* Re: [PATCH 3/4] of: Convert to using %pOFn instead of device_node.name
From: Thierry Reding @ 2018-09-10 9:06 UTC (permalink / raw)
To: Joe Perches
Cc: Rob Herring, Frank Rowand, devicetree, linux-kernel, Andrew Lunn,
Florian Fainelli, netdev
In-Reply-To: <0999919005219fa94ccc69ff57659d47911d3abd.camel@perches.com>
[-- Attachment #1: Type: text/plain, Size: 3223 bytes --]
On Fri, Sep 07, 2018 at 05:30:23PM -0700, Joe Perches wrote:
> On Fri, 2018-09-07 at 14:29 +0200, Thierry Reding wrote:
> > On Tue, Aug 28, 2018 at 10:52:53AM -0500, Rob Herring wrote:
> > > In preparation to remove the node name pointer from struct device_node,
> > > convert printf users to use the %pOFn format specifier.
> > >
> > > Cc: Frank Rowand <frowand.list@gmail.com>
> > > Cc: Andrew Lunn <andrew@lunn.ch>
> > > Cc: Florian Fainelli <f.fainelli@gmail.com>
> > > Cc: devicetree@vger.kernel.org
> > > Cc: netdev@vger.kernel.org
> > > Signed-off-by: Rob Herring <robh@kernel.org>
> > > ---
> > > drivers/of/device.c | 4 ++--
> > > drivers/of/of_mdio.c | 12 ++++++------
> > > drivers/of/of_numa.c | 4 ++--
> > > drivers/of/overlay.c | 4 ++--
> > > drivers/of/platform.c | 8 ++++----
> > > drivers/of/unittest.c | 12 ++++++------
> > > 6 files changed, 22 insertions(+), 22 deletions(-)
> > >
> > > diff --git a/drivers/of/device.c b/drivers/of/device.c
> > > index 5957cd4fa262..daa075d87317 100644
> > > --- a/drivers/of/device.c
> > > +++ b/drivers/of/device.c
> > > @@ -219,7 +219,7 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len
> > > return -ENODEV;
> > >
> > > /* Name & Type */
> > > - csize = snprintf(str, len, "of:N%sT%s", dev->of_node->name,
> > > + csize = snprintf(str, len, "of:N%pOFnT%s", dev->of_node,
> > > dev->of_node->type);
> > > tsize = csize;
> > > len -= csize;
> >
> > This seems to cause the modalias to be improperly constructed. As a
> > consequence, automatic module loading at boot time is now broken. I
> > think the reason why this fails is because vsnprintf() will skip all
> > alpha-numeric characters after a call to pointer(). Presumably this
> > is meant to be a generic way of skipping whatever specifiers we throw
> > at it.
> >
> > Unfortunately for the case of OF modaliases, this means that the 'T'
> > character gets eaten, so we end up with something like this:
> >
> > # udevadm info /sys/bus/platform/devices/54200000.dc
> > [...]
> > E: MODALIAS=of:Ndc<NULL>Cnvidia,tegra124-dc
> > [...]
> >
> > instead of this:
> >
> > # udevadm info /sys/bus/platform/devices/54200000.dc
> > [...]
> > E: MODALIAS=of:NdcT<NULL>Cnvidia,tegra124-dc
> > [...]
> >
> > Everything is back to normal if I revert this patch. However, since
> > that's obviously not what we want, I think perhaps what we need is a
> > way for pointer() (and its implementations) to report back how many
> > characters in the format string it consumed so that we can support
> > these kinds of back-to-back strings.
> >
> > If nobody else has the time I can look into coding up a fix, but in the
> > meantime it might be best to back this one out until we can handle the
> > OF modalias format string.
>
> Or just use 2 consecutive snprintf calls
>
> csize = snprintf(str, len, "of:N%pOFn", dev->of_node);
> csize += snprintf(str + csize, len - csize, "T%s",
> dev->of_node->type);
Yeah, that's what I ended up doing. Rob came up with another alternative
which is to output the 'T' via %c, which also works around the issue.
Thierry
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* Re: [PATCH 1/1] ipv6: Add sockopt IPV6_MULTICAST_ALL analogue to IP_MULTICAST_ALL
From: Maciej Żenczykowski @ 2018-09-10 9:07 UTC (permalink / raw)
To: Andre Naujoks
Cc: Linux NetDev, Kernel hackers, David S. Miller, kuznet,
Hideaki YOSHIFUJI, Greg Kroah-Hartman, Erik Kline,
Thomas Gleixner, Shaohua Li, Kate Stewart, Philippe Ombredanne
In-Reply-To: <20180910082715.11506-2-nautsch2@gmail.com>
Any reason not to use the same bit that is used by ipv4?
(as in add the setsockopt/getsockopt but just toggle the v4 bit)
^ permalink raw reply
* 4.19-rc1: r8169 resume from suspend link negotiation issue
From: Neil MacLeod @ 2018-09-10 4:21 UTC (permalink / raw)
To: netdev
Since 4.19-rc1 (up to and including 4.19-rc3) there is now a problem
with the r8169 network interface when resuming from suspend - the
negotiated network speed after resume is only 10Mbit/s half-duplex.
There is no problem with 4.18.y, and when booting into 4.19-rc3 from
power-on the full 1000Mbit/s full duplex link is correctly negotiated.
Bisecting the kernel commits between 4.18.6 and 4.19-rc1 identifies
the following commit as the bad commit:
"r8169: remove rtl8169_set_speed_xmii"[1]
Before suspend: dmesg[2], ethtool eth0[3] - 1000Mbit/s full duplex
After resume from suspend: dmesg[4], ethtool eth0[5] - 10Mbit/s half duplex
Anyone else seeing this?
Thanks
Neil
1. https://github.com/torvalds/linux/commit/a2965f12fde696d3754347bd48a7149b8de45b21
2. http://ix.io/1mn8
3. http://ix.io/1ltR
4. http://ix.io/1mn9
5. http://ix.io/1ltO
^ permalink raw reply
* Re: [PATCH 1/1] ipv6: Add sockopt IPV6_MULTICAST_ALL analogue to IP_MULTICAST_ALL
From: Andre Naujoks @ 2018-09-10 9:30 UTC (permalink / raw)
To: Maciej Żenczykowski
Cc: Linux NetDev, Kernel hackers, David S. Miller, kuznet,
Hideaki YOSHIFUJI, Greg Kroah-Hartman, Erik Kline,
Thomas Gleixner, Shaohua Li, Kate Stewart, Philippe Ombredanne
In-Reply-To: <CANP3RGfGkH33mYDrenwWVkQ4uG4qyrddA+yvJ+t+=y6wGd7uDA@mail.gmail.com>
On 9/10/18 11:07 AM, Maciej Żenczykowski wrote:
> Any reason not to use the same bit that is used by ipv4?
> (as in add the setsockopt/getsockopt but just toggle the v4 bit)
>
I wanted to keep the current behavior for an ipv6 socket as is. I think
user space api/behavioral changes are frowned upon!?
Currently the bit is settable for an ipv6 socket and changes the
handling for ipv4 multicasts for that socket. If I had just added the
socket option and set the v4 bit, you would get maybe unexpected
behavior from that, if you used it for ipv4 multicasts.
Another approach I tried, was to just honor the v4 bit in v6 context,
like this:
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 4ae54aaca373..af1659327d46 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -636,7 +636,7 @@ bool inet6_mc_check(struct sock *sk, const struct
in6_addr *mc_addr,
}
if (!mc) {
rcu_read_unlock();
- return true;
+ return inet_sk(sk)->mc_all;
}
read_lock(&mc->sflock);
psl = mc->sflist;
But that has the same problem of changing current behavior in a possibly
unexpected way.
Regards
Andre
^ permalink raw reply related
* [PATCH v2 0/3] Add can support to RZ/G2M
From: Fabrizio Castro @ 2018-09-10 10:43 UTC (permalink / raw)
To: Wolfgang Grandegger, Marc Kleine-Budde, Rob Herring, Mark Rutland
Cc: Fabrizio Castro, David S. Miller, Sergei Shtylyov, Simon Horman,
Magnus Damm, Chris Paterson, linux-can, netdev, devicetree,
linux-renesas-soc, linux-kernel, Geert Uytterhoeven, Biju Das
Dear All,
this series contains all that's necessary to add CAN support
for RZ/G2M (a.k.a. r8a774a1).
v1-v2:
* applied Geert's comments
Thanks,
Fab
Chris Paterson (1):
arm64: dts: renesas: r8a774a1: Add CAN nodes
Fabrizio Castro (2):
can: rcar_can: Fix erroneous registration
dt-bindings: can: rcar_can: Add r8a774a1 support
.../devicetree/bindings/net/can/rcar_can.txt | 18 +++++++++++-----
arch/arm64/boot/dts/renesas/r8a774a1.dtsi | 24 ++++++++++++++++++++++
drivers/net/can/rcar/rcar_can.c | 5 ++++-
3 files changed, 41 insertions(+), 6 deletions(-)
--
2.7.4
^ permalink raw reply
* [PATCH v2 2/3] dt-bindings: can: rcar_can: Add r8a774a1 support
From: Fabrizio Castro @ 2018-09-10 10:43 UTC (permalink / raw)
To: Wolfgang Grandegger, Marc Kleine-Budde, Rob Herring, Mark Rutland
Cc: Fabrizio Castro, David S. Miller, Sergei Shtylyov, linux-can,
linux-kernel, netdev, devicetree, Simon Horman,
Geert Uytterhoeven, Chris Paterson, Biju Das, linux-renesas-soc
In-Reply-To: <1536576195-11520-1-git-send-email-fabrizio.castro@bp.renesas.com>
Document RZ/G2M (r8a774a1) SoC specific bindings.
Signed-off-by: Fabrizio Castro <fabrizio.castro@bp.renesas.com>
Signed-off-by: Chris Paterson <Chris.Paterson2@renesas.com>
Reviewed-by: Biju Das <biju.das@bp.renesas.com>
---
v1->v2:
* dropped "renesas,rzg-gen2-can" and fixed "clocks" property description
as per Geert's comments.
This patch applies on top of next-20180910.
Documentation/devicetree/bindings/net/can/rcar_can.txt | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/Documentation/devicetree/bindings/net/can/rcar_can.txt b/Documentation/devicetree/bindings/net/can/rcar_can.txt
index 94a7f33..f3b160c 100644
--- a/Documentation/devicetree/bindings/net/can/rcar_can.txt
+++ b/Documentation/devicetree/bindings/net/can/rcar_can.txt
@@ -4,6 +4,7 @@ Renesas R-Car CAN controller Device Tree Bindings
Required properties:
- compatible: "renesas,can-r8a7743" if CAN controller is a part of R8A7743 SoC.
"renesas,can-r8a7745" if CAN controller is a part of R8A7745 SoC.
+ "renesas,can-r8a774a1" if CAN controller is a part of R8A774A1 SoC.
"renesas,can-r8a7778" if CAN controller is a part of R8A7778 SoC.
"renesas,can-r8a7779" if CAN controller is a part of R8A7779 SoC.
"renesas,can-r8a7790" if CAN controller is a part of R8A7790 SoC.
@@ -16,15 +17,21 @@ Required properties:
"renesas,rcar-gen1-can" for a generic R-Car Gen1 compatible device.
"renesas,rcar-gen2-can" for a generic R-Car Gen2 or RZ/G1
compatible device.
- "renesas,rcar-gen3-can" for a generic R-Car Gen3 compatible device.
+ "renesas,rcar-gen3-can" for a generic R-Car Gen3 or RZ/G2
+ compatible device.
When compatible with the generic version, nodes must list the
SoC-specific version corresponding to the platform first
followed by the generic version.
- reg: physical base address and size of the R-Car CAN register map.
- interrupts: interrupt specifier for the sole interrupt.
-- clocks: phandles and clock specifiers for 3 CAN clock inputs.
-- clock-names: 3 clock input name strings: "clkp1", "clkp2", "can_clk".
+- clocks: phandles and clock specifiers for 2 CAN clock inputs for RZ/G2
+ devices.
+ phandles and clock specifiers for 3 CAN clock inputs for every other
+ SoC.
+- clock-names: 2 clock input name strings for RZ/G2: "clkp1", "can_clk".
+ 3 clock input name strings for every other SoC: "clkp1", "clkp2",
+ "can_clk".
- pinctrl-0: pin control group to be used for this controller.
- pinctrl-names: must be "default".
@@ -41,8 +48,9 @@ using the below properties:
Optional properties:
- renesas,can-clock-select: R-Car CAN Clock Source Select. Valid values are:
<0x0> (default) : Peripheral clock (clkp1)
- <0x1> : Peripheral clock (clkp2)
- <0x3> : Externally input clock
+ <0x1> : Peripheral clock (clkp2) (not supported by
+ RZ/G2 devices)
+ <0x3> : External input clock
Example
-------
--
2.7.4
^ permalink raw reply related
* Re: [PATCH net-next] virtio_net: force_napi_tx module param.
From: Jason Wang @ 2018-09-10 5:59 UTC (permalink / raw)
To: Willem de Bruijn
Cc: Jon Olson (Google Drive), Michael S. Tsirkin, caleb.raitto,
David Miller, Network Development, Caleb Raitto
In-Reply-To: <CAF=yD-KPJukmNmNBugONfPZGHtauuDSEsOFCz1_AysZApKnCxw@mail.gmail.com>
On 2018年09月10日 07:07, Willem de Bruijn wrote:
> On Wed, Aug 29, 2018 at 9:01 AM Willem de Bruijn
> <willemdebruijn.kernel@gmail.com> wrote:
>> On Wed, Aug 29, 2018 at 3:56 AM Jason Wang <jasowang@redhat.com> wrote:
>>>
>>>
>>> On 2018年08月29日 03:57, Willem de Bruijn wrote:
>>>> On Mon, Jul 30, 2018 at 2:06 AM Jason Wang <jasowang@redhat.com> wrote:
>>>>>
>>>>> On 2018年07月25日 08:17, Jon Olson wrote:
>>>>>> On Tue, Jul 24, 2018 at 3:46 PM Michael S. Tsirkin <mst@redhat.com> wrote:
>>>>>>> On Tue, Jul 24, 2018 at 06:31:54PM -0400, Willem de Bruijn wrote:
>>>>>>>> On Tue, Jul 24, 2018 at 6:23 PM Michael S. Tsirkin <mst@redhat.com> wrote:
>>>>>>>>> On Tue, Jul 24, 2018 at 04:52:53PM -0400, Willem de Bruijn wrote:
>>>>>>>>>> >From the above linked patch, I understand that there are yet
>>>>>>>>>> other special cases in production, such as a hard cap on #tx queues to
>>>>>>>>>> 32 regardless of number of vcpus.
>>>>>>>>> I don't think upstream kernels have this limit - we can
>>>>>>>>> now use vmalloc for higher number of queues.
>>>>>>>> Yes. that patch* mentioned it as a google compute engine imposed
>>>>>>>> limit. It is exactly such cloud provider imposed rules that I'm
>>>>>>>> concerned about working around in upstream drivers.
>>>>>>>>
>>>>>>>> * for reference, I mean https://patchwork.ozlabs.org/patch/725249/
>>>>>>> Yea. Why does GCE do it btw?
>>>>>> There are a few reasons for the limit, some historical, some current.
>>>>>>
>>>>>> Historically we did this because of a kernel limit on the number of
>>>>>> TAP queues (in Montreal I thought this limit was 32). To my chagrin,
>>>>>> the limit upstream at the time we did it was actually eight. We had
>>>>>> increased the limit from eight to 32 internally, and it appears in
>>>>>> upstream it has subsequently increased upstream to 256. We no longer
>>>>>> use TAP for networking, so that constraint no longer applies for us,
>>>>>> but when looking at removing/raising the limit we discovered no
>>>>>> workloads that clearly benefited from lifting it, and it also placed
>>>>>> more pressure on our virtual networking stack particularly on the Tx
>>>>>> side. We left it as-is.
>>>>>>
>>>>>> In terms of current reasons there are really two. One is memory usage.
>>>>>> As you know, virtio-net uses rx/tx pairs, so there's an expectation
>>>>>> that the guest will have an Rx queue for every Tx queue. We run our
>>>>>> individual virtqueues fairly deep (4096 entries) to give guests a wide
>>>>>> time window for re-posting Rx buffers and avoiding starvation on
>>>>>> packet delivery. Filling an Rx vring with max-sized mergeable buffers
>>>>>> (4096 bytes) is 16MB of GFP_ATOMIC allocations. At 32 queues this can
>>>>>> be up to 512MB of memory posted for network buffers. Scaling this to
>>>>>> the largest VM GCE offers today (160 VCPUs -- n1-ultramem-160) keeping
>>>>>> all of the Rx rings full would (in the large average Rx packet size
>>>>>> case) consume up to 2.5 GB(!) of guest RAM. Now, those VMs have 3.8T
>>>>>> of RAM available, but I don't believe we've observed a situation where
>>>>>> they would have benefited from having 2.5 gigs of buffers posted for
>>>>>> incoming network traffic :)
>>>>> We can work to have async txq and rxq instead of paris if there's a
>>>>> strong requirement.
>>>>>
>>>>>> The second reason is interrupt related -- as I mentioned above, we
>>>>>> have found no workloads that clearly benefit from so many queues, but
>>>>>> we have found workloads that degrade. In particular workloads that do
>>>>>> a lot of small packet processing but which aren't extremely latency
>>>>>> sensitive can achieve higher PPS by taking fewer interrupt across
>>>>>> fewer VCPUs due to better batching (this also incurs higher latency,
>>>>>> but at the limit the "busy" cores end up suppressing most interrupts
>>>>>> and spending most of their cycles farming out work). Memcache is a
>>>>>> good example here, particularly if the latency targets for request
>>>>>> completion are in the ~milliseconds range (rather than the
>>>>>> microseconds we typically strive for with TCP_RR-style workloads).
>>>>>>
>>>>>> All of that said, we haven't been forthcoming with data (and
>>>>>> unfortunately I don't have it handy in a useful form, otherwise I'd
>>>>>> simply post it here), so I understand the hesitation to simply run
>>>>>> with napi_tx across the board. As Willem said, this patch seemed like
>>>>>> the least disruptive way to allow us to continue down the road of
>>>>>> "universal" NAPI Tx and to hopefully get data across enough workloads
>>>>>> (with VMs small, large, and absurdly large :) to present a compelling
>>>>>> argument in one direction or another. As far as I know there aren't
>>>>>> currently any NAPI related ethtool commands (based on a quick perusal
>>>>>> of ethtool.h)
>>>>> As I suggest before, maybe we can (ab)use tx-frames-irq.
>>>> I forgot to respond to this originally, but I agree.
>>>>
>>>> How about something like the snippet below. It would be simpler to
>>>> reason about if only allow switching while the device is down, but
>>>> napi does not strictly require that.
>>>>
>>>> +static int virtnet_set_coalesce(struct net_device *dev,
>>>> + struct ethtool_coalesce *ec)
>>>> +{
>>>> + const u32 tx_coalesce_napi_mask = (1 << 16);
>>>> + const struct ethtool_coalesce ec_default = {
>>>> + .cmd = ETHTOOL_SCOALESCE,
>>>> + .rx_max_coalesced_frames = 1,
>>>> + .tx_max_coalesced_frames = 1,
>>>> + };
>>>> + struct virtnet_info *vi = netdev_priv(dev);
>>>> + int napi_weight = 0;
>>>> + bool running;
>>>> + int i;
>>>> +
>>>> + if (ec->tx_max_coalesced_frames & tx_coalesce_napi_mask) {
>>>> + ec->tx_max_coalesced_frames &= ~tx_coalesce_napi_mask;
>>>> + napi_weight = NAPI_POLL_WEIGHT;
>>>> + }
>>>> +
>>>> + /* disallow changes to fields not explicitly tested above */
>>>> + if (memcmp(ec, &ec_default, sizeof(ec_default)))
>>>> + return -EINVAL;
>>>> +
>>>> + if (napi_weight ^ vi->sq[0].napi.weight) {
>>>> + running = netif_running(vi->dev);
>>>> +
>>>> + for (i = 0; i < vi->max_queue_pairs; i++) {
>>>> + vi->sq[i].napi.weight = napi_weight;
>>>> +
>>>> + if (!running)
>>>> + continue;
>>>> +
>>>> + if (napi_weight)
>>>> + virtnet_napi_tx_enable(vi, vi->sq[i].vq,
>>>> + &vi->sq[i].napi);
>>>> + else
>>>> + napi_disable(&vi->sq[i].napi);
>>>> + }
>>>> + }
>>>> +
>>>> + return 0;
>>>> +}
>>>> +
>>>> +static int virtnet_get_coalesce(struct net_device *dev,
>>>> + struct ethtool_coalesce *ec)
>>>> +{
>>>> + const u32 tx_coalesce_napi_mask = (1 << 16);
>>>> + const struct ethtool_coalesce ec_default = {
>>>> + .cmd = ETHTOOL_GCOALESCE,
>>>> + .rx_max_coalesced_frames = 1,
>>>> + .tx_max_coalesced_frames = 1,
>>>> + };
>>>> + struct virtnet_info *vi = netdev_priv(dev);
>>>> +
>>>> + memcpy(ec, &ec_default, sizeof(ec_default));
>>>> +
>>>> + if (vi->sq[0].napi.weight)
>>>> + ec->tx_max_coalesced_frames |= tx_coalesce_napi_mask;
>>>> +
>>>> + return 0;
>>>> +}
>>> Looks good. Just one nit, maybe it's better simply check against zero?
>> I wanted to avoid making napi and interrupt moderation mutually
>> exclusive. If the virtio-net driver ever gets true moderation support,
>> it should be able to work alongside napi.
>>
>> But I can make no-napi be 0 and napi be 1. That is future proof, in
>> the sense that napi is enabled if there is any interrupt moderation.
> It's not appearing on patchwork yet, but I just sent a patch.
>
> I implemented the above, but .tx_frames of 0 is technically incorrect
> and it would unnecessarily constrain interrupt moderation to one of two
> modes. I went back to using a high bit. That said, if you feel strongly
> I'll change it.
Rethink about this, how about something like:
- UINT_MAX: no tx interrupt
- other value: tx interrupt with possible interrupt moderation
>
> I also tried various ways of switching between napi and non napi
> mode without bringing the device down. This is quite fragile. At the
> very least napi.weight has to be updated without any interrupt or
> napi callback happening in between. So most of the datapath needs
> to be quiesced.
