On 12/5/19 8:28 AM, Colin Ian King wrote: > Hi, > > While testing linux 5.4 with the l2tp test I discovered two kernel > issues when running this test: > > 1. About 10+ seconds after completing the test one can observe periodic > kernel log messages from netdev_wait_allrefs (in net/core/dev.c) in the > form: > > "unregister_netdevice: waiting for eth0 to become free. Usage count = 1" That is a known problem; it existed when I submitted the test script: https://lore.kernel.org/netdev/20190801235421.8344-1-dsahern@xxxxxxxxxx/ The ipsec test case gives a reproducer for some one with the time to go figure out the leak. > > 2. Our regression tests that ran stress-ng after this test picked up > another issue that causes socket() to hang indefinitely. I've managed > to get this down to a simple reproducer as follows: > > sudo modprobe l2tp_core > sudo ./linux/tools/testing/selftests/net/l2tp.sh > sleep 5 > ./close > > Where ./close is an executable compiled from: > > #include <sys/types.h> > #include <sys/socket.h> > #include <unistd.h> > #include <stdio.h> > > int main() > { > int fd; > > printf("calling socket..\n"); > fd = socket(AF_APPLETALK, SOCK_STREAM, 0); > printf("socket returned: %d\n", fd); > } > > The code will hang on the socket() call and won't ever get to the final > print statement. > > If one runs the reproducer on earlier kernels we get: > > 4.6.7 crash (see dmesg below) > 4.7.10 crash in xfrm6_dst_ifdown > 4.8.17 crash in xfrm6_dst_ifdown > 4.12.14 crash (see dmesg below) > 4.13.16 reports "unregister_netdevice: waiting for eth0 to become free. > Usage count = 2" > 4.14.157 reports "unregister_netdevice: waiting for eth0 to become free. > Usage count = 2"" > 4.15.18 .. 5.4 hangs on socket() call > > Note: functionality for the l2tp test is not available for pre-4.6 kernels. > > The crashes I get for older kernels are: > > 4.6.7: > [ 34.457967] BUG: scheduling while atomic: kworker/u8:0/6/0x00000200 > [ 34.458021] Modules linked in: esp6 xfrm6_mode_transport drbg > ansi_cprng seqiv esp4 xfrm4_mode_transport xfrm_user xfrm_algo l2tp_ip6 > l2tp_eth l2tp_ip l2tp_netlink veth l2tp_core ip6_udp_tunnel udp_tunnel > squashfs binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua > ppdev kvm_intel kvm irqbypass joydev input_leds snd_hda_codec_generic > serio_raw snd_hda_intel snd_hda_codec parport_pc 8250_fintek parport > snd_hda_core qemu_fw_cfg snd_hwdep snd_pcm snd_timer mac_hid snd > soundcore sch_fq_codel virtio_rng ip_tables x_tables autofs4 btrfs > raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor > async_tx xor hid_generic usbhid hid raid6_pq libcrc32c raid1 raid0 > multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel qxl > ttm drm_kms_helper syscopyarea sysfillrect aesni_intel sysimgblt > [ 34.458086] fb_sys_fops aes_x86_64 lrw gf128mul glue_helper ablk_helper > cryptd i2c_piix4 drm psmouse pata_acpi floppy > [ 34.458100] CPU: 