> net/ipv6/route.c:3551 at addr 88007e523694
> Read of size 4 by task syz-executor3/24426
> CPU: 2 PID: 24426 Comm:
ixed by:
commit 557c44be917c322860665be3d28376afa84aa936
Author: David Ahern <d...@cumulusnetworks.com>
Date: Wed Apr 19 14:19:43 2017 -0700
net: ipv6: RTF_PCPU should not be settable from userspace
ixed by:
commit 557c44be917c322860665be3d28376afa84aa936
Author: David Ahern
Date: Wed Apr 19 14:19:43 2017 -0700
net: ipv6: RTF_PCPU should not be settable from userspace
On 4/24/17 1:54 PM, Arnaldo Carvalho de Melo wrote:
> From: Jiri Olsa
>
> Recent commit broke command name strip in perf_event__get_comm_ids
> function. It replaced left to right search for '\n' with rtrim, which
> actually does right to left search. It occasionally caught
On 4/24/17 1:54 PM, Arnaldo Carvalho de Melo wrote:
> From: Jiri Olsa
>
> Recent commit broke command name strip in perf_event__get_comm_ids
> function. It replaced left to right search for '\n' with rtrim, which
> actually does right to left search. It occasionally caught earlier '\n'
> and
On 4/21/17 10:47 AM, Eric Dumazet wrote:
> On Fri, 2017-04-21 at 08:27 -0600, David Ahern wrote:
>> On 4/20/17 10:09 AM, Andrey Konovalov wrote:
>>> On Thu, Apr 20, 2017 at 5:39 PM, Andrey Konovalov <andreyk...@google.com>
>>> wrote:
>>>> On
On 4/21/17 10:47 AM, Eric Dumazet wrote:
> On Fri, 2017-04-21 at 08:27 -0600, David Ahern wrote:
>> On 4/20/17 10:09 AM, Andrey Konovalov wrote:
>>> On Thu, Apr 20, 2017 at 5:39 PM, Andrey Konovalov
>>> wrote:
>>>> On Thu, Apr 20, 2017 at 5:35 PM, David Ah
On 4/20/17 10:09 AM, Andrey Konovalov wrote:
> On Thu, Apr 20, 2017 at 5:39 PM, Andrey Konovalov <andreyk...@google.com>
> wrote:
>> On Thu, Apr 20, 2017 at 5:35 PM, David Ahern <d...@cumulusnetworks.com>
>> wrote:
>>> On 4/20/17 9:28 AM, Andrey Konovalo
On 4/20/17 10:09 AM, Andrey Konovalov wrote:
> On Thu, Apr 20, 2017 at 5:39 PM, Andrey Konovalov
> wrote:
>> On Thu, Apr 20, 2017 at 5:35 PM, David Ahern
>> wrote:
>>> On 4/20/17 9:28 AM, Andrey Konovalov wrote:
>>>> This one seems to be much closer to
On 4/20/17 9:28 AM, Andrey Konovalov wrote:
> This one seems to be much closer to what Dmitry reported intially.
does not repro here; I ran in a loop and nothing.
can you send output of "sysctl -a --pattern 'net.ipv6'"
On 4/20/17 9:28 AM, Andrey Konovalov wrote:
> This one seems to be much closer to what Dmitry reported intially.
does not repro here; I ran in a loop and nothing.
can you send output of "sysctl -a --pattern 'net.ipv6'"
On 4/19/17 5:47 PM, Cong Wang wrote:
> On Wed, Apr 19, 2017 at 9:12 AM, Andrey Konovalov
> wrote:
>>
>> Anyway, I just finished simplifying the reproducer. Give this one a try.
>
> Thanks for providing such a minimal reproducer!
>
> The following patch could fix this
On 4/19/17 5:47 PM, Cong Wang wrote:
> On Wed, Apr 19, 2017 at 9:12 AM, Andrey Konovalov
> wrote:
>>
>> Anyway, I just finished simplifying the reproducer. Give this one a try.