>
> I did code up a variant that manually stops all the queues, masks the
> interrupt and waits for napi to complete if scheduled. But in a stress
> test it still managed to trigger a BUG in napi_enable on this state.
>
> Napi is not switched at runtime in other devices, nor really needed. So
> instead I made this change conditional on the device being down.
I agree to start with this, but I cook a patch on top. Please refer the
thread of formal patch.
Thanks
^ permalink raw reply
* Re: [PATCH net-next] virtio_net: ethtool tx napi configuration
From: Jason Wang @ 2018-09-10 6:01 UTC (permalink / raw)
To: Willem de Bruijn, netdev
Cc: davem, caleb.raitto, mst, jonolson, Willem de Bruijn
In-Reply-To: <20180909224449.203593-1-willemdebruijn.kernel@gmail.com>
On 2018年09月10日 06:44, Willem de Bruijn wrote:
> From: Willem de Bruijn <willemb@google.com>
>
> Implement ethtool .set_coalesce (-C) and .get_coalesce (-c) handlers.
> Interrupt moderation is currently not supported, so these accept and
> display the default settings of 0 usec and 1 frame.
>
> Toggle tx napi through a bit in tx-frames. So as to not interfere
> with possible future interrupt moderation, use bit 10, well outside
> the reasonable range of real interrupt moderation values.
>
> Changes are not atomic. The tx IRQ, napi BH and transmit path must
> be quiesced when switching modes. Only allow changing this setting
> when the device is down.
I cook a fixup, and it looks works in my setup:
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index b320b6b14749..9181c3f2f832 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -2204,10 +2204,17 @@ static int virtnet_set_coalesce(struct
net_device *dev,
return -EINVAL;
if (napi_weight ^ vi->sq[0].napi.weight) {
- if (dev->flags & IFF_UP)
- return -EBUSY;
- for (i = 0; i < vi->max_queue_pairs; i++)
+ for (i = 0; i < vi->max_queue_pairs; i++) {
+ struct netdev_queue *txq =
+ netdev_get_tx_queue(vi->dev, i);
+
+ virtnet_napi_tx_disable(&vi->sq[i].napi);
+ __netif_tx_lock_bh(txq);
vi->sq[i].napi.weight = napi_weight;
+ __netif_tx_unlock_bh(txq);
+ virtnet_napi_tx_enable(vi, vi->sq[i].vq,
+ &vi->sq[i].napi);
+ }
}
return 0;
The only left case is the speculative tx polling in RX NAPI. I think we
don't need to care in this case since it was not a must for correctness.
>
> Link: https://patchwork.ozlabs.org/patch/948149/
> Suggested-by: Jason Wang <jasowang@redhat.com>
> Signed-off-by: Willem de Bruijn <willemb@google.com>
> ---
> drivers/net/virtio_net.c | 52 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 52 insertions(+)
>
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index 765920905226..b320b6b14749 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -66,6 +66,8 @@ DECLARE_EWMA(pkt_len, 0, 64)
>
> #define VIRTNET_DRIVER_VERSION "1.0.0"
>
> +static const u32 ethtool_coalesce_napi_mask = (1UL << 10);
> +
> static const unsigned long guest_offloads[] = {
> VIRTIO_NET_F_GUEST_TSO4,
> VIRTIO_NET_F_GUEST_TSO6,
> @@ -2181,6 +2183,54 @@ static int virtnet_get_link_ksettings(struct net_device *dev,
> return 0;
> }
>
> +static int virtnet_set_coalesce(struct net_device *dev,
> + struct ethtool_coalesce *ec)
> +{
> + const struct ethtool_coalesce ec_default = {
> + .cmd = ETHTOOL_SCOALESCE,
> + .rx_max_coalesced_frames = 1,
I think rx part is no necessary.
Thanks
> + .tx_max_coalesced_frames = 1,
> + };
> + struct virtnet_info *vi = netdev_priv(dev);
> + int i, napi_weight = 0;
> +
> + if (ec->tx_max_coalesced_frames & ethtool_coalesce_napi_mask) {
> + ec->tx_max_coalesced_frames &= ~ethtool_coalesce_napi_mask;
> + napi_weight = NAPI_POLL_WEIGHT;
> + }
> +
> + /* disallow changes to fields not explicitly tested above */
> + if (memcmp(ec, &ec_default, sizeof(ec_default)))
> + return -EINVAL;
> +
> + if (napi_weight ^ vi->sq[0].napi.weight) {
> + if (dev->flags & IFF_UP)
> + return -EBUSY;
> + for (i = 0; i < vi->max_queue_pairs; i++)
> + vi->sq[i].napi.weight = napi_weight;
> + }
> +
> + return 0;
> +}
> +
> +static int virtnet_get_coalesce(struct net_device *dev,
> + struct ethtool_coalesce *ec)
> +{
> + const struct ethtool_coalesce ec_default = {
> + .cmd = ETHTOOL_GCOALESCE,
> + .rx_max_coalesced_frames = 1,
> + .tx_max_coalesced_frames = 1,
> + };
> + struct virtnet_info *vi = netdev_priv(dev);
> +
> + memcpy(ec, &ec_default, sizeof(ec_default));
> +
> + if (vi->sq[0].napi.weight)
> + ec->tx_max_coalesced_frames |= ethtool_coalesce_napi_mask;
> +
> + return 0;
> +}
> +
> static void virtnet_init_settings(struct net_device *dev)
> {
> struct virtnet_info *vi = netdev_priv(dev);
> @@ -2219,6 +2269,8 @@ static const struct ethtool_ops virtnet_ethtool_ops = {
> .get_ts_info = ethtool_op_get_ts_info,
> .get_link_ksettings = virtnet_get_link_ksettings,
> .set_link_ksettings = virtnet_set_link_ksettings,
> + .set_coalesce = virtnet_set_coalesce,
> + .get_coalesce = virtnet_get_coalesce,
> };
>
> static void virtnet_freeze_down(struct virtio_device *vdev)
^ permalink raw reply related
* Re: [PATCH v2 net-next 2/2] tcp: fix the error count of tcpInSegs
From: Yafang Shao @ 2018-09-10 10:56 UTC (permalink / raw)
To: Eric Dumazet; +Cc: David Miller, netdev, LKML
In-Reply-To: <CANn89iLN9H8tUhjMh1o0N7Ng8fPuXqQdpgkpBANpLwywaS3kNA@mail.gmail.com>
On Mon, Sep 10, 2018 at 2:32 AM, Eric Dumazet <edumazet@google.com> wrote:
> On Sat, Sep 8, 2018 at 8:14 PM Yafang Shao <laoar.shao@gmail.com> wrote:
>>
>> In RFC1213, the tcpInSegs is the total number of segments received.
>> While currently it is the total number of SKBs received.
>> The number of SKBs may be not equal with the numer of segments because of
>> GRO.
>> So fix this error count.
>>
>
> We have discussed this in the past and the consensus was it was too
> late to change this.
>
> IP counters have the same issue, so after your patch, we would have
> quite a difference between transport and network layers.
>
> Adding all these max_t(u16, 1, skb_shinfo(skb)->gso_segs)) everywhere add a cost
May be we could give a comment here why we do it like this, otherwise
it may make a misunderstanding.
Thanks
Yafang
^ permalink raw reply
* [PATCH net-next 0/3] liquidio: Removed droq lock from Rx path
From: Felix Manlunas @ 2018-09-10 6:33 UTC (permalink / raw)
To: davem
Cc: netdev, raghu.vatsavayi, derek.chickles, satananda.burla,
felix.manlunas, intiyaz.basha
From: Intiyaz Basha <intiyaz.basha@cavium.com>
Series of patches for removing droq lock from Rx Path.
Intiyaz Basha (3):
liquidio: Disabling tasklet when NAPI is active
liquidio: Per queue oom work queue
liquidio: Removed droq lock
drivers/net/ethernet/cavium/liquidio/lio_core.c | 77 +++++++------
drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 7 ++
drivers/net/ethernet/cavium/liquidio/lio_main.c | 14 ++-
drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 16 +++
.../net/ethernet/cavium/liquidio/octeon_device.c | 4 -
drivers/net/ethernet/cavium/liquidio/octeon_droq.c | 120 +++++++++------------
drivers/net/ethernet/cavium/liquidio/octeon_droq.h | 5 +-
drivers/net/ethernet/cavium/liquidio/octeon_main.h | 4 +
.../net/ethernet/cavium/liquidio/octeon_network.h | 2 +-
9 files changed, 140 insertions(+), 109 deletions(-)
--
1.8.3.1
^ permalink raw reply
* [PATCH net-next 2/3] liquidio: Per queue oom work queue
From: Felix Manlunas @ 2018-09-10 6:34 UTC (permalink / raw)
To: davem
Cc: netdev, raghu.vatsavayi, derek.chickles, satananda.burla,
felix.manlunas, intiyaz.basha
In-Reply-To: <20180910063322.GA4011@felix-thinkpad.cavium.com>
From: Intiyaz Basha <intiyaz.basha@cavium.com>
Removed oom task unconditional rescheduling every 250ms and created per
queue oom work queue for refilling buffers.
The oom task refills only if the available descriptors is fallen to 64.
There will be no packets coming in after hitting this level. So NAPI will
not run until oom task refills the buffers.
Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Acked-by: Derek Chickles <derek.chickles@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
---
drivers/net/ethernet/cavium/liquidio/lio_core.c | 77 +++++++++++-------
drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 7 ++
drivers/net/ethernet/cavium/liquidio/octeon_droq.c | 91 ++++++++++++----------
drivers/net/ethernet/cavium/liquidio/octeon_droq.h | 2 +-
drivers/net/ethernet/cavium/liquidio/octeon_main.h | 4 +
.../net/ethernet/cavium/liquidio/octeon_network.h | 2 +-
6 files changed, 110 insertions(+), 73 deletions(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_core.c b/drivers/net/ethernet/cavium/liquidio/lio_core.c
index 0284204..55ed20b 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_core.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_core.c
@@ -425,56 +425,73 @@ void octeon_pf_changed_vf_macaddr(struct octeon_device *oct, u8 *mac)
*/
}
+void octeon_schedule_rxq_oom_work(struct octeon_device *oct,
+ struct octeon_droq *droq)
+{
+ struct net_device *netdev = oct->props[0].netdev;
+ struct lio *lio = GET_LIO(netdev);
+ struct cavium_wq *wq = &lio->rxq_status_wq[droq->q_no];
+
+ queue_delayed_work(wq->wq, &wq->wk.work,
+ msecs_to_jiffies(LIO_OOM_POLL_INTERVAL_MS));
+}
+
static void octnet_poll_check_rxq_oom_status(struct work_struct *work)
{
struct cavium_wk *wk = (struct cavium_wk *)work;
struct lio *lio = (struct lio *)wk->ctxptr;
struct octeon_device *oct = lio->oct_dev;
- struct octeon_droq *droq;
- int q, q_no = 0;
+ int q_no = wk->ctxul;
+ struct octeon_droq *droq = oct->droq[q_no];
- if (ifstate_check(lio, LIO_IFSTATE_RUNNING)) {
- for (q = 0; q < lio->linfo.num_rxpciq; q++) {
- q_no = lio->linfo.rxpciq[q].s.q_no;
- droq = oct->droq[q_no];
- if (!droq)
- continue;
- octeon_droq_check_oom(droq);
- }
- }
- queue_delayed_work(lio->rxq_status_wq.wq,
- &lio->rxq_status_wq.wk.work,
- msecs_to_jiffies(LIO_OOM_POLL_INTERVAL_MS));
+ if (!ifstate_check(lio, LIO_IFSTATE_RUNNING) || !droq)
+ return;
+
+ if (octeon_retry_droq_refill(droq))
+ octeon_schedule_rxq_oom_work(oct, droq);
}
int setup_rx_oom_poll_fn(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct cavium_wq *wq;
+ int q, q_no;
- lio->rxq_status_wq.wq = alloc_workqueue("rxq-oom-status",
- WQ_MEM_RECLAIM, 0);
- if (!lio->rxq_status_wq.wq) {
- dev_err(&oct->pci_dev->dev, "unable to create cavium rxq oom status wq\n");
- return -ENOMEM;
+ for (q = 0; q < oct->num_oqs; q++) {
+ q_no = lio->linfo.rxpciq[q].s.q_no;
+ wq = &lio->rxq_status_wq[q_no];
+ wq->wq = alloc_workqueue("rxq-oom-status",
+ WQ_MEM_RECLAIM, 0);
+ if (!wq->wq) {
+ dev_err(&oct->pci_dev->dev, "unable to create cavium rxq oom status wq\n");
+ return -ENOMEM;
+ }
+
+ INIT_DELAYED_WORK(&wq->wk.work,
+ octnet_poll_check_rxq_oom_status);
+ wq->wk.ctxptr = lio;
+ wq->wk.ctxul = q_no;
}
- INIT_DELAYED_WORK(&lio->rxq_status_wq.wk.work,
- octnet_poll_check_rxq_oom_status);
- lio->rxq_status_wq.wk.ctxptr = lio;
- queue_delayed_work(lio->rxq_status_wq.wq,
- &lio->rxq_status_wq.wk.work,
- msecs_to_jiffies(LIO_OOM_POLL_INTERVAL_MS));
+
return 0;
}
void cleanup_rx_oom_poll_fn(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
-
- if (lio->rxq_status_wq.wq) {
- cancel_delayed_work_sync(&lio->rxq_status_wq.wk.work);
- flush_workqueue(lio->rxq_status_wq.wq);
- destroy_workqueue(lio->rxq_status_wq.wq);
+ struct octeon_device *oct = lio->oct_dev;
+ struct cavium_wq *wq;
+ int q_no;
+
+ for (q_no = 0; q_no < oct->num_oqs; q_no++) {
+ wq = &lio->rxq_status_wq[q_no];
+ if (wq->wq) {
+ cancel_delayed_work_sync(&wq->wk.work);
+ flush_workqueue(wq->wq);
+ destroy_workqueue(wq->wq);
+ wq->wq = NULL;
+ }
}
}
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_ethtool.c b/drivers/net/ethernet/cavium/liquidio/lio_ethtool.c
index e1e5808..9e53cdb 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_ethtool.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_ethtool.c
@@ -1115,6 +1115,8 @@ static int lio_reset_queues(struct net_device *netdev, uint32_t num_qs)
* steps like updating sriov_info for the octeon device need to be done.
*/
if (queue_count_update) {
+ cleanup_rx_oom_poll_fn(netdev);
+
lio_delete_glists(lio);
/* Delete mbox for PF which is SRIOV disabled because sriov_info
@@ -1214,6 +1216,11 @@ static int lio_reset_queues(struct net_device *netdev, uint32_t num_qs)
return -1;
}
+ if (setup_rx_oom_poll_fn(netdev)) {
+ dev_err(&oct->pci_dev->dev, "lio_setup_rx_oom_poll_fn failed\n");
+ return 1;
+ }
+
/* Send firmware the information about new number of queues
* if the interface is a VF or a PF that is SRIOV enabled.
*/
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_droq.c b/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
index a71dbb7..53c25ee 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
@@ -333,8 +333,6 @@ int octeon_init_droq(struct octeon_device *oct,
* Returns:
* Success: Pointer to recv_info_t
* Failure: NULL.
- * Locks:
- * The droq->lock is held when this routine is called.
*/
static inline struct octeon_recv_info *octeon_create_recv_info(
struct octeon_device *octeon_dev,
@@ -433,8 +431,6 @@ static inline struct octeon_recv_info *octeon_create_recv_info(
* up buffers (that were not dispatched) to form a contiguous ring.
* Returns:
* No of descriptors refilled.
- * Locks:
- * This routine is called with droq->lock held.
*/
static u32
octeon_droq_refill(struct octeon_device *octeon_dev, struct octeon_droq *droq)
@@ -449,8 +445,7 @@ static inline struct octeon_recv_info *octeon_create_recv_info(
while (droq->refill_count && (desc_refilled < droq->max_count)) {
/* If a valid buffer exists (happens if there is no dispatch),
- * reuse
- * the buffer, else allocate.
+ * reuse the buffer, else allocate.
*/
if (!droq->recv_buf_list[droq->refill_idx].buffer) {
pg_info =
@@ -503,28 +498,33 @@ static inline struct octeon_recv_info *octeon_create_recv_info(
/** check if we can allocate packets to get out of oom.
* @param droq - Droq being checked.
- * @return does not return anything
+ * @return 1 if fails to refill minimum
*/
-void octeon_droq_check_oom(struct octeon_droq *droq)
+int octeon_retry_droq_refill(struct octeon_droq *droq)
{
- int desc_refilled;
struct octeon_device *oct = droq->oct_dev;
+ int desc_refilled, reschedule = 1;
+ u32 pkts_credit;
+
+ spin_lock_bh(&droq->lock);
+ pkts_credit = readl(droq->pkts_credit_reg);
+ desc_refilled = octeon_droq_refill(oct, droq);
+ if (desc_refilled) {
+ /* Flush the droq descriptor data to memory to be sure
+ * that when we update the credits the data in memory
+ * is accurate.
+ */
+ wmb();
+ writel(desc_refilled, droq->pkts_credit_reg);
+ /* make sure mmio write completes */
+ mmiowb();
- if (readl(droq->pkts_credit_reg) <= CN23XX_SLI_DEF_BP) {
- spin_lock_bh(&droq->lock);
- desc_refilled = octeon_droq_refill(oct, droq);
- if (desc_refilled) {
- /* Flush the droq descriptor data to memory to be sure
- * that when we update the credits the data in memory
- * is accurate.
- */
- wmb();
- writel(desc_refilled, droq->pkts_credit_reg);
- /* make sure mmio write completes */
- mmiowb();
- }
- spin_unlock_bh(&droq->lock);
+ if (pkts_credit + desc_refilled >= CN23XX_SLI_DEF_BP)
+ reschedule = 0;
}
+ spin_unlock_bh(&droq->lock);
+
+ return reschedule;
}
static inline u32
@@ -603,9 +603,9 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
struct octeon_droq *droq,
u32 pkts_to_process)
{
+ u32 pkt, total_len = 0, pkt_count, retval;
struct octeon_droq_info *info;
union octeon_rh *rh;
- u32 pkt, total_len = 0, pkt_count;
pkt_count = pkts_to_process;
@@ -709,30 +709,43 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
if (droq->refill_count >= droq->refill_threshold) {
int desc_refilled = octeon_droq_refill(oct, droq);
- /* Flush the droq descriptor data to memory to be sure
- * that when we update the credits the data in memory
- * is accurate.
- */
- wmb();
- writel((desc_refilled), droq->pkts_credit_reg);
- /* make sure mmio write completes */
- mmiowb();
+ if (desc_refilled) {
+ /* Flush the droq descriptor data to memory to
+ * be sure that when we update the credits the
+ * data in memory is accurate.
+ */
+ wmb();
+ writel(desc_refilled, droq->pkts_credit_reg);
+ /* make sure mmio write completes */
+ mmiowb();
+ }
}
-
} /* for (each packet)... */
/* Increment refill_count by the number of buffers processed. */
droq->stats.pkts_received += pkt;
droq->stats.bytes_received += total_len;
+ retval = pkt;
if ((droq->ops.drop_on_max) && (pkts_to_process - pkt)) {
octeon_droq_drop_packets(oct, droq, (pkts_to_process - pkt));
droq->stats.dropped_toomany += (pkts_to_process - pkt);
- return pkts_to_process;
+ retval = pkts_to_process;
}
- return pkt;
+ atomic_sub(retval, &droq->pkts_pending);
+
+ if (droq->refill_count >= droq->refill_threshold &&
+ readl(droq->pkts_credit_reg) < CN23XX_SLI_DEF_BP) {
+ octeon_droq_check_hw_for_pkts(droq);
+
+ /* Make sure there are no pkts_pending */
+ if (!atomic_read(&droq->pkts_pending))
+ octeon_schedule_rxq_oom_work(oct, droq);
+ }
+
+ return retval;
}
int
@@ -740,7 +753,7 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
struct octeon_droq *droq,
u32 budget)
{
- u32 pkt_count = 0, pkts_processed = 0;
+ u32 pkt_count = 0;
struct list_head *tmp, *tmp2;
/* Grab the droq lock */
@@ -757,9 +770,7 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
if (pkt_count > budget)
pkt_count = budget;
- pkts_processed = octeon_droq_fast_process_packets(oct, droq, pkt_count);
-
- atomic_sub(pkts_processed, &droq->pkts_pending);
+ octeon_droq_fast_process_packets(oct, droq, pkt_count);
/* Release the spin lock */
spin_unlock(&droq->lock);
@@ -813,8 +824,6 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
octeon_droq_fast_process_packets(oct, droq,
pkts_available);
- atomic_sub(pkts_processed, &droq->pkts_pending);
-
total_pkts_processed += pkts_processed;
}
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_droq.h b/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
index f28f262..b201936 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
@@ -414,6 +414,6 @@ int octeon_droq_process_poll_pkts(struct octeon_device *oct,
int octeon_enable_irq(struct octeon_device *oct, u32 q_no);
-void octeon_droq_check_oom(struct octeon_droq *droq);
+int octeon_retry_droq_refill(struct octeon_droq *droq);
#endif /*__OCTEON_DROQ_H__ */
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_main.h b/drivers/net/ethernet/cavium/liquidio/octeon_main.h
index 38c055f..073d064 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_main.h
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_main.h
@@ -70,6 +70,10 @@ void octeon_update_tx_completion_counters(void *buf, int reqtype,
void octeon_report_tx_completion_to_bql(void *txq, unsigned int pkts_compl,
unsigned int bytes_compl);
void octeon_pf_changed_vf_macaddr(struct octeon_device *oct, u8 *mac);
+
+void octeon_schedule_rxq_oom_work(struct octeon_device *oct,
+ struct octeon_droq *droq);
+
/** Swap 8B blocks */
static inline void octeon_swap_8B_data(u64 *data, u32 blocks)
{
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_network.h b/drivers/net/ethernet/cavium/liquidio/octeon_network.h
index 9117b5a..beb3eec 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_network.h
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_network.h
@@ -173,7 +173,7 @@ struct lio {
struct cavium_wq txq_status_wq;
/* work queue for rxq oom status */
- struct cavium_wq rxq_status_wq;
+ struct cavium_wq rxq_status_wq[MAX_POSSIBLE_OCTEON_OUTPUT_QUEUES];
/* work queue for link status */
struct cavium_wq link_status_wq;
--
1.8.3.1
^ permalink raw reply related
* [PATCH net-next 3/3] liquidio: Removed droq lock
From: Felix Manlunas @ 2018-09-10 6:34 UTC (permalink / raw)
To: davem
Cc: netdev, raghu.vatsavayi, derek.chickles, satananda.burla,
felix.manlunas, intiyaz.basha
In-Reply-To: <20180910063322.GA4011@felix-thinkpad.cavium.com>
From: Intiyaz Basha <intiyaz.basha@cavium.com>
With the changes in patch 1 and 2, droq lock is not required.
