On 7/4/19 3:59 PM, Marek Majkowski wrote: > I found a way to hit an obscure BUG in the > net/core/neighbour.c:neigh_add_timer(), by piping two carefully > crafted messages into AF_NETLINK socket. > > https://github.com/torvalds/linux/blob/v5.2-rc7/net/core/neighbour.c#L259 > > if (unlikely(mod_timer(&n->timer, when))) { > printk("NEIGH: BUG, double timer add, state is %x\n", n->nud_state); > dump_stack(); > } > > The repro is here: > https://gist.github.com/majek/d70297b9d72bc2e2b82145e122722a0c > > wget > https://gist.githubusercontent.com/majek/d70297b9d72bc2e2b82145e122722a0c/raw/9e140bcedecc28d722022f1da142a379a9b7a7b0/double_timer_add_bug.c
Thanks for the report - and the reproducer. I am on PTO through Monday; I will take a look next week if no one else does.
