Re: suspicious RCU usage at ./include/linux/inetdevice.h:LINE
On Thu, Nov 02, 2017 at 03:53:38AM -0700, syzbot wrote: > Hello, > > syzkaller hit the following crash on > ce43f4fd6f103681c7485c2b1967179647e73555 > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is attached > Raw console output is attached. > > > > > > = > WARNING: suspicious RCU usage > 4.14.0-rc5+ #140 Not tainted > - > ./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected() > usage! > > other info that might help us debug this: > > > rcu_scheduler_active = 2, debug_locks = 1 > 1 lock held by syz-executor2/23859: > #0: (rcu_read_lock){}, at: [] > inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738 > > stack backtrace: > CPU: 0 PID: 23859 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:16 [inline] > dump_stack+0x194/0x257 lib/dump_stack.c:52 > lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665 > __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline] > fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377 > inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 > rtnetlink_rcv_msg+0x51c/0x1090 net/core/rtnetlink.c:4237 > netlink_rcv_skb+0x216/0x440 net/netlink/af_netlink.c:2409 > rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4261 > netlink_unicast_kernel net/netlink/af_netlink.c:1273 [inline] > netlink_unicast+0x4e8/0x6f0 net/netlink/af_netlink.c:1299 > netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1862 > sock_sendmsg_nosec net/socket.c:633 [inline] > sock_sendmsg+0xca/0x110 net/socket.c:643 > sock_write_iter+0x31a/0x5d0 net/socket.c:912 > call_write_iter include/linux/fs.h:1770 [inline] > new_sync_write fs/read_write.c:468 [inline] > __vfs_write+0x684/0x970 fs/read_write.c:481 > vfs_write+0x189/0x510 fs/read_write.c:543 > SYSC_write fs/read_write.c:588 [inline] > SyS_write+0xef/0x220 fs/read_write.c:580 > entry_SYSCALL_64_fastpath+0x1f/0xbe > RIP: 0033:0x452719 > RSP: 002b:7fd087b03be8 EFLAGS: 0212 ORIG_RAX: 0001 > RAX: ffda RBX: 00758020 RCX: 00452719 > RDX: 0024 RSI: 20226000 RDI: 0014 > RBP: 0082 R08: R09: > R10: R11: 0212 R12: > R13: 00a6f7ff R14: 7fd087b049c0 R15: No longer seeing this crash. I assume it was fixed by the following commit (thanks Florian!), so telling syzbot: #syz fix: fib: fib_dump_info can no longer use __in_dev_get_rtnl
Re: suspicious RCU usage at ./include/linux/inetdevice.h:LINE
On Thu, Nov 2, 2017 at 12:06 PM, Florian Westphalwrote: > Cong Wang wrote: >> > CPU: 0 PID: 23859 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140 >> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >> > Google 01/01/2011 >> > Call Trace: >> > __dump_stack lib/dump_stack.c:16 [inline] >> > dump_stack+0x194/0x257 lib/dump_stack.c:52 >> > lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665 >> > __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline] >> > fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377 >> > inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 >> >> This is introduced by: >> >> commit 394f51abb3d04f33fb798f04b16ae6b0491ea4ec >> Author: Florian Westphal >> Date: Tue Aug 15 16:34:44 2017 +0200 >> >> ipv4: route: set ipv4 RTM_GETROUTE to not use rtnl >> >> Signed-off-by: Florian Westphal >> Signed-off-by: David S. Miller >> >> Looks like we need a wrapper for rcu_dereference_protected(dev->ip_ptr). > > Yes, thats the alternative to > https://patchwork.ozlabs.org/patch/833401/ > > which switches to _rcu version. Yeah, that works too.
Re: suspicious RCU usage at ./include/linux/inetdevice.h:LINE
Cong Wangwrote: > > CPU: 0 PID: 23859 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > Google 01/01/2011 > > Call Trace: > > __dump_stack lib/dump_stack.c:16 [inline] > > dump_stack+0x194/0x257 lib/dump_stack.c:52 > > lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665 > > __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline] > > fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377 > > inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 > > This is introduced by: > > commit 394f51abb3d04f33fb798f04b16ae6b0491ea4ec > Author: Florian Westphal > Date: Tue Aug 15 16:34:44 2017 +0200 > > ipv4: route: set ipv4 RTM_GETROUTE to not use rtnl > > Signed-off-by: Florian Westphal > Signed-off-by: David S. Miller > > Looks like we need a wrapper for rcu_dereference_protected(dev->ip_ptr). Yes, thats the alternative to https://patchwork.ozlabs.org/patch/833401/ which switches to _rcu version.
Re: suspicious RCU usage at ./include/linux/inetdevice.h:LINE
On Thu, Nov 2, 2017 at 3:53 AM, syzbotwrote: > Hello, > > syzkaller hit the following crash on > ce43f4fd6f103681c7485c2b1967179647e73555 > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is attached > Raw console output is attached. > > > > > > = > WARNING: suspicious RCU usage > 4.14.0-rc5+ #140 Not tainted > - > ./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected() > usage! > > other info that might help us debug this: > > > rcu_scheduler_active = 2, debug_locks = 1 > 1 lock held by syz-executor2/23859: > #0: (rcu_read_lock){}, at: [] > inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738 > > stack backtrace: > CPU: 0 PID: 23859 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:16 [inline] > dump_stack+0x194/0x257 lib/dump_stack.c:52 > lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665 > __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline] > fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377 > inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 This is introduced by: commit 394f51abb3d04f33fb798f04b16ae6b0491ea4ec Author: Florian Westphal Date: Tue Aug 15 16:34:44 2017 +0200 ipv4: route: set ipv4 RTM_GETROUTE to not use rtnl Signed-off-by: Florian Westphal Signed-off-by: David S. Miller Looks like we need a wrapper for rcu_dereference_protected(dev->ip_ptr).