So removing droq lock.
Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Acked-by: Derek Chickles <derek.chickles@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
---
.../net/ethernet/cavium/liquidio/octeon_device.c | 4 ---
drivers/net/ethernet/cavium/liquidio/octeon_droq.c | 33 ++--------------------
drivers/net/ethernet/cavium/liquidio/octeon_droq.h | 3 --
3 files changed, 3 insertions(+), 37 deletions(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_device.c b/drivers/net/ethernet/cavium/liquidio/octeon_device.c
index d0ed6c4..0f0275c 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_device.c
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_device.c
@@ -1440,12 +1440,8 @@ void lio_enable_irq(struct octeon_droq *droq, struct octeon_instr_queue *iq)
/* the whole thing needs to be atomic, ideally */
if (droq) {
pkts_pend = (u32)atomic_read(&droq->pkts_pending);
- spin_lock_bh(&droq->lock);
writel(droq->pkt_count - pkts_pend, droq->pkts_sent_reg);
droq->pkt_count = pkts_pend;
- /* this write needs to be flushed before we release the lock */
- mmiowb();
- spin_unlock_bh(&droq->lock);
oct = droq->oct_dev;
}
if (iq) {
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_droq.c b/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
index 53c25ee..ad621aa 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
@@ -301,8 +301,6 @@ int octeon_init_droq(struct octeon_device *oct,
dev_dbg(&oct->pci_dev->dev, "DROQ INIT: max_empty_descs: %d\n",
droq->max_empty_descs);
- spin_lock_init(&droq->lock);
-
INIT_LIST_HEAD(&droq->dispatch_list);
/* For 56xx Pass1, this function won't be called, so no checks. */
@@ -506,7 +504,6 @@ int octeon_retry_droq_refill(struct octeon_droq *droq)
int desc_refilled, reschedule = 1;
u32 pkts_credit;
- spin_lock_bh(&droq->lock);
pkts_credit = readl(droq->pkts_credit_reg);
desc_refilled = octeon_droq_refill(oct, droq);
if (desc_refilled) {
@@ -522,7 +519,6 @@ int octeon_retry_droq_refill(struct octeon_droq *droq)
if (pkts_credit + desc_refilled >= CN23XX_SLI_DEF_BP)
reschedule = 0;
}
- spin_unlock_bh(&droq->lock);
return reschedule;
}
@@ -756,25 +752,17 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
u32 pkt_count = 0;
struct list_head *tmp, *tmp2;
- /* Grab the droq lock */
- spin_lock(&droq->lock);
-
octeon_droq_check_hw_for_pkts(droq);
pkt_count = atomic_read(&droq->pkts_pending);
- if (!pkt_count) {
- spin_unlock(&droq->lock);
+ if (!pkt_count)
return 0;
- }
if (pkt_count > budget)
pkt_count = budget;
octeon_droq_fast_process_packets(oct, droq, pkt_count);
- /* Release the spin lock */
- spin_unlock(&droq->lock);
-
list_for_each_safe(tmp, tmp2, &droq->dispatch_list) {
struct __dispatch *rdisp = (struct __dispatch *)tmp;
@@ -809,8 +797,6 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
if (budget > droq->max_count)
budget = droq->max_count;
- spin_lock(&droq->lock);
-
while (total_pkts_processed < budget) {
octeon_droq_check_hw_for_pkts(droq);
@@ -827,8 +813,6 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
total_pkts_processed += pkts_processed;
}
- spin_unlock(&droq->lock);
-
list_for_each_safe(tmp, tmp2, &droq->dispatch_list) {
struct __dispatch *rdisp = (struct __dispatch *)tmp;
@@ -888,9 +872,8 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
int octeon_register_droq_ops(struct octeon_device *oct, u32 q_no,
struct octeon_droq_ops *ops)
{
- struct octeon_droq *droq;
- unsigned long flags;
struct octeon_config *oct_cfg = NULL;
+ struct octeon_droq *droq;
oct_cfg = octeon_get_conf(oct);
@@ -910,21 +893,15 @@ int octeon_register_droq_ops(struct octeon_device *oct, u32 q_no,
}
droq = oct->droq[q_no];
-
- spin_lock_irqsave(&droq->lock, flags);
-
memcpy(&droq->ops, ops, sizeof(struct octeon_droq_ops));
- spin_unlock_irqrestore(&droq->lock, flags);
-
return 0;
}
int octeon_unregister_droq_ops(struct octeon_device *oct, u32 q_no)
{
- unsigned long flags;
- struct octeon_droq *droq;
struct octeon_config *oct_cfg = NULL;
+ struct octeon_droq *droq;
oct_cfg = octeon_get_conf(oct);
@@ -945,14 +922,10 @@ int octeon_unregister_droq_ops(struct octeon_device *oct, u32 q_no)
return 0;
}
- spin_lock_irqsave(&droq->lock, flags);
-
droq->ops.fptr = NULL;
droq->ops.farg = NULL;
droq->ops.drop_on_max = 0;
- spin_unlock_irqrestore(&droq->lock, flags);
-
return 0;
}
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_droq.h b/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
index b201936..c9b19e6 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
@@ -245,9 +245,6 @@ struct octeon_droq_ops {
* Octeon DROQ.
*/
struct octeon_droq {
- /** A spinlock to protect access to this ring. */
- spinlock_t lock;
-
u32 q_no;
u32 pkt_count;
--
1.8.3.1
^ permalink raw reply related
* Re: kernels > v4.12 oops/crash with ipsec-traffic: bisected to b838d5e1c5b6e57b10ec8af2268824041e3ea911: ipv4: mark DST_NOGC and remove the operation of dst_free()
From: Steffen Klassert @ 2018-09-10 6:37 UTC (permalink / raw)
To: Wolfgang Walter; +Cc: netdev, Wei Wang, Tobias Hommel, Eric Dumazet
In-Reply-To: <1619354.H6dCVflbiu@stwm.de>
On Fri, Sep 07, 2018 at 11:10:55PM +0200, Wolfgang Walter wrote:
> Hello Steffen,
>
> in one of your emails to Thomas you wrote:
> > xfrm_lookup+0x2a is at the very beginning of xfrm_lookup(), here we
> > find:
> >
> > u16 family = dst_orig->ops->family;
> >
> > ops has an offset of 32 bytes (20 hex) in dst_orig, so looks like
> > dst_orig is NULL.
> >
> > In the forwarding case, we get dst_orig from the skb and dst_orig
> > can't be NULL here unless the skb itself is already fishy.
>
> Is this really true?
>
> If xfrm_lookup is called from
>
> __xfrm_route_forward():
>
> int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
> {
> struct net *net = dev_net(skb->dev);
> struct flowi fl;
> struct dst_entry *dst;
> int res = 1;
>
> if (xfrm_decode_session(skb, &fl, family) < 0) {
> XFRM_INC_STATS(net, LINUX_MIB_XFRMFWDHDRERROR);
> return 0;
> }
>
> skb_dst_force(skb);
>
> dst = xfrm_lookup(net, skb_dst(skb), &fl, NULL, XFRM_LOOKUP_QUEUE);
> if (IS_ERR(dst)) {
> res = 0;
> dst = NULL;
> }
> skb_dst_set(skb, dst);
> return res;
> }
>
> couldn't it be possible that skb_dst_force(skb) actually sets dst to NULL if
> it cannot safely lock it? If it is absolutely sure that skb_dst_force() never
> can set dst to NULL I wonder why it is called at all?
Ugh, skb_dst_force apparently changed since I looked at it last time.
I did not expect that it can clear skb->dst. This behaviour was
introduced with:
commit 222d7dbd258dad4cd5241c43ef818141fad5a87a
net: prevent dst uses after free
from Eric Dumazet (put him to Cc).
The easy fix that could be backported to stable would be
to check skb->dst for NULL and drop the packet in that case.
I wonder if we can do better here. We can still use the
dst_entry as long as we don't exit the RCU grace period.
But looking deeper into it, the crypto layer might return
asynchronously. In this case, we exit the RCU grace period
and we have to drop the packet anyway.
If I understand correct, the bug happens rarely. So maybe
we could just stay with the easy fix (I'll do a patch today).
The other thing I wonder about is why Tobias bisected this to
commit b838d5e1c5b6e57b10ec8af2268824041e3ea911
ipv4: mark DST_NOGC and remove the operation of dst_free()
from 'Jun 17 2017' and not to
commit 222d7dbd258dad4cd5241c43ef818141fad5a87a
net: prevent dst uses after free
from 'Sep 21 2017'.
Maybe Tobias has seen two bugs. Before
("net: prevent dst uses after free"), it was the
use after free, and after this fix it was a NULL
pointer derference of skb->dst.
^ permalink raw reply
* [PATCH net-next 1/3] liquidio: Disabling tasklet when NAPI is active
From: Felix Manlunas @ 2018-09-10 6:34 UTC (permalink / raw)
To: davem
Cc: netdev, raghu.vatsavayi, derek.chickles, satananda.burla,
felix.manlunas, intiyaz.basha
In-Reply-To: <20180910063322.GA4011@felix-thinkpad.cavium.com>
From: Intiyaz Basha <intiyaz.basha@cavium.com>
Control packets are processed in tasklet when interface is down and in
NAPI when interface is up. So tasklet can be disabled when interface up
and re-enabled when interface is down.
Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Acked-by: Derek Chickles <derek.chickles@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
---
drivers/net/ethernet/cavium/liquidio/lio_main.c | 14 +++++++++++++-
drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 16 ++++++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
index 40f941f..0aba1f7 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
@@ -1239,8 +1239,10 @@ static void send_rx_ctrl_cmd(struct lio *lio, int start_stop)
static void liquidio_destroy_nic_device(struct octeon_device *oct, int ifidx)
{
struct net_device *netdev = oct->props[ifidx].netdev;
- struct lio *lio;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
+ struct lio *lio;
if (!netdev) {
dev_err(&oct->pci_dev->dev, "%s No netdevice ptr for index %d\n",
@@ -1269,6 +1271,8 @@ static void liquidio_destroy_nic_device(struct octeon_device *oct, int ifidx)
list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
netif_napi_del(napi);
+ tasklet_enable(&oct_priv->droq_tasklet);
+
if (atomic_read(&lio->ifstate) & LIO_IFSTATE_REGISTERED)
unregister_netdev(netdev);
@@ -1805,9 +1809,13 @@ static int liquidio_open(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
if (oct->props[lio->ifidx].napi_enabled == 0) {
+ tasklet_disable(&oct_priv->droq_tasklet);
+
list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
napi_enable(napi);
@@ -1861,6 +1869,8 @@ static int liquidio_stop(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
ifstate_reset(lio, LIO_IFSTATE_RUNNING);
@@ -1907,6 +1917,8 @@ static int liquidio_stop(struct net_device *netdev)
if (OCTEON_CN23XX_PF(oct))
oct->droq[0]->ops.poll_mode = 0;
+
+ tasklet_enable(&oct_priv->droq_tasklet);
}
dev_info(&oct->pci_dev->dev, "%s interface is stopped\n", netdev->name);
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c b/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
index 8fa7ac3..0ec4bfe 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
@@ -444,6 +444,8 @@ static void octeon_pci_flr(struct octeon_device *oct)
*/
static void octeon_destroy_resources(struct octeon_device *oct)
{
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct msix_entry *msix_entries;
int i;
@@ -587,6 +589,8 @@ static void octeon_destroy_resources(struct octeon_device *oct)
/* Nothing to be done here either */
break;
}
+
+ tasklet_kill(&oct_priv->droq_tasklet);
}
/**
@@ -652,6 +656,8 @@ static void send_rx_ctrl_cmd(struct lio *lio, int start_stop)
static void liquidio_destroy_nic_device(struct octeon_device *oct, int ifidx)
{
struct net_device *netdev = oct->props[ifidx].netdev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
struct lio *lio;
@@ -681,6 +687,8 @@ static void liquidio_destroy_nic_device(struct octeon_device *oct, int ifidx)
list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
netif_napi_del(napi);
+ tasklet_enable(&oct_priv->droq_tasklet);
+
if (atomic_read(&lio->ifstate) & LIO_IFSTATE_REGISTERED)
unregister_netdev(netdev);
@@ -898,9 +906,13 @@ static int liquidio_open(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
if (!oct->props[lio->ifidx].napi_enabled) {
+ tasklet_disable(&oct_priv->droq_tasklet);
+
list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
napi_enable(napi);
@@ -938,6 +950,8 @@ static int liquidio_stop(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
/* tell Octeon to stop forwarding packets to host */
@@ -967,6 +981,8 @@ static int liquidio_stop(struct net_device *netdev)
oct->props[lio->ifidx].napi_enabled = 0;
oct->droq[0]->ops.poll_mode = 0;
+
+ tasklet_enable(&oct_priv->droq_tasklet);
}
cancel_delayed_work_sync(&lio->stats_wk.work);
--
1.8.3.1
^ permalink raw reply related
* Re: [PATCH net-next] tcp: rate limit synflood warnings further
From: Eric Dumazet @ 2018-09-10 7:52 UTC (permalink / raw)
To: Willem de Bruijn, netdev; +Cc: davem, eric.dumazet, Willem de Bruijn
In-Reply-To: <20180909231212.212470-1-willemdebruijn.kernel@gmail.com>
On 09/09/2018 04:12 PM, Willem de Bruijn wrote:
> From: Willem de Bruijn <willemb@google.com>
>
> Convert pr_info to net_info_ratelimited to limit the total number of
> synflood warnings.
>
> Commit 946cedccbd73 ("tcp: Change possible SYN flooding messages")
> rate limits synflood warnings to one per listener.
>
> Workloads that open many listener sockets can still see a high rate of
> log messages. Syzkaller is one frequent example.
>
> Signed-off-by: Willem de Bruijn <willemb@google.com>
Thanks Willem
Signed-off-by: Eric Dumazet <edumazet@google.com>
^ permalink raw reply
* Re: kernels > v4.12 oops/crash with ipsec-traffic: bisected to b838d5e1c5b6e57b10ec8af2268824041e3ea911: ipv4: mark DST_NOGC and remove the operation of dst_free()
From: Kristian Evensen @ 2018-09-10 8:18 UTC (permalink / raw)
To: Steffen Klassert
Cc: linux, Network Development, weiwan, Tobias Hommel, edumazet
In-Reply-To: <20180910063739.GX23674@gauss3.secunet.de>
Hi,
Thanks everyone for all the effort in debugging this issue.
On Mon, Sep 10, 2018 at 8:39 AM Steffen Klassert
<steffen.klassert@secunet.com> wrote:
> The easy fix that could be backported to stable would be
> to check skb->dst for NULL and drop the packet in that case.
Thought I should just chime in and say that we deployed this
work-around when we started observing the error back in June. Since
then we have not seen any crashes. Also, we have instrumented some of
our kernels to count the number of times the error is hit (overall +
consecutive). Compared to the overall number of packets, the error
happens very rarely. With our workloads, we on average see the error
once every couple of days.
BR,
Kristian
^ permalink raw reply
* [net-next, PATCH 0/2, v1] net: socionext: add AF_XDP support
From: Ilias Apalodimas @ 2018-09-10 8:24 UTC (permalink / raw)
To: netdev, jaswinder.singh
Cc: ard.biesheuvel, masami.hiramatsu, arnd, mykyta.iziumtsev,
bjorn.topel, magnus.karlsson, Ilias Apalodimas
This patch series adds AF_XDP support socionext netsec driver
- patch [1/2]: Use a different allocation scheme for Rx DMA buffers to prepare
the driver for AF_XDP support
- patch [2/2]: Add AF_XDP support without zero-copy
Ilias Apalodimas (2):
net: socionext: different approach on DMA
net: socionext: add AF_XDP support
drivers/net/ethernet/socionext/netsec.c | 444 +++++++++++++++++++++++---------
1 file changed, 329 insertions(+), 115 deletions(-)
--
2.7.4
^ permalink raw reply
* [net-next, PATCH 1/2, v1] net: socionext: different approach on DMA
From: Ilias Apalodimas @ 2018-09-10 8:24 UTC (permalink / raw)
To: netdev, jaswinder.singh
Cc: ard.biesheuvel, masami.hiramatsu, arnd, mykyta.iziumtsev,
bjorn.topel, magnus.karlsson, Ilias Apalodimas
In-Reply-To: <1536567880-15097-1-git-send-email-ilias.apalodimas@linaro.org>
Current driver dynamically allocates an skb and maps it as DMA rx buffer.