>
> Thanks for providing such a minimal reproducer!
>
> The following patch could fix this crash, but I am not 100%
On 4/19/17 10:12 AM, Andrey Konovalov wrote:
> That's weird. I usually see this when I have CONFIG_USER_NS disabled.
I bungled the movement of .config between servers. reproduced. will
investigate.
On 4/19/17 10:12 AM, Andrey Konovalov wrote:
> That's weird. I usually see this when I have CONFIG_USER_NS disabled.
I bungled the movement of .config between servers. reproduced. will
investigate.
On 4/18/17 2:43 PM, Andrey Konovalov wrote:
> Hi!
>
> I've finally managed to reproduce one of the crashes on commit
> 4f7d029b9bf009fbee76bb10c0c4351a1870d2f3 (4.11-rc7).
>
> I'm not sure if this bug has the same root cause as the first one
> reported in this thread, but it definitely has to do
On 4/18/17 2:43 PM, Andrey Konovalov wrote:
> Hi!
>
> I've finally managed to reproduce one of the crashes on commit
> 4f7d029b9bf009fbee76bb10c0c4351a1870d2f3 (4.11-rc7).
>
> I'm not sure if this bug has the same root cause as the first one
> reported in this thread, but it definitely has to do
On 4/18/17 2:43 PM, Andrey Konovalov wrote:
> I've finally managed to reproduce one of the crashes on commit
> 4f7d029b9bf009fbee76bb10c0c4351a1870d2f3 (4.11-rc7).
>
> I'm not sure if this bug has the same root cause as the first one
> reported in this thread, but it definitely has to do with
On 4/18/17 2:43 PM, Andrey Konovalov wrote:
> I've finally managed to reproduce one of the crashes on commit
> 4f7d029b9bf009fbee76bb10c0c4351a1870d2f3 (4.11-rc7).
>
> I'm not sure if this bug has the same root cause as the first one
> reported in this thread, but it definitely has to do with
On 4/7/17 8:52 PM, Taeung Song wrote:
> After reading command name from /proc//status,
> use ltrim() and rtrim() to strip command name, not using
> just while loop, isspace() and etc.
>
> Cc: David Ahern <dsah...@gmail.com>
> Cc: Don Zickus <dzic...@redhat.com>
>
On 4/7/17 8:52 PM, Taeung Song wrote:
> After reading command name from /proc//status,
> use ltrim() and rtrim() to strip command name, not using
> just while loop, isspace() and etc.
>
> Cc: David Ahern
> Cc: Don Zickus
> Cc: Jiri Olsa
> Cc: Namhyung Kim
>
__compare_symbol_names(namea, nameb);
> +
> +if (namea_versioning) free((void *)namea);
> +if (nameb_versioning) free((void *)nameb);
free() should be on the next line. Otherwise LGTM
Reviewed-by: David Ahern <dsah...@gmail.com>
__compare_symbol_names(namea, nameb);
> +
> +if (namea_versioning) free((void *)namea);
> +if (nameb_versioning) free((void *)nameb);
free() should be on the next line. Otherwise LGTM
Reviewed-by: David Ahern
On 3/27/17 6:42 AM, Dmitry Vyukov wrote:
> A friendly ping. This still happens all the time for us.
Haven't looked at this in a couple of weeks. I have syzkaller installed
on a machine locally and never was able to reproduce this ipv6 problem.
I am using a jessie rootfs; from the syzkaller files
On 3/27/17 6:42 AM, Dmitry Vyukov wrote:
> A friendly ping. This still happens all the time for us.
Haven't looked at this in a couple of weeks. I have syzkaller installed
on a machine locally and never was able to reproduce this ipv6 problem.
I am using a jessie rootfs; from the syzkaller files
On 3/15/17 7:06 PM, Arnaldo Carvalho de Melo wrote:
> Added more people to the CC list.
