bisecting cause commit starting from 1245008122d7311683d70c05b2eea167a314fb5f building syzkaller on 3e8f6c27551f163a2fd2661e4b3cac126a5e7ef2 testing commit 1245008122d7311683d70c05b2eea167a314fb5f with gcc (GCC) 8.1.0 kernel signature: 006d224b5c43413aad01116e28adaa20b70c00cd17897038a55812243b5fe41c run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #1: crashed: BUG: unable to handle kernel paging request in syscall_enter_from_user_mode run #2: crashed: BUG: unable to handle kernel paging request in syscall_enter_from_user_mode run #3: crashed: BUG: unable to handle kernel paging request in syscall_enter_from_user_mode run #4: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #5: crashed: BUG: unable to handle kernel paging request in syscall_enter_from_user_mode run #6: crashed: BUG: unable to handle kernel paging request in syscall_enter_from_user_mode run #7: crashed: BUG: unable to handle kernel paging request in syscall_enter_from_user_mode run #8: crashed: BUG: unable to handle kernel paging request in syscall_enter_from_user_mode run #9: crashed: BUG: unable to handle kernel paging request in syscall_enter_from_user_mode testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: 5fb27ee79fdc47f8bbca89a98f2e321aeb1eb60fb5a71c16ef3d1c99d87fe885 run #0: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #1: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #2: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #4: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #5: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #6: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #7: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #8: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: b2514121fadd26f0a80bc582d8f16d8895b8eb3409504cc46681b2b80f49ea48 run #0: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #1: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #2: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #3: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #4: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #7: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 42e2f5d52e5561e6ac8edc00250ac2e29e7b893afc3bda8db4b700d5345f7b34 run #0: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #1: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #2: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #3: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #4: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #5: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #6: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: dcc128d12a6144d2c65d58b0e9879bc50d7566cecffc33e2ba6db39a151d0fe8 run #0: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #1: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #2: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #3: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #4: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #5: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #6: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #7: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: 2bade013e3a89b9999760084bfd4b5ef0a483ca899d7e13bfc09110ffb408f44 run #0: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #1: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #2: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #3: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #4: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #5: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #6: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #9: crashed: BUG: unable to handle kernel paging request in syscall_trace_enter testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: 35470e3005832c542636e45334222841fbaea8fefa39b74ba15b881247a1023c run #0: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #1: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #2: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #3: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #4: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #7: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #8: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: b1922f58257472b735f7ababec6dcb32a938c317aa3419a60b16b66f3ea54068 run #0: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #1: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #2: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #3: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #4: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #5: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #6: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #7: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 run #8: crashed: BUG: unable to handle kernel paging request in __bpf_trace_sys_enter run #9: crashed: BUG: unable to handle kernel paging request in bpf_trace_run2 testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: f668e07cba00062e56633e94ce66dd0a36500d87604ad8ec3d269009787d20fb all runs: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 34d7e1c246257794fee4b13241052e8df4a129a39fe967f6ea98fb0526038ebb run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #4: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find run #5: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #9: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find testing release v4.20 testing commit 8fe28cb58bcb235034b64cbbb7550a8a43fd88be with gcc (GCC) 8.1.0 kernel signature: ef00cdc1b63ff39dce7542bd818e004c9add66985a89e8202e33178500de3532 all runs: OK # git bisect start 1c163f4c7b3f621efff9b28a47abb36f7378d783 8fe28cb58bcb235034b64cbbb7550a8a43fd88be Bisecting: 7011 revisions left to test after this (roughly 13 steps) [af7ddd8a627c62a835524b3f5b471edbbbcce025] Merge tag 'dma-mapping-4.21' of git://git.infradead.org/users/hch/dma-mapping testing commit af7ddd8a627c62a835524b3f5b471edbbbcce025 with gcc (GCC) 8.1.0 kernel signature: dfa4590d39175a0e45f6b0b115bbe0861425dde19e2aaea074321e8fc3da5b36 run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #5: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find run #6: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find # git bisect bad af7ddd8a627c62a835524b3f5b471edbbbcce025 Bisecting: 3448 revisions left to test after this (roughly 12 steps) [792bf4d871dea8b69be2aaabdd320d7c6ed15985] Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip testing commit 792bf4d871dea8b69be2aaabdd320d7c6ed15985 with gcc (GCC) 8.1.0 kernel signature: 1800013842ea66c8c5952810e1967826b91ec6e23f7f03a6c72b0e33e5f21352 all runs: OK # git bisect good 792bf4d871dea8b69be2aaabdd320d7c6ed15985 Bisecting: 1729 revisions left to test after this (roughly 11 steps) [aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c] linux/netlink.h: drop unnecessary extern prefix testing commit aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c with gcc (GCC) 8.1.0 kernel signature: e508a49637ba53123b2778d796422d6fe41094075a478dec19b00bcae617b9e9 run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #1: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #4: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find # git bisect bad aa9d6e0f33aea8a1879e7e53fe0e436943f9ce0c Bisecting: 858 revisions left to test after this (roughly 10 steps) [2a95471c3397734ba6869ca3fa084490fb35b40b] Merge branch 'prog_test_run-improvement' testing commit 2a95471c3397734ba6869ca3fa084490fb35b40b with gcc (GCC) 8.1.0 kernel signature: ad23e6a72095c98884acf7b0c1a2b958b635f8ff113631b005143a52d3eb4cb9 all runs: OK # git bisect good 2a95471c3397734ba6869ca3fa084490fb35b40b Bisecting: 412 revisions left to test after this (roughly 9 steps) [addb0679839a1f74da6ec742137558be244dd0e9] Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next testing commit addb0679839a1f74da6ec742137558be244dd0e9 with gcc (GCC) 8.1.0 kernel signature: cc757e43d8b77f250cc3f983c34cb5c3458db1603660e8eca02e259251f79165 run #0: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #1: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #2: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #3: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #4: crashed: KASAN: use-after-free Read in bpf_prog_kallsyms_find run #5: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #6: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #7: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #8: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find run #9: crashed: BUG: unable to handle kernel paging request in bpf_prog_kallsyms_find # git bisect bad addb0679839a1f74da6ec742137558be244dd0e9 Bisecting: 222 revisions left to test after this (roughly 8 steps) [b6f153d3e5a5bfbda17b997bd9e258143aa11809] selftests: mlxsw: Add one-armed router test testing commit b6f153d3e5a5bfbda17b997bd9e258143aa11809 with gcc (GCC) 8.1.0 kernel signature: d97e84eda1679075266eaa5b47e3736fa9255c96c2c55d79e9aa24680eab20a5 all runs: OK # git bisect good b6f153d3e5a5bfbda17b997bd9e258143aa11809 Bisecting: 119 revisions left to test after this (roughly 7 steps) [d8ed257f313f64e9835e61d1365dea95a0a1c9c6] tcp: handle EOR and FIN conditions the same in tcp_tso_should_defer() testing commit d8ed257f313f64e9835e61d1365dea95a0a1c9c6 with gcc (GCC) 8.1.0 kernel signature: e9aca9ba7c72709a98d1d58ecbbfefbbaf10b83003a556c0259803f5587efc02 run #0: crashed: KASAN: use-after-free Read in neigh_mark_dead run #1: crashed: BUG: corrupted list in neigh_mark_dead run #2: crashed: BUG: corrupted list in neigh_mark_dead run #3: crashed: BUG: corrupted list in neigh_mark_dead run #4: crashed: BUG: corrupted list in neigh_mark_dead run #5: crashed: BUG: corrupted list in neigh_mark_dead run #6: crashed: BUG: corrupted list in neigh_mark_dead run #7: crashed: BUG: corrupted list in neigh_mark_dead run #8: crashed: BUG: corrupted list in neigh_mark_dead