syzbot


INFO: rcu detected stall in __ia32_compat_sys_sendmmsg

Status: auto-closed as invalid on 2020/07/25 09:03
Subsystems: net
[Documentation on labels]
First crash: 1432d, last: 1432d

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P30381 P9963
	(detected by 0, t=10502 jiffies, g=327549, q=101)
kworker/u4:3    R  running task    25024 30381      2 0x80004000
Workqueue: bat_events batadv_nc_worker
Call Trace:
 context_switch kernel/sched/core.c:3367 [inline]
 __schedule+0x937/0x1ff0 kernel/sched/core.c:4083
 print_usage_bug+0x240/0x240 kernel/locking/lockdep.c:101
 __sched_text_start+0x8/0x8
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3628
 preempt_schedule_irq+0xb0/0x150 kernel/sched/core.c:4341
 retint_kernel+0x1b/0x2b
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:759 [inline]
RIP: 0010:lock_acquire+0x267/0x8f0 kernel/locking/lockdep.c:4937
Code: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 c6 05 00 00 48 83 3d d5 3c 3b 08 00 0f 84 65 04 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 03 44 24 08 48 c7
RSP: 0018:ffffc90016ff7b60 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff1329804 RBX: ffff88808cff8600 RCX: ffffffff81592beb
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: 0000000000000286
RBP: 0000000000000000 R08: 0000000000000001 R09: fffffbfff185cf3d
R10: ffffffff8c2e79e7 R11: fffffbfff185cf3c R12: 0000000000000002
R13: ffffffff899beb00 R14: 0000000000000000 R15: 0000000000000000
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 hlock_class kernel/locking/lockdep.c:179 [inline]
 __lock_acquire+0xcbb/0x4c50 kernel/locking/lockdep.c:4352
 lock_release+0x800/0x800 kernel/locking/lockdep.c:4689
 lock_downgrade+0x840/0x840 kernel/locking/lockdep.c:4579
 lock_downgrade+0x840/0x840 kernel/locking/lockdep.c:4579
 mark_held_locks+0x9f/0xe0 kernel/locking/lockdep.c:3628
 __local_bh_enable_ip+0x159/0x270 kernel/softirq.c:194
 batadv_nc_to_purge_nc_path_coding+0x160/0x160 net/batman-adv/main.h:285
 rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
 rcu_read_lock include/linux/rcupdate.h:601 [inline]
 batadv_nc_process_nc_paths.part.0+0xec/0x3c0 net/batman-adv/network-coding.c:686
 batadv_nc_process_nc_paths.part.0+0xb1/0x3c0 net/batman-adv/network-coding.c:683
 batadv_nc_sniffed_purge+0x360/0x360 net/batman-adv/main.h:285
 batadv_nc_process_nc_paths net/batman-adv/network-coding.c:678 [inline]
 batadv_nc_worker+0x545/0x760 net/batman-adv/network-coding.c:727
 process_one_work+0x965/0x16a0 kernel/workqueue.c:2268
 lock_release+0x800/0x800 kernel/locking/lockdep.c:4689
 pwq_dec_nr_in_flight+0x310/0x310 kernel/workqueue.c:1198
 rwlock_bug.part.0+0x90/0x90 include/linux/sched.h:1329
 worker_thread+0x96/0xe20 kernel/workqueue.c:2414
 process_one_work+0x16a0/0x16a0 kernel/workqueue.c:2273
 kthread+0x388/0x470 kernel/kthread.c:268
 kthread_mod_delayed_work+0x1a0/0x1a0 kernel/kthread.c:1090
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
syz-executor.4  R  running task    24200  9963   7547 0x20024000
Call Trace:
 context_switch kernel/sched/core.c:3367 [inline]