A following patch introduces AF_XDP functionality, so we need a
different allocation scheme. Buffers are allocated dynamically and
mapped into hardware. During the Rx operation the driver uses
build_skb() to produce the necessary buffers for the network stack
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
drivers/net/ethernet/socionext/netsec.c | 239 +++++++++++++++++---------------
1 file changed, 130 insertions(+), 109 deletions(-)
diff --git a/drivers/net/ethernet/socionext/netsec.c b/drivers/net/ethernet/socionext/netsec.c
index 7aa5ebb..666fee2 100644
--- a/drivers/net/ethernet/socionext/netsec.c
+++ b/drivers/net/ethernet/socionext/netsec.c
@@ -296,6 +296,11 @@ struct netsec_rx_pkt_info {
bool err_flag;
};
+static void netsec_rx_fill(struct netsec_priv *priv, u16 from, u16 num);
+
+static void *netsec_alloc_rx_data(struct netsec_priv *priv,
+ dma_addr_t *dma_addr, u16 *len);
+
static void netsec_write(struct netsec_priv *priv, u32 reg_addr, u32 val)
{
writel(val, priv->ioaddr + reg_addr);
@@ -556,34 +561,10 @@ static const struct ethtool_ops netsec_ethtool_ops = {
/************* NETDEV_OPS FOLLOW *************/
-static struct sk_buff *netsec_alloc_skb(struct netsec_priv *priv,
- struct netsec_desc *desc)
-{
- struct sk_buff *skb;
-
- if (device_get_dma_attr(priv->dev) == DEV_DMA_COHERENT) {
- skb = netdev_alloc_skb_ip_align(priv->ndev, desc->len);
- } else {
- desc->len = L1_CACHE_ALIGN(desc->len);
- skb = netdev_alloc_skb(priv->ndev, desc->len);
- }
- if (!skb)
- return NULL;
-
- desc->addr = skb->data;
- desc->dma_addr = dma_map_single(priv->dev, desc->addr, desc->len,
- DMA_FROM_DEVICE);
- if (dma_mapping_error(priv->dev, desc->dma_addr)) {
- dev_kfree_skb_any(skb);
- return NULL;
- }
- return skb;
-}
static void netsec_set_rx_de(struct netsec_priv *priv,
struct netsec_desc_ring *dring, u16 idx,
- const struct netsec_desc *desc,
- struct sk_buff *skb)
+ const struct netsec_desc *desc)
{
struct netsec_de *de = dring->vaddr + DESC_SZ * idx;
u32 attr = (1 << NETSEC_RX_PKT_OWN_FIELD) |
@@ -602,59 +583,6 @@ static void netsec_set_rx_de(struct netsec_priv *priv,
dring->desc[idx].dma_addr = desc->dma_addr;
dring->desc[idx].addr = desc->addr;
dring->desc[idx].len = desc->len;
- dring->desc[idx].skb = skb;
-}
-
-static struct sk_buff *netsec_get_rx_de(struct netsec_priv *priv,
- struct netsec_desc_ring *dring,
- u16 idx,
- struct netsec_rx_pkt_info *rxpi,
- struct netsec_desc *desc, u16 *len)
-{
- struct netsec_de de = {};
-
- memcpy(&de, dring->vaddr + DESC_SZ * idx, DESC_SZ);
-
- *len = de.buf_len_info >> 16;
-
- rxpi->err_flag = (de.attr >> NETSEC_RX_PKT_ER_FIELD) & 1;
- rxpi->rx_cksum_result = (de.attr >> NETSEC_RX_PKT_CO_FIELD) & 3;
- rxpi->err_code = (de.attr >> NETSEC_RX_PKT_ERR_FIELD) &
- NETSEC_RX_PKT_ERR_MASK;
- *desc = dring->desc[idx];
- return desc->skb;
-}
-
-static struct sk_buff *netsec_get_rx_pkt_data(struct netsec_priv *priv,
- struct netsec_rx_pkt_info *rxpi,
- struct netsec_desc *desc,
- u16 *len)
-{
- struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
- struct sk_buff *tmp_skb, *skb = NULL;
- struct netsec_desc td;
- int tail;
-
- *rxpi = (struct netsec_rx_pkt_info){};
-
- td.len = priv->ndev->mtu + 22;
-
- tmp_skb = netsec_alloc_skb(priv, &td);
-
- tail = dring->tail;
-
- if (!tmp_skb) {
- netsec_set_rx_de(priv, dring, tail, &dring->desc[tail],
- dring->desc[tail].skb);
- } else {
- skb = netsec_get_rx_de(priv, dring, tail, rxpi, desc, len);
- netsec_set_rx_de(priv, dring, tail, &td, tmp_skb);
- }
-
- /* move tail ahead */
- dring->tail = (dring->tail + 1) % DESC_NUM;
-
- return skb;
}
static int netsec_clean_tx_dring(struct netsec_priv *priv, int budget)
@@ -721,19 +649,29 @@ static int netsec_process_tx(struct netsec_priv *priv, int budget)
return done;
}
+static void nsetsec_adv_desc(u16 *idx)
+{
+ *idx = *idx + 1;
+ if (unlikely(*idx >= DESC_NUM))
+ *idx = 0;
+}
+
static int netsec_process_rx(struct netsec_priv *priv, int budget)
{
struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
struct net_device *ndev = priv->ndev;
- struct netsec_rx_pkt_info rx_info;
- int done = 0;
- struct netsec_desc desc;
struct sk_buff *skb;
- u16 len;
+ int done = 0;
while (done < budget) {
u16 idx = dring->tail;
struct netsec_de *de = dring->vaddr + (DESC_SZ * idx);
+ struct netsec_desc *desc = &dring->desc[idx];
+ struct netsec_rx_pkt_info rpi;
+ dma_addr_t dma_handle;
+ void *buf_addr;
+ u16 pkt_len;
+ u16 desc_len;
if (de->attr & (1U << NETSEC_RX_PKT_OWN_FIELD))
break;
@@ -744,28 +682,62 @@ static int netsec_process_rx(struct netsec_priv *priv, int budget)
*/
dma_rmb();
done++;
- skb = netsec_get_rx_pkt_data(priv, &rx_info, &desc, &len);
- if (unlikely(!skb) || rx_info.err_flag) {
+
+ pkt_len = de->buf_len_info >> 16;
+ rpi.err_code = (de->attr >> NETSEC_RX_PKT_ERR_FIELD) &
+ NETSEC_RX_PKT_ERR_MASK;
+ rpi.err_flag = (de->attr >> NETSEC_RX_PKT_ER_FIELD) & 1;
+ if (rpi.err_flag) {
netif_err(priv, drv, priv->ndev,
- "%s: rx fail err(%d)\n",
- __func__, rx_info.err_code);
+ "%s: rx fail err(%d)\n", __func__,
+ rpi.err_code);
ndev->stats.rx_dropped++;
+ nsetsec_adv_desc(&dring->tail);
+ /* reuse buffer page frag */
+ netsec_rx_fill(priv, idx, 1);
continue;
}
+ rpi.rx_cksum_result = (de->attr >> NETSEC_RX_PKT_CO_FIELD) & 3;
- dma_unmap_single(priv->dev, desc.dma_addr, desc.len,
- DMA_FROM_DEVICE);
- skb_put(skb, len);
+ dma_sync_single_for_cpu(priv->dev, desc->dma_addr, pkt_len,
+ DMA_FROM_DEVICE);
+
+ prefetch(desc->addr);
+ buf_addr = netsec_alloc_rx_data(priv, &dma_handle, &desc_len);
+ if (unlikely(!buf_addr))
+ break;
+
+ skb = build_skb(desc->addr, desc->len);
+ if (unlikely(!skb)) {
+ dma_unmap_single(priv->dev, dma_handle, desc_len,
+ DMA_TO_DEVICE);
+ skb_free_frag(buf_addr);
+ netif_err(priv, drv, priv->ndev,
+ "rx failed to alloc skb\n");
+ break;
+ }
+ dma_unmap_single_attrs(priv->dev, desc->dma_addr, desc->len,
+ DMA_TO_DEVICE, DMA_ATTR_SKIP_CPU_SYNC);
+
+ /* Update the descriptor with fresh buffers */
+ desc->len = desc_len;
+ desc->dma_addr = dma_handle;
+ desc->addr = buf_addr;
+
+ skb_put(skb, pkt_len);
skb->protocol = eth_type_trans(skb, priv->ndev);
if (priv->rx_cksum_offload_flag &&
- rx_info.rx_cksum_result == NETSEC_RX_CKSUM_OK)
+ rpi.rx_cksum_result == NETSEC_RX_CKSUM_OK)
skb->ip_summed = CHECKSUM_UNNECESSARY;
if (napi_gro_receive(&priv->napi, skb) != GRO_DROP) {
ndev->stats.rx_packets++;
- ndev->stats.rx_bytes += len;
+ ndev->stats.rx_bytes += pkt_len;
}
+
+ netsec_rx_fill(priv, idx, 1);
+ nsetsec_adv_desc(&dring->tail);
}
return done;
@@ -928,7 +900,10 @@ static void netsec_uninit_pkt_dring(struct netsec_priv *priv, int id)
dma_unmap_single(priv->dev, desc->dma_addr, desc->len,
id == NETSEC_RING_RX ? DMA_FROM_DEVICE :
DMA_TO_DEVICE);
- dev_kfree_skb(desc->skb);
+ if (id == NETSEC_RING_RX)
+ skb_free_frag(desc->addr);
+ else if (id == NETSEC_RING_TX)
+ dev_kfree_skb(desc->skb);
}
memset(dring->desc, 0, sizeof(struct netsec_desc) * DESC_NUM);
@@ -953,50 +928,96 @@ static void netsec_free_dring(struct netsec_priv *priv, int id)
dring->desc = NULL;
}
+static void *netsec_alloc_rx_data(struct netsec_priv *priv,
+ dma_addr_t *dma_handle, u16 *desc_len)
+{
+ size_t len = priv->ndev->mtu + ETH_HLEN + VLAN_HLEN * 2 + NET_SKB_PAD +
+ NET_IP_ALIGN;
+ dma_addr_t mapping;
+ void *buf;
+
+ len = SKB_DATA_ALIGN(len);
+ len += SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
+
+ buf = napi_alloc_frag(len);
+ if (!buf)
+ return NULL;
+
+ mapping = dma_map_single(priv->dev, buf, len, DMA_FROM_DEVICE);
+ if (unlikely(dma_mapping_error(priv->dev, mapping)))
+ goto err_out;
+
+ *dma_handle = mapping;
+ *desc_len = len;
+
+ return buf;
+
+err_out:
+ skb_free_frag(buf);
+ return NULL;
+}
+
+static void netsec_rx_fill(struct netsec_priv *priv, u16 from, u16 num)
+{
+ struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
+ u16 idx = from;
+
+ while (num) {
+ netsec_set_rx_de(priv, dring, idx, &dring->desc[idx]);
+ idx++;
+ if (idx >= DESC_NUM)
+ idx = 0;
+ num--;
+ }
+}
+
static int netsec_alloc_dring(struct netsec_priv *priv, enum ring_id id)
{
struct netsec_desc_ring *dring = &priv->desc_ring[id];
- int ret = 0;
dring->vaddr = dma_zalloc_coherent(priv->dev, DESC_SZ * DESC_NUM,
&dring->desc_dma, GFP_KERNEL);
- if (!dring->vaddr) {
- ret = -ENOMEM;
+ if (!dring->vaddr)
goto err;
- }
dring->desc = kcalloc(DESC_NUM, sizeof(*dring->desc), GFP_KERNEL);
- if (!dring->desc) {
- ret = -ENOMEM;
+ if (!dring->desc)
goto err;
- }
return 0;
err:
netsec_free_dring(priv, id);
- return ret;
+ return -ENOMEM;
}
static int netsec_setup_rx_dring(struct netsec_priv *priv)
{
struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
- struct netsec_desc desc;
- struct sk_buff *skb;
- int n;
+ int i;
- desc.len = priv->ndev->mtu + 22;
+ for (i = 0; i < DESC_NUM; i++) {
+ struct netsec_desc *desc = &dring->desc[i];
+ dma_addr_t dma_handle;
+ void *buf;
+ u16 len;
- for (n = 0; n < DESC_NUM; n++) {
- skb = netsec_alloc_skb(priv, &desc);
- if (!skb) {
+ buf = netsec_alloc_rx_data(priv, &dma_handle, &len);
+ if (!buf) {
netsec_uninit_pkt_dring(priv, NETSEC_RING_RX);
- return -ENOMEM;
+ goto err_out;
}
- netsec_set_rx_de(priv, dring, n, &desc, skb);
+ desc->dma_addr = dma_handle;
+ desc->addr = buf;
+ desc->len = len;
}
+ netsec_rx_fill(priv, 0, DESC_NUM);
+
return 0;
+
+err_out:
+ return -ENOMEM;
}
static int netsec_netdev_load_ucode_region(struct netsec_priv *priv, u32 reg,
--
2.7.4
^ permalink raw reply related
* [net-next, PATCH 2/2, v1] net: socionext: add AF_XDP support
From: Ilias Apalodimas @ 2018-09-10 8:24 UTC (permalink / raw)
To: netdev, jaswinder.singh
Cc: ard.biesheuvel, masami.hiramatsu, arnd, mykyta.iziumtsev,
bjorn.topel, magnus.karlsson, Ilias Apalodimas
In-Reply-To: <1536567880-15097-1-git-send-email-ilias.apalodimas@linaro.org>
Add basic AF_XDP support without zero-copy
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
drivers/net/ethernet/socionext/netsec.c | 211 ++++++++++++++++++++++++++++++--
1 file changed, 202 insertions(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/socionext/netsec.c b/drivers/net/ethernet/socionext/netsec.c
index 666fee2..7464ca6 100644
--- a/drivers/net/ethernet/socionext/netsec.c
+++ b/drivers/net/ethernet/socionext/netsec.c
@@ -9,6 +9,8 @@
#include <linux/etherdevice.h>
#include <linux/interrupt.h>
#include <linux/io.h>
+#include <linux/bpf.h>
+#include <linux/bpf_trace.h>
#include <net/tcp.h>
#include <net/ip6_checksum.h>
@@ -238,6 +240,11 @@
#define NETSEC_F_NETSEC_VER_MAJOR_NUM(x) ((x) & 0xffff0000)
+#define NETSEC_XDP_PASS 0
+#define NETSEC_XDP_CONSUMED BIT(0)
+#define NETSEC_XDP_TX BIT(1)
+#define NETSEC_XDP_REDIR BIT(2)
+
enum ring_id {
NETSEC_RING_TX = 0,
NETSEC_RING_RX
@@ -256,11 +263,13 @@ struct netsec_desc_ring {
void *vaddr;
u16 pkt_cnt;
u16 head, tail;
+ struct xdp_rxq_info xdp_rxq;
};
struct netsec_priv {
struct netsec_desc_ring desc_ring[NETSEC_RING_MAX];
struct ethtool_coalesce et_coalesce;
+ struct bpf_prog *xdp_prog;
spinlock_t reglock; /* protect reg access */
struct napi_struct napi;
phy_interface_t phy_interface;
@@ -297,6 +306,8 @@ struct netsec_rx_pkt_info {
};
static void netsec_rx_fill(struct netsec_priv *priv, u16 from, u16 num);
+static u32 netsec_run_xdp(struct netsec_desc *desc, struct netsec_priv *priv,
+ struct bpf_prog *prog, u16 len);
static void *netsec_alloc_rx_data(struct netsec_priv *priv,
dma_addr_t *dma_addr, u16 *len);
@@ -613,13 +624,23 @@ static int netsec_clean_tx_dring(struct netsec_priv *priv, int budget)
eop = (entry->attr >> NETSEC_TX_LAST) & 1;
- dma_unmap_single(priv->dev, desc->dma_addr, desc->len,
- DMA_TO_DEVICE);
- if (eop) {
- pkts++;
+ if (desc->skb) {
+ dma_unmap_single(priv->dev, desc->dma_addr, desc->len,
+ DMA_TO_DEVICE);
+ }
+
+ if (!eop) {
+ *desc = (struct netsec_desc){};
+ continue;
+ }
+
+ if (!desc->skb) {
+ skb_free_frag(desc->addr);
+ } else {
bytes += desc->skb->len;
dev_kfree_skb(desc->skb);
}
+ pkts++;
*desc = (struct netsec_desc){};
}
dring->pkt_cnt -= budget;
@@ -659,8 +680,11 @@ static void nsetsec_adv_desc(u16 *idx)
static int netsec_process_rx(struct netsec_priv *priv, int budget)
{
struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
+ struct bpf_prog *xdp_prog = READ_ONCE(priv->xdp_prog);
struct net_device *ndev = priv->ndev;
- struct sk_buff *skb;
+ struct sk_buff *skb = NULL;
+ u32 xdp_flush = 0;
+ u32 xdp_result;
int done = 0;
while (done < budget) {
@@ -707,6 +731,26 @@ static int netsec_process_rx(struct netsec_priv *priv, int budget)
if (unlikely(!buf_addr))
break;
+ if (xdp_prog) {
+ xdp_result = netsec_run_xdp(desc, priv, xdp_prog,
+ pkt_len);
+ if (xdp_result != NETSEC_XDP_PASS) {
+ xdp_flush |= xdp_result & NETSEC_XDP_REDIR;
+
+ dma_unmap_single_attrs(priv->dev,
+ desc->dma_addr,
+ desc->len, DMA_TO_DEVICE,
+ DMA_ATTR_SKIP_CPU_SYNC);
+
+ desc->len = desc_len;
+ desc->dma_addr = dma_handle;
+ desc->addr = buf_addr;
+ netsec_rx_fill(priv, idx, 1);
+ nsetsec_adv_desc(&dring->tail);
+ }
+ continue;
+ }
+
skb = build_skb(desc->addr, desc->len);
if (unlikely(!skb)) {
dma_unmap_single(priv->dev, dma_handle, desc_len,
@@ -740,6 +784,9 @@ static int netsec_process_rx(struct netsec_priv *priv, int budget)
nsetsec_adv_desc(&dring->tail);
}
+ if (xdp_flush & NETSEC_XDP_REDIR)
+ xdp_do_flush_map();
+
return done;
}
@@ -892,6 +939,9 @@ static void netsec_uninit_pkt_dring(struct netsec_priv *priv, int id)
if (!dring->vaddr || !dring->desc)
return;
+ if (xdp_rxq_info_is_reg(&dring->xdp_rxq))
+ xdp_rxq_info_unreg(&dring->xdp_rxq);
+
for (idx = 0; idx < DESC_NUM; idx++) {
desc = &dring->desc[idx];
if (!desc->addr)
@@ -994,7 +1044,7 @@ static int netsec_alloc_dring(struct netsec_priv *priv, enum ring_id id)
static int netsec_setup_rx_dring(struct netsec_priv *priv)
{
struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
- int i;
+ int i, err;
for (i = 0; i < DESC_NUM; i++) {
struct netsec_desc *desc = &dring->desc[i];
@@ -1003,20 +1053,29 @@ static int netsec_setup_rx_dring(struct netsec_priv *priv)
u16 len;
buf = netsec_alloc_rx_data(priv, &dma_handle, &len);
- if (!buf) {
- netsec_uninit_pkt_dring(priv, NETSEC_RING_RX);
+ if (!buf)
goto err_out;
- }
desc->dma_addr = dma_handle;
desc->addr = buf;
desc->len = len;
}
netsec_rx_fill(priv, 0, DESC_NUM);
+ err = xdp_rxq_info_reg(&dring->xdp_rxq, priv->ndev, 0);
+ if (err)
+ goto err_out;
+
+ err = xdp_rxq_info_reg_mem_model(&dring->xdp_rxq, MEM_TYPE_PAGE_SHARED,
+ NULL);
+ if (err) {
+ xdp_rxq_info_unreg(&dring->xdp_rxq);
+ goto err_out;
+ }
return 0;
err_out:
+ netsec_uninit_pkt_dring(priv, NETSEC_RING_RX);
return -ENOMEM;
}
@@ -1353,6 +1412,9 @@ static int netsec_netdev_stop(struct net_device *ndev)
napi_disable(&priv->napi);
+ if (priv->xdp_prog)
+ bpf_prog_put(priv->xdp_prog);
+
netsec_write(priv, NETSEC_REG_INTEN_CLR, ~0);
netsec_stop_gmac(priv);
@@ -1420,6 +1482,136 @@ static int netsec_netdev_ioctl(struct net_device *ndev, struct ifreq *ifr,
return phy_mii_ioctl(ndev->phydev, ifr, cmd);
}
+static u32 netsec_xmit_xdp(struct netsec_priv *priv, struct xdp_buff *xdp,
+ struct netsec_desc *rx_desc)
+{
+ struct netsec_desc_ring *tx_ring = &priv->desc_ring[NETSEC_RING_TX];
+ struct netsec_tx_pkt_ctrl tx_ctrl = {};
+ struct netsec_desc tx_desc;
+ int filled;
+ u32 len;
+
+ len = xdp->data_end - xdp->data;
+
+ if (tx_ring->head >= tx_ring->tail)
+ filled = tx_ring->head - tx_ring->tail;
+ else
+ filled = tx_ring->head + DESC_NUM - tx_ring->tail;
+
+ if (DESC_NUM - filled <= 1)
+ return NETSEC_XDP_CONSUMED;
+
+ dma_sync_single_for_device(priv->dev, rx_desc->dma_addr, len,
+ DMA_TO_DEVICE);
+
+ tx_desc.dma_addr = rx_desc->dma_addr;
+ tx_desc.addr = xdp->data;
+ tx_desc.len = len;
+
+ netsec_set_tx_de(priv, tx_ring, &tx_ctrl, &tx_desc, NULL);
+ netsec_write(priv, NETSEC_REG_NRM_TX_PKTCNT, 1); /* submit another tx */
+
+ return NETSEC_XDP_TX;
+}
+
+static u32 netsec_run_xdp(struct netsec_desc *desc, struct netsec_priv *priv,
+ struct bpf_prog *prog, u16 len)
+
+{
+ struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
+ struct xdp_buff xdp;
+ u32 ret = NETSEC_XDP_PASS;
+ int err;
+ u32 act;
+
+ xdp.data_hard_start = desc->addr;
+ xdp.data = desc->addr;
+ xdp_set_data_meta_invalid(&xdp);
+ xdp.data_end = xdp.data + len;
+ xdp.rxq = &dring->xdp_rxq;
+
+ rcu_read_lock();
+ act = bpf_prog_run_xdp(prog, &xdp);
+
+ switch (act) {
+ case XDP_PASS:
+ ret = NETSEC_XDP_PASS;
+ break;
+ case XDP_TX:
+ ret = netsec_xmit_xdp(priv, &xdp, desc);
+ break;
+ case XDP_REDIRECT:
+ err = xdp_do_redirect(priv->ndev, &xdp, prog);
+ if (!err) {
+ ret = NETSEC_XDP_REDIR;
+ } else {
+ ret = NETSEC_XDP_CONSUMED;
+ xdp_return_buff(&xdp);
+ }
+ break;
+ default:
+ bpf_warn_invalid_xdp_action(act);
+ /* fall through */
+ case XDP_ABORTED:
+ trace_xdp_exception(priv->ndev, prog, act);
+ /* fall through -- handle aborts by dropping packet */
+ case XDP_DROP:
+ ret = NETSEC_XDP_CONSUMED;
+ break;
+ }
+
+ rcu_read_unlock();
+
+ return ret;
+}
+
+static int netsec_xdp_setup(struct netsec_priv *priv, struct bpf_prog *prog)
+{
+ struct net_device *dev = priv->ndev;
+ struct bpf_prog *old_prog;
+
+ /* For now just support only the usual MTU sized frames */
+ if (prog && dev->mtu > 1500) {
+ netdev_warn(dev, "Jumbo frames not yet supported with XDP\n");
+ return -EOPNOTSUPP;
+ }
+
+ if (netif_running(dev))
+ netsec_netdev_stop(dev);
+
+ /* Detach old prog, if any */
+ old_prog = xchg(&priv->xdp_prog, prog);
+ if (old_prog)
+ bpf_prog_put(old_prog);
+
+ if (priv->xdp_prog) {
+ /* Attach BPF program */
+ priv->xdp_prog = bpf_prog_add(priv->xdp_prog, 1);
+ if (IS_ERR(priv->xdp_prog))
+ return PTR_ERR(priv->xdp_prog);
+ }
+
+ if (netif_running(dev))
+ netsec_netdev_open(dev);
+
+ return 0;
+}
+
+static int netsec_xdp(struct net_device *ndev, struct netdev_bpf *xdp)
+{
+ struct netsec_priv *priv = netdev_priv(ndev);
+
+ switch (xdp->command) {
+ case XDP_SETUP_PROG:
+ return netsec_xdp_setup(priv, xdp->prog);
+ case XDP_QUERY_PROG:
+ xdp->prog_id = priv->xdp_prog ? priv->xdp_prog->aux->id : 0;
+ return 0;
+ default:
+ return -EINVAL;
+ }
+}
+
static const struct net_device_ops netsec_netdev_ops = {
.ndo_init = netsec_netdev_init,
.ndo_uninit = netsec_netdev_uninit,
@@ -1430,6 +1622,7 @@ static const struct net_device_ops netsec_netdev_ops = {
.ndo_set_mac_address = eth_mac_addr,
.ndo_validate_addr = eth_validate_addr,
.ndo_do_ioctl = netsec_netdev_ioctl,
+ .ndo_bpf = netsec_xdp,
};
static int netsec_of_probe(struct platform_device *pdev,
--
2.7.4
^ permalink raw reply related
* Re: Allow bpf_perf_event_output to access packet data
From: Jakub Kicinski @ 2018-09-10 8:26 UTC (permalink / raw)
To: Lorenz Bauer; +Cc: netdev
In-Reply-To: <CACAyw98SbTciw9n5=ANSQNgFc9hD41=Az2qxLnGBE3YdDMMvUQ@mail.gmail.com>
On Fri, 7 Sep 2018 15:56:15 +0100, Lorenz Bauer wrote:
> Hello list,
>
> I'm attempting to use bpf_perf_event_output to do packet sampling from XDP.
>
> The code basically runs before our other XDP code, does a
> perf_event_output with the full packet (for now) and then tail calls
> into DDoS mitigation, etc.
>
> I've just discovered that perf_event_output isn't allowed to access
> packet data by the verifier. Is this something that could be allowed?
Hi Lorenz!
The amount of packet data to output is controlled by high bits of the
"flags" parameter. This is a trivial sample:
struct bpf_map_def SEC("maps") pa = {
.type = BPF_MAP_TYPE_PERF_EVENT_ARRAY,
.key_size = sizeof(int),
.value_size = sizeof(int),
.max_entries = 64,
};
int xdp_prog1(struct xdp_md *xdp)
{
int key = 0;
bpf_perf_event_output(xdp, &pa, 0x20ffffffffULL, &key, 0);
return XDP_PASS;
}
The 0x20ffffffffULL will mean use the index in the map for current CPU
(0xffffffff), and output 32 bytes of the context (0x20 << 32). For
networking programs context means the packet (slightly confusingly).
These are the relevant defines from bpf.h:
/* BPF_FUNC_perf_event_output, BPF_FUNC_perf_event_read and
* BPF_FUNC_perf_event_read_value flags.
*/
#define BPF_F_INDEX_MASK 0xffffffffULL
#define BPF_F_CURRENT_CPU BPF_F_INDEX_MASK
/* BPF_FUNC_perf_event_output for sk_buff input context. */
#define BPF_F_CTXLEN_MASK (0xfffffULL << 32)
Also check out:
bpftool map event_pipe id $ID
For simple way to dump the events in user space.
