syzbot


INFO: rcu detected stall in corrupted

Status: public: reported C repro on 2019/04/14 00:00
Reported-by: syzbot+8ad7c86527f9055c6f77@syzkaller.appspotmail.com
First crash: 2052d, last: 1702d
Similar bugs (10)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 INFO: rcu detected stall in corrupted origin:upstream C 915 1h05m 458d 0/3 upstream: reported C repro on 2023/03/13 04:03
android-414 INFO: rcu detected stall in corrupted C 3 1817d 1890d 0/1 public: reported C repro on 2019/04/10 16:04
upstream INFO: rcu detected stall in corrupted (3) kernel C done 1 1906d 1902d 0/28 closed as invalid on 2019/03/30 00:13
linux-4.14 INFO: rcu detected stall in corrupted (2) C error 4 1460d 1621d 0/1 upstream: reported C repro on 2020/01/04 08:54
upstream INFO: rcu detected stall in corrupted (4) kernel C done inconclusive 475 3h47m 1377d 0/28 upstream: reported C repro on 2020/09/04 18:49
upstream INFO: rcu detected stall in corrupted net syz 1 2215d 2214d 8/28 fixed on 2018/07/09 18:05
linux-4.14 INFO: rcu detected stall in corrupted C done 3 1735d 1757d 1/1 fixed on 2019/12/05 23:59
linux-4.19 INFO: rcu detected stall in corrupted C error 2 874d 1582d 0/1 upstream: reported C repro on 2020/02/13 05:06
upstream INFO: rcu detected stall in corrupted (2) kernel syz 1 2146d 2146d 0/28 closed as invalid on 2018/07/29 11:55
linux-5.15 INFO: rcu detected stall in corrupted origin:lts-only C error 4 89d 234d 0/3 upstream: reported C repro on 2023/10/23 02:41

Sample crash report:
lowmemorykiller: Killing 'syz-executor126' (6631) (tgid 6631), adj 1000,
   to free 10660kB on behalf of 'syz-executor126' (2100) because
   cache 772kB is below limit 65536kB for oom_score_adj 12
   Free memory is 59440kB above reserved
INFO: rcu_preempt detected stalls on CPUs/tasks:
	Tasks blocked on level-0 rcu_node (CPUs 0-1): P33
	(detected by 1, t=10502 jiffies, g=1012, c=1011, q=132238)
kswapd0         R  running task    28288    33      2 0x80000000
 0000012982a59e80 ffffffff841ca2c0 1ffff1003b083ead 0000000100000005
 0000000041b58ab3 ffffffff82e60a80 ffffffff81d6f5c0 ffffffff81b6e700
 0000000000000020 ffff880100000020 ffff8801d841f628 ffff8801d841f5d0
Call Trace:
==================================================================
BUG: KASAN: stack-out-of-bounds in get_frame_pointer arch/x86/include/asm/stacktrace.h:64 [inline]
BUG: KASAN: stack-out-of-bounds in __unwind_start+0x368/0x3b0 arch/x86/kernel/unwind_frame.c:76
Read of size 8 at addr ffff8801d841f570 by task syz-executor126/10783

CPU: 1 PID: 10783 Comm: syz-executor126 Not tainted 4.9.141+ #1
 ffff8801db707a00 ffffffff81b42e79 ffffea00076107c0 ffff8801d841f570
 0000000000000000 ffff8801d841f570 ffff8801d99217c0 ffff8801db707a38
 ffffffff815009b8 ffff8801d841f570 0000000000000008 0000000000000000
Call Trace:
 <IRQ> 
 [<ffffffff81b42e79>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b42e79>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff815009b8>] print_address_description+0x6c/0x234 mm/kasan/report.c:256
 [<ffffffff81500dc2>] kasan_report_error mm/kasan/report.c:355 [inline]
 [<ffffffff81500dc2>] kasan_report.cold.6+0x242/0x2fe mm/kasan/report.c:412
 [<ffffffff814f3074>] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
 [<ffffffff810acd08>] get_frame_pointer arch/x86/include/asm/stacktrace.h:64 [inline]
 [<ffffffff810acd08>] __unwind_start+0x368/0x3b0 arch/x86/kernel/unwind_frame.c:76
 [<ffffffff810cab91>] unwind_start arch/x86/include/asm/unwind.h:39 [inline]
 [<ffffffff810cab91>] show_trace_log_lvl+0x92/0x1c8 arch/x86/kernel/dumpstack.c:70
 [<ffffffff810ca923>] show_stack_log_lvl.cold.1+0x22/0xbe arch/x86/kernel/dumpstack_64.c:188
 [<ffffffff8105a72d>] show_stack+0x4d/0x50 arch/x86/kernel/dumpstack.c:168
 [<ffffffff813fa6fd>] sched_show_task.cold.35+0x279/0x31f kernel/sched/core.c:5317
 [<ffffffff81404e39>] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530
 [<ffffffff81405f5f>] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:543 [inline]
 [<ffffffff81405f5f>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
 [<ffffffff81405f5f>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
 [<ffffffff81405f5f>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
 [<ffffffff81405f5f>] rcu_pending kernel/rcu/tree.c:3551 [inline]
 [<ffffffff81405f5f>] rcu_check_callbacks.cold.69+0x757/0xd27 kernel/rcu/tree.c:2880
 [<ffffffff81267470>] update_process_times+0x30/0x70 kernel/time/timer.c:1629
 [<ffffffff8129641a>] tick_sched_handle.isra.5+0x4a/0xf0 kernel/time/tick-sched.c:151
 [<ffffffff81296536>] tick_sched_timer+0x76/0x130 kernel/time/tick-sched.c:1190
 [<ffffffff8126a197>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
 [<ffffffff8126a197>] __hrtimer_run_queues+0x357/0xe30 kernel/time/hrtimer.c:1319
 [<ffffffff8126c681>] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1353
 [<ffffffff810912d4>] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:937
 [<ffffffff8281b76c>] smp_apic_timer_interrupt+0x7c/0xb0 arch/x86/kernel/apic/apic.c:961
 [<ffffffff8281902d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648
 <EOI> 
 [<ffffffff81ba94f5>] __debug_object_init+0x485/0x970 lib/debugobjects.c:353
 [<ffffffff81baa63a>] debug_object_init lib/debugobjects.c:366 [inline]
 [<ffffffff81baa63a>] debug_object_activate+0x25a/0x4e0 lib/debugobjects.c:447
 [<ffffffff8124e135>] debug_rcu_head_queue kernel/rcu/rcu.h:75 [inline]
 [<ffffffff8124e135>] __call_rcu.constprop.61+0x35/0x910 kernel/rcu/tree.c:3138
 [<ffffffff8124ea22>] call_rcu+0x12/0x20 kernel/rcu/tree_plugin.h:655
 [<ffffffff81a06ff6>] inode_free_security security/selinux/hooks.c:357 [inline]
 [<ffffffff81a06ff6>] selinux_inode_free_security+0x1c6/0x2b0 security/selinux/hooks.c:2830
 [<ffffffff819e3c96>] security_inode_free+0x56/0x90 security/security.c:356
 [<ffffffff8155ff6e>] __destroy_inode+0x2e/0x220 fs/inode.c:235
 [<ffffffff8156236e>] destroy_inode+0x4e/0x120 fs/inode.c:262
 [<ffffffff81562816>] evict+0x3d6/0x620 fs/inode.c:570
 [<ffffffff81563a01>] iput_final fs/inode.c:1516 [inline]
 [<ffffffff81563a01>] iput+0x371/0x900 fs/inode.c:1543
 [<ffffffff8154feb5>] dentry_unlink_inode+0x265/0x320 fs/dcache.c:368
 [<ffffffff81553e22>] __dentry_kill+0x322/0x5b0 fs/dcache.c:570
 [<ffffffff815552a6>] dentry_kill fs/dcache.c:611 [inline]
 [<ffffffff815552a6>] dput.part.9+0x5c6/0x7a0 fs/dcache.c:828
 [<ffffffff8155549f>] dput+0x1f/0x30 fs/dcache.c:790
 [<ffffffff8151045f>] __fput+0x42f/0x700 fs/file_table.c:226
 [<ffffffff815107b5>] ____fput+0x15/0x20 fs/file_table.c:244
 [<ffffffff8113dc4c>] task_work_run+0x10c/0x180 kernel/task_work.c:116
 [<ffffffff810e6c4d>] exit_task_work include/linux/task_work.h:21 [inline]
 [<ffffffff810e6c4d>] do_exit+0x78d/0x2a50 kernel/exit.c:833
 [<ffffffff810ed3a1>] do_group_exit+0x111/0x300 kernel/exit.c:937
 [<ffffffff8110eb61>] get_signal+0x4e1/0x1460 kernel/signal.c:2321
 [<ffffffff81052aa5>] do_signal+0x95/0x1b00 arch/x86/kernel/signal.c:807
 [<ffffffff81003e2e>] exit_to_usermode_loop+0x10e/0x150 arch/x86/entry/common.c:158
 [<ffffffff81005932>] prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 [<ffffffff81005932>] syscall_return_slowpath arch/x86/entry/common.c:263 [inline]
 [<ffffffff81005932>] do_syscall_64+0x3e2/0x550 arch/x86/entry/common.c:290
 [<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