1 PID: 6 Comm: kworker/u8:0 Not tainted > 4.6.7-040607-generic #201608160432 > [ 34.458103] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.12.0-1 04/01/2014 > [ 34.458131] Workqueue: netns cleanup_net > [ 34.458135] 0000000000000286 000000002fa171e7 ffff88007c8e7ab8 > ffffffff813f7594 > [ 34.458139] ffff88007fc96b80 7fffffffffffffff ffff88007c8e7ac8 > ffffffff810a8f6b > [ 34.458143] ffff88007c8e7b18 ffffffff8184905b 00ff88007c8e7ae8 > ffffffff8106463e > [ 34.458147] Call Trace: > [ 34.458161] [<ffffffff813f7594>] dump_stack+0x63/0x8f > [ 34.458166] [<ffffffff810a8f6b>] __schedule_bug+0x4b/0x60 > [ 34.458185] [<ffffffff8184905b>] __schedule+0x5eb/0x7a0 > [ 34.458191] [<ffffffff8106463e>] ? kvm_sched_clock_read+0x1e/0x30 > [ 34.458195] [<ffffffff81849245>] schedule+0x35/0x80 > [ 34.458203] [<ffffffff8184c402>] schedule_timeout+0x1b2/0x270 > [ 34.458207] [<ffffffff81848d74>] ? __schedule+0x304/0x7a0 > [ 34.458212] [<ffffffff81849ca3>] wait_for_completion+0xb3/0x140 > [ 34.458217] [<ffffffff810aeed0>] ? wake_up_q+0x70/0x70 > [ 34.458226] [<ffffffff810e7f68>] __wait_rcu_gp+0xc8/0xf0 > [ 34.458231] [<ffffffff810e9fd8>] synchronize_sched.part.58+0x38/0x50 > [ 34.458235] [<ffffffff810ec570>] ? call_rcu_bh+0x20/0x20 > [ 34.458239] [<ffffffff810e7e80>] ? > trace_raw_output_rcu_utilization+0x60/0x60 > [ 34.458244] [<ffffffff810ec643>] synchronize_sched+0x33/0x40 > [ 34.458251] [<ffffffffc0510f71>] __l2tp_session_unhash+0xd1/0xe0 > [l2tp_core] > [ 34.458256] [<ffffffffc051101e>] l2tp_tunnel_closeall+0x9e/0x140 > [l2tp_core] > [ 34.458261] [<ffffffffc0511219>] l2tp_tunnel_delete+0x19/0x70 [l2tp_core] > [ 34.458265] [<ffffffffc05112bb>] l2tp_exit_net+0x4b/0x80 [l2tp_core] > [ 34.458269] [<ffffffff81732188>] ops_exit_list.isra.4+0x38/0x60 > [ 34.458273] [<ffffffff817331e4>] cleanup_net+0x1c4/0x2a0 > [ 34.458281] [<ffffffff8109ccfc>] process_one_work+0x1fc/0x490 > [ 34.458285] [<ffffffff8109cfdb>] worker_thread+0x4b/0x500 > [ 34.458290] [<ffffffff8109cf90>] ? process_one_work+0x490/0x490 > [ 34.458293] [<ffffffff810a37c8>] kthread+0xd8/0xf0 > [ 34.458298] [<ffffffff8184d522>] ret_from_fork+0x22/0x40 > [ 34.458302] [<ffffffff810a36f0>] ? kthread_create_on_node+0x1b0/0x1b0 > [ 34.514067] ------------[ cut here ]------------ > > 4.12.14: > [ 20.760253] ------------[ cut here ]------------ > [ 20.760256] kernel BUG at > /home/kernel/COD/linux/net/ipv6/xfrm6_policy.c:265! > [ 20.760299] invalid opcode: 0000 [#1] SMP > [ 20.760320] Modules linked in: appletalk psnap llc esp6 > xfrm6_mode_transport esp4 xfrm4_mode_transport xfrm_user xfrm_algo > l2tp_ip6 l2tp_eth l2tp_ip l2tp_netlink veth l2tp_core ip6_udp_tunnel > udp_tunnel binfmt_misc dm_multipath scsi_dh_rdac scsi_dh_emc > scsi_dh_alua joydev ppdev snd_hda_codec_generic kvm_intel kvm irqbypass > snd_hda_intel snd_hda_codec snd_hda_core input_leds snd_hwdep serio_raw > snd_pcm snd_timer hid_generic snd soundcore parport_pc parport mac_hid > qemu_fw_cfg sch_fq_codel virtio_rng ip_tables x_tables autofs4 usbhid > hid btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq > async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear > crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel > aes_x86_64 crypto_simd qxl glue_helper ttm cryptd drm_kms_helper psmouse > [ 20.760677] syscopyarea sysfillrect virtio_blk sysimgblt fb_sys_fops > drm floppy virtio_net i2c_piix4 pata_acpi > [ 20.760731] CPU: 3 PID: 49 Comm: kworker/u8:1 Not tainted > 4.12.14-041214-generic #201709200843 > [ 20.760772] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.12.0-1 04/01/2014 > [ 20.760814] Workqueue: netns cleanup_net > [ 20.760836] task: ffff8aa4bcbbad00 task.stack: ffff9dc5804c0000 > [ 20.760867] RIP: 0010:xfrm6_dst_ifdown+0xa0/0xb0 > [ 20.760890] RSP: 0018:ffff9dc5804c3be0 EFLAGS: 00010246 > [ 20.760916] RAX: ffff8aa4b6e6a000 RBX: ffff8aa4bc1b3500 RCX: > 0000000000000000 > [ 20.760950] RDX: 0000000000000001 RSI: ffff8aa4b6f39000 RDI: > ffff8aa4bc1b3500 > [ 20.760984] RBP: ffff9dc5804c3c08 R08: 0000000000000000 R09: > ffffffffb49fd7a0 > [ 20.761017] R10: ffff9dc5804c3c70 R11: 0000000000000000 R12: > ffff8aa4b6f39000 > [ 20.761050] R13: ffff8aa4b6f39000 R14: ffff8aa4bc1b3500 R15: > 0000000000000000 > [ 20.761085] FS: 0000000000000000(0000) GS:ffff8aa4bfd80000(0000) > knlGS:0000000000000000 > [ 20.761123] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 20.761150] CR2: 00007fa5cd126718 CR3: 000000007c382000 CR4: > 00000000001406e0 > [ 20.761189] Call Trace: > [ 20.761207] dst_ifdown+0x26/0x80 > [ 20.761226] dst_dev_event+0x5c/0x170 > [ 20.761247] notifier_call_chain+0x4a/0x70 > [ 20.761269] raw_notifier_call_chain+0x16/0x20 > [ 20.761293] call_netdevice_notifiers_info+0x35/0x60 > [ 20.761318] netdev_run_todo+0xcf/0x300 > [ 20.761340] rtnl_unlock+0xe/0x10 > [ 20.761359] default_device_exit_batch+0x153/0x180 > [ 20.761385] ? do_wait_intr_irq+0x90/0x90 > [ 20.761408] ops_exit_list.isra.6+0x52/0x60 > [ 20.761430] cleanup_net+0x1ca/0x2b0 > [ 20.761451] process_one_work+0x1e7/0x410 > [ 20.761472] worker_thread+0x4a/0x410 > [ 20.761492] kthread+0x125/0x140 > [ 20.761511] ? process_one_work+0x410/0x410 > [ 20.761532] ? kthread_create_on_node+0x70/0x70 > [ 20.761556] ret_from_fork+0x25/0x30 > [ 20.761575] Code: f0 00 00 00 75 05 e8 10 6f 00 00 4c 89 bb 58 01 00 00 > f0 41 ff 04 24 48 8b 5b 10 48 83 7b 48 00 75 d4 f0 41 ff 0c 24 eb 8e f3 > c3 <0f> 0b 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 b9 06 00 00 > [ 20.761695] RIP: xfrm6_dst_ifdown+0xa0/0xb0 RSP: ffff9dc5804c3be0 > [ 20.762104] ---[ end trace b22472ed4abae541 ]--- > > So all in all, the test is great for finding bugs. I thought I should > flag these issues up. These I am not aware of. I do not do much with l2tp. The script evolved from discussions for some change and I saved the commands as tests - for just reasons like this.
