On Jul 05, David Ahern wrote: > On 7/4/19 3:59 PM, Marek Majkowski wrote: > > I found a way to hit an obscure BUG in the > > net/core/neighbour.c:neigh_add_timer(), by piping two carefully > > crafted messages into AF_NETLINK socket. > > > > https://github.com/torvalds/linux/blob/v5.2-rc7/net/core/neighbour.c#L259 > > > > if (unlikely(mod_timer(&n->timer, when))) { > > printk("NEIGH: BUG, double timer add, state is %x\n", n->nud_state); > > dump_stack(); > > } > > > > The repro is here: > > https://gist.github.com/majek/d70297b9d72bc2e2b82145e122722a0c > > > > wget > > https://gist.githubusercontent.com/majek/d70297b9d72bc2e2b82145e122722a0c/raw/9e140bcedecc28d722022f1da142a379a9b7a7b0/double_timer_add_bug.c > > Thanks for the report - and the reproducer. I am on PTO through Monday; > I will take a look next week if no one else does.
Hi David and Marek, looking at the reproducer it seems to me the issue is due to the use of 'NTF_USE' from userspace. Should we unschedule the neigh timer if we are in IN_TIMER receiving this flag from userspace? (taking appropriate locking) Regards, Lorenzo
signature.asc
Description: PGP signature