>
> Em Wed, Mar 15, 2017 at 05:58:19PM -0700, Alexei Starovoitov escreveu:
>> On Thu, Feb 16, 2017 at 05:00:50PM +1100, Anton Blanchard wrote:
>>> We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
On 3/15/17 7:06 PM, Arnaldo Carvalho de Melo wrote:
> Added more people to the CC list.
>
> Em Wed, Mar 15, 2017 at 05:58:19PM -0700, Alexei Starovoitov escreveu:
>> On Thu, Feb 16, 2017 at 05:00:50PM +1100, Anton Blanchard wrote:
>>> We have uses of CONFIG_UPROBE_EVENT and CONFIG_KPROBE_EVENT as
On 3/7/17 2:21 AM, Dmitry Vyukov wrote:
> I've commented that warning just to see I can obtain more information.
> Then I also got this:
>
> [ cut here ]
> WARNING: CPU: 2 PID: 3990 at net/ipv6/ip6_fib.c:991
> fib6_add+0x2e12/0x3290 net/ipv6/ip6_fib.c:991
On 3/7/17 2:21 AM, Dmitry Vyukov wrote:
> I've commented that warning just to see I can obtain more information.
> Then I also got this:
>
> [ cut here ]
> WARNING: CPU: 2 PID: 3990 at net/ipv6/ip6_fib.c:991
> fib6_add+0x2e12/0x3290 net/ipv6/ip6_fib.c:991
On 3/7/17 11:13 AM, Dmitry Vyukov wrote:
>> on this warning:
>>
>> /* dst.next really should not be set at this point */
>> if (rt->dst.next && rt->dst.next->ops->family != AF_INET6) {
>> pr_warn("fib6_add: adding rt with bad next -- family %d dst
>> flags %x\n",
>>
On 3/7/17 11:13 AM, Dmitry Vyukov wrote:
>> on this warning:
>>
>> /* dst.next really should not be set at this point */
>> if (rt->dst.next && rt->dst.next->ops->family != AF_INET6) {
>> pr_warn("fib6_add: adding rt with bad next -- family %d dst
>> flags %x\n",
>>
On 3/7/17 1:43 AM, Dmitry Vyukov wrote:
> This is on c1ae3cfa0e89fa1a7ecc4c99031f5e9ae99d9201. No other kernel
> output from your patch (pr_err).
>
> [ cut here ]
> WARNING: CPU: 1 PID: 30179 at net/ipv6/ip6_fib.c:158
> rt6_rcu_free+0x61/0x70 net/ipv6/ip6_fib.c:158
>
On 3/7/17 1:43 AM, Dmitry Vyukov wrote:
> This is on c1ae3cfa0e89fa1a7ecc4c99031f5e9ae99d9201. No other kernel
> output from your patch (pr_err).
>
> [ cut here ]
> WARNING: CPU: 1 PID: 30179 at net/ipv6/ip6_fib.c:158
> rt6_rcu_free+0x61/0x70 net/ipv6/ip6_fib.c:158
>
On 3/7/17 1:43 AM, Dmitry Vyukov wrote:
> This is on c1ae3cfa0e89fa1a7ecc4c99031f5e9ae99d9201. No other kernel
> output from your patch (pr_err).
Is the below supposed to be from the same qemu instance at the time of
the crash? cpu1 and cpu2 are both supposedly doing a route insert?
>
>
On 3/7/17 1:43 AM, Dmitry Vyukov wrote:
> This is on c1ae3cfa0e89fa1a7ecc4c99031f5e9ae99d9201. No other kernel
> output from your patch (pr_err).
Is the below supposed to be from the same qemu instance at the time of
the crash? cpu1 and cpu2 are both supposedly doing a route insert?
>
>
On 3/6/17 11:51 AM, Dmitry Vyukov wrote:
> We hit it several thousand times, but we get only several dozens of
> crashes per day on ~80 VMs. So if you try to reproduce it on a single
> machine it can take days for a single crash.
> If you are ready to go that route, here are some instructions on
>
On 3/6/17 11:51 AM, Dmitry Vyukov wrote:
> We hit it several thousand times, but we get only several dozens of
> crashes per day on ~80 VMs. So if you try to reproduce it on a single
> machine it can take days for a single crash.
> If you are ready to go that route, here are some instructions on
>
On 3/4/17 1:15 PM, Eric Dumazet wrote:
> On Sat, 2017-03-04 at 19:57 +0100, Dmitry Vyukov wrote:
>> On Fri, Mar 3, 2017 at 8:12 PM, David Ahern <d...@cumulusnetworks.com> wrote:
>>> On 3/3/17 6:39 AM, Dmitry Vyukov wrote:
>>>> I am getting heap out-of-bo
On 3/4/17 1:15 PM, Eric Dumazet wrote:
> On Sat, 2017-03-04 at 19:57 +0100, Dmitry Vyukov wrote:
>> On Fri, Mar 3, 2017 at 8:12 PM, David Ahern wrote:
>>> On 3/3/17 6:39 AM, Dmitry Vyukov wrote:
>>>> I am getting heap out-of-bounds reports in
>>>&
On 3/3/17 6:39 AM, Dmitry Vyukov wrote:
> I am getting heap out-of-bounds reports in
> fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone while running
> syzkaller fuzzer on 86292b33d4b79ee03e2f43ea0381ef85f077c760. They all
> follow the same pattern: an object of size 216 is allocated from
>
On 3/3/17 6:39 AM, Dmitry Vyukov wrote:
> I am getting heap out-of-bounds reports in
> fib6_clean_node/rt6_fill_node/fib6_age/fib6_prune_clone while running
> syzkaller fuzzer on 86292b33d4b79ee03e2f43ea0381ef85f077c760. They all
> follow the same pattern: an object of size 216 is allocated from
>
On 2/28/17 3:14 PM, Eric Dumazet wrote:
> On Tue, Feb 28, 2017 at 3:09 PM, David Ahern <d...@cumulusnetworks.com> wrote:
>> On 2/28/17 5:10 AM, Eric Dumazet wrote:
>>> David, rt->rt6i_idev can be NULL.
>>
>> Do you know of an example where rt6i_idev can be NU
On 2/28/17 3:14 PM, Eric Dumazet wrote:
> On Tue, Feb 28, 2017 at 3:09 PM, David Ahern wrote:
>> On 2/28/17 5:10 AM, Eric Dumazet wrote:
>>> David, rt->rt6i_idev can be NULL.
>>
>> Do you know of an example where rt6i_idev can be NULL - besides the
>> n
On 2/28/17 5:10 AM, Eric Dumazet wrote:
> David, rt->rt6i_idev can be NULL.
Do you know of an example where rt6i_idev can be NULL - besides the
null_entry rt which is null only because of init order?
On 2/28/17 5:10 AM, Eric Dumazet wrote:
> David, rt->rt6i_idev can be NULL.
Do you know of an example where rt6i_idev can be NULL - besides the
null_entry rt which is null only because of init order?
On 2/27/17 10:11 AM, Cong Wang wrote:
> The attached patch fixes this crash, but I am not sure if it is the
> best way to fix this bug yet...
I'll take a look. I can not reproduce this using route or ip, so the
fuzzer is doing something interesting.
On 2/27/17 10:11 AM, Cong Wang wrote:
> The attached patch fixes this crash, but I am not sure if it is the
> best way to fix this bug yet...
I'll take a look. I can not reproduce this using route or ip, so the
fuzzer is doing something interesting.
On 2/27/17 12:37 PM, Andrey Konovalov wrote:
> That's what I thought when I read your message, thanks!
>
> I was just confused by David saying that the fuzzer is doing something
> interesting, when the reproducer is just an ioctl call on a socket.
It means I have a cold, recently off a plane and
On 2/27/17 12:37 PM, Andrey Konovalov wrote:
> That's what I thought when I read your message, thanks!
>
> I was just confused by David saying that the fuzzer is doing something
> interesting, when the reproducer is just an ioctl call on a socket.
It means I have a cold, recently off a plane and
On 2/12/17 2:23 PM, Mickaël Salaün wrote:
> diff --git a/samples/bpf/.gitignore b/samples/bpf/.gitignore
> new file mode 100644
> index ..a7562a5ef4c2
> --- /dev/null
> +++ b/samples/bpf/.gitignore
> @@ -0,0 +1,32 @@
> +fds_example
> +lathist
...
Listing each target is going to be a
On 2/12/17 2:23 PM, Mickaël Salaün wrote:
> diff --git a/samples/bpf/.gitignore b/samples/bpf/.gitignore
> new file mode 100644
> index ..a7562a5ef4c2
> --- /dev/null
> +++ b/samples/bpf/.gitignore
> @@ -0,0 +1,32 @@
> +fds_example
> +lathist
...
Listing each target is going to be a
On 1/3/17 9:12 AM, Arnaldo Carvalho de Melo wrote:
> Em Tue, Jan 03, 2017 at 08:33:35AM -0700, David Ahern escreveu:
>> On 1/3/17 1:19 AM, Jiri Olsa wrote:
>>> It's now possible to specify the threshold size for
>>> perf.data like:
>>>
>>> $ perf re
On 1/3/17 9:12 AM, Arnaldo Carvalho de Melo wrote:
> Em Tue, Jan 03, 2017 at 08:33:35AM -0700, David Ahern escreveu:
>> On 1/3/17 1:19 AM, Jiri Olsa wrote:
>>> It's now possible to specify the threshold size for
>>> perf.data like:
>>>
>>> $ perf re
On 1/3/17 1:19 AM, Jiri Olsa wrote:
> It's now possible to specify the threshold size for
> perf.data like:
>
> $ perf record --switch-output=2G ...
>
> Once it's reached, the current data are dumped in to the
> perf.data. file and session does on.
How about something like max-file-size
On 1/3/17 1:19 AM, Jiri Olsa wrote:
> It's now possible to specify the threshold size for
> perf.data like:
>
> $ perf record --switch-output=2G ...
>
> Once it's reached, the current data are dumped in to the
> perf.data. file and session does on.
How about something like max-file-size
r IPCB. If iif
is the loopback interface, then return the sending interface
(e.g., process binds socket to eth0 for Tx which is redirected
to loopback in the rtable/dst).
>> */
>> +if (pktinfo->ipi_ifindex == LOOPBACK_IFINDEX)
>> +pktinfo->ipi_ifindex = inet_iif(skb);
>> +
>> pktinfo->ipi_spec_dst.s_addr = fib_compute_spec_dst(skb);
>> } else {
>> pktinfo->ipi_ifindex = 0;
The actual change looks ok to me.
Acked-by: David Ahern <d...@cumulusnetworks.com>
interface
(e.g., process binds socket to eth0 for Tx which is redirected
to loopback in the rtable/dst).
>> */
>> +if (pktinfo->ipi_ifindex == LOOPBACK_IFINDEX)
>> + pktinfo->ipi_ifindex = inet_iif(skb);
>> +
>> pktinfo->ipi_spec_dst.s_addr = fib_compute_spec_dst(skb);
>> } else {
>> pktinfo->ipi_ifindex = 0;
The actual change looks ok to me.
Acked-by: David Ahern
On 12/19/16 6:56 PM, Andy Lutomirski wrote:
> On Mon, Dec 19, 2016 at 5:44 PM, David Ahern <dsah...@gmail.com> wrote:
>> On 12/19/16 5:25 PM, Andy Lutomirski wrote:
>>> net.socket_create_filter = "none": no filter
>>> net.socket
301 - 400 of 3566 matches
Mail list logo