Re: [syzbot] [fs?] INFO: task hung in synchronize_rcu (4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2023/05/21 11:26, Martin KaFai Lau wrote:
> On 5/20/23 3:13 PM, syzbot wrote:
>> syzbot has found a reproducer for the following issue on:
>>
>> HEAD commit:    dcbe4ea1985d Merge branch '1GbE' of git://git.kernel.org/p..
>> git tree:       net-next
>> console output: https://syzkaller.appspot.com/x/log.txt?x=123ebd91280000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=f20b05fe035db814
>> dashboard link: https://syzkaller.appspot.com/bug?extid=222aa26d0a5dbc2e84fe
>> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1495596a280000
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1529326a280000
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/41b9dda0e686/disk-dcbe4ea1.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/64d9bece8f89/vmlinux-dcbe4ea1.xz
>> kernel image: https://storage.googleapis.com/syzbot-assets/42429896dca0/bzImage-dcbe4ea1.xz
>>
>> The issue was bisected to:
>>
>> commit 3b5d4ddf8fe1f60082513f94bae586ac80188a03
>> Author: Martin KaFai Lau <kafai@xxxxxx>
>> Date:   Wed Mar 9 09:04:50 2022 +0000
>>
>>      bpf: net: Remove TC_AT_INGRESS_OFFSET and SKB_MONO_DELIVERY_TIME_OFFSET macro
> 
> I am afraid this bisect is incorrect. The commit removed a redundant macro and is a no-op change.
> 
> 

But the reproducer is heavily calling bpf() syscall.

void execute_call(int call)
{
  switch (call) {
  case 0:
    NONFAILING(*(uint32_t*)0x200027c0 = 3);
    NONFAILING(*(uint32_t*)0x200027c4 = 4);
    NONFAILING(*(uint32_t*)0x200027c8 = 4);
    NONFAILING(*(uint32_t*)0x200027cc = 0x10001);
    NONFAILING(*(uint32_t*)0x200027d0 = 0);
    NONFAILING(*(uint32_t*)0x200027d4 = -1);
    NONFAILING(*(uint32_t*)0x200027d8 = 0);
    NONFAILING(memset((void*)0x200027dc, 0, 16));
    NONFAILING(*(uint32_t*)0x200027ec = 0);
    NONFAILING(*(uint32_t*)0x200027f0 = -1);
    NONFAILING(*(uint32_t*)0x200027f4 = 0);
    NONFAILING(*(uint32_t*)0x200027f8 = 0);
    NONFAILING(*(uint32_t*)0x200027fc = 0);
    NONFAILING(*(uint64_t*)0x20002800 = 0);
    syscall(__NR_bpf, 0ul, 0x200027c0ul, 0x48ul);
    break;
  }
}

Something caused infinite loop or too heavy stress to survive?
The first report was 7d31677bb7b1.
Rechecking or running the reproducer on commits shown by
"git log 7d31677bb7b1 net/bpf" might help.
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux