Received: by 10.213.65.68 with SMTP id h4csp1239077imn; Thu, 22 Mar 2018 19:52:52 -0700 (PDT) X-Google-Smtp-Source: AG47ELtR1sCEsFer/7U8jYVxZXW4/iKDLVICaXHlo5zLFC0mSAvwwMQWu9s/hxOkKxGKDXuVyCfJ X-Received: by 10.99.174.6 with SMTP id q6mr3977493pgf.179.1521773572427; Thu, 22 Mar 2018 19:52:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521773572; cv=none; d=google.com; s=arc-20160816; b=nU7pekgfLvtd8N3dQKtOS6pzUVv59WK2xwKPBj65uZbzPmEMsMZKJHlD+WI15GtM4J tD4WxCb+epS4abKygtT0BXwJGe+o91SpCsf/Qw3tbKvWpZuFlZu+gHOCfLAO4+w3xR5t hFAUWxOGrgeUhYL/gWYUkfuf9oCTba+55p9FnMHroXefcW6mBUJJRtdRkltrW4aZkwE6 afgrpQqYrqiNP7y4NWWHgFplldjw+mJ65q64zONk/XrsqsCJhsvaSpUOKKZsBpSa1z87 GXuJtKFEoqSZcPsJFRERF+rXZyQQTWyPKnOlY21V/M7EgwMjegnB2U+LBZRYR7R1pGeA 5/8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :mime-version:dkim-signature:arc-authentication-results; bh=9i5HcV2XzcR+kMEQWr72wAblQoxgTuT6EunEacT3X7c=; b=Frioo/eAIKkj8EYKBFbVoIgZTJYLOMki2LjaJcrsCrlxr+13WCLXDtAUW8TFZA37n0 pLtgSIuw8mui3d0qm5NoTy3cdFcVURUKsIcxmaHokkOTcEiCoxguPOk1jo32TkYrWgwb ZVNsoC6UT8TSgenjCfKK3lldz/sv20ToxrrXbBioeT/SU0oFVV7uuD67TzjDDr2jpOUi JbgTnCQvxmFZproP3J8k7dicjRUn2o9Bv22yPZgGygF3x7ZrJZGHD9RJbjjqTcbv6gmV jaqWTwqCfPY+tDRBDzC0uy4nvpLSFmEtpY0ECkYInKHYpVmhdlKECeiua1I2NZbg2vAY O0tA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=u6kdjDWQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n61-v6si1264406plb.112.2018.03.22.19.52.22; Thu, 22 Mar 2018 19:52:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=u6kdjDWQ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751879AbeCWCva (ORCPT + 99 others); Thu, 22 Mar 2018 22:51:30 -0400 Received: from mail-io0-f177.google.com ([209.85.223.177]:33887 "EHLO mail-io0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751844AbeCWCvZ (ORCPT ); Thu, 22 Mar 2018 22:51:25 -0400 Received: by mail-io0-f177.google.com with SMTP id r18so13423315ioa.1 for ; Thu, 22 Mar 2018 19:51:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=9i5HcV2XzcR+kMEQWr72wAblQoxgTuT6EunEacT3X7c=; b=u6kdjDWQRmohUGmgYqQ59SE2G49j8Ar6Ezb8DOKxqVoDc2QoY5TgGSjLNSnecf6p/6 k0K87V284bKQ/QVpQK5t0aHzAr/Lp9SrmaU1G31brObm5KXaqcMnObjn8ybh8F5ChzK4 QxP+HivBcwCjTsUoso+zcB1dHB1xPDD2RTOmXKStaOO+k2yse/EBID2eykKhMV5roz1l ijwuMyLkbi8NISxu2gnd3BO8bP6iJkMqnnkJN2CHbOy7XrJHcfNDI6QcdMMMT/uc49zg GG1n9y9a/4Y9K4S0+sGjBuNBT9elHeMUaAHBJznheT2nR16No/vOlHTnfBsX8nllGq64 /zwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=9i5HcV2XzcR+kMEQWr72wAblQoxgTuT6EunEacT3X7c=; b=i/DBQP+uuqY6OWJl5BubEAtSvkB67oZ2hBsIswCKjGuJzZgpKkCJhfSOdtbqOVa7AK /jmTbzGdcvIr+QUL+48Bb+BsMUXyp5YpNPk8mZkUrblUL0bl6buqX5ppgyuwFhZQTzh3 d9fCrkgJhaiS8jVCuxDaxAfZXj/ESa7mwItMx8yAY9eGXyUrSu7ScFbAYC82Wqt8cFCU zJ/g996hct+4cOzkafLO0m403h1ITLwmW2Iy80f5yNkf32o2j0yizybdEr5WuPL+jIl/ vLxTiNgEh43bOC3QtOulctZf4uQk4tCltJLExxFm75lGDORH1OcJGm6QPQTzz8e9CFf8 FF1w== X-Gm-Message-State: AElRT7H0VcWFdD5h4sBgYrY/ikeZyxePLUCFXkfMZGM9nH9UehwCy7O+ 9bnpa603V95bHWyngG21DV4968hb7lfnF1e+YTU+yA== X-Received: by 10.107.19.144 with SMTP id 16mr27576852iot.276.1521773484576; Thu, 22 Mar 2018 19:51:24 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.11.158 with HTTP; Thu, 22 Mar 2018 19:51:23 -0700 (PDT) From: Joel Fernandes Date: Thu, 22 Mar 2018 19:51:23 -0700 Message-ID: Subject: syzbot rcu/debugobjects warning To: Paul McKenney , Thomas Gleixner Cc: LKML , Todd Poynor Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Paul, Thomas, I received a crash report from syzbot on the android 4.9 kernel and I am looking into it, it seems the debugobjects subsystem is warning that a certain RCU structure is not allocated on the stack, but is annotated to be. ------------[ cut here ]------------ WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:300 debug_object_is_on_stack lib/debugobjects.c:300 [inline] WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:300 __debug_object_init+0x526/0xc40 lib/debugobjects.c:326 [...] [ 150.631700] [] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [] panic+0x1bc/0x3a8 kernel/panic.c:179 [] __warn+0x1c4/0x1e0 kernel/panic.c:542 [] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585 [] debug_object_is_on_stack lib/debugobjects.c:300 [inline] [] __debug_object_init+0x526/0xc40 lib/debugobjects.c:326 [] debug_object_init_on_stack+0x19/0x20 lib/debugobjects.c:378 [] init_rcu_head_on_stack kernel/rcu/update.c:403 [inline] [] __wait_rcu_gp+0x93/0x1b0 kernel/rcu/update.c:358 [] synchronize_rcu.part.65+0x101/0x110 kernel/rcu/tree_plugin.h:678 [] synchronize_rcu+0x27/0x90 kernel/rcu/tree_plugin.h:679 [] __l2tp_session_unhash+0x3d5/0x550 net/l2tp/l2tp_core.c:1792 The full report is here: https://syzkaller.appspot.com/bug?extid=e6a19b585ab2dba3eee8 It seems as per the code that the structure is on the stack so its weird why debugobjects thinks its not. The object in question is allocated on the stack by the __wait_rcu_gp macro when its called from synchronize_rcu: #define _wait_rcu_gp(checktiny, ...) \ do { \ call_rcu_func_t __crcu_array[] = { __VA_ARGS__ }; \ struct rcu_synchronize __rs_array[ARRAY_SIZE(__crcu_array)]; \ __wait_rcu_gp(checktiny, ARRAY_SIZE(__crcu_array), \ __crcu_array, __rs_array); \ } while (0) Any debug ideas or thoughts about it? thanks for any help, - Joel