WARNING in rcu_check_gp_start

WARNING in rcu_check_gp_start_stall
Status: upstream: reported C repro on 2019/02/22 17:10
Reported-by: syzbot+111bc509cd9740d7e4aa@syzkaller.appspotmail.com
First crash: 364d, last: 4d23h

Cause bisection: introduced by (bisect log):

commit f1e3e92135202ff3d95195393ee62808c109208c
Author: Malcolm Priestley <tvboxspy@gmail.com>
Date: Wed Jul 22 18:16:42 2015 +0000

staging: vt6655: fix tagSRxDesc -> next_desc type

Crash: INFO: rcu detected stall in corrupted (log)
Repro: C syz .config

Sample crash report:

audit: type=1800 audit(1550851713.693:30): pid=7551 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
hrtimer: interrupt took 43746 ns
rcu: rcu_check_gp_start_stall: g5060->5064 gar:13284 ga:13298 f0x1 gs:1 rcu_preempt->state:0x0
WARNING: CPU: 0 PID: 7725 at kernel/rcu/tree.c:2666 rcu_check_gp_start_stall kernel/rcu/tree.c:2660 [inline]
WARNING: CPU: 0 PID: 7725 at kernel/rcu/tree.c:2666 rcu_check_gp_start_stall.cold+0x7f/0xb1 kernel/rcu/tree.c:2619
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 7725 Comm: syz-executor653 Not tainted 5.0.0-rc7+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 panic+0x2cb/0x65c kernel/panic.c:214
 __warn.cold+0x20/0x45 kernel/panic.c:571
 report_bug+0x263/0x2b0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 fixup_bug arch/x86/kernel/traps.c:173 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:290
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
RIP: 0010:rcu_check_gp_start_stall kernel/rcu/tree.c:2666 [inline]
RIP: 0010:rcu_check_gp_start_stall.cold+0x7f/0xb1 kernel/rcu/tree.c:2619
Code: 48 8b 0d 93 ae 3b 07 4c 2b 0d 1c c4 3b 07 50 0f bf 05 a4 c1 3b 07 48 8b 15 45 c1 3b 07 4c 2b 05 0e c4 3b 07 50 e8 a4 c5 fb ff <0f> 0b 48 83 c4 20 49 81 fc 00 69 9a 88 74 0c 48 c7 c7 00 69 9a 88
RSP: 0018:ffff8880ae807dc0 EFLAGS: 00010086
RAX: 000000000000005e RBX: ffff8880aa254280 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff815a92c6 RDI: ffffed1015d00faa
RBP: ffff8880ae807e00 R08: 000000000000005e R09: ffffed1015d05021
R10: ffffed1015d05020 R11: ffff8880ae828107 R12: ffffffff889a6900
R13: 0000000100017001 R14: 0000000000000286 R15: dffffc0000000000
 rcu_process_callbacks+0x3ba/0x1390 kernel/rcu/tree.c:2750
 __do_softirq+0x266/0x95a kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x180/0x1d0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:766 [inline]
RIP: 0010:seqcount_lockdep_reader_access include/linux/seqlock.h:83 [inline]
RIP: 0010:read_seqcount_begin include/linux/seqlock.h:164 [inline]
RIP: 0010:ktime_get_coarse_real_ts64+0x11e/0x2b0 kernel/time/timekeeping.c:2156
Code: 82 92 88 48 c1 e8 03 42 80 3c 30 00 0f 85 7a 01 00 00 48 83 3d d2 26 31 07 00 0f 84 0d 01 00 00 e8 57 85 0e 00 4c 89 ef 57 9d <0f> 1f 44 00 00 e8 48 85 0e 00 44 8b 2d 81 cb 39 07 31 ff 44 89 ee
RSP: 0018:ffff88808cec7448 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff8880873c2480 RBX: ffff88808cec74b0 RCX: 1ffff11010e785a9
RDX: 0000000000000000 RSI: ffffffff81615c29 RDI: 0000000000000293
RBP: ffff88808cec7480 R08: ffff8880873c2480 R09: ffff8880873c2d48
R10: 0000000000000000 R11: 0000000000000000 R12: fffffbfff112505d
R13: 0000000000000293 R14: dffffc0000000000 R15: 1ffffffff112505f
 current_time+0x6b/0x140 fs/inode.c:2151
 file_update_time+0x119/0x4f0 fs/inode.c:1860
 __generic_file_write_iter+0x1cf/0x630 mm/filemap.c:3283
 ext4_file_write_iter+0x33f/0x1160 fs/ext4/file.c:266
 call_write_iter include/linux/fs.h:1863 [inline]
 do_iter_readv_writev+0x5e0/0x8e0 fs/read_write.c:680
 do_iter_write fs/read_write.c:956 [inline]
 do_iter_write+0x184/0x610 fs/read_write.c:937
 vfs_iter_write+0x77/0xb0 fs/read_write.c:969
 iter_file_splice_write+0x667/0xbe0 fs/splice.c:749
 do_splice_from fs/splice.c:851 [inline]
 direct_splice_actor+0x126/0x1a0 fs/splice.c:1023
 splice_direct_to_actor+0x369/0x970 fs/splice.c:978
 do_splice_direct+0x1da/0x2a0 fs/splice.c:1066
 do_sendfile+0x597/0xd00 fs/read_write.c:1436
 __do_sys_sendfile64 fs/read_write.c:1491 [inline]
 __se_sys_sendfile64 fs/read_write.c:1483 [inline]
 __x64_sys_sendfile64+0x15a/0x220 fs/read_write.c:1483
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446a59
Code: e8 dc e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 4b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f44528abdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000446a59
RDX: 0000000020000000 RSI: 0000000000000003 RDI: 0000000000000003
RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000
R10: 00008080fffffffe R11: 0000000000000246 R12: 00000000006dcc2c
R13: 00007ffc5728919f R14: 00007f44528ac9c0 R15: 20c49ba5e353f7cf
Kernel Offset: disabled
Rebooting in 86400 seconds..

