November 2020 - B.A.T.M.A.N - lists.open-mesh.org

[PATCH net 00/12] net: iflink and link-netnsid fixes

by Sabrina Dubroca

In a lot of places, we use this kind of comparison to detect if a device has a lower link: dev->ifindex != dev_get_iflink(dev) This seems to be a leftover of the pre-netns days, when the ifindex was unique over the whole system. Nowadays, with network namespaces, it's very easy to create a device with the same ifindex as its lower link: ip netns add main ip netns add peer ip -net main link add dummy0 type dummy ip -net main link add link dummy0 macvlan0 netns peer type macvlan ip -net main link show type dummy 9: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop ... ip -net peer link show type macvlan 9: macvlan0@if9: <BROADCAST,MULTICAST> mtu 1500 qdisc noop ... To detect if a device has a lower link, we can simply check the existence of the dev->netdev_ops->ndo_get_iflink operation, instead of checking its return value. In particular, I attempted to fix one of these checks in commit feadc4b6cf42 ("rtnetlink: always put IFLA_LINK for links with a link-netnsid"), but this patch isn't correct, since tunnel devices can export IFLA_LINK_NETNSID without IFLA_LINK. That patch needs to be reverted. This series will fix all those bogus comparisons, and export missing IFLA_LINK_NETNSID attributes in bridge and ipv6 dumps. ipvlan and geneve are also missing the get_link_net operation, so userspace can't know when those device are cross-netns. There are a couple of other device types that have an ndo_get_iflink op but no get_link_net (virt_wifi, ipoib), and should probably also have a get_link_net. Sabrina Dubroca (12): ipvlan: add get_link_net geneve: add get_link_net Revert "rtnetlink: always put IFLA_LINK for links with a link-netnsid" rtnetlink: always put IFLA_LINK for links with ndo_get_iflink bridge: always put IFLA_LINK for ports with ndo_get_iflink bridge: advertise IFLA_LINK_NETNSID when dumping bridge ports ipv6: always put IFLA_LINK for devices with ndo_get_iflink ipv6: advertise IFLA_LINK_NETNSID when dumping ipv6 addresses net: link_watch: fix operstate when the link has the same index as the device net: link_watch: fix detection of urgent events batman-adv: fix iflink detection in batadv_is_on_batman_iface batman-adv: fix detection of lower link in batadv_get_real_netdevice drivers/net/can/vxcan.c | 2 +- drivers/net/geneve.c | 8 ++++++++ drivers/net/ipvlan/ipvlan_main.c | 9 +++++++++ drivers/net/veth.c | 2 +- include/net/rtnetlink.h | 4 ++++ net/batman-adv/hard-interface.c | 4 ++-- net/bridge/br_netlink.c | 4 +++- net/core/link_watch.c | 4 ++-- net/core/rtnetlink.c | 25 ++++++++++++------------- net/ipv6/addrconf.c | 11 ++++++++++- 10 files changed, 52 insertions(+), 21 deletions(-) -- 2.28.0

8 months, 3 weeks

3
5
0 / 0

WARNING in sta_info_alloc

by syzbot

Hello, syzbot found the following issue on: HEAD commit: 549738f1 Linux 5.9-rc8 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15b97ba3900000 kernel config: https://syzkaller.appspot.com/x/.config?x=c06bcf3cc963d91c dashboard link: https://syzkaller.appspot.com/bug?extid=45d7c243c006f39dc55a compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12bae9c0500000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1099b1c0500000 The issue was bisected to: commit 643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb Author: Zi Shen Lim <zlim.lnx(a)gmail.com> Date: Thu Jun 9 04:18:50 2016 +0000 arm64: bpf: optimize LD_ABS, LD_IND bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11d44477900000 final oops: https://syzkaller.appspot.com/x/report.txt?x=13d44477900000 console output: https://syzkaller.appspot.com/x/log.txt?x=15d44477900000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+45d7c243c006f39dc55a(a)syzkaller.appspotmail.com Fixes: 643c332d519b ("arm64: bpf: optimize LD_ABS, LD_IND") ------------[ cut here ]------------ WARNING: CPU: 0 PID: 6879 at net/mac80211/ieee80211_i.h:1447 ieee80211_get_sband net/mac80211/ieee80211_i.h:1447 [inline] WARNING: CPU: 0 PID: 6879 at net/mac80211/ieee80211_i.h:1447 sta_info_alloc+0x1900/0x1f90 net/mac80211/sta_info.c:469 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 6879 Comm: syz-executor071 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 panic+0x382/0x7fb kernel/panic.c:231 __warn.cold+0x20/0x4b kernel/panic.c:600 report_bug+0x1bd/0x210 lib/bug.c:198 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:ieee80211_get_sband net/mac80211/ieee80211_i.h:1447 [inline] RIP: 0010:sta_info_alloc+0x1900/0x1f90 net/mac80211/sta_info.c:469 Code: 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f0 04 00 00 49 8b 9f 60 01 00 00 e9 fc f6 ff ff e8 80 20 b6 f9 <0f> 0b e8 e9 62 66 00 31 ff 89 c3 89 c6 e8 ce 1c b6 f9 85 db 74 1d RSP: 0018:ffffc9000539f498 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff87c01d61 RDX: ffff8880a91ec3c0 RSI: ffffffff87c01e10 RDI: 0000000000000005 RBP: ffff8880896e0c80 R08: 0000000000000001 R09: ffffffff8d0c29e7 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff8880896e31b0 R14: dffffc0000000000 R15: ffff888092f06000 ieee80211_add_station+0x28c/0x660 net/mac80211/cfg.c:1586 rdev_add_station net/wireless/rdev-ops.h:190 [inline] nl80211_new_station+0xde7/0x1440 net/wireless/nl80211.c:6294 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline] genl_family_rcv_msg net/netlink/genetlink.c:714 [inline] genl_rcv_msg+0x61d/0x980 net/netlink/genetlink.c:731 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 genl_rcv+0x24/0x40 net/netlink/genetlink.c:742 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2353 ___sys_sendmsg+0xf3/0x170 net/socket.c:2407 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x441999 Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffd9fa54bf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441999 RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000005 RBP: 000000306e616c77 R08: 0000000000000000 R09: 0000002000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000032 R13: 0000000000000000 R14: 000000000000000c R15: 0000000000000004 Kernel Offset: disabled Rebooting in 86400 seconds.. --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches

1 year, 6 months

3
3
0 / 0

[PATCH 1/2] vxlan: Add needed_headroom for lower device

by Sven Eckelmann

It was observed that sending data via batadv over vxlan (on top of wireguard) reduced the performance massively compared to raw ethernet or batadv on raw ethernet. A check of perf data showed that the vxlan_build_skb was calling all the time pskb_expand_head to allocate enough headroom for: min_headroom = LL_RESERVED_SPACE(dst->dev) + dst->header_len + VXLAN_HLEN + iphdr_len; But the vxlan_config_apply only requested needed headroom for: lowerdev->hard_header_len + VXLAN6_HEADROOM or VXLAN_HEADROOM So it completely ignored the needed_headroom of the lower device. The first caller of net_dev_xmit could therefore never make sure that enough headroom was allocated for the rest of the transmit path. Cc: Annika Wickert <annika.wickert(a)exaring.de> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- drivers/net/vxlan.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index 236fcc55a5fd..25b5b5a2dfea 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -3799,6 +3799,7 @@ static void vxlan_config_apply(struct net_device *dev, dev->gso_max_segs = lowerdev->gso_max_segs; needed_headroom = lowerdev->hard_header_len; + needed_headroom += lowerdev->needed_headroom; max_mtu = lowerdev->mtu - (use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM); -- 2.29.2

2 years, 2 months

3
3
0 / 0

[PATCH 0/3] pull request for net: batman-adv 2020-11-27

by Simon Wunderlich

Hi David, hi Jakub, here are some more bugfixes for batman-adv which we would like to have integrated into net. Please pull or let me know of any problem! Thank you, Simon The following changes since commit 14a2e551faea53d45bc11629a9dac88f88950ca7: batman-adv: set .owner to THIS_MODULE (2020-11-15 11:43:56 +0100) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-net-pullrequest-20201127 for you to fetch changes up to 992b03b88e36254e26e9a4977ab948683e21bd9f: batman-adv: Don't always reallocate the fragmentation skb head (2020-11-27 08:02:55 +0100) ---------------------------------------------------------------- Here are some batman-adv bugfixes: - Fix head/tailroom issues for fragments, by Sven Eckelmann (3 patches) ---------------------------------------------------------------- Sven Eckelmann (3): batman-adv: Consider fragmentation for needed_headroom batman-adv: Reserve needed_*room for fragments batman-adv: Don't always reallocate the fragmentation skb head net/batman-adv/fragmentation.c | 26 ++++++++++++++++---------- net/batman-adv/hard-interface.c | 3 +++ 2 files changed, 19 insertions(+), 10 deletions(-)

2 years, 2 months

2
4
0 / 0

[PATCH] batman-adv: Consider fragmentation for needed_headroom

by Sven Eckelmann

If a batman-adv packets has to be fragmented, then the original batman-adv packet header is not stripped away. Instead, only a new header is added in front of the packet after it was splitted. This size must be considered to avoid cost intensive reallocations during the transmission through the various device layers. Reported-by: Linus Lüssing <linus.luessing(a)c0d3.blue> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- net/batman-adv/hard-interface.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c index f122e448..bbedb9a4 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c @@ -553,6 +553,9 @@ static void batadv_hardif_recalc_extra_skbroom(struct net_device *soft_iface) needed_headroom = lower_headroom + (lower_header_len - ETH_HLEN); needed_headroom += batadv_max_header_len(); + /* fragmentation headers don't strip the unicast/... header */ + needed_headroom += sizeof(struct batadv_frag_packet); + soft_iface->needed_headroom = needed_headroom; soft_iface->needed_tailroom = lower_tailroom; } -- 2.29.2

2 years, 2 months

1
1
0 / 0

[PATCH] batman-adv: Don't always reallocate the fragmentation skb head

by Sven Eckelmann

When a packet is fragmented by batman-adv, the original batman-adv header is not modified. Only a new fragmentation is inserted between the original one and the ethernet header. The code must therefore make sure that it has a writable region of this size in the skbuff head. But it is not useful to always reallocate the skbuff by this size even when there would be more than enough headroom still in the skb. The reallocation is just to costly during in this codepath. Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- net/batman-adv/fragmentation.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c index 8a73804d..59ebd731 100644 --- a/net/batman-adv/fragmentation.c +++ b/net/batman-adv/fragmentation.c @@ -527,13 +527,14 @@ int batadv_frag_send_packet(struct sk_buff *skb, frag_header.no++; } - /* Make room for the fragment header. */ - if (batadv_skb_head_push(skb, header_size) < 0 || - pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) { - ret = -ENOMEM; + /* make sure that there is at least enough head for the fragmentation + * and ethernet headers + */ + ret = skb_cow_head(skb, ETH_HLEN + header_size); + if (ret < 0) goto put_primary_if; - } + skb_push(skb, header_size); memcpy(skb->data, &frag_header, header_size); /* Send the last fragment */ -- 2.29.2

2 years, 2 months

1
1
0 / 0

[PATCH] batman-adv: Reserve needed_*room for fragments

by Sven Eckelmann

The batadv net_device is trying to propagate the needed_headroom and needed_tailroom from the lower devices. This is needed to avoid cost intensive reallocations using pskb_expand_head during the transmission. But the fragmentation code splitted the skb's without adding extra room at the end/beginning of the various fragments. This reduced the performance of transmissions over complex scenarios (batadv on vxlan on wireguard) because the lower devices had to perform the reallocations at least once. Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- v1: - added commit message - added tailroom net/batman-adv/fragmentation.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c index 97220e19..8a73804d 100644 --- a/net/batman-adv/fragmentation.c +++ b/net/batman-adv/fragmentation.c @@ -391,6 +391,7 @@ bool batadv_frag_skb_fwd(struct sk_buff *skb, /** * batadv_frag_create() - create a fragment from skb + * @net_dev: outgoing device for fragment * @skb: skb to create fragment from * @frag_head: header to use in new fragment * @fragment_size: size of new fragment @@ -401,22 +402,25 @@ bool batadv_frag_skb_fwd(struct sk_buff *skb, * * Return: the new fragment, NULL on error. */ -static struct sk_buff *batadv_frag_create(struct sk_buff *skb, +static struct sk_buff *batadv_frag_create(struct net_device *net_dev, + struct sk_buff *skb, struct batadv_frag_packet *frag_head, unsigned int fragment_size) { + unsigned int ll_reserved = LL_RESERVED_SPACE(net_dev); + unsigned int tailroom = net_dev->needed_tailroom; struct sk_buff *skb_fragment; unsigned int header_size = sizeof(*frag_head); unsigned int mtu = fragment_size + header_size; - skb_fragment = netdev_alloc_skb(NULL, mtu + ETH_HLEN); + skb_fragment = dev_alloc_skb(ll_reserved + mtu + tailroom); if (!skb_fragment) goto err; skb_fragment->priority = skb->priority; /* Eat the last mtu-bytes of the skb */ - skb_reserve(skb_fragment, header_size + ETH_HLEN); + skb_reserve(skb_fragment, ll_reserved + header_size); skb_split(skb, skb_fragment, skb->len - fragment_size); /* Add the header */ @@ -439,11 +443,12 @@ int batadv_frag_send_packet(struct sk_buff *skb, struct batadv_orig_node *orig_node, struct batadv_neigh_node *neigh_node) { + struct net_device *net_dev = neigh_node->if_incoming->net_dev; struct batadv_priv *bat_priv; struct batadv_hard_iface *primary_if = NULL; struct batadv_frag_packet frag_header; struct sk_buff *skb_fragment; - unsigned int mtu = neigh_node->if_incoming->net_dev->mtu; + unsigned int mtu = net_dev->mtu; unsigned int header_size = sizeof(frag_header); unsigned int max_fragment_size, num_fragments; int ret; @@ -503,7 +508,7 @@ int batadv_frag_send_packet(struct sk_buff *skb, goto put_primary_if; } - skb_fragment = batadv_frag_create(skb, &frag_header, + skb_fragment = batadv_frag_create(net_dev, skb, &frag_header, max_fragment_size); if (!skb_fragment) { ret = -ENOMEM; -- 2.29.2

2 years, 2 months

1
1
0 / 0

[RFC PATCH] batman-adv: Reserve needed_headroom for fragments

by Sven Eckelmann

TODO: write something about the extra headroom vxlan needs and why it reduced the performance significantly when only using the minimum reserved space. Cc: Annika Wickert <annika.wickert(a)exaring.de> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- net/batman-adv/fragmentation.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c index 97220e19..5039b201 100644 --- a/net/batman-adv/fragmentation.c +++ b/net/batman-adv/fragmentation.c @@ -391,6 +391,7 @@ bool batadv_frag_skb_fwd(struct sk_buff *skb, /** * batadv_frag_create() - create a fragment from skb + * @net_dev: outgoing device for fragment * @skb: skb to create fragment from * @frag_head: header to use in new fragment * @fragment_size: size of new fragment @@ -401,22 +402,24 @@ bool batadv_frag_skb_fwd(struct sk_buff *skb, * * Return: the new fragment, NULL on error. */ -static struct sk_buff *batadv_frag_create(struct sk_buff *skb, +static struct sk_buff *batadv_frag_create(struct net_device *net_dev, + struct sk_buff *skb, struct batadv_frag_packet *frag_head, unsigned int fragment_size) { struct sk_buff *skb_fragment; unsigned int header_size = sizeof(*frag_head); unsigned int mtu = fragment_size + header_size; + int ll_reserved = LL_RESERVED_SPACE(net_dev); - skb_fragment = netdev_alloc_skb(NULL, mtu + ETH_HLEN); + skb_fragment = dev_alloc_skb(ll_reserved + mtu); if (!skb_fragment) goto err; skb_fragment->priority = skb->priority; /* Eat the last mtu-bytes of the skb */ - skb_reserve(skb_fragment, header_size + ETH_HLEN); + skb_reserve(skb_fragment, ll_reserved + header_size); skb_split(skb, skb_fragment, skb->len - fragment_size); /* Add the header */ @@ -439,11 +442,12 @@ int batadv_frag_send_packet(struct sk_buff *skb, struct batadv_orig_node *orig_node, struct batadv_neigh_node *neigh_node) { + struct net_device *net_dev = neigh_node->if_incoming->net_dev; struct batadv_priv *bat_priv; struct batadv_hard_iface *primary_if = NULL; struct batadv_frag_packet frag_header; struct sk_buff *skb_fragment; - unsigned int mtu = neigh_node->if_incoming->net_dev->mtu; + unsigned int mtu = net_dev->mtu; unsigned int header_size = sizeof(frag_header); unsigned int max_fragment_size, num_fragments; int ret; @@ -503,7 +507,7 @@ int batadv_frag_send_packet(struct sk_buff *skb, goto put_primary_if; } - skb_fragment = batadv_frag_create(skb, &frag_header, + skb_fragment = batadv_frag_create(net_dev, skb, &frag_header, max_fragment_size); if (!skb_fragment) { ret = -ENOMEM; -- 2.29.2

2 years, 2 months

3
4
0 / 0

[PATCH 0/1] pull request for net: batman-adv 2020-11-24

by Simon Wunderlich

Hi David, hi Jakub, here is a bugfix for batman-adv which we would like to have integrated into net. Please pull or let me know of any problem! Thank you, Simon The following changes since commit f8394f232b1eab649ce2df5c5f15b0e528c92091: Linux 5.10-rc3 (2020-11-08 16:10:16 -0800) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-net-pullrequest-20201124 for you to fetch changes up to 14a2e551faea53d45bc11629a9dac88f88950ca7: batman-adv: set .owner to THIS_MODULE (2020-11-15 11:43:56 +0100) ---------------------------------------------------------------- Here is a batman-adv bugfix: - set module owner to THIS_MODULE, by Taehee Yoo ---------------------------------------------------------------- Taehee Yoo (1): batman-adv: set .owner to THIS_MODULE net/batman-adv/log.c | 1 + 1 file changed, 1 insertion(+)

2 years, 2 months

2
2
0 / 0

INFO: task hung in sync_inodes_sb (4)

by syzbot

Hello, syzbot found the following issue on: HEAD commit: 03430750 Add linux-next specific files for 20201116 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=17027fdc500000 kernel config: https://syzkaller.appspot.com/x/.config?x=a1c4c3f27041fdb8 dashboard link: https://syzkaller.appspot.com/bug?extid=7d50f1e54a12ba3aeae2 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124a8841500000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a4fce2500000 The issue was bisected to: commit c68df2e7be0c1238ea3c281fd744a204ef3b15a0 Author: Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> Date: Thu Sep 15 13:30:02 2016 +0000 mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1445e981500000 final oops: https://syzkaller.appspot.com/x/report.txt?x=1645e981500000 console output: https://syzkaller.appspot.com/x/log.txt?x=1245e981500000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+7d50f1e54a12ba3aeae2(a)syzkaller.appspotmail.com Fixes: c68df2e7be0c ("mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE") INFO: task syz-executor017:8513 blocked for more than 143 seconds. Not tainted 5.10.0-rc3-next-20201116-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor017 state:D stack:27448 pid: 8513 ppid: 8507 flags:0x00004000 Call Trace: context_switch kernel/sched/core.c:4269 [inline] __schedule+0x890/0x2030 kernel/sched/core.c:5019 schedule+0xcf/0x270 kernel/sched/core.c:5098 wb_wait_for_completion+0x17b/0x230 fs/fs-writeback.c:209 sync_inodes_sb+0x1a6/0x9d0 fs/fs-writeback.c:2559 __sync_filesystem fs/sync.c:34 [inline] sync_filesystem fs/sync.c:67 [inline] sync_filesystem+0x15c/0x260 fs/sync.c:48 generic_shutdown_super+0x70/0x370 fs/super.c:448 kill_block_super+0x97/0xf0 fs/super.c:1446 deactivate_locked_super+0x94/0x160 fs/super.c:335 deactivate_super+0xad/0xd0 fs/super.c:366 cleanup_mnt+0x3a3/0x530 fs/namespace.c:1123 task_work_run+0xdd/0x190 kernel/task_work.c:140 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x1f0/0x200 kernel/entry/common.c:199 syscall_exit_to_user_mode+0x38/0x260 kernel/entry/common.c:274 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x44e0e7 Code: Unable to access opcode bytes at RIP 0x44e0bd. RSP: 002b:00007fff42061288 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00000000000cee4c RCX: 000000000044e0e7 RDX: 0000000000400be0 RSI: 0000000000000002 RDI: 00007fff42061330 RBP: 0000000000002142 R08: 0000000000000000 R09: 0000000000000009 R10: 0000000000000005 R11: 0000000000000206 R12: 00007fff420623e0 R13: 0000000001f67880 R14: 0000000000000000 R15: 0000000000000000 Showing all locks held in the system: 2 locks held by kworker/u4:5/225: #0: ffff8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: ffff8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: ffff8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: ffff8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: ffff8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 kernel/workqueue.c:2243 #1: ffffc9000191fda8 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 kernel/workqueue.c:2247 1 lock held by khungtaskd/1655: #0: ffffffff8b339ce0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6252 1 lock held by in:imklog/8188: #0: ffff888017c8f4f0 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:932 2 locks held by syz-executor017/8513: #0: ffff88801a8500e0 (&type->s_umount_key#49){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:365 #1: ffff888143f5e708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline] #1: ffff888143f5e708 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x18c/0x9d0 fs/fs-writeback.c:2557 ============================================= NMI backtrace for cpu 0 CPU: 0 PID: 1655 Comm: khungtaskd Not tainted 5.10.0-rc3-next-20201116-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:147 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:253 [inline] watchdog+0xd89/0xf30 kernel/hung_task.c:338 kthread+0x3af/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:60 [inline] NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:103 [inline] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline] NMI backtrace for cpu 1 skipped: idling at acpi_idle_do_entry+0x1c9/0x250 drivers/acpi/processor_idle.c:517 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches

2 years, 2 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

B.A.T.M.A.N November 2020