On Sonntag, 5. Februar 2017 07:45:48 CET Linus Lüssing wrote:
[...]
> +       size = sizeof(*nhh_data);
> +       elp_buff = skb_put(hard_iface->bat_v.elp_skb, size);
> +       nhh_data = (struct batadv_tvlv_nhh_data *)elp_buff;
> +       nhh_data->min_throughput = htonl(0);
> +       nhh_data->max_throughput = htonl(U32_MAX);
> +       memset(nhh_data->neigh_hash, 0, size);

This looks to me like a buffer overflow by memset. Maybe you want to use the 
size of nhh_data->neigh_hash in this memset and not sizeof(*nhh_data).

Kind regards,
	Sven