 __schedule+0x937/0x1ff0 kernel/sched/core.c:4083
 __sched_text_start+0x8/0x8
 lock_is_held include/linux/lockdep.h:406 [inline]
 rcu_read_lock_sched_held+0x9c/0xd0 kernel/rcu/update.c:121
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3657 [inline]
 lockdep_hardirqs_on+0x463/0x620 kernel/locking/lockdep.c:3702
 preempt_schedule_irq+0xb0/0x150 kernel/sched/core.c:4341
 retint_kernel+0x1b/0x2b
RIP: 0010:debug_lockdep_rcu_enabled.part.0+0x26/0x50 kernel/rcu/update.c:276
Code: 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 53 65 48 8b 1c 25 00 1f 02 00 48 8d bb c4 08 00 00 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 0f 8b 93 c4 08 00
RSP: 0018:ffffc90006577640 EFLAGS: 00000a07 ORIG_RAX: ffffffffffffff02
RAX: dffffc0000000000 RBX: ffff88804a454500 RCX: 1ffffffff1512faa
RDX: 0000000000000000 RSI: ffffffff8691d791 RDI: ffff88804a454dc4
RBP: ffff88804af1be00 R08: ffff88804a454500 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804af1b900
R13: ffff888055120140 R14: ffff88809de85180 R15: ffffc90006577d48
 ipv4_blackhole_route+0x531/0x7f0 net/ipv4/route.c:2754
 rcu_read_unlock include/linux/rcupdate.h:651 [inline]
 make_blackhole net/xfrm/xfrm_policy.c:3008 [inline]
 xfrm_lookup_route net/xfrm/xfrm_policy.c:3194 [inline]
 xfrm_lookup_route+0x107/0x1e0 net/xfrm/xfrm_policy.c:3185
 ip_route_output_flow+0xa6/0xc0 net/ipv4/route.c:2766
 udp_sendmsg+0x1be6/0x2820 net/ipv4/udp.c:1144
 perf_trace_lock_acquire+0xf5/0x530 include/trace/events/lock.h:13
 ip_reply_glue_bits+0xb0/0xb0 net/ipv4/ip_output.c:1646
 udp_unicast_rcv_skb.isra.0+0x350/0x350 include/linux/ip.h:21
 find_held_lock+0x2d/0x110 kernel/locking/lockdep.c:4458
 aa_label_sk_perm+0x89/0xe0 security/apparmor/net.c:159
 aa_sk_perm+0x319/0xab0 security/apparmor/net.c:175
 compat_rw_copy_check_uvector+0x36b/0x4a0 fs/read_write.c:911
 aa_af_perm+0x260/0x260 security/apparmor/net.c:141
 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:807
 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:807
 inet_send_prepare+0x4d0/0x4d0 include/linux/netdevice.h:722
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x308/0x7e0 net/socket.c:2362
 get_compat_msghdr+0xd1/0x120 net/compat.c:102
 kernel_sendmsg+0x50/0x50 net/socket.c:692
 ___sys_sendmsg+0x10d/0x170 net/socket.c:2418
 lock_is_held include/linux/lockdep.h:406 [inline]
 rcu_read_lock_sched_held+0x9c/0xd0 kernel/rcu/update.c:121
 rcu_read_lock_any_held.part.0+0x50/0x50 arch/x86/include/asm/paravirt.h:754
 trace_hardirqs_off_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:42
 ___sys_sendmsg+0x100/0x170 net/socket.c:2416
 sendmsg_copy_msghdr+0x70/0x70 net/socket.c:2391
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3657 [inline]
 lockdep_hardirqs_on+0x463/0x620 kernel/locking/lockdep.c:3702
 trace_hardirqs_on_thunk+0x1a/0x1c arch/x86/entry/thunk_64.S:41
 set_irq_regs arch/x86/include/asm/irq_regs.h:27 [inline]
 smp_apic_timer_interrupt+0x1b6/0x600 arch/x86/kernel/apic/apic.c:1142
 retint_kernel+0x2b/0x2b
 arch_local_irq_restore arch/x86/include/asm/paravirt.h:759 [inline]
 lock_is_held_type+0x262/0x350 kernel/locking/lockdep.c:4973
