Eric Dumazet
8b40a9d53d
ipv6: use GFP_ATOMIC in rt6_probe()
syzbot reminded me that rt6_probe() can run from
atomic contexts.
stack backtrace:
CPU: 1 PID: 7461 Comm: syz-executor.2 Not tainted 5.16.0-rc4-next-20211210-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_usage_bug kernel/locking/lockdep.c:203 [inline]
valid_state kernel/locking/lockdep.c:3945 [inline]
mark_lock_irq kernel/locking/lockdep.c:4148 [inline]
mark_lock.cold+0x61/0x8e kernel/locking/lockdep.c:4605
mark_usage kernel/locking/lockdep.c:4500 [inline]
__lock_acquire+0x11d5/0x54a0 kernel/locking/lockdep.c:4981
lock_acquire kernel/locking/lockdep.c:5639 [inline]
lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5604
__fs_reclaim_acquire mm/page_alloc.c:4550 [inline]
fs_reclaim_acquire+0x115/0x160 mm/page_alloc.c:4564
might_alloc include/linux/sched/mm.h:253 [inline]
slab_pre_alloc_hook mm/slab.h:739 [inline]
slab_alloc_node mm/slub.c:3145 [inline]
slab_alloc mm/slub.c:3239 [inline]
kmem_cache_alloc_trace+0x3b/0x2c0 mm/slub.c:3256
kmalloc include/linux/slab.h:581 [inline]
kzalloc include/linux/slab.h:715 [inline]
ref_tracker_alloc+0xe1/0x430 lib/ref_tracker.c:74
netdev_tracker_alloc include/linux/netdevice.h:3860 [inline]
dev_hold_track include/linux/netdevice.h:3877 [inline]
rt6_probe net/ipv6/route.c:661 [inline]
find_match.part.0+0xac9/0xd00 net/ipv6/route.c:752
find_match net/ipv6/route.c:825 [inline]
__find_rr_leaf+0x17f/0xd20 net/ipv6/route.c:826
find_rr_leaf net/ipv6/route.c:847 [inline]
rt6_select net/ipv6/route.c:891 [inline]
fib6_table_lookup+0x649/0xa20 net/ipv6/route.c:2185
ip6_pol_route+0x1c5/0x11e0 net/ipv6/route.c:2221
pol_lookup_func include/net/ip6_fib.h:580 [inline]
fib6_rule_lookup+0x52a/0x6f0 net/ipv6/fib6_rules.c:120
ip6_route_output_flags_noref+0x2e2/0x380 net/ipv6/route.c:2629
ip6_route_output_flags+0x72/0x320 net/ipv6/route.c:2642
ip6_route_output include/net/ip6_route.h:98 [inline]
ip6_dst_lookup_tail+0x5ab/0x1620 net/ipv6/ip6_output.c:1070
ip6_dst_lookup_flow+0x8c/0x1d0 net/ipv6/ip6_output.c:1200
geneve_get_v6_dst+0x46f/0x9a0 drivers/net/geneve.c:858
geneve6_xmit_skb drivers/net/geneve.c:991 [inline]
geneve_xmit+0x520/0x3530 drivers/net/geneve.c:1074
__netdev_start_xmit include/linux/netdevice.h:4685 [inline]
netdev_start_xmit include/linux/netdevice.h:4699 [inline]
xmit_one net/core/dev.c:3473 [inline]
dev_hard_start_xmit+0x1eb/0x920 net/core/dev.c:3489
__dev_queue_xmit+0x2983/0x3640 net/core/dev.c:4112
neigh_resolve_output net/core/neighbour.c:1522 [inline]
neigh_resolve_output+0x50e/0x820 net/core/neighbour.c:1502
neigh_output include/net/neighbour.h:541 [inline]
ip6_finish_output2+0x56e/0x14f0 net/ipv6/ip6_output.c:126
__ip6_finish_output net/ipv6/ip6_output.c:191 [inline]
__ip6_finish_output+0x61e/0xe80 net/ipv6/ip6_output.c:170
ip6_finish_output+0x32/0x200 net/ipv6/ip6_output.c:201
NF_HOOK_COND include/linux/netfilter.h:296 [inline]
ip6_output+0x1e4/0x530 net/ipv6/ip6_output.c:224
dst_output include/net/dst.h:451 [inline]
NF_HOOK include/linux/netfilter.h:307 [inline]
ndisc_send_skb+0xa99/0x17f0 net/ipv6/ndisc.c:508
ndisc_send_rs+0x12e/0x6f0 net/ipv6/ndisc.c:702
addrconf_rs_timer+0x3f2/0x820 net/ipv6/addrconf.c:3898
call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
expire_timers kernel/time/timer.c:1466 [inline]
__run_timers.part.0+0x675/0xa20 kernel/time/timer.c:1734
__run_timers kernel/time/timer.c:1715 [inline]
run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
__do_softirq+0x29b/0x9c2 kernel/softirq.c:558
invoke_softirq kernel/softirq.c:432 [inline]
__irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
</IRQ>
Fixes: fb67510ba9 ("ipv6: add net device refcount tracker to rt6_probe_deferred()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Link: https://lore.kernel.org/r/20211214025806.3456382-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-12-14 18:45:32 -08:00
..
