Re: [syzbot] INFO: task hung in reg_check_chans_work (3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: Jakub Kicinski <kuba@kernel.org>
Cc: syzbot <syzbot+7b4a6fc3e452c67173e0@syzkaller.appspotmail.com>,
	davem@davemloft.net, johannes@sipsolutions.net,
	linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org,
	netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	Florian Westphal <fw@strlen.de>
Subject: Re: [syzbot] INFO: task hung in reg_check_chans_work (3)
Date: Mon, 4 Oct 2021 17:00:29 +0200	[thread overview]
Message-ID: <20211004150029.GN2935@breakpoint.cc> (raw)
In-Reply-To: <20211004074157.1ba82e65@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com>

Jakub Kicinski <kuba@kernel.org> wrote:
> netfilter... rtnl.. workqueue... let's CC Florian..

Thanks.

> > HEAD commit:    a4e6f95a891a Merge tag 'pinctrl-v5.15-2' of git://git.kern..

This HEAD doesn't include

7970a19b71044bf4dc2c1becc200275bdf1884d4
netfilter: nf_nat_masquerade: defer conntrack walk to work queue

so, with a bit of luck this is already resolved.

> >  context_switch kernel/sched/core.c:4940 [inline]
> >  __schedule+0x940/0x26f0 kernel/sched/core.c:6287
> >  schedule+0xd3/0x270 kernel/sched/core.c:6366
> >  schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
> >  __mutex_lock_common kernel/locking/mutex.c:669 [inline]
> >  __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
> >  reg_check_chans_work+0x83/0xe10 net/wireless/reg.c:2423
> >  process_one_work+0x9bf/0x16b0 kernel/workqueue.c:2297

workqueue tries to rtnl_lock()...

> > task:syz-executor.0  state:D stack:27152 pid:17047 ppid: 13518 flags:0x00004004
> > Call Trace:
> >  context_switch kernel/sched/core.c:4940 [inline]
> >  __schedule+0x940/0x26f0 kernel/sched/core.c:6287
> >  schedule+0xd3/0x270 kernel/sched/core.c:6366
> >  schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
> >  __mutex_lock_common kernel/locking/mutex.c:669 [inline]
> >  __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
> >  rtnl_lock net/core/rtnetlink.c:72 [inline]
> >  rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569

... syz-executor as well ...

> > task:syz-executor.4  state:D stack:27216 pid:17052 ppid:  6665 flags:0x00004004
> > Call Trace:
> >  context_switch kernel/sched/core.c:4940 [inline]
> >  __schedule+0x940/0x26f0 kernel/sched/core.c:6287
> >  schedule+0xd3/0x270 kernel/sched/core.c:6366
> >  schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6425
> >  __mutex_lock_common kernel/locking/mutex.c:669 [inline]
> >  __mutex_lock+0xa34/0x12f0 kernel/locking/mutex.c:729
> >  rtnl_lock net/core/rtnetlink.c:72 [inline]
> >  rtnetlink_rcv_msg+0x3be/0xb80 net/core/rtnetlink.c:5569
> >  netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504

... and another syz-executor instance ...

> >  __local_bh_enable_ip+0xcd/0x120 kernel/softirq.c:371
> >  local_bh_enable include/linux/bottom_half.h:32 [inline]
> >  get_next_corpse net/netfilter/nf_conntrack_core.c:2252 [inline]
> >  nf_ct_iterate_cleanup+0x15a/0x450 net/netfilter/nf_conntrack_core.c:2275
> >  nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2363 [inline]
> >  nf_ct_iterate_cleanup_net+0x236/0x400 net/netfilter/nf_conntrack_core.c:2347
> >  masq_device_event+0xae/0xe0 net/netfilter/nf_nat_masquerade.c:88
> >  notifier_call_chain+0xb5/0x200 kernel/notifier.c:83

... and rtnl is held by notifier call chain.

This is no longer the case in current net head,
nf_ct_iterate_cleanup() runs from workqueue without rtnl locked.

     prev parent reply	other threads:[~2021-10-04 15:00 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-02 12:49 [syzbot] INFO: task hung in reg_check_chans_work (3) syzbot
2021-10-04 14:41 ` Jakub Kicinski
2021-10-04 15:00   ` Florian Westphal [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211004150029.GN2935@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=davem@davemloft.net \
    --cc=johannes@sipsolutions.net \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-wireless@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=syzbot+7b4a6fc3e452c67173e0@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.