From: Hannes Diethelm <hannes.diethelm@gmail.com>
To: Jan Kiszka <jan.kiszka@siemens.com>, xenomai@lists.linux.dev
Subject: Re: Kernel WARNING in Xenomai3 with RTnet
Date: Fri, 10 Apr 2026 21:54:10 +0200 [thread overview]
Message-ID: <48689bee-2176-4def-bce8-33faa35a235f@gmail.com> (raw)
In-Reply-To: <f10afb4e-2aaf-4a3a-8bc7-893c1a09cdd1@siemens.com>
Am 09.04.26 um 08:46 schrieb Jan Kiszka:
> On 08.04.26 22:53, Hannes Diethelm wrote:
>> Configuration:
>>
>> Debian Trixie
>> xenomai3:master
>> linux-dovetail:v6.12.67-dovetail1
>>
>> I have the following warning as soon as I enable the network interface:
>> Apr 08 01:52:12 trixie-box kernel: ------------[ cut here ]------------
>> Apr 08 01:52:12 trixie-box kernel: memcpy: detected field-spanning write
>> (size 80) of single field "call->priv_data" at drivers/xenomai/net/
>> stack/rtnet_rtpc.c:93 (size 0)
>> Apr 08 01:52:12 trixie-box kernel: WARNING: CPU: 13 PID: 2480 at
>> drivers/xenomai/net/stack/rtnet_rtpc.c:93
>> rtnet_rtpc_dispatch_call+0x2df/0x3d0 [rtnet]
>> Apr 08 01:52:12 trixie-box kernel: Modules linked in: rtudp rtipv4
>> rt_loopback joydev uinput qrtr rfkill binfmt_misc intel_rapl_msr
>> intel_rapl_common ccp kvm snd_hda_codec_generic snd_hda_intel ir>
>> Apr 08 01:52:12 trixie-box kernel: CPU: 13 UID: 0 PID: 2480 Comm: rtping
>> Not tainted 6.12.67-xenomai3-73ad3b #3
>> Apr 08 01:52:12 trixie-box kernel: Hardware name: QEMU Standard PC (Q35
>> + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
>> Apr 08 01:52:12 trixie-box kernel: IRQ stage: Linux
>> Apr 08 01:52:12 trixie-box kernel: RIP:
>> 0010:rtnet_rtpc_dispatch_call+0x2df/0x3d0 [rtnet]
>> Apr 08 01:52:12 trixie-box kernel: Code: 26 50 00 00 00 0f 85 d1 fd ff
>> ff 31 c9 48 c7 c2 00 13 94 c0 4c 89 ee 48 c7 c7 48 13 94 c0 c6 05 06 50
>> 00 00 01 e8 51 d6 97 eb <0f> 0b e9 ab fd ff ff 84 d2 >
>> Apr 08 01:52:12 trixie-box kernel: RSP: 0018:ffffcdff82ebbd68 EFLAGS:
>> 00010286
>> Apr 08 01:52:12 trixie-box kernel: RAX: 0000000000000000 RBX:
>> ffff8988585012c0 RCX: 0000000000000027
>> Apr 08 01:52:12 trixie-box kernel: RDX: ffff898b6fca0948 RSI:
>> 0000000000000001 RDI: ffff898b6fca0940
>> Apr 08 01:52:12 trixie-box kernel: RBP: 00000000000001f4 R08:
>> 0000000000000000 R09: ffffcdff82ebbb28
>> Apr 08 01:52:12 trixie-box kernel: R10: ffffffffadeb9ee8 R11:
>> 0000000000000003 R12: 0000000000000000
>> Apr 08 01:52:12 trixie-box kernel: R13: 0000000000000050 R14:
>> ffffffffc0cff5b0 R15: ffffffffc0cff6e0
>> Apr 08 01:52:12 trixie-box kernel: FS: 00007f1499d11740(0000)
>> GS:ffff898b6fc80000(0000) knlGS:0000000000000000
>> Apr 08 01:52:12 trixie-box kernel: CS: 0010 DS: 0000 ES: 0000 CR0:
>> 0000000080050033
>> Apr 08 01:52:12 trixie-box kernel: CR2: 00007ffe3de7dff8 CR3:
>> 000000014d74e000 CR4: 0000000000750ef0
>> Apr 08 01:52:12 trixie-box kernel: PKRU: 55555554
>> Apr 08 01:52:12 trixie-box kernel: Call Trace:
>> Apr 08 01:52:12 trixie-box kernel: <TASK>
>> Apr 08 01:52:12 trixie-box kernel: ipv4_ioctl+0x16b/0x230 [rtipv4]
>> Apr 08 01:52:12 trixie-box kernel: rtnet_ioctl+0x164/0x190 [rtnet]
>> Apr 08 01:52:12 trixie-box kernel: ? __count_memcg_events+0x67/0x100
>> Apr 08 01:52:12 trixie-box kernel: __x64_sys_ioctl+0x91/0xd0
>> Apr 08 01:52:12 trixie-box kernel: do_syscall_64+0xc0/0x230
>> Apr 08 01:52:12 trixie-box kernel: entry_SYSCALL_64_after_hwframe+0x76/0x7e
>> Apr 08 01:52:12 trixie-box kernel: RIP: 0033:0x7f1499e2091b
>> Apr 08 01:52:12 trixie-box kernel: Code: 00 48 89 44 24 18 31 c0 48 8d
>> 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24
>> 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c >
>> Apr 08 01:52:12 trixie-box kernel: RSP: 002b:00007ffe3de7e9f0 EFLAGS:
>> 00000246 ORIG_RAX: 0000000000000010
>> Apr 08 01:52:12 trixie-box kernel: RAX: ffffffffffffffda RBX:
>> 00007f1499d11740 RCX: 00007f1499e2091b
>> Apr 08 01:52:12 trixie-box kernel: RDX: 000055c8e00d60e0 RSI:
>> 00000000c0500285 RDI: 0000000000000003
>> Apr 08 01:52:12 trixie-box kernel: RBP: 0000000000000002 R08:
>> 0000000000000000 R09: 0000000000000000
>> Apr 08 01:52:12 trixie-box kernel: R10: 0000000000000003 R11:
>> 0000000000000246 R12: 00007ffe3de7f818
>> Apr 08 01:52:12 trixie-box kernel: R13: 0000000000000002 R14:
>> 00007f1499f60000 R15: 000055c8e00d5dd8
>> Apr 08 01:52:12 trixie-box kernel: </TASK>
>> Apr 08 01:52:12 trixie-box kernel: ---[ end trace 0000000000000000 ]---
>>
>> This can be fixed with the following patch. However, I am not sure if
>> it's the right way to do it.
>> diff --git a/kernel/drivers/net/stack/rtnet_rtpc.c b/kernel/drivers/net/
>> stack/rtnet_rtpc.c
>> index cd5f0546d..caed27269 100644
>> --- a/kernel/drivers/net/stack/rtnet_rtpc.c
>> +++ b/kernel/drivers/net/stack/rtnet_rtpc.c
>> @@ -90,7 +90,7 @@ int rtnet_rtpc_dispatch_call(rtpc_proc proc, unsigned
>> int timeout,
>> if (call == NULL)
>> return -ENOMEM;
>>
>> - memcpy(call->priv_data, priv_data, priv_data_size);
>> + unsafe_memcpy(call->priv_data, priv_data, priv_data_size, /
>> *embedded variable length data*/);
>>
>
> Yeah, good catch - the kernel and the toolchains improved their
> diagnosis features a lot since this was written more than 20 years ago.
> I bet we have a few more of those variable length fields in RTnet data
> structures. Those should be converted to flexible array members, see
> also
> https://www.kernel.org/doc/html/latest/process/deprecated.html#zero-length-and-one-element-arrays.
> Happy to review patches!
>
> Jan
Thanks for the hint. So I think this is all that's needed, i tested it and with this change. I also have no
warnings any more.
diff --git a/kernel/drivers/net/stack/include/rtnet_rtpc.h b/kernel/drivers/net/stack/include/rtnet_rtpc.h
index 01d7ab152..f4ad47306 100644
--- a/kernel/drivers/net/stack/include/rtnet_rtpc.h
+++ b/kernel/drivers/net/stack/include/rtnet_rtpc.h
@@ -43,7 +43,7 @@ struct rt_proc_call {
atomic_t ref_count;
wait_queue_head_t call_wq;
rtpc_cleanup_proc cleanup_handler;
- char priv_data[0] __attribute__((aligned(8)));
+ char priv_data[] __attribute__((aligned(8)));
};
#define CALL_PENDING 1000 /* result value for blocked calls */
So you mean I should submit a patch? So that means using git format-patch and send it to the mailing list?
I can try that but I can't guarantee I won't mess it up. But I allready managed to setup my e-mail client to not
mess up the messages.
I have another patch and a bug report in the pipeline but one at a time.
Just some background: I am working on integrating Xenomai3/4 into LinuxCNC. It is just a hobby and I am not an official
maintainer. However, I am using Linux since i switched over from Windows 3.11 and I am quite experienced in C/C++ from
my day job and also personal projects. But the last time I was using mailing lists was like 20 years ago.
Hannes
>
>> call->processed = 0;
>> call->proc = proc;
>>
>>
>
prev parent reply other threads:[~2026-04-10 19:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-08 20:53 Kernel WARNING in Xenomai3 with RTnet Hannes Diethelm
2026-04-09 6:46 ` Jan Kiszka
2026-04-10 19:54 ` Hannes Diethelm [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48689bee-2176-4def-bce8-33faa35a235f@gmail.com \
--to=hannes.diethelm@gmail.com \
--cc=jan.kiszka@siemens.com \
--cc=xenomai@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox