Re: WARNING in hrtimer_forward
From: Thomas Gleixner <hidden>
Date: 2020-09-28 16:13:46
Also in:
lkml
On Sun, Sep 27 2020 at 07:29, syzbot wrote:
syzbot has bisected this issue to:
commit 0e7bbcc104baaade4f64205e9706b7d43c46db7d
Author: Julian Anastasov [off-list ref]
Date: Wed Jul 27 06:56:50 2016 +0000
neigh: allow admin to set NUD_STALE
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1661d187900000
start commit: ba5f4cfe bpf: Add comment to document BTF type PTR_TO_BTF_..
git tree: bpf-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=1561d187900000
console output: https://syzkaller.appspot.com/x/log.txt?x=1161d187900000
kernel config: https://syzkaller.appspot.com/x/.config?x=d44e1360b76d34dc
dashboard link: https://syzkaller.appspot.com/bug?extid=ca740b95a16399ceb9a5
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1148fe4b900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12f5218d900000
Reported-by: syzbot+ca740b95a16399ceb9a5@syzkaller.appspotmail.com
Fixes: 0e7bbcc104ba ("neigh: allow admin to set NUD_STALE")
That bisect does not make any sense and reverting the commit on top of
next does not help either.
What happens is:
fail-16132 [029] .... 933.714866: sys_enter: NR 16 (3, 8b28, 20000000, 0, 0, 0)
<idle>-0 [001] d.s2 933.715768: hrtimer_cancel: hrtimer=00000000fe9fe1b9
<idle>-0 [001] ..s1 933.715771: hrtimer_expire_entry: hrtimer=00000000fe9fe1b9 function=mac80211_hwsim_beacon now=933716506319
fail-16132 [029] d..1 933.715794: hrtimer_start: hrtimer=00000000fe9fe1b9 function=mac80211_hwsim_beacon expires=933818720770 softexpires=933818720770 mode=REL|SOFT
<idle>-0 [001] ..s1 933.715812: hrtimer_forward: hrtimer=00000000fe9fe1b9
So the timer was armed at some point and then the expiry which does the
forward races with the ioctl which starts the timer. Lack of
serialization or such ...
Thanks,
tglx