run #9: OK # git bisect bad d8ed257f313f64e9835e61d1365dea95a0a1c9c6 Bisecting: 51 revisions left to test after this (roughly 6 steps) [6b241e411607a8f78bee74b96655e9d7835ea8ba] Merge branch 'net-aquantia-add-RSS-configuration' testing commit 6b241e411607a8f78bee74b96655e9d7835ea8ba with gcc (GCC) 8.1.0 kernel signature: 37c76a001ea537f68e5b991e426d25b2ca86d82361d08b54fadcce9b1429d40c all runs: OK # git bisect good 6b241e411607a8f78bee74b96655e9d7835ea8ba Bisecting: 25 revisions left to test after this (roughly 5 steps) [c3529177db471b964fbe327ffb801266f0482d64] net: hns3: handle hw errors of SSU testing commit c3529177db471b964fbe327ffb801266f0482d64 with gcc (GCC) 8.1.0 kernel signature: f62ca60100b45dad4ac23f10cff9bbdb4d942963bd39ecb2d47914ad14c39691 all runs: OK # git bisect good c3529177db471b964fbe327ffb801266f0482d64 Bisecting: 12 revisions left to test after this (roughly 4 steps) [120d633f199b264e0ad4c98eedc0564a89171c1d] Merge branch 'platform-data-controls-for-mdio-gpio' testing commit 120d633f199b264e0ad4c98eedc0564a89171c1d with gcc (GCC) 8.1.0 kernel signature: 785c04b9c6ae9feb377db23e2ee24603c507680bc35977d4a5207aa44138ac1e run #0: crashed: BUG: corrupted list in ___neigh_create run #1: crashed: BUG: corrupted list in ___neigh_create run #2: crashed: BUG: corrupted list in neigh_mark_dead run #3: crashed: BUG: corrupted list in neigh_mark_dead run #4: crashed: BUG: corrupted list in neigh_mark_dead run #5: crashed: BUG: corrupted list in neigh_mark_dead run #6: crashed: KASAN: use-after-free Read in neigh_mark_dead run #7: crashed: BUG: corrupted list in neigh_mark_dead run #8: crashed: BUG: corrupted list in neigh_mark_dead run #9: crashed: BUG: corrupted list in neigh_mark_dead # git bisect bad 120d633f199b264e0ad4c98eedc0564a89171c1d Bisecting: 6 revisions left to test after this (roughly 3 steps) [dfe465d33e7fce145746d836ddb31f0e27f28e28] tc-testing: Add new TdcResults module testing commit dfe465d33e7fce145746d836ddb31f0e27f28e28 with gcc (GCC) 8.1.0 kernel signature: 0949c34cb1c07c0c41a2608c657bd5adceff68f9a055664ff4d164afcd65f5f4 run #0: crashed: BUG: corrupted list in ___neigh_create run #1: crashed: KASAN: use-after-free Read in neigh_mark_dead run #2: crashed: KASAN: use-after-free Read in neigh_mark_dead run #3: crashed: BUG: corrupted list in neigh_mark_dead run #4: crashed: BUG: corrupted list in neigh_mark_dead run #5: crashed: BUG: corrupted list in neigh_mark_dead run #6: crashed: BUG: corrupted list in neigh_mark_dead run #7: crashed: BUG: corrupted list in neigh_mark_dead run #8: crashed: BUG: corrupted list in neigh_mark_dead run #9: OK # git bisect bad dfe465d33e7fce145746d836ddb31f0e27f28e28 Bisecting: 2 revisions left to test after this (roughly 2 steps) [58956317c8de52009d1a38a721474c24aef74fe7] neighbor: Improve garbage collection testing commit 58956317c8de52009d1a38a721474c24aef74fe7 with gcc (GCC) 8.1.0 kernel signature: 35e3f31351a0944be4dfca6b6e7a4c4bc5a2ee397a189d6344117160031c97ce run #0: crashed: BUG: corrupted list in neigh_mark_dead run #1: crashed: BUG: corrupted list in ___neigh_create run #2: crashed: BUG: corrupted list in neigh_mark_dead run #3: crashed: BUG: corrupted list in neigh_mark_dead run #4: crashed: BUG: corrupted list in neigh_mark_dead run #5: crashed: BUG: corrupted list in neigh_mark_dead run #6: crashed: BUG: corrupted list in neigh_mark_dead run #7: crashed: BUG: corrupted list in neigh_mark_dead run #8: crashed: KASAN: use-after-free Read in neigh_mark_dead run #9: crashed: BUG: corrupted list in neigh_mark_dead # git bisect bad 58956317c8de52009d1a38a721474c24aef74fe7 Bisecting: 0 revisions left to test after this (roughly 1 step) [12edfdfc79860f42fa493f81518e040376b6a5bc] Merge branch 'hns3-error-handling' testing commit 12edfdfc79860f42fa493f81518e040376b6a5bc with gcc (GCC) 8.1.0 kernel signature: 02b5e1f37392a6e7743edca01714f1f2f794aa7c3eb3f8aacefd3ee70632ebe6 all runs: OK # git bisect good 12edfdfc79860f42fa493f81518e040376b6a5bc 58956317c8de52009d1a38a721474c24aef74fe7 is the first bad commit commit 58956317c8de52009d1a38a721474c24aef74fe7 Author: David Ahern Date: Fri Dec 7 12:24:57 2018 -0800 neighbor: Improve garbage collection The existing garbage collection algorithm has a number of problems: 1. The gc algorithm will not evict PERMANENT entries as those entries are managed by userspace, yet the existing algorithm walks the entire hash table which means it always considers PERMANENT entries when looking for entries to evict. In some use cases (e.g., EVPN) there can be tens of thousands of PERMANENT entries leading to wasted CPU cycles when gc kicks in. As an example, with 32k permanent entries, neigh_alloc has been observed taking more than 4 msec per invocation. 