^ permalink raw reply
* KASAN: use-after-free Write in rb_erase
From: syzbot @ 2018-09-10 8:30 UTC (permalink / raw)
To: ast, daniel, linux-kernel, netdev, syzkaller-bugs
Hello,
syzbot found the following crash on:
HEAD commit: 7a8c7f5c30f9 net: dsa: b53: Fix build with B53_SRAB enable..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17b19e49400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=83e25da873f2a81c5e3c
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+83e25da873f2a81c5e3c@syzkaller.appspotmail.com
syz-executor4 (7549) used greatest stack depth: 16104 bytes left
==================================================================
BUG: KASAN: use-after-free in __rb_erase_augmented
include/linux/rbtree_augmented.h:188 [inline]
BUG: KASAN: use-after-free in rb_erase+0x26d0/0x3710 lib/rbtree.c:459
Write of size 8 at addr ffff8801c2a5aaf0 by task syz-executor5/7453
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
__asan_report_store8_noabort+0x17/0x20 mm/kasan/report.c:438
__rb_erase_augmented include/linux/rbtree_augmented.h:188 [inline]
rb_erase+0x26d0/0x3710 lib/rbtree.c:459
__lt_erase include/linux/rbtree_latch.h:102 [inline]
latch_tree_erase include/linux/rbtree_latch.h:176 [inline]
bpf_prog_ksym_node_del kernel/bpf/core.c:466 [inline]
bpf_prog_kallsyms_del+0x1c2/0x410 kernel/bpf/core.c:498
bpf_prog_kallsyms_del_all+0x1d/0x20 kernel/bpf/core.c:364
__bpf_prog_put+0xd7/0x150 kernel/bpf/syscall.c:1105
bpf_prog_put kernel/bpf/syscall.c:1113 [inline]
bpf_prog_test_run+0x145/0x1a0 kernel/bpf/syscall.c:1754
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a066dd0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a066f48 R08: ffff8801cce982c0 R09: ffffed003b5a4732
R10: ffffed003b5a4732 R11: ffff8801dad23993 R12: 1ffff1003340cddc
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#2] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a066678 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a0667f0 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340ccf1
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#3] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a065f18 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a066090 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340cc05
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#4] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a0657b8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a065930 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340cb19
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#5] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a065058 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a0651d0 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340ca2d
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#6] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a0648f8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a064a70 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c941
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#7] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a064198 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a064310 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c855
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#8] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a063a38 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a063bb0 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c769
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#9] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a0632d8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a063450 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c67d
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#10] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a062b78 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a062cf0 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c591
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#11] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a062418 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a062590 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c4a5
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#12] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a061cb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a061e30 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c3b9
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Oops: 0000 [#13] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a061558 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a0616d0 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c2cd
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#14] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a060df8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a060f70 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c1e1
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#15] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a060698 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a060810 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340c0f5
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
------------[ cut here ]------------
kernel BUG at mm/slab.c:4421!
invalid opcode: 0000 [#16] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__check_heap_object+0xa7/0xb5 mm/slab.c:4446
Code: 48 c7 c7 15 75 25 89 e8 97 83 0a 00 5d c3 41 8b 91 04 01 00 00 48 29
c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7
15 75 25 89 e8 fd 8b 0a 00 44 89 e9 48 c7 c7 d0 75
RSP: 0018:ffff88019a05f3f0 EFLAGS: 00010046
RAX: 0000000000000001 RBX: 1ffff1003340be85 RCX: 000000000000000c
RDX: ffff88019a05e380 RSI: 0000000000000002 RDI: ffff88019a05f598
RBP: ffff88019a05f3f0 R08: ffff8801cce982c0 R09: ffff8801da972d80
R10: 0000000000000ff7 R11: 0000000000000000 R12: ffff88019a05f598
R13: 0000000000000002 R14: ffffea0006681780 R15: 0000000000000001
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001930030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49ae067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#17] PREEMPT SMP KASAN
CPU: 1 PID: 7453 Comm: syz-executor5 Not tainted 4.19.0-rc2+ #209
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a05ee68 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a05efe0 R08: ffff8801cce982c0 R09: 0000000000000001
R10: ffffed003b5a4732 R11: 0000000000000000 R12: 1ffff1003340bdef
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
CR2: ffffc90001930030
---[ end trace 90699f7c967c99ef ]---
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff88019a066dd0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801c2a5ab08 RCX: ffffffff818b41d1
RDX: 1ffff92000326006 RSI: 0000000000000008 RDI: ffffc90001930002
RBP: ffff88019a066f48 R08: ffff8801cce982c0 R09: ffffed003b5a4732
R10: ffffed003b5a4732 R11: ffff8801dad23993 R12: 1ffff1003340cddc
R13: ffffc90001930000 R14: dffffc0000000000 R15: ffff8801c2a5aaf0
FS: 00007f524d117700(0000) GS:ffff8801dad00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930030 CR3: 00000001d3889000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
^ permalink raw reply
* BUG: unable to handle kernel paging request in bpf_prog_kallsyms_add
From: syzbot @ 2018-09-10 8:31 UTC (permalink / raw)
To: ast, daniel, linux-kernel, netdev, syzkaller-bugs
Hello,
syzbot found the following crash on:
HEAD commit: f6f3bac08ff9 tools/bpf: bpftool: add net support
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17940056400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=c827a78260579449ad39
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1611c7e1400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c827a78260579449ad39@syzkaller.appspotmail.com
** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
**********************************************************
BUG: unable to handle kernel paging request at ffffc90001930002
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d49da067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12601 Comm: syz-executor3 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_kallsyms_candidate kernel/bpf/core.c:472 [inline]
RIP: 0010:bpf_prog_kallsyms_add+0xbe/0x9b0 kernel/bpf/core.c:483
Code: d0 31 c0 e8 14 68 f3 ff 49 8d 7c 24 02 48 89 f8 48 89 fa 48 c1 e8 03
83 e2 07 0f b6 04 18 38 d0 7f 08 84 c0 0f 85 39 07 00 00 <41> 0f b6 5c 24
02 31 ff 83 e3 01 89 de e8 b0 68 f3 ff 84 db 0f 84
RSP: 0018:ffff8801bc2af9c0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff818c8b39
RDX: 0000000000000002 RSI: ffffffff818b671c RDI: ffffc90001930002
RBP: ffff8801bc2afb30 R08: ffff8801bf750100 R09: ffffed003b584732
R10: ffffed003b584732 R11: ffff8801dac23993 R12: ffffc90001930000
R13: ffff8801bc2afd18 R14: 0000000000000000 R15: 1ffff10037855f3d
FS: 00007fb5d21c9700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930002 CR3: 00000001bcd1c000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
bpf_prog_load+0x13d1/0x1cb0 kernel/bpf/syscall.c:1442
__do_sys_bpf kernel/bpf/syscall.c:2371 [inline]
__se_sys_bpf kernel/bpf/syscall.c:2333 [inline]
__x64_sys_bpf+0x36c/0x510 kernel/bpf/syscall.c:2333
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb5d21c8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fb5d21c96d4 RCX: 0000000000457099
RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000005
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004cb9c8 R14: 00000000004c335d R15: 0000000000000000
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
CR2: ffffc90001930002
---[ end trace fcb4474011e9b55c ]---
RIP: 0010:bpf_prog_kallsyms_candidate kernel/bpf/core.c:472 [inline]
RIP: 0010:bpf_prog_kallsyms_add+0xbe/0x9b0 kernel/bpf/core.c:483
Code: d0 31 c0 e8 14 68 f3 ff 49 8d 7c 24 02 48 89 f8 48 89 fa 48 c1 e8 03
83 e2 07 0f b6 04 18 38 d0 7f 08 84 c0 0f 85 39 07 00 00 <41> 0f b6 5c 24
02 31 ff 83 e3 01 89 de e8 b0 68 f3 ff 84 db 0f 84
RSP: 0018:ffff8801bc2af9c0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff818c8b39
RDX: 0000000000000002 RSI: ffffffff818b671c RDI: ffffc90001930002
RBP: ffff8801bc2afb30 R08: ffff8801bf750100 R09: ffffed003b584732
R10: ffffed003b584732 R11: ffff8801dac23993 R12: ffffc90001930000
R13: ffff8801bc2afd18 R14: 0000000000000000 R15: 1ffff10037855f3d
FS: 00007fb5d21c9700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001930002 CR3: 00000001bcd1c000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
^ permalink raw reply
* general protection fault in rhashtable_walk_exit
From: syzbot @ 2018-09-10 8:36 UTC (permalink / raw)
To: davem, jon.maloy, linux-kernel, netdev, syzkaller-bugs,
tipc-discussion, ying.xue
Hello,
syzbot found the following crash on:
HEAD commit: f74dd480cf4e r8169: set TxConfig register after TX / RX is..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=1545498e400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=3f8324abccfbf8c74a9f
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3f8324abccfbf8c74a9f@syzkaller.appspotmail.com
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 00000000004d4bc0 R14: 00000000004c910b R15: 0000000000000008
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
kobject: 'loop0' (00000000215195a2): kobject_uevent_env
CPU: 1 PID: 29198 Comm: syz-executor7 Not tainted 4.19.0-rc2+ #89
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:rhashtable_walk_exit+0x74/0x360 lib/rhashtable.c:689
Code: 8e 83 c7 00 f1 f1 f1 f1 c7 40 04 00 f2 f2 f2 65 48 8b 04 25 28 00 00
00 48 89 45 d0 31 c0 e8 13 28 f0 fd 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00
0f 85 e5 01 00 00 48 8b 03 48 8d b8 00 01 00 00 e8
RSP: 0018:ffff8801d7ea70e8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90005071000
RDX: 0000000000040000 RSI: ffffffff838ea71d RDI: 0000000000000000
RBP: ffff8801d7ea7188 R08: ffff8801bd23c400 R09: ffffed0037cde4b6
R10: ffffed0037cde4b6 R11: ffff8801be6f25b3 R12: 1ffff1003afd4e20
R13: dffffc0000000000 R14: ffff8801d7ea7160 R15: dffffc0000000000
FS: 00007fe16cc8f700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32023000 CR3: 00000001ba6b3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
tipc_dump_done+0x34/0x50 net/tipc/socket.c:3295
__tipc_nl_compat_dumpit.isra.11+0x670/0xb30 net/tipc/netlink_compat.c:220
kobject: 'loop0' (00000000215195a2): fill_kobj_path: path
= '/devices/virtual/block/loop0'
tipc_nl_compat_dumpit+0x1f4/0x440 net/tipc/netlink_compat.c:267
tipc_nl_compat_handle net/tipc/netlink_compat.c:1149 [inline]
tipc_nl_compat_recv+0x1078/0x19a0 net/tipc/netlink_compat.c:1207
genl_family_rcv_msg+0x8a9/0x1140 net/netlink/genetlink.c:601
genl_rcv_msg+0xc6/0x168 net/netlink/genetlink.c:626
netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454
genl_rcv+0x28/0x40 net/netlink/genetlink.c:637
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x5a5/0x760 net/netlink/af_netlink.c:1343
netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
__sys_sendmsg+0x11d/0x280 net/socket.c:2152
__do_sys_sendmsg net/socket.c:2161 [inline]
__se_sys_sendmsg net/socket.c:2159 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fe16cc8ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fe16cc8f6d4 RCX: 0000000000457099
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
R13: 00000000004d4bc0 R14: 00000000004c910b R15: 0000000000000008
Modules linked in:
Dumping ftrace buffer:
---------------------------------
syz-exec-8484 1...1 142827802us : 0: u00000000488588c4
syz-exec-8484 1...1 142827812us : 0: u00000000488588c4
syz-exec-8484 1...1 142827818us : 0: u00000000488588c4
syz-exec-8484 1...1 142827824us : 0: u00000000488588c4
syz-exec-8484 1...1 142827831us : 0: u00000000488588c4
syz-exec-8484 1...1 142827837us : 0: u00000000488588c4
syz-exec-8484 1...1 142827842us : 0: u00000000488588c4
syz-exec-8484 1...1 142827848us : 0: u00000000488588c4
syz-exec-8484 1...1 142827853us : 0: u00000000488588c4
syz-exec-8484 1...1 142827858us : 0: u00000000488588c4
syz-exec-8484 1...1 142827863us : 0: u00000000488588c4
syz-exec-8484 1...1 142827869us : 0: u00000000488588c4
syz-exec-8484 1...1 142827874us : 0: u00000000488588c4
syz-exec-8484 1...1 142827879us : 0: u00000000488588c4
syz-exec-8484 1...1 142827884us : 0: u00000000488588c4
syz-exec-8484 1...1 142827889us : 0: u00000000488588c4
syz-exec-8484 1...1 142827893us : 0: u00000000488588c4
syz-exec-8484 1...1 142827898us : 0: u00000000488588c4
syz-exec-8484 1...1 142827903us : 0: u00000000488588c4
syz-exec-8484 1...1 142827907us : 0: u00000000488588c4
syz-exec-8484 1...1 142827911us : 0: u00000000488588c4
syz-exec-8484 1...1 142827916us : 0: u00000000488588c4
syz-exec-8484 1...1 142827921us : 0: u00000000488588c4
syz-exec-8484 1...1 142827926us : 0: u00000000488588c4
syz-exec-8484 1...1 142827931us : 0: u00000000488588c4
syz-exec-8484 1...1 142827936us : 0: u00000000488588c4
syz-exec-8484 1...1 142827941us : 0: u00000000488588c4
syz-exec-8484 1...1 142827946us : 0: u00000000488588c4
syz-exec-8484 1...1 142827951us : 0: u00000000488588c4
syz-exec-8484 1...1 142827956us : 0: u00000000488588c4
syz-exec-8484 1...1 142827961us : 0: u00000000488588c4
syz-exec-8484 1...1 142827966us : 0: u00000000488588c4
syz-exec-8484 1...1 142827971us : 0: u00000000488588c4
syz-exec-8484 1...1 142827977us : 0: u00000000488588c4
syz-exec-8484 1...1 142827982us : 0: u00000000488588c4
syz-exec-8484 1...1 142827987us : 0: u00000000488588c4
syz-exec-8484 1...1 142827991us : 0: u00000000488588c4
syz-exec-8484 1...1 142827996us : 0: u00000000488588c4
syz-exec-8484 1...1 142828001us : 0: u00000000488588c4
syz-exec-8484 1...1 142828006us : 0: u00000000488588c4
syz-exec-8484 1...1 142828011us : 0: u00000000488588c4
syz-exec-8484 1...1 142828016us : 0: u00000000488588c4
syz-exec-8484 1...1 142828021us : 0: u00000000488588c4
syz-exec-8484 1...1 142828027us : 0: u00000000488588c4
syz-exec-8484 1...1 142828033us : 0: u00000000488588c4
syz-exec-8484 1...1 142828037us : 0: u00000000488588c4
syz-exec-8484 1...1 142828043us : 0: u00000000488588c4
syz-exec-8484 1...1 142828048us : 0: u00000000488588c4
syz-exec-8484 1...1 142828054us : 0: u00000000488588c4
syz-exec-8484 1...1 142828059us : 0: u00000000488588c4
syz-exec-8484 1...1 142828065us : 0: u00000000488588c4
syz-exec-8484 1...1 142828070us : 0: u00000000488588c4
syz-exec-8484 1...1 142828076us : 0: u00000000488588c4
syz-exec-8484 1...1 142828081us : 0: u00000000488588c4
syz-exec-8484 1...1 142828086us : 0: u00000000488588c4
syz-exec-8484 1...1 142828091us : 0: u00000000488588c4
syz-exec-8484 1...1 142828096us : 0: u00000000488588c4
syz-exec-8484 1...1 142828102us : 0: u00000000488588c4
syz-exec-8484 1...1 142828107us : 0: u00000000488588c4
syz-exec-8484 1...1 142828112us : 0: u00000000488588c4
syz-exec-8484 1...1 142828117us : 0: u00000000488588c4
syz-exec-8484 1...1 142828122us : 0: u00000000488588c4
syz-exec-8484 1...1 142828127us : 0: u00000000488588c4
syz-exec-8484 1...1 142828132us : 0: u00000000488588c4
syz-exec-8484 1...1 142828137us : 0: u00000000488588c4
syz-exec-8484 1...1 142828141us : 0: u00000000488588c4
syz-exec-8484 1...1 142828146us : 0: u00000000488588c4
syz-exec-8484 1...1 142828151us : 0: u00000000488588c4
syz-exec-8484 1...1 142828180us : 0: u00000000488588c4
syz-exec-8484 1...1 142828189us : 0: u00000000488588c4
syz-exec-8484 1...1 142828194us : 0: u00000000488588c4
syz-exec-8484 1...1 142828200us : 0: u00000000488588c4
syz-exec-8484 1...1 142828206us : 0: u00000000488588c4
syz-exec-8484 1...1 142828212us : 0: u00000000488588c4
syz-exec-8484 1...1 142828217us : 0: u00000000488588c4
syz-exec-8484 1...1 142828222us : 0: u00000000488588c4
syz-exec-8484 1...1 142828228us : 0: u00000000488588c4
syz-exec-8484 1...1 142828235us : 0: u00000000488588c4
syz-exec-8484 1...1 142828242us : 0: u00000000488588c4
syz-exec-8484 1...1 142828247us : 0: u00000000488588c4
syz-exec-8484 1...1 142828254us : 0: u00000000488588c4
syz-exec-8484 1...1 142828260us : 0: u00000000488588c4
syz-exec-8484 1...1 142828265us : 0: u00000000488588c4
syz-exec-8484 1...1 142828272us : 0: u00000000488588c4
syz-exec-8484 1...1 142828277us : 0: u00000000488588c4
syz-exec-8484 1...1 142828283us : 0: u00000000488588c4
syz-exec-8484 1...1 142828288us : 0: u00000000488588c4
syz-exec-8484 1...1 142828294us : 0: u00000000488588c4
syz-exec-8484 1...1 142828299us : 0: u00000000488588c4
syz-exec-8484 1...1 142828305us : 0: u00000000488588c4