2021-09-28 12:59:24 +01:00
2021-10-22 11:41:16 +01:00
2021-12-06 16:05:11 -08:00
2021-12-06 16:05:11 -08:00
2020-11-25 11:20:16 -08:00
2021-11-26 13:45:19 -08:00
2021-11-18 12:00:15 +00:00
2020-07-30 16:30:55 -07:00
2021-03-04 15:26:57 -08:00
2020-11-23 18:36:21 -05:00
2021-11-16 13:16:54 +00:00
2021-11-18 11:42:06 +00:00
2019-07-27 14:23:48 -07:00
2021-11-14 12:20:44 +00:00
2019-10-04 11:10:56 -07:00
2021-11-29 14:43:35 +00:00
2020-06-20 21:33:57 -07:00
2021-06-28 14:29:45 -07:00
2020-11-23 18:36:21 -05:00
2021-11-10 16:29:58 -08:00
2021-10-14 16:50:14 -07:00
2021-10-14 16:50:14 -07:00
2021-09-13 13:00:53 +01:00
2020-08-05 20:13:21 -07:00
2021-12-06 16:05:11 -08:00
2021-02-23 11:29:52 -08:00
2021-03-18 11:19:23 -07:00
2021-12-02 11:44:56 -08:00
2021-11-26 13:45:19 -08:00
2021-12-06 16:05:11 -08:00
2020-06-01 14:57:14 -07:00
2021-12-06 16:05:11 -08:00
2021-12-06 16:06:02 -08:00
2021-06-11 14:48:50 +02:00
2021-11-24 18:57:23 -08:00
2021-10-04 12:53:35 +01:00
2021-09-28 13:13:40 +01:00
2021-04-27 14:02:06 -07:00
2021-09-02 11:29:55 +01:00
2021-06-11 14:48:50 +02:00
2021-11-01 19:57:14 -07:00
2021-04-18 22:04:16 +02:00
2021-05-31 22:12:08 -07:00
2020-11-23 18:36:21 -05:00
2020-11-09 15:34:44 -08:00
2021-06-29 11:28:21 -07:00
2021-05-21 15:02:25 -07:00
2021-12-14 18:45:32 -08:00
2020-12-08 16:22:54 -08:00
2020-10-30 12:12:52 -07:00
2021-09-28 12:59:24 +01:00
2021-12-09 07:55:42 -08:00
2021-08-31 12:41:47 +01:00
2021-11-03 11:18:46 +00:00
2021-12-06 16:05:11 -08:00
2021-11-16 19:07:54 -08:00
2021-07-21 08:14:33 -07:00
2021-11-16 13:10:35 +00:00
2021-11-16 13:16:54 +00:00
2020-07-09 12:52:37 +02:00
2020-07-24 15:41:54 -07:00
2021-11-24 17:21:42 -08:00
2021-11-15 08:49:23 -08:00
2020-07-19 18:16:41 -07:00
2020-05-06 09:40:08 +02:00
2021-07-02 11:57:01 -07:00
2021-12-09 11:51:45 -08:00
2020-04-28 11:28:36 +02:00
2020-05-06 09:40:08 +02:00
2021-06-09 09:38:52 +02:00