2. Currently, when the number of neighbor entries hits gc_thresh2 and the last flush for the table was more than 5 seconds ago gc kicks in walks the entire hash table evicting *all* entries not in PERMANENT or REACHABLE state and not marked as externally learned. There is no discriminator on when the neigh entry was created or if it just moved from REACHABLE to another NUD_VALID state (e.g., NUD_STALE). It is possible for entries to be created or for established neighbor entries to be moved to STALE (e.g., an external node sends an ARP request) right before the 5 second window lapses: -----|---------x|----------|----- t-5 t t+5 If that happens those entries are evicted during gc causing unnecessary thrashing on neighbor entries and userspace caches trying to track them. Further, this contradicts the description of gc_thresh2 which says "Entries older than 5 seconds will be cleared". One workaround is to make gc_thresh2 == gc_thresh3 but that negates the whole point of having separate thresholds. 3. Clearing *all* neigh non-PERMANENT/REACHABLE/externally learned entries when gc_thresh2 is exceeded is over kill and contributes to trashing especially during startup. This patch addresses these problems as follows: 1. Use of a separate list_head to track entries that can be garbage collected along with a separate counter. PERMANENT entries are not added to this list. The gc_thresh parameters are only compared to the new counter, not the total entries in the table. The forced_gc function is updated to only walk this new gc_list looking for entries to evict. 2. Entries are added to the list head at the tail and removed from the front. 3. Entries are only evicted if they were last updated more than 5 seconds ago, adhering to the original intent of gc_thresh2. 4. Forced gc is stopped once the number of gc_entries drops below gc_thresh2. 5. Since gc checks do not apply to PERMANENT entries, gc levels are skipped when allocating a new neighbor for a PERMANENT entry. By extension this means there are no explicit limits on the number of PERMANENT entries that can be created, but this is no different than FIB entries or FDB entries. Signed-off-by: David Ahern Signed-off-by: David S. Miller Documentation/networking/ip-sysctl.txt | 4 +- include/net/neighbour.h | 3 + net/core/neighbour.c | 119 +++++++++++++++++++++++---------- 3 files changed, 90 insertions(+), 36 deletions(-) culprit signature: 35e3f31351a0944be4dfca6b6e7a4c4bc5a2ee397a189d6344117160031c97ce parent signature: 02b5e1f37392a6e7743edca01714f1f2f794aa7c3eb3f8aacefd3ee70632ebe6 revisions tested: 24, total time: 5h23m10.04027955s (build: 2h28m57.678892947s, test: 2h51m32.874530119s) first bad commit: 58956317c8de52009d1a38a721474c24aef74fe7 neighbor: Improve garbage collection recipients (to): ["corbet@lwn.net" "davem@davemloft.net" "davem@davemloft.net" "dsahern@gmail.com" "linux-doc@vger.kernel.org" "netdev@vger.kernel.org"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: BUG: corrupted list in neigh_mark_dead list_del corruption. next->prev should be ffff88809f3d5d90, but was ffff888091cbfdd0 ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:56! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 4.20.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_power_efficient neigh_periodic_work RIP: 0010:__list_del_entry_valid.cold.1+0x37/0x4a lib/list_debug.c:54 Code: e8 91 13 02 fe 0f 0b 4c 89 ea 48 89 de 48 c7 c7 20 eb 8a 87 e8 7d 13 02 fe 0f 0b 48 89 de 48 c7 c7 80 ec 8a 87 e8 6c 13 02 fe <0f> 0b 48 89 de 48 c7 c7 20 ec 8a 87 e8 5b 13 02 fe 0f 0b 48 89 d9 RSP: 0018:ffff8880aa3c7c88 EFLAGS: 00010282 RAX: 0000000000000054 RBX: ffff88809f3d5d90 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff878aea20 RDI: ffffffff8a386c60 RBP: ffff8880aa3c7ca0 R08: ffffed1015d25029 R09: ffffed1015d25028 R10: ffffed1015d25028 R11: ffff8880ae928147 R12: ffff88809730a750 R13: ffffffff89273d60 R14: ffff88809f3d5b28 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000746138 CR3: 00000000a0184000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __list_del_entry include/linux/list.h:117 [inline] list_del_init include/linux/list.h:159 [inline] neigh_mark_dead+0x86/0x210 net/core/neighbour.c:125 neigh_periodic_work+0x56f/0x870 net/core/neighbour.c:905 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace 6607e63b61a31855 ]--- RIP: 0010:__list_del_entry_valid.cold.1+0x37/0x4a lib/list_debug.c:54 Code: e8 91 13 02 fe 0f 0b 4c 89 ea 48 89 de 48 c7 c7 20 eb 8a 87 e8 7d 13 02 fe 0f 0b 48 89 de 48 c7 c7 80 ec 8a 87 e8 6c 13 02 fe <0f> 0b 48 89 de 48 c7 c7 20 ec 8a 87 e8 5b 13 02 fe 0f 0b 48 89 d9 RSP: 0018:ffff8880aa3c7c88 EFLAGS: 00010282 RAX: 0000000000000054 RBX: ffff88809f3d5d90 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff878aea20 RDI: ffffffff8a386c60 RBP: ffff8880aa3c7ca0 R08: ffffed1015d25029 R09: ffffed1015d25028 R10: ffffed1015d25028 R11: ffff8880ae928147 R12: ffff88809730a750 R13: ffffffff89273d60 R14: ffff88809f3d5b28 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000746138 CR3: 000000000866a000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400