Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3898001imu; Tue, 18 Dec 2018 06:05:26 -0800 (PST) X-Google-Smtp-Source: AFSGD/VrKp8cCTsy703QNwDdzK5RHlwUvm8gsqtiabPfWiRwe0GWv7eLKq+B7L14LbP6qUhxWweV X-Received: by 2002:a65:4049:: with SMTP id h9mr15624967pgp.304.1545141925879; Tue, 18 Dec 2018 06:05:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545141925; cv=none; d=google.com; s=arc-20160816; b=a7csW0x1OEyMRYdcgBRnBkb/QAVBHRbSjyDS7Y2sutgUhniRZGLpPhBhuaI57V+kPC FDbFa5mNk8xg8pqOuzUmsKaDJ6bKUSKhqTV14a3dUHNNGJSRP1EnCP3MgpM0c9TLlMVc CZbQTnSA0U0hRy1IeIJGbsaX7wH6oJq38nwe7lZwEas3hAEr9yZWicE+PUP45UAMvY/8 nTaTCdBOaD+AZFyijK4PwHzzZn/I92raYrl5do4+vKRb/ani7zTSEhHVUyDKZsttOLs4 Vs8MsXP8SCW/OaoWjRv6pX6EE8HRIdu54US1MvYe2r2yMoiNgLwx58s7E46oNwHFHHEy dtMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:user-agent:in-reply-to :content-disposition:mime-version:references:reply-to:subject:cc:to :from:date; bh=UnJ4l4n/FD86G7b/H1fAiQ9GwYfm81A62i/BBb5NUZY=; b=LcM1Pk8xsR4x9SPvErcYaQQQU9UmT+u5sst8EZrHH5yge7nAPIItUeYwFRuuQeLmW3 i7jg91vzLiu+CVtaCO1ryzQMxiITfhaRjzSg6xEJbLmJWEBwZdO4qh3/yZaW0GwjaqLP g7GLcrR4quDgy+YsPy7TUfZje7tsFA8psjFg7uHuObX927pgJapFZ6uXOcXV2ySDhBTv ixTMewZthCz8laLJEVsDBuxPov6ZdQuYv94TepOirJRqGC+o89EN2yFEm3xOmIil5+ol SKXhWPH8K9DZ+oiT0Hr72T763PfyRwJ2qaP4BZYiygFIRNFZcqrWzuXslzymZyAd/wfW QmvQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n8si12542775plk.9.2018.12.18.06.05.08; Tue, 18 Dec 2018 06:05:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726939AbeLRODG (ORCPT + 99 others); Tue, 18 Dec 2018 09:03:06 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:58340 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726574AbeLRODF (ORCPT ); Tue, 18 Dec 2018 09:03:05 -0500 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wBIDs2u1138990 for ; Tue, 18 Dec 2018 09:03:03 -0500 Received: from e11.ny.us.ibm.com (e11.ny.us.ibm.com [129.33.205.201]) by mx0b-001b2d01.pphosted.com with ESMTP id 2pf1snsqe7-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 18 Dec 2018 09:03:02 -0500 Received: from localhost by e11.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 18 Dec 2018 14:03:01 -0000 Received: from b01cxnp22034.gho.pok.ibm.com (9.57.198.24) by e11.ny.us.ibm.com (146.89.104.198) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Tue, 18 Dec 2018 14:02:55 -0000 Received: from b01ledav003.gho.pok.ibm.com (b01ledav003.gho.pok.ibm.com [9.57.199.108]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wBIE2sNt8912932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 18 Dec 2018 14:02:54 GMT Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 87F20B206A; Tue, 18 Dec 2018 14:02:54 +0000 (GMT) Received: from b01ledav003.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5C6DCB2064; Tue, 18 Dec 2018 14:02:54 +0000 (GMT) Received: from paulmck-ThinkPad-W541 (unknown [9.85.153.1]) by b01ledav003.gho.pok.ibm.com (Postfix) with ESMTP; Tue, 18 Dec 2018 14:02:54 +0000 (GMT) Received: by paulmck-ThinkPad-W541 (Postfix, from userid 1000) id 2EDCC16C3438; Tue, 18 Dec 2018 06:02:58 -0800 (PST) Date: Tue, 18 Dec 2018 06:02:58 -0800 From: "Paul E. McKenney" To: Dmitry Vyukov Cc: Stefano Brivio , Eric Dumazet , Arjan van de Ven , syzbot , Andrew Morton , Josh Triplett , LKML , Ingo Molnar , syzkaller-bugs , netdev , Cong Wang , Xin Long Subject: Re: WARNING in __rcu_read_unlock Reply-To: paulmck@linux.ibm.com References: <20181217112916.GG4170@linux.ibm.com> <1583d5fc-34bf-3a81-363d-01a1085a7363@linux.intel.com> <20641819-e4fb-f3bd-34c8-c68106cccd0e@gmail.com> <20181217162421.6d636ee5@redhat.com> <20181218001828.49cea463@redhat.com> <20181218134024.45d2d5e3@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-TM-AS-GCONF: 00 x-cbid: 18121814-2213-0000-0000-0000032D246B X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00010243; HX=3.00000242; KW=3.00000007; PH=3.00000004; SC=3.00000271; SDB=6.01133530; UDB=6.00589285; IPR=6.00913705; MB=3.00024736; MTD=3.00000008; XFM=3.00000015; UTC=2018-12-18 14:02:59 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18121814-2214-0000-0000-00005CA6C6F8 Message-Id: <20181218140258.GQ4170@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-18_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812180119 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 18, 2018 at 02:26:00PM +0100, Dmitry Vyukov wrote: > On Tue, Dec 18, 2018 at 1:40 PM Stefano Brivio wrote: > > > > On Tue, 18 Dec 2018 09:49:17 +0100 > > Dmitry Vyukov wrote: > > > > > On Tue, Dec 18, 2018 at 12:18 AM Stefano Brivio wrote: > > > > > > > > On Mon, 17 Dec 2018 16:53:36 +0100 > > > > Dmitry Vyukov wrote: > > > > > > > > > On Mon, Dec 17, 2018 at 4:24 PM Stefano Brivio wrote: > > > > > > > > > > > > On Mon, 17 Dec 2018 06:57:35 -0800 > > > > > > Eric Dumazet wrote: > > > > > > > > > > > > > Might be cause by commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e > > > > > > > fou, fou6: ICMP error handlers for FoU and GUE > > > > > > > > > > > > This: > > > > > > > > > > > > diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c > > > > > > index 0d0ad19ecb87..20a6de26d146 100644 > > > > > > --- a/net/ipv4/fou.c > > > > > > +++ b/net/ipv4/fou.c > > > > > > @@ -1008,6 +1008,9 @@ static int gue_err_proto_handler(int proto, struct sk_buff *skb, u32 info) > > > > > > { > > > > > > const struct net_protocol *ipprot = rcu_dereference(inet_protos[proto]); > > > > > > > > > > > > + if (ipprot == IPPROTO_UDP) > > > > > > + return -EINVAL; > > > > > > + > > > > > > if (ipprot && ipprot->err_handler) { > > > > > > if (!ipprot->err_handler(skb, info)) > > > > > > return 0; > > > > > > > > > > > > should fix the issue, but I still have to run tests and make sure we > > > > > > don't hit similar cases. > > > > > > > > > > Please don't forget to add a regression test for it too ;) > > > > > > > > Where would you suggest to add this? The only selftest that goes > > > > > > I dunno. But there must be some place for such tests, right? > > > > Not as far as I know. The selftests checking this path, by design, only > > use supported configurations, they don't forge packets. > > > > Maybe it would be nice to have a semi-automated way to isolate and > > describe/name specific conditions found by syzbot via fuzzing and turn > > those into tests that are then repeated periodically. I'm not sure how > > that would look like, but I think it's still more maintainable than a > > pile of C reproducers with forged packets in selftests/net. > > It would be nice to do something like this. Filed > https://github.com/google/syzkaller/issues/884 > However, there are few open questions that I am not sure how to resolve yet... > > > > Eric, Cong, Xin, as you also recently fixed a nice deal of similar cases > > reported by syzbot, what do you think? Did you ever feel the need to > > turn a syzbot reproducer into a regression test case? > > > > > > through this path currently is net/pmtu.sh, but as configuration of an > > > > actual UDP-in-GUE tunnel is currently not supported, I would really > > > > need to forge that specific packet, so that doesn't seem to be a good > > > > fit. > > > > > > > > Won't syzbot add this to some list of reproducers that are checked in > > > > the future? > > > > > > It won't. Also fuzzing is complementary to testing, not a replacement: > > > > Indeed, but that doesn't mean we need to limit the potential of fuzzing > > because "it's not testing". It can be used to check for regressions, > > too, especially in these cases. > > > > > https://twitter.com/dvyukov/status/1074719682962358272 > > > > Now, I'm extremely thankful for the work you're doing and especially > > for finding this subtle condition with syzbot, but this is quite > > inaccurate. To be exposed to this issue, the user would need to > > have the fou module loaded (it won't autoload), which is used quite > > rarely, and, on top of that, have a UDP tunnel configured. It wouldn't > > have been the kind of "evil packet crashes the internet" scenario you > > were dreaming of ;) > > Okay, I see. Full bug assessment is hard. I mess it both ways for > different bugs. > But I did not claim that it does not require some setup :) > And maybe there is somebody important on the internet that uses such > setup. Who knows. Black hats, if no one else. ;-) Thanx, Paul