Re: [RFC PATCH net-next] netpoll: hold RCU while walking napi_list
From: Runyu Xiao
Date: Sun Jun 28 2026 - 06:47:26 EST
Hi,
On Sat, 27 Jun 2026 14:21:05 -0700 Jakub Kicinski wrote:
> Please provide the stack trace from the report, rather than just saying
> that you can trigger it.
Sure, sorry for not including it in the RFC. The warning was from the
reviewed reproducer used for the CONFIG_PROVE_RCU_LIST triage, not from
a production crash. The relevant part of the dmesg is:
WARNING: suspicious RCU usage
6.1.66 #3 Tainted: G O
-----------------------------
/home/ubuntu22/msv_workspace/shared/vuln_msv.c:45 RCU-list traversed in non-reader section!!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
no locks held by insmod/190.
stack backtrace:
CPU: 1 PID: 190 Comm: insmod Tainted: G O 6.1.66 #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
<task>
dump_stack_lvl+0x45/0x5d
lockdep_rcu_suspicious.cold+0x2d/0x64
poll_napi.constprop.0+0x43/0x71 [vuln_msv]
netpoll_poll_dev.constprop.0+0x27/0x36 [vuln_msv]
? 0xffffffffc0005000
rcu_list_msv_init+0xe2/0x1000 [vuln_msv]
do_one_initcall+0x56/0x250
do_init_module+0x47/0x1c0
__do_sys_finit_module+0xa6/0x100
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x64/0xce
</task>
The reproducer keeps the shape intentionally small: netpoll_poll_dev()
is exercised directly and calls poll_napi(), which walks dev->napi_list
with list_for_each_entry_rcu() outside an explicit RCU read-side section.
It does not model a concurrent NAPI free.
Thanks.