Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3811082imu; Tue, 18 Dec 2018 04:41:58 -0800 (PST) X-Google-Smtp-Source: AFSGD/VxXOSUmFUhTaXnUIsf4Zqu/4c/PimxsCt1R1aNYMuR9vuKBqBwnigx5tMDqEjvGGO/DoMe X-Received: by 2002:a17:902:108a:: with SMTP id c10mr7475614pla.131.1545136918348; Tue, 18 Dec 2018 04:41:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545136918; cv=none; d=google.com; s=arc-20160816; b=Xi46BPV/XExVKqvx84yyby4nmuNXqiviaNk+ZLy5echNiuoP46pxFNP1J6k3Xcu4W7 5PT7AjcqSACH6wsgVoa+K2JiwOdFA8+mj0CGrp+/DpqyJwtI/ETgHTXwWYNwTvalTK6I jsaijjOeKBbwaZFwVbcS0kdKNPl68wokCcrKiyU8grpp0RAVXRHqR8K4LRLFNXOGgCJJ azbYIm8wnayalHLM2zWtPxCNsTziPN9vqoN++AltpO+912RXaLu83bEnyJz+ufVkulm4 xQGiCalMQ+NHtxAX+CuWYl90NbWQSenWK8bEAkZd17IOBhYDc0eoROUNoTYovfWC0Ml3 jJ9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=v1dVWN2vKLPhCfk2sgat9Z1ST5ZcfaJsks0bNH2bDqc=; b=phE+mND/DeRKplGVHV6oMNlZhr7FOa/bsey6xuoSZMqBdlU57g6C45eddGBbTeKJOs 6Euf2sjpqAqUohFJj1Yu9RICj61MQw2IoKmFdgv8Y06ajJ0ReDQA6wEn8qF0QqeyqBbp e7vkjRi2FBXW0UCdc2IbT2LCKXVYOdSVPg9x+f3YdoeVNP4kMBOk1Rhi84QwPaayMRaa OF+4LMOl6rZsfkAc/Oh98VRPTdNOC2v+G7IAvjUxAMS1UBRLinIDM1Q1+P/QACo5y6a9 fLBBEAwBfzd1w2sZZT3O6h6A7iCXwbJTWahr1TrasoeJ2pplBvpFDbFFlZhp6BaxzfDK z7Mw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y123si14134781pfy.18.2018.12.18.04.41.43; Tue, 18 Dec 2018 04:41:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726589AbeLRMkf (ORCPT + 99 others); Tue, 18 Dec 2018 07:40:35 -0500 Received: from mx1.redhat.com ([209.132.183.28]:51398 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726379AbeLRMke (ORCPT ); Tue, 18 Dec 2018 07:40:34 -0500 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C5B24C0AF7B0; Tue, 18 Dec 2018 12:40:33 +0000 (UTC) Received: from localhost (ovpn-200-20.brq.redhat.com [10.40.200.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 773A65C689; Tue, 18 Dec 2018 12:40:29 +0000 (UTC) Date: Tue, 18 Dec 2018 13:40:24 +0100 From: Stefano Brivio To: Dmitry Vyukov Cc: Eric Dumazet , Arjan van de Ven , "Paul E. McKenney" , syzbot , Andrew Morton , Josh Triplett , LKML , Ingo Molnar , syzkaller-bugs , netdev , Cong Wang , Xin Long Subject: Re: WARNING in __rcu_read_unlock Message-ID: <20181218134024.45d2d5e3@redhat.com> In-Reply-To: References: <0000000000005e47a2057d0edc49@google.com> <20181216190412.GE4170@linux.ibm.com> <20181217112916.GG4170@linux.ibm.com> <1583d5fc-34bf-3a81-363d-01a1085a7363@linux.intel.com> <20641819-e4fb-f3bd-34c8-c68106cccd0e@gmail.com> <20181217162421.6d636ee5@redhat.com> <20181218001828.49cea463@redhat.com> Organization: Red Hat MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 18 Dec 2018 12:40:34 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 18 Dec 2018 09:49:17 +0100 Dmitry Vyukov wrote: > On Tue, Dec 18, 2018 at 12:18 AM Stefano Brivio wrote: > > > > On Mon, 17 Dec 2018 16:53:36 +0100 > > Dmitry Vyukov wrote: > > > > > On Mon, Dec 17, 2018 at 4:24 PM Stefano Brivio wrote: > > > > > > > > On Mon, 17 Dec 2018 06:57:35 -0800 > > > > Eric Dumazet wrote: > > > > > > > > > Might be cause by commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e > > > > > fou, fou6: ICMP error handlers for FoU and GUE > > > > > > > > This: > > > > > > > > diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c > > > > index 0d0ad19ecb87..20a6de26d146 100644 > > > > --- a/net/ipv4/fou.c > > > > +++ b/net/ipv4/fou.c > > > > @@ -1008,6 +1008,9 @@ static int gue_err_proto_handler(int proto, struct sk_buff *skb, u32 info) > > > > { > > > > const struct net_protocol *ipprot = rcu_dereference(inet_protos[proto]); > > > > > > > > + if (ipprot == IPPROTO_UDP) > > > > + return -EINVAL; > > > > + > > > > if (ipprot && ipprot->err_handler) { > > > > if (!ipprot->err_handler(skb, info)) > > > > return 0; > > > > > > > > should fix the issue, but I still have to run tests and make sure we > > > > don't hit similar cases. > > > > > > Please don't forget to add a regression test for it too ;) > > > > Where would you suggest to add this? The only selftest that goes > > I dunno. But there must be some place for such tests, right? Not as far as I know. The selftests checking this path, by design, only use supported configurations, they don't forge packets. Maybe it would be nice to have a semi-automated way to isolate and describe/name specific conditions found by syzbot via fuzzing and turn those into tests that are then repeated periodically. I'm not sure how that would look like, but I think it's still more maintainable than a pile of C reproducers with forged packets in selftests/net. Eric, Cong, Xin, as you also recently fixed a nice deal of similar cases reported by syzbot, what do you think? Did you ever feel the need to turn a syzbot reproducer into a regression test case? > > through this path currently is net/pmtu.sh, but as configuration of an > > actual UDP-in-GUE tunnel is currently not supported, I would really > > need to forge that specific packet, so that doesn't seem to be a good > > fit. > > > > Won't syzbot add this to some list of reproducers that are checked in > > the future? > > It won't. Also fuzzing is complementary to testing, not a replacement: Indeed, but that doesn't mean we need to limit the potential of fuzzing because "it's not testing". It can be used to check for regressions, too, especially in these cases. > https://twitter.com/dvyukov/status/1074719682962358272 Now, I'm extremely thankful for the work you're doing and especially for finding this subtle condition with syzbot, but this is quite inaccurate. To be exposed to this issue, the user would need to have the fou module loaded (it won't autoload), which is used quite rarely, and, on top of that, have a UDP tunnel configured. It wouldn't have been the kind of "evil packet crashes the internet" scenario you were dreaming of ;) -- Stefano