----- Original Message -----
> Hello,
>
> I've got the following report while running syzkaller fuzzer on mmotm
> (git://git.kernel.org/pub/scm/linux/kernel/git/mhocko/mm.git)
> remotes/mmotm/auto-latest ee4ba7533626ba7bf2f8b992266467ac9fdc045e:
>
[...]
>
> other info that might help us debug this:
>
> Possible interrupt unsafe locking scenario:
>
> CPU0 CPU1
> ---- ----
> lock(&(&r->consumer_lock)->rlock);
> local_irq_disable();
> lock(&(&r->producer_lock)->rlock);
> lock(&(&r->consumer_lock)->rlock);
> <Interrupt>
> lock(&(&r->producer_lock)->rlock);
>
Thanks a lot for the testing.
Looks like we could address this by using skb_array_consume_bh() instead.
Could you pls verify if the following patch works?
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 8a7d6b9..a97c00d 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -520,7 +520,7 @@ static void tun_queue_purge(struct tun_file *tfile)
{
struct sk_buff *skb;
- while ((skb = skb_array_consume(&tfile->tx_array)) != NULL)
+ while ((skb = skb_array_consume_bh(&tfile->tx_array)) != NULL)
kfree_skb(skb);
skb_queue_purge(&tfile->sk.sk_write_queue);
@@ -1458,7 +1458,7 @@ static struct sk_buff *tun_ring_recv(struct tun_file
*tfile, int noblock,
struct sk_buff *skb = NULL;
int error = 0;
- skb = skb_array_consume(&tfile->tx_array);
+ skb = skb_array_consume_bh(&tfile->tx_array);
if (skb)
goto out;
if (noblock) {
@@ -1470,7 +1470,7 @@ static struct sk_buff *tun_ring_recv(struct tun_file
*tfile, int noblock,
current->state = TASK_INTERRUPTIBLE;
while (1) {
- skb = skb_array_consume(&tfile->tx_array);
+ skb = skb_array_consume_bh(&tfile->tx_array);
if (skb)
break;
if (signal_pending(current)) {
