Re: WARNING in hrtimer_forward

[Thomas Gleixner <tglx@linutronix.de>]

On Sun, Sep 27 2020 at 07:29, syzbot wrote:
> syzbot has bisected this issue to:
>
> commit 0e7bbcc104baaade4f64205e9706b7d43c46db7d
> Author: Julian Anastasov <ja@ssi.bg>
> Date:   Wed Jul 27 06:56:50 2016 +0000
>
>     neigh: allow admin to set NUD_STALE
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1661d187900000
> start commit:   ba5f4cfe bpf: Add comment to document BTF type PTR_TO_BTF_..
> git tree:       bpf-next
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=1561d187900000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1161d187900000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=d44e1360b76d34dc
> dashboard link: https://syzkaller.appspot.com/bug?extid=ca740b95a16399ceb9a5
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1148fe4b900000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12f5218d900000
>
> Reported-by: syzbot+ca740b95a16399ceb9a5@syzkaller.appspotmail.com
> Fixes: 0e7bbcc104ba ("neigh: allow admin to set NUD_STALE")

That bisect does not make any sense and reverting the commit on top of
next does not help either.

What happens is:

            fail-16132   [029] ....   933.714866: sys_enter: NR 16 (3, 8b28, 20000000, 0, 0, 0)
          <idle>-0       [001] d.s2   933.715768: hrtimer_cancel: hrtimer=00000000fe9fe1b9
          <idle>-0       [001] ..s1   933.715771: hrtimer_expire_entry: hrtimer=00000000fe9fe1b9 function=mac80211_hwsim_beacon now=933716506319
            fail-16132   [029] d..1   933.715794: hrtimer_start: hrtimer=00000000fe9fe1b9 function=mac80211_hwsim_beacon expires=933818720770 softexpires=933818720770 mode=REL|SOFT
          <idle>-0       [001] ..s1   933.715812: hrtimer_forward: hrtimer=00000000fe9fe1b9

So the timer was armed at some point and then the expiry which does the
forward races with the ioctl which starts the timer. Lack of
serialization or such ...

Thanks,

        tglx