Fix bisection attempts:
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-smack-root	2020/02/16 09:23	upstream	db70e26e	6a5fcca4	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2019/12/16 21:26	upstream	6afa8731	7ff74a98	.config	log	report	syz	C

Crashes (8):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Maintainers
ci-upstream-kasan-gce-smack-root	2019/02/22 16:31	upstream	8a61716f	6a5fcca4	.config	log	report	syz	C	bp@alien8.de, douly.fnst@cn.fujitsu.com, hpa@zytor.com, konrad.wilk@oracle.com, linux-kernel@vger.kernel.org, mingo@redhat.com, nstange@suse.de, puwen@hygon.cn, rppt@linux.vnet.ibm.com, tglx@linutronix.de, vbabka@suse.cz, x86@kernel.org
ci-upstream-kasan-gce-root	2019/02/22 08:04	upstream	8a61716f	7ff74a98	.config	log	report	syz	C	bp@alien8.de, douly.fnst@cn.fujitsu.com, hpa@zytor.com, konrad.wilk@oracle.com, len.brown@intel.com, linux-kernel@vger.kernel.org, mingo@redhat.com, puwen@hygon.cn, tglx@linutronix.de, wang.yi59@zte.com.cn, x86@kernel.org
ci-upstream-kasan-gce-root	2020/01/17 08:59	upstream	f4353c3e	3de7aabb	.config	log	report			bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, mingo@redhat.com, peterz@infradead.org, tglx@linutronix.de, tony.luck@intel.com, x86@kernel.org
ci-upstream-kasan-gce	2019/09/11 21:08	upstream	3120b9a6	f4e53c10	.config	log	report			bp@alien8.de, bsd@redhat.com, colin.king@canonical.com, drake@endlessm.com, hpa@zytor.com, jacob.jun.pan@linux.intel.com, linux-kernel@vger.kernel.org, mingo@redhat.com, rafael.j.wysocki@intel.com, rppt@linux.vnet.ibm.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-linux-next-kasan-gce-root	2019/11/16 04:24	linux-next	5a6fcbea	cdac920b	.config	log	report			bp@alien8.de, hpa@zytor.com, jacob.jun.pan@linux.intel.com, jbeulich@suse.com, linux-kernel@vger.kernel.org, mingo@redhat.com, peterz@infradead.org, sean.j.christopherson@intel.com, tglx@linutronix.de, tony.luck@intel.com, wangkefeng.wang@huawei.com, x86@kernel.org
ci-upstream-linux-next-kasan-gce-root	2019/08/03 14:20	linux-next	7b4980e0	6affd8e8	.config	log	report			bp@alien8.de, cai@lca.pw, colin.king@canonical.com, drake@endlessm.com, hpa@zytor.com, jacob.jun.pan@linux.intel.com, linux-kernel@vger.kernel.org, luto@kernel.org, mhocko@suse.com, mingo@redhat.com, peterz@infradead.org, tglx@linutronix.de, x86@kernel.org
ci-upstream-linux-next-kasan-gce-root	2019/07/31 17:48	linux-next	ce96e791	c692b5bd	.config	log	report			bp@alien8.de, drake@endlessm.com, hpa@zytor.com, jacob.jun.pan@linux.intel.com, linux-kernel@vger.kernel.org, luto@kernel.org, mingo@redhat.com, peterz@infradead.org, puwen@hygon.cn, rafael.j.wysocki@intel.com, tglx@linutronix.de, x86@kernel.org
ci-upstream-linux-next-kasan-gce-root	2019/07/30 00:31	linux-next	0d8b3265	f67095ee	.config	log	report			bp@alien8.de, drake@endlessm.com, hpa@zytor.com, jacob.jun.pan@linux.intel.com, linux-kernel@vger.kernel.org, luto@kernel.org, mingo@redhat.com, nstange@suse.de, peterz@infradead.org, puwen@hygon.cn, rppt@linux.vnet.ibm.com, tglx@linutronix.de, x86@kernel.org