 __sys_sendmmsg+0x296/0x480 net/socket.c:2499
 __ia32_sys_sendmsg+0xb0/0xb0 net/socket.c:2456
 _copy_to_user+0x126/0x160 lib/usercopy.c:31
 put_old_timespec32+0x100/0x1f0 kernel/time/time.c:854
 get_old_timespec32+0x1f0/0x1f0 kernel/time/time.c:827
 __do_sys_futex_time32 kernel/futex.c:4057 [inline]
 __se_sys_futex_time32 kernel/futex.c:4031 [inline]
 __ia32_sys_futex_time32+0x320/0x494 kernel/futex.c:4031
 __do_sys_futex_time32 kernel/futex.c:4057 [inline]
 __se_sys_futex_time32 kernel/futex.c:4031 [inline]
 __ia32_sys_futex_time32+0x32a/0x494 kernel/futex.c:4031
 __do_sys_clock_gettime32 kernel/time/posix-timers.c:1176 [inline]
 __se_sys_clock_gettime32 kernel/time/posix-timers.c:1164 [inline]
 __ia32_sys_clock_gettime32+0x165/0x240 kernel/time/posix-timers.c:1164
 __x64_sys_clock_gettime32+0x240/0x240 kernel/time/posix-timers.c:1410
 __compat_sys_sendmmsg net/compat.c:672 [inline]
 __do_compat_sys_sendmmsg net/compat.c:679 [inline]
 __se_compat_sys_sendmmsg net/compat.c:676 [inline]
 __ia32_compat_sys_sendmmsg+0x9b/0x100 net/compat.c:676
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3657 [inline]
 lockdep_hardirqs_on+0x463/0x620 kernel/locking/lockdep.c:3702
 do_syscall_32_irqs_on arch/x86/entry/common.c:337 [inline]
 do_fast_syscall_32+0x270/0xe90 arch/x86/entry/common.c:396
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
rcu: rcu_preempt kthread starved for 10500 jiffies! g327549 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: RCU grace-period kthread stack dump:
rcu_preempt     I28848    10      2 0x80004000
Call Trace:
 context_switch kernel/sched/core.c:3367 [inline]
 __schedule+0x937/0x1ff0 kernel/sched/core.c:4083
 __sched_text_start+0x8/0x8
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]
 _raw_spin_lock_irqsave+0x94/0xbf kernel/locking/spinlock.c:159
 check_preemption_disabled lib/smp_processor_id.c:52 [inline]
 debug_smp_processor_id+0x2f/0x185 lib/smp_processor_id.c:57
 schedule+0xd0/0x2a0 kernel/sched/core.c:4158
 schedule_timeout+0x35c/0x850 kernel/time/timer.c:1898
 usleep_range+0x160/0x160 kernel/time/timer.c:2093
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x62/0xe0 kernel/locking/spinlock.c:191
 __next_timer_interrupt+0x190/0x190 kernel/time/timer.c:1512
 prepare_to_swait_exclusive+0x110/0x110 kernel/sched/swait.c:98
 rcu_gp_fqs_loop kernel/rcu/tree.c:1674 [inline]
 rcu_gp_kthread+0x9bf/0x1960 kernel/rcu/tree.c:1836
 rcu_barrier+0x4b0/0x4b0 arch/x86/include/asm/paravirt.h:764
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
 _raw_spin_unlock_irqrestore+0x62/0xe0 kernel/locking/spinlock.c:191
 __trace_hardirqs_on_caller kernel/locking/lockdep.c:3657 [inline]
 lockdep_hardirqs_on+0x463/0x620 kernel/locking/lockdep.c:3702
 __kthread_parkme+0x13f/0x1e0 kernel/kthread.c:212
 rcu_barrier+0x4b0/0x4b0 arch/x86/include/asm/paravirt.h:764
 kthread+0x388/0x470 kernel/kthread.c:268
 kthread_mod_delayed_work+0x1a0/0x1a0 kernel/kthread.c:1090
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/04/26 09:01 upstream b2768df24ec4 99b258dd .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.