syz-exec-8484 1...1 142828310us : 0: u00000000488588c4
syz-exec-8484 1...1 142828316us : 0: u00000000488588c4
syz-exec-8484 1...1 142828321us : 0: u00000000488588c4
syz-exec-8484 1...1 142828326us : 0: u00000000488588c4
syz-exec-8484 1...1 142828331us : 0: u00000000488588c4
syz-exec-8484 1...1 142828336us : 0: u00000000488588c4
syz-exec-8484 1...1 142828341us : 0: u00000000488588c4
syz-exec-8484 1...1 142828346us : 0: u00000000488588c4
syz-exec-8484 1...1 142828352us : 0: u00000000488588c4
syz-exec-8484 1...1 142828357us : 0: u00000000488588c4
syz-exec-8484 1...1 142828362us : 0: u00000000488588c4
syz-exec-8484 1...1 142828370us : 0: u00000000488588c4
syz-exec-8484 1...1 142828375us : 0: u00000000488588c4
syz-exec-8484 1...1 142828381us : 0: u00000000488588c4
syz-exec-8484 1...1 142828386us : 0: u00000000488588c4
syz-exec-8484 1...1 142828391us : 0: u00000000488588c4
syz-exec-8484 1...1 142828396us : 0: u00000000488588c4
syz-exec-8484 1...1 142828401us : 0: u00000000488588c4
syz-exec-8484 1...1 142828406us : 0: u00000000488588c4
syz-exec-8484 1...1 142828411us : 0: u00000000488588c4
syz-exec-8484 1...1 142828416us : 0: u00000000488588c4
syz-exec-8484 1...1 142828421us : 0: u00000000488588c4
syz-exec-8484 1...1 142828427us : 0: u00000000488588c4
syz-exec-8484 1...1 142828432us : 0: u00000000488588c4
syz-exec-8484 1...1 142828437us : 0: u00000000488588c4
syz-exec-8484 1...1 142828442us : 0: u00000000488588c4
syz-exec-8484 1...1 142828447us : 0: u00000000488588c4
syz-exec-8484 1...1 142828459us : 0: u00000000488588c4
syz-exec-8484 1...1 142828464us : 0: u00000000488588c4
syz-exec-8484 1...1 142828469us : 0: u00000000488588c4
syz-exec-8484 1...1 142828474us : 0: u00000000488588c4
syz-exec-8484 1...1 142828480us : 0: u00000000488588c4
syz-exec-8484 1...1 142828485us : 0: u00000000488588c4
syz-exec-8484 1...1 142828490us : 0: u00000000488588c4
syz-exec-8484 1...1 142828495us : 0: u00000000488588c4
syz-exec-8484 1...1 142828500us : 0: u00000000488588c4
syz-exec-8484 1...1 142828505us : 0: u00000000488588c4
syz-exec-8484 1...1 142828511us : 0: u00000000488588c4
syz-exec-8484 1...1 142828516us : 0: u00000000488588c4
syz-exec-8484 1...1 142828521us : 0: u00000000488588c4
syz-exec-8484 1...1 142828526us : 0: u00000000488588c4
syz-exec-8484 1...1 142828531us : 0: u00000000488588c4
syz-exec-8484 1...1 142828536us : 0: u00000000488588c4
syz-exec-8484 1...1 142828542us : 0: u00000000488588c4
syz-exec-8484 1...1 142828547us : 0: u00000000488588c4
syz-exec-8484 1...1 142828552us : 0: u00000000488588c4
syz-exec-8484 1...1 142828557us : 0: u00000000488588c4
syz-exec-8484 1...1 142828562us : 0: u00000000488588c4
syz-exec-8484 1...1 142828567us : 0: u00000000488588c4
syz-exec-8484 1...1 142828572us : 0: u00000000488588c4
syz-exec-8484 1...1 142828577us : 0: u00000000488588c4
syz-exec-8484 1...1 142828582us : 0: u00000000488588c4
syz-exec-8484 1...1 142828587us : 0: u00000000488588c4
syz-exec-8484 1...1 142828593us : 0: u00000000488588c4
syz-exec-8484 1...1 142828598us : 0: u00000000488588c4
syz-exec-8484 1...1 142828603us : 0: u00000000488588c4
syz-exec-8484 1...1 142828608us : 0: u00000000488588c4
syz-exec-8484 1...1 142828613us : 0: u00000000488588c4
syz-exec-8484 1...1 142828618us : 0: u00000000488588c4
syz-exec-8484 1...1 142828624us : 0: u00000000488588c4
syz-exec-8484 1...1 142828629us : 0: u00000000488588c4
syz-exec-8484 1...1 142828634us : 0: u00000000488588c4
syz-exec-8484 1...1 142828640us : 0: u00000000488588c4
syz-exec-8484 1...1 142828645us : 0: u00000000488588c4
syz-exec-8484 1...1 142828650us : 0: u00000000488588c4
syz-exec-8484 1...1 142828655us : 0: u00000000488588c4
syz-exec-8484 1...1 142828660us : 0: u00000000488588c4
syz-exec-8484 1...1 142828665us : 0: u00000000488588c4
syz-exec-8484 1...1 142828670us : 0: u00000000488588c4
syz-exec-8484 1...1 142828676us : 0: u00000000488588c4
syz-exec-8484 1...1 142828690us : 0: u00000000488588c4
syz-exec-8484 1...1 142828696us : 0: u00000000488588c4
syz-exec-8484 1...1 142828701us : 0: u00000000488588c4
syz-exec-8484 1...1 142828707us : 0: u00000000488588c4
syz-exec-8484 1...1 142828713us : 0: u00000000488588c4
syz-exec-8484 1...1 142828719us : 0: u00000000488588c4
syz-exec-8484 1...1 142828725us : 0: u00000000488588c4
syz-exec-8484 1...1 142828730us : 0: u00000000488588c4
syz-exec-8484 1...1 142828736us : 0: u00000000488588c4
syz-exec-8484 1...1 142828741us : 0: u00000000488588c4
syz-exec-8484 1...1 142828747us : 0: u00000000488588c4
syz-exec-8484 1...1 142828753us : 0: u00000000488588c4
syz-exec-8484 1...1 142828759us : 0: u00000000488588c4
syz-exec-8484 1...1 142828765us : 0: u00000000488588c4
syz-exec-8484 1...1 142828770us : 0: u00000000488588c4
syz-exec-8484 1...1 142828776us : 0: u00000000488588c4
syz-exec-8484 1...1 142828781us : 0: u00000000488588c4
syz-exec-8484 1...1 142828787us : 0: u00000000488588c4
syz-exec-8484 1...1 142828792us : 0: u00000000488588c4
syz-exec-8484 1...1 142828797us : 0: u00000000488588c4
syz-exec-8484 1...1 142828802us : 0: u00000000488588c4
syz-exec-8484 1...1 142828807us : 0: u00000000488588c4
syz-exec-8484 1.N.1 142828853us : 0: u00000000488588c4
syz-exec-8484 1...1 142828906us : 0: u00000000488588c4
syz-exec-8484 1...1 142828912us : 0: u00000000488588c4
syz-exec-8484 1...1 142828918us : 0: u00000000488588c4
syz-exec-8484 1...1 142828923us : 0: u00000000488588c4
syz-exec-8484 1...1 142828929us : 0: u00000000488588c4
syz-exec-8484 1...1 142828934us : 0: u00000000488588c4
syz-exec-8484 1...1 142828940us : 0: u00000000488588c4
syz-exec-8484 1...1 142828945us : 0: u00000000488588c4
syz-exec-8484 1...1 142828950us : 0: u00000000488588c4
syz-exec-8484 1...1 142828956us : 0: u00000000488588c4
syz-exec-8484 1...1 142828961us : 0: u00000000488588c4
syz-exec-8484 1...1 142828967us : 0: u00000000488588c4
syz-exec-8484 1...1 142828972us : 0: u00000000488588c4
syz-exec-8484 1...1 142828978us : 0: u00000000488588c4
syz-exec-8484 1...1 142828983us : 0: u00000000488588c4
syz-exec-8484 1...1 142828993us : 0: u00000000488588c4
syz-exec-8484 1...1 142829004us : 0: u00000000488588c4
syz-exec-8484 1...1 142829010us : 0: u00000000488588c4
syz-exec-8484 1...1 142829015us : 0: u00000000488588c4
syz-exec-8484 1...1 142829020us : 0: u00000000488588c4
syz-exec-8484 1...1 142829027us : 0: u00000000488588c4
syz-exec-8484 1...1 142829033us : 0: u00000000488588c4
syz-exec-8484 1...1 142829039us : 0: u00000000488588c4
syz-exec-8484 1...1 142829044us : 0: u00000000488588c4
syz-exec-8484 1...1 142829049us : 0: u00000000488588c4
syz-exec-8484 1...1 142829054us : 0: u00000000488588c4
syz-exec-8484 1...1 142829059us : 0: u00000000488588c4
syz-exec-8484 1...1 142829065us : 0: u00000000488588c4
syz-exec-8484 1...1 142829070us : 0: u00000000488588c4
syz-exec-8484 1...1 142829075us : 0: u00000000488588c4
syz-exec-8484 1...1 142829080us : 0: u00000000488588c4
syz-exec-8484 1...1 142829085us : 0: u00000000488588c4
syz-exec-8484 1...1 142829090us : 0: u00000000488588c4
syz-exec-8484 1...1 142829095us : 0: u00000000488588c4
syz-exec-8484 1...1 142829110us : 0: u00000000488588c4
syz-exec-8484 1...1 142829116us : 0: u00000000488588c4
syz-exec-8484 1...1 142829123us : 0: u00000000488588c4
syz-exec-8484 1...1 142829128us : 0: u00000000488588c4
syz-exec-8484 1...1 142829133us : 0: u00000000488588c4
syz-exec-8484 1...1 142829139us : 0: u00000000488588c4
syz-exec-8484 1...1 142829144us : 0: u00000000488588c4
syz-exec-8484 1...1 142829150us : 0: u00000000488588c4
syz-exec-8484 1...1 142829155us : 0: u00000000488588c4
syz-exec-8484 1...1 142829174us : 0: u00000000488588c4
syz-exec-8484 1...1 142829181us : 0: u00000000488588c4
syz-exec-8484 1...1 142829188us : 0: u00000000488588c4
syz-exec-8484 1...1 142829205us : 0: u00000000488588c4
syz-exec-8484 1...1 142829210us : 0: u00000000488588c4
syz-exec-8484 1...1 142829215us : 0: u00000000488588c4
syz-exec-8484 1...1 142829221us : 0: u00000000488588c4
syz-exec-8484 1...1 142829228us : 0: u00000000488588c4
syz-exec-8484 1...1 142829235us : 0: u00000000488588c4
syz-exec-8484 1...1 142829240us : 0: u00000000488588c4
syz-exec-8484 1...1 142829246us : 0: u00000000488588c4
syz-exec-8484 1...1 142829251us : 0: u00000000488588c4
syz-exec-8484 1...1 142829257us : 0: u00000000488588c4
syz-exec-8484 1...1 142829263us : 0: u00000000488588c4
syz-exec-8484 1...1 142829270us : 0: u00000000488588c4
syz-exec-8484 1...1 142829275us : 0: u00000000488588c4
syz-exec-8484 1...1 142829281us : 0: u00000000488588c4
syz-exec-8484 1...1 142829287us : 0: u00000000488588c4
syz-exec-8484 1...1 142829292us : 0: u00000000488588c4
syz-exec-8484 1...1 142829310us : 0: u00000000488588c4
syz-exec-8484 1...1 142829317us : 0: u00000000488588c4
syz-exec-8484 1...1 142829323us : 0: u00000000488588c4
syz-exec-8484 1...1 142829329us : 0: u00000000488588c4
syz-exec-8484 1...1 142829335us : 0: u00000000488588c4
syz-exec-8484 1...1 142829341us : 0: u00000000488588c4
syz-exec-8484 1...1 142829346us : 0: u00000000488588c4
syz-exec-8484 1...1 142829353us : 0: u00000000488588c4
syz-exec-8484 1...1 142829358us : 0: u00000000488588c4
syz-exec-8484 1...1 142829365us : 0: u00000000488588c4
syz-exec-8484 1...1 142829371us : 0: u00000000488588c4
syz-exec-8484 1...1 142829377us : 0: u00000000488588c4
syz-exec-8484 1...1 142829383us : 0: u00000000488588c4
syz-exec-8484 1...1 142829389us : 0: u00000000488588c4
syz-exec-8484 1...1 142829395us : 0: u00000000488588c4
syz-exec-8484 1...1 142829401us : 0: u00000000488588c4
syz-exec-8484 1...1 142829407us : 0: u00000000488588c4
syz-exec-8484 1...1 142829413us : 0: u00000000488588c4
syz-exec-8484 1...1 142829419us : 0: u00000000488588c4
syz-exec-8484 1...1 142829425us : 0: u00000000488588c4
syz-exec-8484 1...1 142829431us : 0: u00000000488588c4
syz-exec-8484 1...1 142829438us : 0: u00000000488588c4
syz-exec-8484 1...1 142829444us : 0: u00000000488588c4
syz-exec-8484 1...1 142829450us : 0: u00000000488588c4
syz-exec-8484 1...1 142829455us : 0: u00000000488588c4
syz-exec-8484 1...1 142829461us : 0: u00000000488588c4
syz-exec-8484 1...1 142829467us : 0: u00000000488588c4
syz-exec-8484 1...1 142829473us : 0: u00000000488588c4
syz-exec-8484 1...1 142829479us : 0: u00000000488588c4
syz-exec-8484 1...1 142829485us : 0: u00000000488588c4
syz-exec-8484 1...1 142829491us : 0: u00000000488588c4
syz-exec-8484 1...1 142829496us : 0: u00000000488588c4
syz-exec-8484 1...1 142829503us : 0: u00000000488588c4
syz-exec-8484 1...1 142829508us : 0: u00000000488588c4
syz-exec-8484 1...1 142829514us : 0: u00000000488588c4
syz-exec-8484 1...1 142829519us : 0: u00000000488588c4
syz-exec-8484 1...1 142829525us : 0: u00000000488588c4
syz-exec-8484 1...1 142829531us : 0: u00000000488588c4
syz-exec-8484 1...1 142829537us : 0: u00000000488588c4
syz-exec-8484 1...1 142829544us : 0: u00000000488588c4
syz-exec-8484 1...1 142829549us : 0: u00000000488588c4
syz-exec-8484 1...1 142829556us : 0: u00000000488588c4
syz-exec-8484 1...1 142829561us : 0: u00000000488588c4
syz-exec-8484 1...1 142829566us : 0: u00000000488588c4
syz-exec-8484 1...1 142829572us : 0: u00000000488588c4
syz-exec-8484 1...1 142829577us : 0: u00000000488588c4
syz-exec-8484 1...1 142829583us : 0: u00000000488588c4
syz-exec-8484 1...1 142829588us : 0: u00000000488588c4
syz-exec-8484 1...1 142829595us : 0: u00000000488588c4
syz-exec-8484 1...1 142829599us : 0: u00000000488588c4
syz-exec-8484 1...1 142829606us : 0: u00000000488588c4
syz-exec-8484 1...1 142829611us : 0: u00000000488588c4
syz-exec-8484 1...1 142829617us : 0: u00000000488588c4
syz-exec-8484 1...1 142829623us : 0: u00000000488588c4
syz-exec-8484 1...1 142829629us : 0: u00000000488588c4
syz-exec-8484 1...1 142829634us : 0: u00000000488588c4
syz-exec-8484 1...1 142829639us : 0: u00000000488588c4
syz-exec-8484 1...1 142829644us : 0: u00000000488588c4
syz-exec-8484 1...1 142829649us : 0: u00000000488588c4
syz-exec-8484 1...1 142829654us : 0: u00000000488588c4
syz-exec-8484 1...1 142829661us : 0: u00000000488588c4
syz-exec-8484 1...1 142829666us : 0: u00000000488588c4
syz-exec-8484 1...1 142829672us : 0: u00000000488588c4
syz-exec-8484 1...1 142829677us : 0: u00000000488588c4
syz-exec-8484 1...1 142829694us : 0: u00000000488588c4
syz-exec-8484 1...1 142829700us : 0: u00000000488588c4
syz-exec-8484 1...1 142829706us : 0: u00000000488588c4
syz-exec-8484 1...1 142829712us : 0: u00000000488588c4
syz-exec-8484 1...1 142829717us : 0: u00000000488588c4
syz-exec-8484 1...1 142829723us : 0: u00000000488588c4
syz-exec-8484 1...1 142829728us : 0: u00000000488588c4
syz-exec-8484 1...1 142829734us : 0: u00000000488588c4
syz-exec-8484 1...1 142829739us : 0: u00000000488588c4
syz-exec-8484 1...1 142829744us : 0: u00000000488588c4
syz-exec-8484 1...1 142829750us : 0: u00000000488588c4
syz-exec-8484 1...1 142829755us : 0: u00000000488588c4
syz-exec-8484 1...1 142829762us : 0: u00000000488588c4
syz-exec-8484 1...1 142829766us : 0: u00000000488588c4
syz-exec-8484 1...1 142829772us : 0: u00000000488588c4
syz-exec-8484 1...1 142829778us : 0: u00000000488588c4
syz-exec-8484 1...1 142829784us : 0: u00000000488588c4
syz-exec-8484 1...1 142829790us : 0: u00000000488588c4
syz-exec-8484 1...1 142829795us : 0: u00000000488588c4
syz-exec-8484 1...1 142829801us : 0: u00000000488588c4
syz-exec-8484 1...1 142829805us : 0: u00000000488588c4
syz-exec-8484 1...1 142829811us : 0: u00000000488588c4
syz-exec-8484 1...1 142829816us : 0: u00000000488588c4
syz-exec-8484 1...1 142829823us : 0: u00000000488588c4
syz-exec-8484 1...1 142829829us : 0: u00000000488588c4
syz-exec-8484 1...1 142829835us : 0: u00000000488588c4
syz-exec-8484 1...1 142829841us : 0: u00000000488588c4
syz-exec-8484 1...1 142829846us : 0: u00000000488588c4
syz-exec-8484 1...1 142829852us : 0: u00000000488588c4
syz-exec-8484 1...1 142829857us : 0: u00000000488588c4
syz-exec-8484 1...1 142829862us : 0: u00000000488588c4
syz-exec-8484 1...1 142829867us : 0: u00000000488588c4
syz-exec-8484 1...1 142829872us : 0: u00000000488588c4
syz-exec-8484 1...1 142829877us : 0: u00000000488588c4
syz-exec-8484 1...1 142829882us : 0: u00000000488588c4
syz-exec-8484 1...1 142829888us : 0: u00000000488588c4
syz-exec-8484 1...1 142829893us : 0: u00000000488588c4
syz-exec-8484 1...1 142829899us : 0: u00000000488588c4
syz-exec-8484 1...1 142829905us : 0: u00000000488588c4
syz-exec-8484 1...1 142829911us : 0: u00000000488588c4
syz-exec-8484 1...1 142829917us : 0: u00000000488588c4
syz-exec-8484 1...1 142829923us : 0: u00000000488588c4
syz-exec-8484 1...1 142829929us : 0: u00000000488588c4
syz-exec-8484 1.N.1 142829976us : 0: u00000000488588c4
syz-exec-8484 1...1 142830035us : 0: u00000000488588c4
syz-exec-8484 1...1 142830043us : 0: u00000000488588c4
syz-exec-8484 1...1 142830048us : 0: u00000000488588c4
syz-exec-8484 1...1 142830055us : 0: u00000000488588c4
syz-exec-8484 1...1 142830060us : 0: u00000000488588c4
syz-exec-8484 1...1 142830066us : 0: u00000000488588c4
syz-exec-8484 1...1 142830072us : 0: u00000000488588c4
syz-exec-8484 1...1 142830079us : 0: u00000000488588c4
syz-exec-8484 1...1 142830085us : 0: u00000000488588c4
syz-exec-8484 1...1 142830091us : 0: u00000000488588c4
syz-exec-8484 1...1 142830097us : 0: u00000000488588c4
syz-exec-8484 1...1 142830102us : 0: u00000000488588c4
syz-exec-8484 1...1 142830107us : 0: u00000000488588c4
syz-exec-8484 1...1 142830112us : 0: u00000000488588c4
syz-exec-8484 1...1 142830118us : 0: u00000000488588c4
syz-exec-8484 1...1 142830124us : 0: u00000000488588c4
syz-exec-8484 1...1 142830130us : 0: u00000000488588c4
syz-exec-8484 1...1 142830136us : 0: u00000000488588c4
syz-exec-8484 1...1 142830141us : 0: u00000000488588c4
syz-exec-8484 1...1 142830148us : 0: u00000000488588c4
syz-exec-8484 1...1 142830153us : 0: u00000000488588c4
syz-exec-8484 1...1 142830172us : 0: u00000000488588c4
syz-exec-8484 1...1 142830178us : 0: u00000000488588c4
syz-exec-8484 1...1 142830186us : 0: u00000000488588c4
syz-exec-8484 1...1 142830193us : 0: u00000000488588c4
syz-exec-8484 1...1 142830198us : 0: u00000000488588c4
syz-exec-8484 1...1 142830204us : 0: u00000000488588c4
syz-exec-8484 1...1 142830209us : 0: u00000000488588c4
syz-exec-8484 1...1 142830215us : 0: u00000000488588c4
syz-exec-8484 1...1 142830220us : 0: u00000000488588c4
syz-exec-8484 1...1 142830226us : 0: u00000000488588c4
syz-exec-8484 1...1 142830231us : 0: u00000000488588c4
syz-exec-8484 1...1 142830237us : 0: u00000000488588c4
syz-exec-8484 1...1 142830242us : 0: u00000000488588c4
syz-exec-8484 1...1 142830247us : 0: u00000000488588c4
syz-exec-8484 1...1 142830252us : 0: u00000000488588c4
syz-exec-8484 1...1 142830258us : 0: u00000000488588c4
syz-exec-8484 1...1 142830263us : 0: u00000000488588c4
syz-exec-8484 1...1 142830268us : 0: u00000000488588c4
syz-exec-8484 1...1 142830273us : 0: u00000000488588c4
syz-exec-8484 1...1 142830280us : 0: u00000000488588c4
syz-exec-8484 1...1 142830285us : 0: u00000000488588c4
syz-exec-8484 1...1 142830291us : 0: u00000000488588c4
syz-exec-8484 1...1 142830297us : 0: u00000000488588c4
syz-exec-8484 1...1 142830303us : 0: u00000000488588c4
syz-exec-8484 1...1 142830308us : 0: u00000000488588c4
syz-exec-8484 1...1 142830314us : 0: u00000000488588c4
syz-exec-8484 1...1 142830320us : 0: u00000000488588c4
syz-exec-8484 1...1 142830326us : 0: u00000000488588c4
syz-exec-8484 1...1 142830332us : 0: u00000000488588c4
syz-exec-8484 1...1 142830337us : 0: u00000000488588c4
syz-exec-8484 1...1 142830344us : 0: u00000000488588c4
syz-exec-8484 1...1 142830349us : 0: u00000000488588c4
syz-exec-8484 1...1 142830355us : 0: u00000000488588c4
syz-exec-8484 1...1 142830361us : 0: u00000000488588c4
syz-exec-8484 1...1 142830367us : 0: u00000000488588c4
syz-exec-8484 1...1 142830374us : 0: u00000000488588c4
syz-exec-8484 1...1 142830379us : 0: u00000000488588c4
syz-exec-8484 1...1 142830385us : 0: u00000000488588c4
syz-exec-8484 1...1 142830392us : 0: u00000000488588c4
syz-exec-8484 1...1 142830398us : 0: u00000000488588c4
syz-exec-8484 1...1 142830403us : 0: u00000000488588c4
syz-exec-8484 1...1 142830409us : 0: u00000000488588c4
syz-exec-8484 1...1 142830415us : 0: u00000000488588c4
syz-exec-8484 1...1 142830420us : 0: u00000000488588c4
syz-exec-8484 1...1 142830426us : 0: u00000000488588c4
syz-exec-8484 1...1 142830430us : 0: u00000000488588c4
syz-exec-8484 1...1 142830436us : 0: u00000000488588c4
syz-exec-8484 1...1 142830442us : 0: u00000000488588c4
syz-exec-8484 1...1 142830448us : 0: u00000000488588c4
