Received: by 10.213.65.68 with SMTP id h4csp182018imn; Fri, 23 Mar 2018 02:12:36 -0700 (PDT) X-Google-Smtp-Source: AG47ELvRb6g/NbxrJm2l1OD0Xe++GIfp3WY/DJKDxtFkBCmhIeIvrToqosvU7nXjFcjkynEZbW4B X-Received: by 2002:a17:902:526:: with SMTP id 35-v6mr29410657plf.276.1521796356058; Fri, 23 Mar 2018 02:12:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521796356; cv=none; d=google.com; s=arc-20160816; b=sKv8kgkg6se7TEkCQwjzptGmeYUB9YQBpx3fhyuMdUjph3YyBKPKjSS+iralVMrYJW PwJkdfxDsJYPOH3JGT9FmeJxcSamxTm8kkPnTxhq9xXL2sRXLHXEt9Wp+n/uzin3zy37 jXMekgKKFQgLZeN8/DDZTwvgx4JV+BV3cOnLA1dk1vmOIcrl71G0pggTWHjGsVmXXpaz 3scBReL88AaGqqJ8SVg3cdm5dxgT5jdeYbv+LeX94diz5RRg300K6uD641TaatwvJvU0 TMWpreR9gy4g14GUKeCaNnTNtkEFXJ8ZKrXlbqKvKIYF5aAmqTl0nR1oDp35OVpOT9fT RZQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=WaiimH7AvtzdeTwaGOeZst7+61HcJizB8KH/6IzbZcw=; b=nvqTI8yiBGws2SKjsTtRYTR8p4lllKICunNCEXwNMLre6iYZ4zsnKP8QgQKeOiZjx7 ZPmWfDC9RkYNY27HOJQ0oX8p34KaKCiHtFv1uSw+zSziYL8/TGcmOTCX35MOGtMOYB1l AuMw/zbIHz5r+8lPGlNI7dXPkEZ2DN/XvzL67qtZye3quSUX63hzAYQNeAuORvj+V8zI r+rvTIL2ZOSt2gP/w1aXHAzayTb7W2M02JqTcRPgic5m2O0K6YVxatCZtWIrpTVEXMXE qZElgq6pOemOKvNBXZWKrHILaxaVy+Kft2B3N5dRTvdaD3xtysSlMDjb/qGwAo+/CxOt BgPQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g6-v6si8799795plt.580.2018.03.23.02.12.20; Fri, 23 Mar 2018 02:12:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751959AbeCWJLV (ORCPT + 99 others); Fri, 23 Mar 2018 05:11:21 -0400 Received: from Galois.linutronix.de ([146.0.238.70]:40882 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751668AbeCWJLU (ORCPT ); Fri, 23 Mar 2018 05:11:20 -0400 Received: from hsi-kbw-5-158-153-52.hsi19.kabel-badenwuerttemberg.de ([5.158.153.52] helo=nanos.tec.linutronix.de) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1ezIjG-0005Ew-Uu; Fri, 23 Mar 2018 10:11:19 +0100 Date: Fri, 23 Mar 2018 10:11:18 +0100 (CET) From: Thomas Gleixner To: Joel Fernandes cc: Paul McKenney , LKML , Todd Poynor Subject: Re: syzbot rcu/debugobjects warning In-Reply-To: Message-ID: References: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 22 Mar 2018, Joel Fernandes wrote: > Hi Paul, Thomas, > > I received a crash report from syzbot on the android 4.9 kernel and I > am looking into it, it seems the debugobjects subsystem is warning > that a certain RCU structure is not allocated on the stack, but is > annotated to be. > > ------------[ cut here ]------------ > WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:300 > debug_object_is_on_stack lib/debugobjects.c:300 [inline] > WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:300 > __debug_object_init+0x526/0xc40 lib/debugobjects.c:326 > [...] > [ 150.631700] [] dump_stack+0xc1/0x128 > lib/dump_stack.c:51 > [] panic+0x1bc/0x3a8 kernel/panic.c:179 > [] __warn+0x1c4/0x1e0 kernel/panic.c:542 > [] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585 > [] debug_object_is_on_stack lib/debugobjects.c:300 [inline] > [] __debug_object_init+0x526/0xc40 lib/debugobjects.c:326 > [] debug_object_init_on_stack+0x19/0x20 > lib/debugobjects.c:378 > [] init_rcu_head_on_stack kernel/rcu/update.c:403 [inline] > [] __wait_rcu_gp+0x93/0x1b0 kernel/rcu/update.c:358 > [] synchronize_rcu.part.65+0x101/0x110 > kernel/rcu/tree_plugin.h:678 > [] synchronize_rcu+0x27/0x90 kernel/rcu/tree_plugin.h:679 > [] __l2tp_session_unhash+0x3d5/0x550 > net/l2tp/l2tp_core.c:1792 > > The full report is here: > https://syzkaller.appspot.com/bug?extid=e6a19b585ab2dba3eee8 This is beyond useless. That brings me to a google 'Sign in' page. Please use accessible storage. That information is hardly secrit. > It seems as per the code that the structure is on the stack so its > weird why debugobjects thinks its not. > The object in question is allocated on the stack by the __wait_rcu_gp > macro when its called from synchronize_rcu: > > #define _wait_rcu_gp(checktiny, ...) \ > do { \ > call_rcu_func_t __crcu_array[] = { __VA_ARGS__ }; \ > struct rcu_synchronize __rs_array[ARRAY_SIZE(__crcu_array)]; \ > __wait_rcu_gp(checktiny, ARRAY_SIZE(__crcu_array), \ > __crcu_array, __rs_array); \ > } while (0) > > > Any debug ideas or thoughts about it? I assume it emitted: pr_warn("object is not on stack, but annotated\n"); before dumping the WARN_ON(). Right? If so, then you might have run into a stack corruption. But hard to tell. Please add something like this: pr_warn("object %p is not on stack %p, but annotated\n", obj, task_stack_page(current)); Thanks, tglx