The buggy address belongs to the page:
page:ffffea00076107c0 count:0 mapcount:0 mapping:          (null) index:0x0
flags: 0x4000000000000000()
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801d841f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801d841f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801d841f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
                                                             ^
 ffff8801d841f580: f1 04 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 f2
 ffff8801d841f600: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================

Crashes (27):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/15 17:18 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 b5268b89 .config console log report syz C ci-android-49-kasan-gce
2019/09/27 23:15 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d8074e0b .config console log report syz C ci-android-49-kasan-gce
2019/09/26 08:28 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 24d405a3 .config console log report syz C ci-android-49-kasan-gce
2019/09/20 13:35 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 d96e88f3 .config console log report syz C ci-android-49-kasan-gce
2019/08/23 07:25 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 ca6f3cfa .config console log report syz C ci-android-49-kasan-gce
2019/08/22 07:24 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 984250d5 .config console log report syz C ci-android-49-kasan-gce
2019/07/14 09:20 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 e6fb0f13 .config console log report syz C ci-android-49-kasan-gce
2019/07/02 07:29 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 cccc4302 .config console log report syz C ci-android-49-kasan-gce
2019/07/01 00:08 https://android.googlesource.com/kernel/common android-4.9 ab758e1039d6 699d6448 .config console log report syz C ci-android-49-kasan-gce-root
2019/06/15 03:16 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 442206d7 .config console log report syz C ci-android-49-kasan-gce
2019/06/06 20:50 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 698773cb .config console log report syz C ci-android-49-kasan-gce
2019/06/06 10:12 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a547defc .config console log report syz C ci-android-49-kasan-gce
2018/12/12 07:48 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 7795ae03 .config console log report syz C ci-android-49-kasan-gce
2018/11/18 12:40 https://android.googlesource.com/kernel/common android-4.9 109a48ed2f69 adf636a8 .config console log report syz C ci-android-49-kasan-gce-root
2019/09/26 08:16 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 24d405a3 .config console log report syz C ci-android-49-kasan-gce-386
2019/09/25 11:19 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 e38a6630 .config console log report syz C ci-android-49-kasan-gce-386
2019/09/25 09:24 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 e38a6630 .config console log report syz C ci-android-49-kasan-gce-386
2019/08/22 06:03 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 984250d5 .config console log report syz C ci-android-49-kasan-gce-386
2019/07/02 07:47 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 cccc4302 .config console log report syz C ci-android-49-kasan-gce-386
2019/06/01 14:19 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 53c81ea5 .config console log report syz C ci-android-49-kasan-gce-386
2019/05/10 09:56 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 018207ef .config console log report syz C ci-android-49-kasan-gce-386
2019/01/04 05:15 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 7da23925 .config console log report syz C ci-android-49-kasan-gce-386
2019/05/01 11:20 https://android.googlesource.com/kernel/common android-4.9 3383326b935d 618456b4 .config console log report syz ci-android-49-kasan-gce-root
2018/12/01 01:18 https://android.googlesource.com/kernel/common android-4.9 4dcb0afde6f4 ade12e91 .config console log report syz ci-android-49-kasan-gce-root
2018/10/30 22:21 https://android.googlesource.com/kernel/common android-4.9 4ba3f69128be 8dbb755a .config console log report syz ci-android-49-kasan-gce-root
2019/09/09 19:18 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 a60cb4cd .config console log report syz ci-android-49-kasan-gce-386
2019/07/26 18:11 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 3e5d1beb .config console log report syz ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.