Re: WARN_ON_ONCE

From: Dmitry Vyukov
Date: Thu Dec 03 2020 - 04:21:41 EST

Next message: Rui Salvaterra: "[BUG] intel_idle: build failure on Linux 5.10-rc6"
Previous message: Johan Hovold: "Re: [PATCH v2 0/7] tty: add flag to suppress ready signalling on open"
Next in thread: Michael Ellerman: "Re: WARN_ON_ONCE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 3, 2020 at 10:19 AM Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
>
> On Thu, Dec 3, 2020 at 10:10 AM Alexey Kardashevskiy <aik@xxxxxxxxx> wrote:
> >
> > Hi!
> >
> > Syzkaller triggered WARN_ON_ONCE at
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/tracepoint.c?h=v5.10-rc6#n266
> >
> >
> > ===
> > static int tracepoint_add_func(struct tracepoint *tp,
> > struct tracepoint_func *func, int prio)
> > {
> > struct tracepoint_func *old, *tp_funcs;
> > int ret;
> >
> > if (tp->regfunc && !static_key_enabled(&tp->key)) {
> > ret = tp->regfunc();
> > if (ret < 0)
> > return ret;
> > }
> >
> > tp_funcs = rcu_dereference_protected(tp->funcs,
> > lockdep_is_held(&tracepoints_mutex));
> > old = func_add(&tp_funcs, func, prio);
> > if (IS_ERR(old)) {
> > WARN_ON_ONCE(PTR_ERR(old) != -ENOMEM);
> > return PTR_ERR(old);
> > }
> >
> > ===
> >
> > What is the common approach here? Syzkaller reacts on this as if it was
> > a bug but WARN_ON_ONCE here seems intentional. Do we still push for
> > removing such warnings?
>
> +LKML

+LKML for real

> Hi Alexey,
>
> Yes, see the guidelines here:
> https://elixir.bootlin.com/linux/v5.10-rc6/source/include/asm-generic/bug.h#L67
>
> Without a criteria for kernel but/not a kernel bug no kernel testing
> is possible.
>
> But this may be a real bug as well. The code seems to assume that
> ENOMEM is the only possible error here, which is not the case in
> reality.
>
>
> > Another example is:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/tracepoint.h?h=v5.10-rc6#n313
> >
> > My VMs crash on dereferencing it_func_ptr which is easily fixable by:
> >
> > @@ -307,9 +307,11 @@ static inline struct tracepoint
> > *tracepoint_ptr_deref(tracepoint_ptr_t *p)
> > \
> > it_func_ptr = \
> >
> > rcu_dereference_raw((&__tracepoint_##_name)->funcs); \
> > + if (it_func_ptr) \
> > do { \
> > it_func = (it_func_ptr)->func; \
> > __data = (it_func_ptr)->data; \
> >
> >
> > But - this only happens when OOM killer starts killing syzkaller
> > processes (I do not give it much memory so it is quite artificial
> > environment). Do we push these?
> >
> > Are there guidelines of some sort? Thanks,
> >
> >
> > --
> > Alexey
> >
> > --
> > You received this message because you are subscribed to the Google Groups "syzkaller" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@xxxxxxxxxxxxxxxx.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/87f443cf-26c0-6302-edee-556045bca18a%40ozlabs.ru.

Next message: Rui Salvaterra: "[BUG] intel_idle: build failure on Linux 5.10-rc6"
Previous message: Johan Hovold: "Re: [PATCH v2 0/7] tty: add flag to suppress ready signalling on open"
Next in thread: Michael Ellerman: "Re: WARN_ON_ONCE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]