syz-exec-8484 1...1 142830454us : 0: u00000000488588c4
syz-exec-8484 1...1 142830459us : 0: u00000000488588c4
syz-exec-8484 1...1 142830466us : 0: u00000000488588c4
syz-exec-8484 1...1 142830471us : 0: u00000000488588c4
syz-exec-8484 1...1 142830478us : 0: u00000000488588c4
syz-exec-8484 1...1 142830484us : 0: u00000000488588c4
syz-exec-8484 1...1 142830490us : 0: u00000000488588c4
syz-exec-8484 1...1 142830496us : 0: u00000000488588c4
syz-exec-8484 1...1 142830501us : 0: u00000000488588c4
syz-exec-8484 1...1 142830508us : 0: u00000000488588c4
syz-exec-8484 1...1 142830513us : 0: u00000000488588c4
syz-exec-8484 1...1 142830519us : 0: u00000000488588c4
syz-exec-8484 1...1 142830526us : 0: u00000000488588c4
syz-exec-8484 1...1 142830532us : 0: u00000000488588c4
syz-exec-8484 1...1 142830538us : 0: u00000000488588c4
syz-exec-8484 1...1 142830544us : 0: u00000000488588c4
syz-exec-8484 1...1 142830550us : 0: u00000000488588c4
syz-exec-8484 1...1 142830556us : 0: u00000000488588c4
syz-exec-8484 1...1 142830563us : 0: u00000000488588c4
syz-exec-8484 1...1 142830568us : 0: u00000000488588c4
syz-exec-8484 1...1 142830574us : 0: u00000000488588c4
syz-exec-8484 1...1 142830580us : 0: u00000000488588c4
syz-exec-8484 1...1 142830586us : 0: u00000000488588c4
syz-exec-8484 1...1 142830592us : 0: u00000000488588c4
syz-exec-8484 1...1 142830598us : 0: u00000000488588c4
syz-exec-8484 1...1 142830604us : 0: u00000000488588c4
syz-exec-8484 1...1 142830610us : 0: u00000000488588c4
syz-exec-8484 1...1 142830616us : 0: u00000000488588c4
syz-exec-8484 1...1 142830621us : 0: u00000000488588c4
syz-exec-8484 1...1 142830627us : 0: u00000000488588c4
syz-exec-8484 1...1 142830634us : 0: u00000000488588c4
syz-exec-8484 1...1 142830639us : 0: u00000000488588c4
syz-exec-8484 1...1 142830646us : 0: u00000000488588c4
syz-exec-8484 1...1 142830651us : 0: u00000000488588c4
syz-exec-8484 1...1 142830657us : 0: u00000000488588c4
syz-exec-8484 1...1 142830662us : 0: u00000000488588c4
syz-exec-8484 1...1 142830669us : 0: u00000000488588c4
syz-exec-8484 1...1 142830675us : 0: u00000000488588c4
syz-exec-8484 1...1 142830690us : 0: u00000000488588c4
syz-exec-8484 1...1 142830697us : 0: u00000000488588c4
syz-exec-8484 1...1 142830703us : 0: u00000000488588c4
syz-exec-8484 1...1 142830709us : 0: u00000000488588c4
syz-exec-8484 1...1 142830714us : 0: u00000000488588c4
syz-exec-8484 1...1 142830721us : 0: u00000000488588c4
syz-exec-8484 1...1 142830726us : 0: u00000000488588c4
syz-exec-8484 1...1 142830732us : 0: u00000000488588c4
syz-exec-8484 1...1 142830738us : 0: u00000000488588c4
syz-exec-8484 1...1 142830743us : 0: u00000000488588c4
syz-exec-8484 1...1 142830750us : 0: u00000000488588c4
syz-exec-8484 1...1 142830756us : 0: u00000000488588c4
syz-exec-8484 1...1 142830762us : 0: u00000000488588c4
syz-exec-8484 1...1 142830767us : 0: u00000000488588c4
syz-exec-8484 1...1 142830773us : 0: u00000000488588c4
syz-exec-8484 1...1 142830779us : 0: u00000000488588c4
syz-exec-8484 1...1 142830784us : 0: u00000000488588c4
syz-exec-8484 1...1 142830790us : 0: u00000000488588c4
syz-exec-8484 1...1 142830796us : 0: u00000000488588c4
syz-exec-8484 1...1 142830802us : 0: u00000000488588c4
syz-exec-8484 1...1 142830807us : 0: u00000000488588c4
syz-exec-8484 1...1 142830813us : 0: u00000000488588c4
syz-exec-8484 1...1 142830818us : 0: u00000000488588c4
syz-exec-8484 1...1 142830824us : 0: u00000000488588c4
syz-exec-8484 1...1 142830830us : 0: u00000000488588c4
syz-exec-8484 1...1 142830835us : 0: u00000000488588c4
syz-exec-8484 1...1 142830841us : 0: u00000000488588c4
syz-exec-8484 1...1 142830847us : 0: u00000000488588c4
syz-exec-8484 1...1 142830853us : 0: u00000000488588c4
syz-exec-8484 1...1 142830860us : 0: u00000000488588c4
syz-exec-8484 1...1 142830865us : 0: u00000000488588c4
syz-exec-8484 1...1 142830871us : 0: u00000000488588c4
syz-exec-8484 1...1 142830876us : 0: u00000000488588c4
syz-exec-8484 1...1 142830882us : 0: u00000000488588c4
syz-exec-8484 1...1 142830886us : 0: u00000000488588c4
syz-exec-8484 1...1 142830892us : 0: u00000000488588c4
syz-exec-8484 1...1 142830897us : 0: u00000000488588c4
syz-exec-8484 1...1 142830904us : 0: u00000000488588c4
syz-exec-8484 1...1 142830909us : 0: u00000000488588c4
syz-exec-8484 1...1 142830915us : 0: u00000000488588c4
syz-exec-8484 1...1 142830922us : 0: u00000000488588c4
syz-exec-8484 1...1 142830927us : 0: u00000000488588c4
syz-exec-8484 1...1 142830932us : 0: u00000000488588c4
syz-exec-8484 1...1 142830937us : 0: u00000000488588c4
syz-exec-8484 1...1 142830942us : 0: u00000000488588c4
syz-exec-8484 1...1 142830947us : 0: u00000000488588c4
syz-exec-8484 1...1 142830952us : 0: u00000000488588c4
syz-exec-8484 1...1 142830959us : 0: u00000000488588c4
syz-exec-8484 1...1 142830966us : 0: u00000000488588c4
syz-exec-8484 1...1 142830974us : 0: u00000000488588c4
syz-exec-8484 1...1 142830979us : 0: u00000000488588c4
syz-exec-8484 1...1 142830986us : 0: u00000000488588c4
syz-exec-8484 1...1 142830991us : 0: u00000000488588c4
syz-exec-8484 1...1 142830997us : 0: u00000000488588c4
syz-exec-8484 1...1 142831003us : 0: u00000000488588c4
syz-exec-8484 1...1 142831008us : 0: u00000000488588c4
syz-exec-8484 1...1 142831015us : 0: u00000000488588c4
syz-exec-8484 1...1 142831020us : 0: u00000000488588c4
syz-exec-8484 1...1 142831026us : 0: u00000000488588c4
syz-exec-8484 1...1 142831032us : 0: u00000000488588c4
syz-exec-8484 1...1 142831038us : 0: u00000000488588c4
syz-exec-8484 1...1 142831044us : 0: u00000000488588c4
syz-exec-8484 1...1 142831049us : 0: u00000000488588c4
syz-exec-8484 1...1 142831055us : 0: u00000000488588c4
syz-exec-8484 1.N.1 142831102us : 0: u00000000488588c4
syz-exec-8484 1...1 142831173us : 0: u00000000488588c4
syz-exec-8484 1...1 142831181us : 0: u00000000488588c4
syz-exec-8484 1...1 142831188us : 0: u00000000488588c4
syz-exec-8484 1...1 142831194us : 0: u00000000488588c4
syz-exec-8484 1...1 142831201us : 0: u00000000488588c4
syz-exec-8484 1...1 142831207us : 0: u00000000488588c4
syz-exec-8484 1...1 142831213us : 0: u00000000488588c4
syz-exec-8484 1...1 142831218us : 0: u00000000488588c4
syz-exec-8484 1...1 142831224us : 0: u00000000488588c4
syz-exec-8484 1...1 142831229us : 0: u00000000488588c4
syz-exec-8484 1...1 142831235us : 0: u00000000488588c4
syz-exec-8484 1...1 142831240us : 0: u00000000488588c4
syz-exec-8484 1...1 142831245us : 0: u00000000488588c4
syz-exec-8484 1...1 142831250us : 0: u00000000488588c4
syz-exec-8484 1...1 142831255us : 0: u00000000488588c4
syz-exec-8484 1...1 142831260us : 0: u00000000488588c4
syz-exec-8484 1...1 142831265us : 0: u00000000488588c4
syz-exec-8484 1...1 142831271us : 0: u00000000488588c4
syz-exec-8484 1...1 142831276us : 0: u00000000488588c4
syz-exec-8484 1...1 142831281us : 0: u00000000488588c4
syz-exec-8484 1...1 142831287us : 0: u00000000488588c4
syz-exec-8484 1...1 142831292us : 0: u00000000488588c4
syz-exec-8484 1...1 142831298us : 0: u00000000488588c4
syz-exec-8484 1...1 142831303us : 0: u00000000488588c4
syz-exec-8484 1...1 142831308us : 0: u00000000488588c4
syz-exec-8484 1...1 142831313us : 0: u00000000488588c4
syz-exec-8484 1...1 142831319us : 0: u00000000488588c4
syz-exec-8484 1...1 142831324us : 0: u00000000488588c4
syz-exec-8484 1...1 142831329us : 0: u00000000488588c4
syz-exec-8484 1...1 142831334us : 0: u00000000488588c4
syz-exec-8484 1...1 142831339us : 0: u00000000488588c4
syz-exec-8484 1...1 142831345us : 0: u00000000488588c4
syz-exec-8484 1...1 142831350us : 0: u00000000488588c4
syz-exec-8484 1...1 142831355us : 0: u00000000488588c4
syz-exec-8484 1...1 142831360us : 0: u00000000488588c4
syz-exec-8484 1...1 142831365us : 0: u00000000488588c4
syz-exec-8484 1...1 142831370us : 0: u00000000488588c4
syz-exec-8484 1...1 142831375us : 0: u00000000488588c4
syz-exec-8484 1...1 142831382us : 0: u00000000488588c4
syz-exec-8484 1...1 142831387us : 0: u00000000488588c4
syz-exec-8484 1...1 142831393us : 0: u00000000488588c4
syz-exec-8484 1...1 142831398us : 0: u00000000488588c4
syz-exec-8484 1...1 142831404us : 0: u00000000488588c4
syz-exec-8484 1...1 142831409us : 0: u00000000488588c4
syz-exec-8484 1...1 142831415us : 0: u00000000488588c4
syz-exec-8484 1...1 142831421us : 0: u00000000488588c4
syz-exec-8484 1...1 142831426us : 0: u00000000488588c4
syz-exec-8484 1...1 142831432us : 0: u00000000488588c4
syz-exec-8484 1...1 142831437us : 0: u00000000488588c4
syz-exec-8484 1...1 142831442us : 0: u00000000488588c4
syz-exec-8484 1...1 142831448us : 0: u00000000488588c4
syz-exec-8484 1...1 142831453us : 0: u00000000488588c4
syz-exec-8484 1...1 142831458us : 0: u00000000488588c4
syz-exec-8484 1...1 142831463us : 0: u00000000488588c4
syz-exec-8484 1...1 142831470us : 0: u00000000488588c4
syz-exec-8484 1...1 142831475us : 0: u00000000488588c4
syz-exec-8484 1...1 142831481us : 0: u00000000488588c4
syz-exec-8484 1...1 142831486us : 0: u00000000488588c4
syz-exec-8484 1...1 142831492us : 0: u00000000488588c4
syz-exec-8484 1...1 142831497us : 0: u00000000488588c4
syz-exec-8484 1...1 142831503us : 0: u00000000488588c4
syz-exec-8484 1...1 142831508us : 0: u00000000488588c4
syz-exec-8484 1...1 142831513us : 0: u00000000488588c4
syz-exec-8484 1...1 142831519us : 0: u00000000488588c4
syz-exec-8484 1...1 142831524us : 0: u00000000488588c4
syz-exec-8484 1...1 142831529us : 0: u00000000488588c4
syz-exec-8484 1...1 142831534us : 0: u00000000488588c4
syz-exec-8484 1...1 142831540us : 0: u00000000488588c4
syz-exec-8484 1...1 142831546us : 0: u00000000488588c4
syz-exec-8484 1...1 142831551us : 0: u00000000488588c4
syz-exec-8484 1...1 142831557us : 0: u00000000488588c4
syz-exec-8484 1...1 142831562us : 0: u00000000488588c4
syz-exec-8484 1...1 142831568us : 0: u00000000488588c4
syz-exec-8484 1...1 142831573us : 0: u00000000488588c4
syz-exec-8484 1...1 142831578us : 0: u00000000488588c4
syz-exec-8484 1...1 142831584us : 0: u00000000488588c4
syz-exec-8484 1...1 142831590us : 0: u00000000488588c4
syz-exec-8484 1...1 142831596us : 0: u00000000488588c4
syz-exec-8484 1...1 142831601us : 0: u00000000488588c4
syz-exec-8484 1...1 142831608us : 0: u00000000488588c4
syz-exec-8484 1...1 142831614us : 0: u00000000488588c4
syz-exec-8484 1...1 142831620us : 0: u00000000488588c4
syz-exec-8484 1...1 142831625us : 0: u00000000488588c4
syz-exec-8484 1...1 142831631us : 0: u00000000488588c4
syz-exec-8484 1...1 142831637us : 0: u00000000488588c4
syz-exec-8484 1...1 142831644us : 0: u00000000488588c4
syz-exec-8484 1...1 142831651us : 0: u00000000488588c4
syz-exec-8484 1...1 142831656us : 0: u00000000488588c4
syz-exec-8484 1...1 142831662us : 0: u00000000488588c4
syz-exec-8484 1...1 142831668us : 0: u00000000488588c4
syz-exec-8484 1...1 142831675us : 0: u00000000488588c4
syz-exec-8484 1...1 142831690us : 0: u00000000488588c4
syz-exec-8484 1...1 142831697us : 0: u00000000488588c4
syz-exec-8484 1...1 142831703us : 0: u00000000488588c4
syz-exec-8484 1...1 142831708us : 0: u00000000488588c4
syz-exec-8484 1...1 142831714us : 0: u00000000488588c4
syz-exec-8484 1...1 142831719us : 0: u00000000488588c4
syz-exec-8484 1...1 142831725us : 0: u00000000488588c4
syz-exec-8484 1...1 142831731us : 0: u00000000488588c4
syz-exec-8484 1...1 142831737us : 0: u00000000488588c4
syz-exec-8484 1...1 142831743us : 0: u00000000488588c4
syz-exec-8484 1...1 142831749us : 0: u00000000488588c4
syz-exec-8484 1...1 142831755us : 0: u00000000488588c4
syz-exec-8484 1...1 142831760us : 0: u00000000488588c4
syz-exec-8484 1...1 142831766us : 0: u00000000488588c4
syz-exec-8484 1...1 142831771us : 0: u00000000488588c4
syz-exec-8484 1...1 142831776us : 0: u00000000488588c4
syz-exec-8484 1...1 142831781us : 0: u00000000488588c4
syz-exec-8484 1...1 142831786us : 0: u00000000488588c4
syz-exec-8484 1...1 142831792us : 0: u00000000488588c4
syz-exec-8484 1...1 142831797us : 0: u00000000488588c4
syz-exec-8484 1...1 142831802us : 0: u00000000488588c4
syz-exec-8484 1...1 142831807us : 0: u00000000488588c4
syz-exec-8484 1...1 142831813us : 0: u00000000488588c4
syz-exec-8484 1...1 142831818us : 0: u00000000488588c4
syz-exec-8484 1...1 142831823us : 0: u00000000488588c4
syz-exec-8484 1...1 142831829us : 0: u00000000488588c4
syz-exec-8484 1...1 142831834us : 0: u00000000488588c4
syz-exec-8484 1...1 142831840us : 0: u00000000488588c4
syz-exec-8484 1...1 142831844us : 0: u00000000488588c4
syz-exec-8484 1...1 142831850us : 0: u00000000488588c4
syz-exec-8484 1...1 142831855us : 0: u00000000488588c4
syz-exec-8484 1...1 142831860us : 0: u00000000488588c4
syz-exec-8484 1...1 142831867us : 0: u00000000488588c4
syz-exec-8484 1...1 142831872us : 0: u00000000488588c4
syz-exec-8484 1...1 142831878us : 0: u00000000488588c4
syz-exec-8484 1...1 142831884us : 0: u00000000488588c4
syz-exec-8484 1...1 142831890us : 0: u00000000488588c4
syz-exec-8484 1...1 142831895us : 0: u00000000488588c4
syz-exec-8484 1...1 142831901us : 0: u00000000488588c4
syz-exec-8484 1...1 142831907us : 0: u00000000488588c4
syz-exec-8484 1...1 142831912us : 0: u00000000488588c4
syz-exec-8484 1...1 142831919us : 0: u00000000488588c4
syz-exec-8484 1...1 142831924us : 0: u00000000488588c4
syz-exec-8484 1...1 142831930us : 0: u00000000488588c4
syz-exec-8484 1...1 142831935us : 0: u00000000488588c4
syz-exec-8484 1...1 142831941us : 0: u00000000488588c4
syz-exec-8484 1...1 142831947us : 0: u00000000488588c4
syz-exec-8484 1...1 142831952us : 0: u00000000488588c4
syz-exec-8484 1...1 142831957us : 0: u00000000488588c4
syz-exec-8484 1...1 142831962us : 0: u00000000488588c4
syz-exec-8484 1...1 142831967us : 0: u00000000488588c4
syz-exec-8484 1...1 142831973us : 0: u00000000488588c4
syz-exec-8484 1...1 142831978us : 0: u00000000488588c4
syz-exec-8484 1...1 142831983us : 0: u00000000488588c4
syz-exec-8484 1...1 142831988us : 0: u00000000488588c4
syz-exec-8484 1...1 142831993us : 0: u00000000488588c4
syz-exec-8484 1...1 142831998us : 0: u00000000488588c4
syz-exec-8484 1...1 142832003us : 0: u00000000488588c4
syz-exec-8484 1...1 142832009us : 0: u00000000488588c4
syz-exec-8484 1...1 142832014us : 0: u00000000488588c4
syz-exec-8484 1...1 142832019us : 0: u00000000488588c4
syz-exec-8484 1...1 142832024us : 0: u00000000488588c4
syz-exec-8484 1...1 142832030us : 0: u00000000488588c4
syz-exec-8484 1...1 142832035us : 0: u00000000488588c4
syz-exec-8484 1...1 142832040us : 0: u00000000488588c4
syz-exec-8484 1...1 142832045us : 0: u00000000488588c4
syz-exec-8484 1...1 142832050us : 0: u00000000488588c4
syz-exec-8484 1...1 142832056us : 0: u00000000488588c4
syz-exec-8484 1...1 142832061us : 0: u00000000488588c4
syz-exec-8484 1...1 142832066us : 0: u00000000488588c4
syz-exec-8484 1...1 142832071us : 0: u00000000488588c4
syz-exec-8484 1...1 142832076us : 0: u00000000488588c4
syz-exec-8484 1...1 142832081us : 0: u00000000488588c4
syz-exec-8484 1...1 142832087us : 0: u00000000488588c4
syz-exec-8484 1...1 142832092us : 0: u00000000488588c4
syz-exec-8484 1...1 142832097us : 0: u00000000488588c4
syz-exec-8484 1...1 142832102us : 0: u00000000488588c4
syz-exec-8484 1...1 142832107us : 0: u00000000488588c4
syz-exec-8484 1...1 142832113us : 0: u00000000488588c4
syz-exec-8484 1...1 142832118us : 0: u00000000488588c4
syz-exec-8484 1...1 142832123us : 0: u00000000488588c4
syz-exec-8484 1...1 142832128us : 0: u00000000488588c4
syz-exec-8484 1...1 142832133us : 0: u00000000488588c4
syz-exec-8484 1...1 142832138us : 0: u00000000488588c4
syz-exec-8484 1...1 142832144us : 0: u00000000488588c4
syz-exec-8484 1...1 142832149us : 0: u00000000488588c4
syz-exec-8484 1...1 142832154us : 0: u00000000488588c4
syz-exec-8484 1...1 142832174us : 0: u00000000488588c4
syz-exec-8484 1...1 142832180us : 0: u00000000488588c4
syz-exec-8484 1.N.1 142832226us : 0: u00000000488588c4
syz-exec-8484 1...1 142835389us : 0: u00000000488588c4
syz-exec-8484 1...1 142835397us : 0: u00000000488588c4
syz-exec-8484 1...1 142835403us : 0: u00000000488588c4
syz-exec-8484 1...1 142835408us : 0: u00000000488588c4
syz-exec-8484 1...1 142835414us : 0: u00000000488588c4
syz-exec-8484 1...1 142835420us : 0: u00000000488588c4
syz-exec-8484 1...1 142835428us : 0: u00000000488588c4
syz-exec-8484 1...1 142835435us : 0: u00000000488588c4
syz-exec-8484 1...1 142835440us : 0: u00000000488588c4
syz-exec-8484 1...1 142835446us : 0: u00000000488588c4
syz-exec-8484 1...1 142835452us : 0: u00000000488588c4
syz-exec-8484 1...1 142835458us : 0: u00000000488588c4
syz-exec-8484 1...1 142835463us : 0: u00000000488588c4
syz-exec-8484 1...1 142835468us : 0: u00000000488588c4
syz-exec-8484 1...1 142835474us : 0: u00000000488588c4
syz-exec-8484 1...1 142835479us : 0: u00000000488588c4
syz-exec-8484 1...1 142835484us : 0: u00000000488588c4
syz-exec-8484 1...1 142835489us : 0: u00000000488588c4
syz-exec-8484 1...1 142835495us : 0: u00000000488588c4
syz-exec-8484 1...1 142835500us : 0: u00000000488588c4
syz-exec-8484 1...1 142835505us : 0: u00000000488588c4
syz-exec-8484 1...1 142835510us : 0: u00000000488588c4
syz-exec-8484 1...1 142835515us : 0: u00000000488588c4
syz-exec-8484 1...1 142835520us : 0: u00000000488588c4
syz-exec-8484 1...1 142835526us : 0: u00000000488588c4
syz-exec-8484 1...1 142835531us : 0: u00000000488588c4
syz-exec-8484 1...1 142835536us : 0: u00000000488588c4
syz-exec-8484 1...1 142835542us : 0: u00000000488588c4
syz-exec-8484 1...1 142835547us : 0: u00000000488588c4
syz-exec-8484 1...1 142835552us : 0: u00000000488588c4
syz-exec-8484 1...1 142835557us : 0: u00000000488588c4
syz-exec-8484 1...1 142835562us : 0: u00000000488588c4
syz-exec-8484 1...1 142835567us : 0: u00000000488588c4
syz-exec-8484 1...1 142835572us : 0: u00000000488588c4
syz-exec-8484 1...1 142835577us : 0: u00000000488588c4
syz-exec-8484 1...1 142835583us : 0: u00000000488588c4
syz-exec-8484 1...1 142835588us : 0: u00000000488588c4
syz-exec-8484 1...1 142835593us : 0: u00000000488588c4
syz-exec-8484 1...1 142835598us : 0: u00000000488588c4
syz-exec-8484 1...1 142835603us : 0: u00000000488588c4
syz-exec-8484 1...1 142835608us : 0: u00000000488588c4
syz-exec-8484 1...1 142835614us : 0: u00000000488588c4
syz-exec-8484 1...1 142835619us : 0: u00000000488588c4
syz-exec-8484 1...1 142835624us : 0: u00000000488588c4
syz-exec-8484 1...1 142835630us : 0: u00000000488588c4
syz-exec-8484 1...1 142835636us : 0: u00000000488588c4
syz-exec-8484 1...1 142835642us : 0: u00000000488588c4
syz-exec-8484 1...1 142835647us : 0: u00000000488588c4
syz-exec-8484 1...1 142835653us : 0: u00000000488588c4
