Received: by 10.213.65.68 with SMTP id h4csp516775imn; Fri, 23 Mar 2018 09:25:31 -0700 (PDT) X-Google-Smtp-Source: AG47ELtWwzLaMfB6U5lWEyHRgIEptefVUqHuNbPaQ0kbhIGs17zGtHVLvziwRgo2J0H663unn0Ob X-Received: by 10.99.181.78 with SMTP id u14mr21385662pgo.205.1521822331581; Fri, 23 Mar 2018 09:25:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521822331; cv=none; d=google.com; s=arc-20160816; b=GVbiU6a8mVhR7H2dyBoIoz9c5w78REU1VpDQOF7OuxmB1LUQP8Yo1Fp+Fh8q0UmT+B 9fajIHSzxNM+mLblIIPhjqFgfWprmOo25g8zPTpp56PnXaM6tfSvdsJW3WRFZVAiv8is bG1ALfO7LgkFd/Qh3XleiVz4VrXAnb0Nv3vcjSfBNklJCF8xT/HsoJ3+zIWPwrnrVijT 0apArzTri9sneql+ei5Yyt5S01n4JJgbJTl5IDmIA7cMTzx2pW/kUNQ3LYBJOWiGHVMp UDjiIUj08f1qWHlk+D8svwzJyGHhWyx+d2D1YjQCHGU/Wo7MFeEghscWnoTScoHoSvDS vU9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=UWvge2NEiOmeazTRgkzMYO6pAL0IP2JkSCYHEsGuNwg=; b=R+g6+sH+8jH+MDetgmlCWyGp1Xx2oR8sbD3+NBhgucWLJBv/URzosC5FL3U7dLaKDn sLIMiwrZkTE+2oFIqlg43dKiUN997C8EHG9QdiTZmj37rIPdNTUa/tfg/eI/DtViqr44 7aeTisi08fmpjoQ4RdYBuigO4hJV9V6THD5QIXqKWsNBAQoMFO8G1KLuYP4zBDLaxkB6 UswyIxxoEwtaFlq4wGKB+fVeT8zP9clHZam9XRo0WnIZdsUPf8Mid3an2/rq4/q0Zf/Y WyGiKDvTELJn0d9IYSc1AkhBdj0np9ZpamP8F8J9Bi6gcnMhbNQq6Y/Ao8a/oRskpJF4 keDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uz435aT8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x4si6373636pgq.11.2018.03.23.09.25.16; Fri, 23 Mar 2018 09:25:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=uz435aT8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752101AbeCWQYG (ORCPT + 99 others); Fri, 23 Mar 2018 12:24:06 -0400 Received: from mail-io0-f169.google.com ([209.85.223.169]:39326 "EHLO mail-io0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751976AbeCWQYE (ORCPT ); Fri, 23 Mar 2018 12:24:04 -0400 Received: by mail-io0-f169.google.com with SMTP id v13so15797031iob.6 for ; Fri, 23 Mar 2018 09:24:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UWvge2NEiOmeazTRgkzMYO6pAL0IP2JkSCYHEsGuNwg=; b=uz435aT8tUjclJ19a3YNS0ty0M5A7R00C7kyUi8v7Sbr40GOiIaf/7rjiNGa8YV8kQ sIhULppsqEzkAvpOo604uOukbfM/sIQrrBGMri4sNOFV1MaOLAOlYWXgciHstDv9deEf RmrX3ufKmSVJuA00wqeHs1M20IeHScw2a1mGbQFxHCD6hZYLBTLf2uvC3gMaexAGuF/w w+E7hEAFB62ga840WGfV47eMww/SKPEylilkXF8c8sNNx/PMPcn5w0vdvw21EjAzSMjW 7LDR5YTFi/YjNCYTLJRVBJOqENyd9DUY7aC6ujC7j5j5SPeIjOXVrnsNaGhJRkppTkvr nFDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UWvge2NEiOmeazTRgkzMYO6pAL0IP2JkSCYHEsGuNwg=; b=s0hLdIaVGtcF19FOMKa9gzbrbtWeE4s7lDOb/e76oqQPVfAhn9P4ia2KxAmZZ4ptrs 831yw5VVqXrglBCpqid8rsv8vIHG6kbGOS//EP0eZmlInCc8hYjwTvNTBeKFeypVklts 9eqNleE7HOc6AReKlQlYdGx3bUpHlIowTXJbnCZ+Wgy9tYyBhkC9FQnLYO9fPNBO5wjP 8nhUGaIew4HWG2RTr8RIaxPS+44wbZNtI7pSijL5RLskKY9RHlHNeqj0dHYRIJC2V5DI m+Fknl83hchfmZvwHzJHSHm+xr6qEOQ8enbN6iHoELh4S1zuJQXdNfz0Jw0I8FuYl/tw HQ/g== X-Gm-Message-State: AElRT7EmWIRmC4yiHCHhN0pu6YuiE9rdpJnxWbmszW8cWxdcuy+choEh dceCKsLlkBn6La5pH2Dta8LKmBu5HmpgHjb9e0zoPg== X-Received: by 10.107.19.144 with SMTP id 16mr29917807iot.276.1521822243473; Fri, 23 Mar 2018 09:24:03 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.11.158 with HTTP; Fri, 23 Mar 2018 09:24:02 -0700 (PDT) In-Reply-To: References: From: Joel Fernandes Date: Fri, 23 Mar 2018 09:24:02 -0700 Message-ID: Subject: Re: syzbot rcu/debugobjects warning To: Thomas Gleixner Cc: Paul McKenney , LKML , Todd Poynor Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 23, 2018 at 2:11 AM, Thomas Gleixner wrote: > On Thu, 22 Mar 2018, Joel Fernandes wrote: > >> Hi Paul, Thomas, >> >> I received a crash report from syzbot on the android 4.9 kernel and I >> am looking into it, it seems the debugobjects subsystem is warning >> that a certain RCU structure is not allocated on the stack, but is >> annotated to be. >> >> ------------[ cut here ]------------ >> WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:300 >> debug_object_is_on_stack lib/debugobjects.c:300 [inline] >> WARNING: CPU: 1 PID: 0 at lib/debugobjects.c:300 >> __debug_object_init+0x526/0xc40 lib/debugobjects.c:326 >> [...] >> [ 150.631700] [] dump_stack+0xc1/0x128 >> lib/dump_stack.c:51 >> [] panic+0x1bc/0x3a8 kernel/panic.c:179 >> [] __warn+0x1c4/0x1e0 kernel/panic.c:542 >> [] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585 >> [] debug_object_is_on_stack lib/debugobjects.c:300 [inline] >> [] __debug_object_init+0x526/0xc40 lib/debugobjects.c:326 >> [] debug_object_init_on_stack+0x19/0x20 >> lib/debugobjects.c:378 >> [] init_rcu_head_on_stack kernel/rcu/update.c:403 [inline] >> [] __wait_rcu_gp+0x93/0x1b0 kernel/rcu/update.c:358 >> [] synchronize_rcu.part.65+0x101/0x110 >> kernel/rcu/tree_plugin.h:678 >> [] synchronize_rcu+0x27/0x90 kernel/rcu/tree_plugin.h:679 >> [] __l2tp_session_unhash+0x3d5/0x550 >> net/l2tp/l2tp_core.c:1792 >> >> The full report is here: >> https://syzkaller.appspot.com/bug?extid=e6a19b585ab2dba3eee8 > > This is beyond useless. That brings me to a google 'Sign in' page. Please > use accessible storage. That information is hardly secrit. Sorry. Here is the raw crash log: https://pastebin.com/raw/puvh0cXE (The kernel logs are toward the end with the above). > >> It seems as per the code that the structure is on the stack so its >> weird why debugobjects thinks its not. >> The object in question is allocated on the stack by the __wait_rcu_gp >> macro when its called from synchronize_rcu: >> >> #define _wait_rcu_gp(checktiny, ...) \ >> do { \ >> call_rcu_func_t __crcu_array[] = { __VA_ARGS__ }; \ >> struct rcu_synchronize __rs_array[ARRAY_SIZE(__crcu_array)]; \ >> __wait_rcu_gp(checktiny, ARRAY_SIZE(__crcu_array), \ >> __crcu_array, __rs_array); \ >> } while (0) >> >> >> Any debug ideas or thoughts about it? > > I assume it emitted: > pr_warn("object is not on stack, but annotated\n"); > Yes that is the warning. > before dumping the WARN_ON(). Right? If so, then you might have run into a > stack corruption. But hard to tell. Please add something like this: > > pr_warn("object %p is not on stack %p, but annotated\n", obj, > task_stack_page(current)); Sounds good, I will make this change into android-4.9 kernel for debug purpose and hopefully the bot hits it soon (that's likely since its been reported many times). Will let you know once we hit it. Thanks a lot for the ideas, - Joel