From: Eduard Zingerman <eddyz87@gmail.com>
To: Justin Iurman <justin.iurman@uliege.be>
Cc: netdev@vger.kernel.org, davem@davemloft.net,
dsahern@kernel.org, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, horms@kernel.org
Subject: Re: [PATCH net v2 0/3] net: fix lwtunnel reentry loops
Date: Mon, 14 Apr 2025 15:30:55 -0700 [thread overview]
Message-ID: <m2h62qwf34.fsf@gmail.com> (raw)
In-Reply-To: <20250314120048.12569-1-justin.iurman@uliege.be> (Justin Iurman's message of "Fri, 14 Mar 2025 13:00:45 +0100")
Justin Iurman <justin.iurman@uliege.be> writes:
> v2:
> - removed some patches from the -v1 series
> - added a patch that was initially sent separately
> - code style for the selftest (thanks Paolo)
> v1:
> - https://lore.kernel.org/all/20250311141238.19862-1-justin.iurman@uliege.be/
Hi Justin,
I've noticed a BUG splat likely introduced by this patch.
The splat is reported when executing some BPF selftests,
e.g. lwt_ip_encap_ipv4/egress
(defined in tools/testing/selftests/bpf/prog_tests/lwt_ip_encap.c and
tools/testing/selftests/bpf/progs/test_lwt_ip_encap.c).
Decoded splat is at the end of the email.
Line numbers correspond to commit
a27a97f71394 ("Merge branch 'bpf-support-atomic-update-for-htab-of-maps'")
from the kernel/git/bpf/bpf-next.git tree.
Thanks,
Eduard
---
[ 193.993893] BUG: using __this_cpu_add() in preemptible [00000000] code: test_progs/206
[ 193.994292] caller is lwtunnel_xmit (net/core/dev.h:340 net/core/lwtunnel.c:408)
[ 193.994601] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[ 193.994603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-4.el9 04/01/2014
[ 193.994605] Call Trace:
[ 193.994608] <TASK>
[ 193.994611] dump_stack_lvl (lib/dump_stack.c:122)
[ 193.994622] check_preemption_disabled (lib/smp_processor_id.c:0)
[ 193.994630] ? lwtunnel_xmit (./include/linux/rcupdate.h:331 ./include/linux/rcupdate.h:841 net/core/lwtunnel.c:403)
[ 193.994637] lwtunnel_xmit (net/core/dev.h:340 net/core/lwtunnel.c:408)
[ 193.994648] ip_finish_output2 (net/ipv4/ip_output.c:222)
[ 193.994655] ? ip_skb_dst_mtu (./include/net/ip.h:517)
[ 193.994659] ? ip_skb_dst_mtu (./include/linux/rcupdate.h:331 ./include/linux/rcupdate.h:841 ./include/net/ip.h:471 ./include/net/ip.h:512)
[ 193.994669] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
[ 193.994672] ? __ip_finish_output (net/ipv4/ip_output.c:306)
[ 193.994683] ? __ip_queue_xmit (./include/linux/rcupdate.h:331 ./include/linux/rcupdate.h:841 net/ipv4/ip_output.c:470)
[ 193.994688] __ip_queue_xmit (net/ipv4/ip_output.c:527)
[ 193.994693] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
[ 193.994711] ? __ip_queue_xmit (./include/linux/rcupdate.h:331 ./include/linux/rcupdate.h:841 net/ipv4/ip_output.c:470)
[ 193.994726] __tcp_transmit_skb (net/ipv4/tcp_output.c:1479)
[ 193.994800] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
[ 193.994804] ? __asan_memset (mm/kasan/shadow.c:84)
[ 193.994810] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
[ 193.994824] tcp_connect (net/ipv4/tcp_output.c:0 net/ipv4/tcp_output.c:4155)
[ 193.994890] tcp_v4_connect (net/ipv4/tcp_ipv4.c:343)
[ 193.994926] __inet_stream_connect (net/ipv4/af_inet.c:678)
[ 193.994944] ? __local_bh_enable_ip (./arch/x86/include/asm/irqflags.h:42 ./arch/x86/include/asm/irqflags.h:119 kernel/softirq.c:412)
[ 193.994950] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
[ 193.994953] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473)
[ 193.994967] inet_stream_connect (net/ipv4/af_inet.c:748)
[ 193.994976] ? __pfx_inet_stream_connect (net/ipv4/af_inet.c:744)
[ 193.994981] __sys_connect (./include/linux/file.h:62 ./include/linux/file.h:83 net/socket.c:2058)
[ 193.995013] __x64_sys_connect (net/socket.c:2063 net/socket.c:2060 net/socket.c:2060)
[ 193.995022] do_syscall_64 (arch/x86/entry/syscall_64.c:0)
[ 193.995026] ? srso_alias_return_thunk (arch/x86/lib/retpoline.S:182)
[ 193.995030] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4473)
[ 193.995038] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 193.995042] RIP: 0033:0x7faec2d0f9cb
[ 193.995047] Code: 83 ec 18 89 54 24 0c 48 89 34 24 89 7c 24 08 e8 4b 70 f7 ff 8b 54 24 0c 48 8b 34 24 41 89 c0 8b 7c 24 08 b8 2a 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 08 e8 a1 70 f7 ff 8b 44
All code
========
0: 83 ec 18 sub $0x18,%esp
3: 89 54 24 0c mov %edx,0xc(%rsp)
7: 48 89 34 24 mov %rsi,(%rsp)
b: 89 7c 24 08 mov %edi,0x8(%rsp)
f: e8 4b 70 f7 ff call 0xfffffffffff7705f
14: 8b 54 24 0c mov 0xc(%rsp),%edx
18: 48 8b 34 24 mov (%rsp),%rsi
1c: 41 89 c0 mov %eax,%r8d
1f: 8b 7c 24 08 mov 0x8(%rsp),%edi
23: b8 2a 00 00 00 mov $0x2a,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 44 89 c7 mov %r8d,%edi
35: 89 44 24 08 mov %eax,0x8(%rsp)
39: e8 a1 70 f7 ff call 0xfffffffffff770df
3e: 8b .byte 0x8b
3f: 44 rex.R
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 44 89 c7 mov %r8d,%edi
b: 89 44 24 08 mov %eax,0x8(%rsp)
f: e8 a1 70 f7 ff call 0xfffffffffff770b5
14: 8b .byte 0x8b
15: 44 rex.R
[ 193.995050] RSP: 002b:00007fff992d3a20 EFLAGS: 00000293 ORIG_RAX: 000000000000002a
[ 193.995054] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faec2d0f9cb
[ 193.995057] RDX: 0000000000000010 RSI: 00007fff992d3ad8 RDI: 0000000000000035
[ 193.995059] RBP: 00007fff992d3ac0 R08: 0000000000000000 R09: 0000000000000004
[ 193.995062] R10: 00007fff992d39b0 R11: 0000000000000293 R12: 00007fff992d7b78
[ 193.995064] R13: 000000000095f760 R14: 0000000002e38b90 R15: 00007faec373d000
[ 193.995091] </TASK>
next prev parent reply other threads:[~2025-04-14 22:30 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-14 12:00 [PATCH net v2 0/3] net: fix lwtunnel reentry loops Justin Iurman
2025-03-14 12:00 ` [PATCH net v2 1/3] net: lwtunnel: fix recursion loops Justin Iurman
2025-03-14 12:00 ` [PATCH net v2 2/3] net: ipv6: ioam6: fix lwtunnel_output() loop Justin Iurman
2025-03-14 12:00 ` [PATCH net v2 3/3] selftests: net: test for lwtunnel dst ref loops Justin Iurman
2025-03-20 10:25 ` Paolo Abeni
2025-03-20 15:38 ` Justin Iurman
2025-03-20 16:46 ` [PATCH net v2 3/3] selftests: net: test for lwtunnel dst ref loops: manual merge Matthieu Baerts
2025-03-20 10:30 ` [PATCH net v2 0/3] net: fix lwtunnel reentry loops patchwork-bot+netdevbpf
2025-04-14 22:30 ` Eduard Zingerman [this message]
2025-04-15 9:29 ` Justin Iurman
2025-04-16 8:08 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2h62qwf34.fsf@gmail.com \
--to=eddyz87@gmail.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=justin.iurman@uliege.be \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.