syz-exec-8484 1...1 142835659us : 0: u00000000488588c4
syz-exec-8484 1...1 142835665us : 0: u00000000488588c4
syz-exec-8484 1...1 142835670us : 0: u00000000488588c4
syz-exec-8484 1...1 142835676us : 0: u00000000488588c4
syz-exec-8484 1...1 142835692us : 0: u00000000488588c4
syz-exec-8484 1...1 142835698us : 0: u00000000488588c4
syz-exec-8484 1...1 142835704us : 0: u00000000488588c4
syz-exec-8484 1...1 142835709us : 0: u00000000488588c4
syz-exec-8484 1...1 142835716us : 0: u00000000488588c4
syz-exec-8484 1...1 142835722us : 0: u00000000488588c4
syz-exec-8484 1...1 142835728us : 0: u00000000488588c4
syz-exec-8484 1...1 142835734us : 0: u00000000488588c4
syz-exec-8484 1...1 142835739us : 0: u00000000488588c4
syz-exec-8484 1...1 142835746us : 0: u00000000488588c4
syz-exec-8484 1...1 142835751us : 0: u00000000488588c4
syz-exec-8484 1...1 142835757us : 0: u00000000488588c4
syz-exec-8484 1...1 142835762us : 0: u00000000488588c4
syz-exec-8484 1...1 142835768us : 0: u00000000488588c4
syz-exec-8484 1...1 142835773us : 0: u00000000488588c4
syz-exec-8484 1...1 142835778us : 0: u00000000488588c4
syz-exec-8484 1...1 142835784us : 0: u00000000488588c4
syz-exec-8484 1...1 142835789us : 0: u00000000488588c4
syz-exec-8484 1...1 142835794us : 0: u00000000488588c4
syz-exec-8484 1...1 142835800us : 0: u00000000488588c4
syz-exec-8484 1...1 142835806us : 0: u00000000488588c4
syz-exec-8484 1...1 142835812us : 0: u00000000488588c4
syz-exec-8484 1...1 142835817us : 0: u00000000488588c4
syz-exec-8484 1...1 142835824us : 0: u00000000488588c4
syz-exec-8484 1...1 142835829us : 0: u00000000488588c4
syz-exec-8484 1...1 142835835us : 0: u00000000488588c4
syz-exec-8484 1...1 142835840us : 0: u00000000488588c4
syz-exec-8484 1...1 142835846us : 0: u00000000488588c4
syz-exec-8484 1...1 142835852us : 0: u00000000488588c4
syz-exec-8484 1...1 142835857us : 0: u00000000488588c4
syz-exec-8484 1...1 142835862us : 0: u00000000488588c4
syz-exec-8484 1...1 142835867us : 0: u00000000488588c4
syz-exec-8484 1...1 142835872us : 0: u00000000488588c4
syz-exec-8484 1...1 142835878us : 0: u00000000488588c4
syz-exec-8484 1...1 142835884us : 0: u00000000488588c4
syz-exec-8484 1...1 142835889us : 0: u00000000488588c4
syz-exec-8484 1...1 142835895us : 0: u00000000488588c4
syz-exec-8484 1...1 142835900us : 0: u00000000488588c4
syz-exec-8484 1...1 142835905us : 0: u00000000488588c4
syz-exec-8484 1...1 142835910us : 0: u00000000488588c4
syz-exec-8484 1...1 142835915us : 0: u00000000488588c4
syz-exec-8484 1...1 142835920us : 0: u00000000488588c4
syz-exec-8484 1...1 142835925us : 0: u00000000488588c4
syz-exec-8484 1...1 142835930us : 0: u00000000488588c4
syz-exec-8484 1...1 142835935us : 0: u00000000488588c4
syz-exec-8484 1...1 142835940us : 0: u00000000488588c4
syz-exec-8484 1...1 142835945us : 0: u00000000488588c4
syz-exec-8484 1...1 142835951us : 0: u00000000488588c4
syz-exec-8484 1...1 142835956us : 0: u00000000488588c4
syz-exec-8484 1...1 142835961us : 0: u00000000488588c4
syz-exec-8484 1...1 142835967us : 0: u00000000488588c4
syz-exec-8484 1...1 142835972us : 0: u00000000488588c4
syz-exec-8484 1...1 142835979us : 0: u00000000488588c4
syz-exec-8484 1...1 142835985us : 0: u00000000488588c4
syz-exec-8484 1...1 142836061us : 0: u00000000488588c4
syz-exec-8484 1...1 142836069us : 0: u00000000488588c4
syz-exec-8484 1...1 142836075us : 0: u00000000488588c4
syz-exec-8484 1...1 142836081us : 0: u00000000488588c4
syz-exec-8484 1...1 142836088us : 0: u00000000488588c4
syz-exec-8484 1...1 142836093us : 0: u00000000488588c4
syz-exec-8484 1...1 142836099us : 0: u00000000488588c4
syz-exec-8484 1...1 142836103us : 0: u00000000488588c4
syz-exec-8484 1...1 142836109us : 0: u00000000488588c4
syz-exec-8484 1...1 142836114us : 0: u00000000488588c4
syz-exec-8484 1...1 142836120us : 0: u00000000488588c4
syz-exec-8484 1...1 142836124us : 0: u00000000488588c4
syz-exec-8484 1...1 142836129us : 0: u00000000488588c4
syz-exec-8484 1...1 142836134us : 0: u00000000488588c4
syz-exec-8484 1...1 142836140us : 0: u00000000488588c4
syz-exec-8484 1...1 142836145us : 0: u00000000488588c4
syz-exec-8484 1...1 142836151us : 0: u00000000488588c4
syz-exec-8484 1...1 142836170us : 0: u00000000488588c4
syz-exec-8484 1...1 142836188us : 0: u00000000488588c4
syz-exec-8484 1...1 142836196us : 0: u00000000488588c4
syz-exec-8484 1...1 142836202us : 0: u00000000488588c4
syz-exec-8484 1...1 142836208us : 0: u00000000488588c4
syz-exec-8484 1...1 142836214us : 0: u00000000488588c4
syz-exec-8484 1...1 142836219us : 0: u00000000488588c4
syz-exec-8484 1...1 142836225us : 0: u00000000488588c4
syz-exec-8484 1...1 142836231us : 0: u00000000488588c4
syz-exec-8484 1...1 142836237us : 0: u00000000488588c4
syz-exec-8484 1...1 142836244us : 0: u00000000488588c4
syz-exec-8484 1...1 142836249us : 0: u00000000488588c4
syz-exec-8484 1...1 142836256us : 0: u00000000488588c4
syz-exec-8484 1...1 142836261us : 0: u00000000488588c4
syz-exec-8484 1...1 142836266us : 0: u00000000488588c4
syz-exec-8484 1...1 142836278us : 0: u00000000488588c4
syz-exec-8484 1...1 142836283us : 0: u00000000488588c4
syz-exec-8484 1...1 142836289us : 0: u00000000488588c4
syz-exec-8484 1...1 142836294us : 0: u00000000488588c4
syz-exec-8484 1...1 142836299us : 0: u00000000488588c4
syz-exec-8484 1...1 142836304us : 0: u00000000488588c4
syz-exec-8484 1...1 142836309us : 0: u00000000488588c4
syz-exec-8484 1...1 142836314us : 0: u00000000488588c4
syz-exec-8484 1...1 142836319us : 0: u00000000488588c4
syz-exec-8484 1...1 142836324us : 0: u00000000488588c4
syz-exec-8484 1...1 142836329us : 0: u00000000488588c4
syz-exec-8484 1...1 142836334us : 0: u00000000488588c4
syz-exec-8484 1...1 142836339us : 0: u00000000488588c4
syz-exec-8484 1...1 142836344us : 0: u00000000488588c4
syz-exec-8484 1...1 142836349us : 0: u00000000488588c4
syz-exec-8484 1...1 142836356us : 0: u00000000488588c4
syz-exec-8484 1...1 142836361us : 0: u00000000488588c4
syz-exec-8484 1...1 142836367us : 0: u00000000488588c4
syz-exec-8484 1...1 142836373us : 0: u00000000488588c4
syz-exec-8484 1...1 142836378us : 0: u00000000488588c4
syz-exec-8484 1...1 142836384us : 0: u00000000488588c4
syz-exec-8484 1...1 142836390us : 0: u00000000488588c4
syz-exec-8484 1...1 142836396us : 0: u00000000488588c4
syz-exec-8484 1...1 142836401us : 0: u00000000488588c4
syz-exec-8484 1...1 142836407us : 0: u00000000488588c4
syz-exec-8484 1...1 142836412us : 0: u00000000488588c4
syz-exec-8484 1.N.1 142836458us : 0: u00000000488588c4
syz-exec-8484 1...1 142840674us : 0: u00000000488588c4
syz-exec-8484 1...1 142840693us : 0: u00000000488588c4
syz-exec-8484 1...1 142840699us : 0: u00000000488588c4
syz-exec-8484 1...1 142840705us : 0: u00000000488588c4
syz-exec-8484 1...1 142840710us : 0: u00000000488588c4
syz-exec-8484 1...1 142840717us : 0: u00000000488588c4
syz-exec-8484 1...1 142840722us : 0: u00000000488588c4
syz-exec-8484 1...1 142840728us : 0: u00000000488588c4
syz-exec-8484 1...1 142840734us : 0: u00000000488588c4
syz-exec-8484 1...1 142840740us : 0: u00000000488588c4
syz-exec-8484 1...1 142840746us : 0: u00000000488588c4
syz-exec-8484 1...1 142840751us : 0: u00000000488588c4
syz-exec-8484 1...1 142840757us : 0: u00000000488588c4
syz-exec-8484 1...1 142840762us : 0: u00000000488588c4
syz-exec-8484 1...1 142840768us : 0: u00000000488588c4
syz-exec-8484 1...1 142840774us : 0: u00000000488588c4
syz-exec-8484 1...1 142840779us : 0: u00000000488588c4
syz-exec-8484 1...1 142840785us : 0: u00000000488588c4
syz-exec-8484 1...1 142840790us : 0: u00000000488588c4
syz-exec-8484 1...1 142840795us : 0: u00000000488588c4
syz-exec-8484 1...1 142840800us : 0: u00000000488588c4
syz-exec-8484 1...1 142840806us : 0: u00000000488588c4
syz-exec-8484 1...1 142840812us : 0: u00000000488588c4
syz-exec-8484 1...1 142840818us : 0: u00000000488588c4
syz-exec-8484 1...1 142840824us : 0: u00000000488588c4
syz-exec-8484 1...1 142840830us : 0: u00000000488588c4
syz-exec-8484 1...1 142840836us : 0: u00000000488588c4
syz-exec-8484 1...1 142840842us : 0: u00000000488588c4
syz-exec-8484 1...1 142840847us : 0: u00000000488588c4
syz-exec-8484 1...1 142840853us : 0: u00000000488588c4
syz-exec-8484 1...1 142840858us : 0: u00000000488588c4
syz-exec-8484 1...1 142840863us : 0: u00000000488588c4
syz-exec-8484 1...1 142840868us : 0: u00000000488588c4
syz-exec-8484 1...1 142840873us : 0: u00000000488588c4
syz-exec-8484 1...1 142840878us : 0: u00000000488588c4
syz-exec-8484 1...1 142840883us : 0: u00000000488588c4
syz-exec-8484 1...1 142840926us : 0: u00000000488588c4
syz-exec-8484 1...1 142840932us : 0: u00000000488588c4
syz-exec-8484 1...1 142840937us : 0: u00000000488588c4
syz-exec-8484 1...1 142840942us : 0: u00000000488588c4
syz-exec-8484 1...1 142840947us : 0: u00000000488588c4
syz-exec-8484 1...1 142840953us : 0: u00000000488588c4
syz-exec-8484 1...1 142840958us : 0: u00000000488588c4
syz-exec-8484 1...1 142840963us : 0: u00000000488588c4
syz-exec-8484 1...1 142840969us : 0: u00000000488588c4
syz-exec-8484 1...1 142840974us : 0: u00000000488588c4
syz-exec-8484 1...1 142840980us : 0: u00000000488588c4
syz-exec-8484 1...1 142840985us : 0: u00000000488588c4
syz-exec-8484 1...1 142840990us : 0: u00000000488588c4
syz-exec-8484 1...1 142840995us : 0: u00000000488588c4
syz-exec-8484 1...1 142841000us : 0: u00000000488588c4
syz-exec-8484 1...1 142841005us : 0: u00000000488588c4
syz-exec-8484 1...1 142841010us : 0: u00000000488588c4
syz-exec-8484 1...1 142841015us : 0: u00000000488588c4
syz-exec-8484 1...1 142841020us : 0: u00000000488588c4
syz-exec-8484 1...1 142841025us : 0: u00000000488588c4
syz-exec-8484 1...1 142841030us : 0: u00000000488588c4
syz-exec-8484 1...1 142841036us : 0: u00000000488588c4
syz-exec-8484 1...1 142841041us : 0: u00000000488588c4
syz-exec-8484 1...1 142841046us : 0: u00000000488588c4
syz-exec-8484 1...1 142841051us : 0: u00000000488588c4
syz-exec-8484 1...1 142841057us : 0: u00000000488588c4
syz-exec-8484 1...1 142841062us : 0: u00000000488588c4
syz-exec-8484 1...1 142841067us : 0: u00000000488588c4
syz-exec-8484 1...1 142841072us : 0: u00000000488588c4
syz-exec-8484 1...1 142841077us : 0: u00000000488588c4
syz-exec-8484 1...1 142841083us : 0: u00000000488588c4
syz-exec-8484 1...1 142841088us : 0: u00000000488588c4
syz-exec-8484 1...1 142841093us : 0: u00000000488588c4
syz-exec-8484 1...1 142841098us : 0: u00000000488588c4
syz-exec-8484 1...1 142841104us : 0: u00000000488588c4
syz-exec-8484 1...1 142841109us : 0: u00000000488588c4
syz-exec-8484 1...1 142841114us : 0: u00000000488588c4
syz-exec-8484 1...1 142841119us : 0: u00000000488588c4
syz-exec-8484 1...1 142841124us : 0: u00000000488588c4
syz-exec-8484 1...1 142841129us : 0: u00000000488588c4
syz-exec-8484 1...1 142841134us : 0: u00000000488588c4
syz-exec-8484 1...1 142841139us : 0: u00000000488588c4
syz-exec-8484 1...1 142841145us : 0: u00000000488588c4
syz-exec-8484 1...1 142841150us : 0: u00000000488588c4
syz-exec-8484 1...1 142841168us : 0: u00000000488588c4
syz-exec-8484 1...1 142841175us : 0: u00000000488588c4
syz-exec-8484 1...1 142841180us : 0: u00000000488588c4
syz-exec-8484 1...1 142841189us : 0: u00000000488588c4
syz-exec-8484 1...1 142841194us : 0: u00000000488588c4
syz-exec-8484 1...1 142841199us : 0: u00000000488588c4
syz-exec-8484 1...1 142841204us : 0: u00000000488588c4
syz-exec-8484 1...1 142841210us : 0: u00000000488588c4
syz-exec-8484 1...1 142841215us : 0: u00000000488588c4
syz-exec-8484 1...1 142841220us : 0: u00000000488588c4
syz-exec-8484 1...1 142841225us : 0: u00000000488588c4
syz-exec-8484 1...1 142841230us : 0: u00000000488588c4
syz-exec-8484 1...1 142841235us : 0: u00000000488588c4
syz-exec-8484 1...1 142841240us : 0: u00000000488588c4
syz-exec-8484 1...1 142841245us : 0: u00000000488588c4
syz-exec-8484 1...1 142841250us : 0: u00000000488588c4
syz-exec-8484 1...1 142841255us : 0: u00000000488588c4
syz-exec-8484 1...1 142841260us : 0: u00000000488588c4
syz-exec-8484 1...1 142841266us : 0: u00000000488588c4
syz-exec-8484 1...1 142841271us : 0: u00000000488588c4
syz-exec-8484 1...1 142841277us : 0: u00000000488588c4
syz-exec-8484 1...1 142841282us : 0: u00000000488588c4
syz-exec-8484 1...1 142841287us : 0: u00000000488588c4
syz-exec-8484 1...1 142841293us : 0: u00000000488588c4
syz-exec-8484 1...1 142841298us : 0: u00000000488588c4
syz-exec-8484 1...1 142841303us : 0: u00000000488588c4
syz-exec-8484 1...1 142841308us : 0: u00000000488588c4
syz-exec-8484 1...1 142841314us : 0: u00000000488588c4
syz-exec-8484 1...1 142841319us : 0: u00000000488588c4
syz-exec-8484 1...1 142841325us : 0: u00000000488588c4
syz-exec-8484 1...1 142841330us : 0: u00000000488588c4
syz-exec-8484 1...1 142841335us : 0: u00000000488588c4
syz-exec-8484 1...1 142841340us : 0: u00000000488588c4
syz-exec-8484 1...1 142841345us : 0: u00000000488588c4
syz-exec-8484 1...1 142841350us : 0: u00000000488588c4
syz-exec-8484 1...1 142841356us : 0: u00000000488588c4
syz-exec-8484 1...1 142841361us : 0: u00000000488588c4
syz-exec-8484 1...1 142841366us : 0: u00000000488588c4
syz-exec-8484 1...1 142841371us : 0: u00000000488588c4
syz-exec-8484 1...1 142841376us : 0: u00000000488588c4
syz-exec-8484 1...1 142841381us : 0: u00000000488588c4
syz-exec-8484 1...1 142841386us : 0: u00000000488588c4
syz-exec-8484 1...1 142841391us : 0: u00000000488588c4
syz-exec-8484 1...1 142841397us : 0: u00000000488588c4
syz-exec-8484 1...1 142841402us : 0: u00000000488588c4
syz-exec-8484 1...1 142841407us : 0: u00000000488588c4
syz-exec-8484 1...1 142841412us : 0: u00000000488588c4
syz-exec-8484 1...1 142841417us : 0: u00000000488588c4
syz-exec-8484 1...1 142841423us : 0: u00000000488588c4
syz-exec-8484 1...1 142841428us : 0: u00000000488588c4
syz-exec-8484 1...1 142841433us : 0: u00000000488588c4
syz-exec-8484 1...1 142841438us : 0: u00000000488588c4
syz-exec-8484 1...1 142841443us : 0: u00000000488588c4
syz-exec-8484 1...1 142841448us : 0: u00000000488588c4
syz-exec-8484 1...1 142841453us : 0: u00000000488588c4
syz-exec-8484 1...1 142841459us : 0: u00000000488588c4
syz-exec-8484 1...1 142841464us : 0: u00000000488588c4
syz-exec-8484 1...1 142841469us : 0: u00000000488588c4
syz-exec-8484 1...1 142841474us : 0: u00000000488588c4
syz-exec-8484 1...1 142841479us : 0: u00000000488588c4
syz-exec-8484 1...1 142841485us : 0: u00000000488588c4
syz-exec-8484 1...1 142841490us : 0: u00000000488588c4
syz-exec-8484 1...1 142841495us : 0: u00000000488588c4
syz-exec-8484 1...1 142841500us : 0: u00000000488588c4
syz-exec-8484 1...1 142841505us : 0: u00000000488588c4
syz-exec-8484 1...1 142841510us : 0: u00000000488588c4
syz-exec-8484 1...1 142841517us : 0: u00000000488588c4
syz-exec-8484 1...1 142841523us : 0: u00000000488588c4
syz-exec-8484 1...1 142841528us : 0: u00000000488588c4
syz-exec-8484 1...1 142841533us : 0: u00000000488588c4
syz-exec-8484 1...1 142841538us : 0: u00000000488588c4
syz-exec-8484 1...1 142841544us : 0: u00000000488588c4
syz-exec-8484 1...1 142841549us : 0: u00000000488588c4
syz-exec-8484 1...1 142841554us : 0: u00000000488588c4
syz-exec-8484 1...1 142841559us : 0: u00000000488588c4
syz-exec-8484 1...1 142841564us : 0: u00000000488588c4
syz-exec-8484 1...1 142841570us : 0: u00000000488588c4
syz-exec-8484 1...1 142841575us : 0: u00000000488588c4
syz-exec-8484 1...1 142841580us : 0: u00000000488588c4
syz-exec-8484 1...1 142841585us : 0: u00000000488588c4
syz-exec-8484 1...1 142841590us : 0: u00000000488588c4
syz-exec-8484 1...1 142841595us : 0: u00000000488588c4
syz-exec-8484 1...1 142841601us : 0: u00000000488588c4
syz-exec-8484 1...1 142841606us : 0: u00000000488588c4
syz-exec-8484 1...1 142841611us : 0: u00000000488588c4
syz-exec-8484 1...1 142841616us : 0: u00000000488588c4
syz-exec-8484 1...1 142841622us : 0: u00000000488588c4
syz-exec-8484 1...1 142841627us : 0: u00000000488588c4
syz-exec-8484 1...1 142841632us : 0: u00000000488588c4
syz-exec-8484 1...1 142841637us : 0: u00000000488588c4
syz-exec-8484 1...1 142841643us : 0: u00000000488588c4
syz-exec-8484 1...1 142841648us : 0: u00000000488588c4
syz-exec-8484 1...1 142841653us : 0: u00000000488588c4
syz-exec-8484 1...1 142841658us : 0: u00000000488588c4
syz-exec-8484 1...1 142841663us : 0: u00000000488588c4
syz-exec-8484 1...1 142841669us : 0: u00000000488588c4
syz-exec-8484 1...1 142841673us : 0: u00000000488588c4
syz-exec-8484 1...1 142841685us : 0: u00000000488588c4
syz-exec-8484 1...1 142841691us : 0: u00000000488588c4
syz-exe
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
^ permalink raw reply
* Re: [PATCH] wireless: remove unnecessary condition check before kfree
From: zhong jiang @ 2018-09-10 13:54 UTC (permalink / raw)
To: Johannes Berg; +Cc: davem, linux-wireless, netdev, linux-kernel
In-Reply-To: <1536563406.3224.2.camel@sipsolutions.net>
On 2018/9/10 15:10, Johannes Berg wrote:
> On Sat, 2018-09-08 at 22:12 +0800, zhong jiang wrote:
>> kfree has taken the null pointer into account. Just remove the
>> redundant condition check before kfree.
> I'm all for doing that if it actually removes conditionals, but
>
>> - if (!IS_ERR_OR_NULL(regdb))
>> + if (!IS_ERR(regdb))
>> kfree(regdb);
> this seems rather pointless since there's still a condition. In that
> case, I feel it's easier to understand the original code.
Fine, make sense you have said. I just consider the duplication of function.
Thanks,
zhong jiang
> johannes
>
> .
>
^ permalink raw reply
* Re: kernels > v4.12 oops/crash with ipsec-traffic: bisected to b838d5e1c5b6e57b10ec8af2268824041e3ea911: ipv4: mark DST_NOGC and remove the operation of dst_free()
From: Tobias Hommel @ 2018-09-10 9:06 UTC (permalink / raw)
To: Steffen Klassert; +Cc: Wolfgang Walter, netdev, Wei Wang, Eric Dumazet
In-Reply-To: <20180910063739.GX23674@gauss3.secunet.de>
On Mon, Sep 10, 2018 at 08:37:39AM +0200, Steffen Klassert wrote:
...
> The other thing I wonder about is why Tobias bisected this to
>
> commit b838d5e1c5b6e57b10ec8af2268824041e3ea911
> ipv4: mark DST_NOGC and remove the operation of dst_free()
>
> from 'Jun 17 2017' and not to
>
> commit 222d7dbd258dad4cd5241c43ef818141fad5a87a
> net: prevent dst uses after free
>
> from 'Sep 21 2017'.
>
> Maybe Tobias has seen two bugs. Before
> ("net: prevent dst uses after free"), it was the
> use after free, and after this fix it was a NULL
> pointer derference of skb->dst.
>
Uhm, yeah, I checked back, we actually had different bugs. My mistake, sorry
for the confusion.
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox