[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <680fe81d-6d33-ef0a-95d2-0bb79430019d@I-love.SAKURA.ne.jp>
Date: Sun, 21 May 2023 14:04:03 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: Martin KaFai Lau <martin.lau@...ux.dev>,
syzbot <syzbot+222aa26d0a5dbc2e84fe@...kaller.appspotmail.com>,
syzkaller-bugs@...glegroups.com
Cc: amir73il@...il.com, bpf@...r.kernel.org, daniel@...earbox.net,
davem@...emloft.net, edumazet@...gle.com, hdanton@...a.com,
jack@...e.cz, kuba@...nel.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
pabeni@...hat.com, peterz@...radead.org,
torvalds@...ux-foundation.org, willemdebruijn.kernel@...il.com
Subject: Re: [syzbot] [fs?] INFO: task hung in synchronize_rcu (4)
On 2023/05/21 11:26, Martin KaFai Lau wrote:
> On 5/20/23 3:13 PM, syzbot wrote:
>> syzbot has found a reproducer for the following issue on:
>>
>> HEAD commit: dcbe4ea1985d Merge branch '1GbE' of git://git.kernel.org/p..
>> git tree: net-next
>> console output: https://syzkaller.appspot.com/x/log.txt?x=123ebd91280000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=f20b05fe035db814
>> dashboard link: https://syzkaller.appspot.com/bug?extid=222aa26d0a5dbc2e84fe
>> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1495596a280000
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1529326a280000
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/41b9dda0e686/disk-dcbe4ea1.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/64d9bece8f89/vmlinux-dcbe4ea1.xz
>> kernel image: https://storage.googleapis.com/syzbot-assets/42429896dca0/bzImage-dcbe4ea1.xz
>>
>> The issue was bisected to:
>>
>> commit 3b5d4ddf8fe1f60082513f94bae586ac80188a03
>> Author: Martin KaFai Lau <kafai@...com>
>> Date: Wed Mar 9 09:04:50 2022 +0000
>>
>> bpf: net: Remove TC_AT_INGRESS_OFFSET and SKB_MONO_DELIVERY_TIME_OFFSET macro
>
> I am afraid this bisect is incorrect. The commit removed a redundant macro and is a no-op change.
>
>
But the reproducer is heavily calling bpf() syscall.
void execute_call(int call)
{
switch (call) {
case 0:
NONFAILING(*(uint32_t*)0x200027c0 = 3);
NONFAILING(*(uint32_t*)0x200027c4 = 4);
NONFAILING(*(uint32_t*)0x200027c8 = 4);
NONFAILING(*(uint32_t*)0x200027cc = 0x10001);
NONFAILING(*(uint32_t*)0x200027d0 = 0);
NONFAILING(*(uint32_t*)0x200027d4 = -1);
NONFAILING(*(uint32_t*)0x200027d8 = 0);
NONFAILING(memset((void*)0x200027dc, 0, 16));
NONFAILING(*(uint32_t*)0x200027ec = 0);
NONFAILING(*(uint32_t*)0x200027f0 = -1);
NONFAILING(*(uint32_t*)0x200027f4 = 0);
NONFAILING(*(uint32_t*)0x200027f8 = 0);
NONFAILING(*(uint32_t*)0x200027fc = 0);
NONFAILING(*(uint64_t*)0x20002800 = 0);
syscall(__NR_bpf, 0ul, 0x200027c0ul, 0x48ul);
break;
}
}
Something caused infinite loop or too heavy stress to survive?
The first report was 7d31677bb7b1.
Rechecking or running the reproducer on commits shown by
"git log 7d31677bb7b1 net/bpf" might help.
Powered by blists - more mailing lists