From: Florian Westphal <fw@strlen.de>
To: syzbot <syzbot+dc9071cc5a85950bdfce@syzkaller.appspotmail.com>
Cc: davem@davemloft.net, jhs@mojatatu.com, jiri@resnulli.us,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
syzkaller-bugs@googlegroups.com, xiyou.wangcong@gmail.com,
eric.dumazet@gmail.com
Subject: Re: INFO: rcu detected stall in br_handle_frame (2)
Date: Sat, 28 Dec 2019 12:15:48 +0100 [thread overview]
Message-ID: <20191228111548.GI795@breakpoint.cc> (raw)
In-Reply-To: <000000000000f9f9a8059a737d7e@google.com>
syzbot <syzbot+dc9071cc5a85950bdfce@syzkaller.appspotmail.com> wrote:
[ CC Eric, fq related ]
> syzbot found the following crash on:
>
> HEAD commit: 7e0165b2 Merge branch 'akpm' (patches from Andrew)
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=116ec09ee00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=1b59a3066828ac4c
> dashboard link: https://syzkaller.appspot.com/bug?extid=dc9071cc5a85950bdfce
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=159182c1e00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1221218ee00000
>
> Bisection is inconclusive: the bug happens on the oldest tested release.
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=158224c1e00000
> final crash: https://syzkaller.appspot.com/x/report.txt?x=178224c1e00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=138224c1e00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+dc9071cc5a85950bdfce@syzkaller.appspotmail.com
>
> rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> (detected by 0, t=10502 jiffies, g=10149, q=201)
> rcu: All QSes seen, last rcu_preempt kthread activity 10502
> (4294978441-4294967939), jiffies_till_next_fqs=1, root ->qsmask 0x0
> sshd R running task 26584 10034 9965 0x00000008
> Call Trace:
> <IRQ>
> sched_show_task kernel/sched/core.c:5954 [inline]
[..]
The reproducer sets up 'fq' sched with TCA_FQ_QUANTUM == 0x80000000
This causes infinite loop in fq_dequeue:
if (f->credit <= 0) {
f->credit += q->quantum;
goto begin;
}
... because f->credit is either 0 or -2147483648.
Eric, what is a 'sane' ->quantum value?
One could simply add a 'quantum > 0 && quantum < INT_MAX'
constraint afaics.
If you don't have a better idea/suggestion for an upperlimit INT_MAX
would be enough to prevent perpetual <= 0 condition.
next prev parent reply other threads:[~2019-12-28 11:15 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-24 13:55 INFO: rcu detected stall in br_handle_frame (2) syzbot
2019-12-28 11:15 ` Florian Westphal [this message]
2019-12-28 15:01 ` Eric Dumazet
2019-12-30 23:02 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191228111548.GI795@breakpoint.cc \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jhs@mojatatu.com \
--cc=jiri@resnulli.us \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzbot+dc9071cc5a85950bdfce@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.