INFO: task can't die in irqentry

INFO: task can't die in irqentry_exit
Status: upstream: reported on 2020/09/01 17:59
Reported-by: syzbot+c4af95386364bc59b13e@syzkaller.appspotmail.com
First crash: 56d, last: 8d14h

Sample crash report:

INFO: task syz-executor.2:8759 can't die for more than 143 seconds.
task:syz-executor.2  state:R  running task     stack:24072 pid: 8759 ppid:  6906 flags:0x00004006
Call Trace:
 context_switch kernel/sched/core.c:3777 [inline]
 __schedule+0xec5/0x2200 kernel/sched/core.c:4526
 preempt_schedule_irq+0xbf/0x1b0 kernel/sched/core.c:4787
 irqentry_exit_cond_resched kernel/entry/common.c:356 [inline]
 irqentry_exit_cond_resched kernel/entry/common.c:348 [inline]
 irqentry_exit+0x65/0x90 kernel/entry/common.c:386
 asm_sysvec_reschedule_ipi+0x12/0x20 arch/x86/include/asm/idtentry.h:636
RIP: 0010:xfrm_state_find+0x311/0x4d50 net/xfrm/xfrm_state.c:1061
Code: 0f 1f 44 00 00 8b 05 25 d6 91 04 31 ff 89 c3 89 85 ac fe ff ff 83 e3 01 89 de e8 41 c9 75 fa 85 db 74 28 e8 d8 cc 75 fa f3 90 <44> 8b 35 ff d5 91 04 31 ff 44 89 f3 83 e3 01 89 de e8 20 c9 75 fa
RSP: 0018:ffffc900056d7008 EFLAGS: 00000246
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc9000d175000
RDX: 0000000000040000 RSI: ffffffff86ff4bd8 RDI: 0000000000000005
RBP: ffffc900056d71d8 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000017 R15: 0000000000000002
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2384 [inline]
 xfrm_tmpl_resolve+0x2f3/0xd40 net/xfrm/xfrm_policy.c:2429
 xfrm_resolve_and_create_bundle+0x123/0x2590 net/xfrm/xfrm_policy.c:2719
 xfrm_lookup_with_ifid+0x235/0x2130 net/xfrm/xfrm_policy.c:3053
 xfrm_lookup net/xfrm/xfrm_policy.c:3177 [inline]
 xfrm_lookup_route+0x36/0x1e0 net/xfrm/xfrm_policy.c:3188
 ip_route_output_flow+0xa6/0xc0 net/ipv4/route.c:2774
 udp_sendmsg+0x1a21/0x26d0 net/ipv4/udp.c:1201
 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:817
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:671
 ____sys_sendmsg+0x331/0x810 net/socket.c:2362
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416
 __sys_sendmmsg+0x196/0x4b0 net/socket.c:2506
 __do_sys_sendmmsg net/socket.c:2535 [inline]
 __se_sys_sendmmsg net/socket.c:2532 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2532
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5f9
Code: Bad RIP value.
RSP: 002b:00007f299177dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045d5f9
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000118d028 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007ffc43b379df R14: 00007f299177e9c0 R15: 000000000118cfec
INFO: task syz-executor.3:8787 can't die for more than 145 seconds.
task:syz-executor.3  state:R  running task     stack:24432 pid: 8787 ppid:  6908 flags:0x00004006
Call Trace:
 context_switch kernel/sched/core.c:3777 [inline]
 __schedule+0xec5/0x2200 kernel/sched/core.c:4526
 preempt_schedule_irq+0xbf/0x1b0 kernel/sched/core.c:4787
 irqentry_exit_cond_resched kernel/entry/common.c:356 [inline]
 irqentry_exit_cond_resched kernel/entry/common.c:348 [inline]
 irqentry_exit+0x65/0x90 kernel/entry/common.c:386
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:631
RIP: 0010:__seqprop_sequence include/linux/seqlock.h:261 [inline]
RIP: 0010:xfrm_state_find+0x30a/0x4d50 net/xfrm/xfrm_state.c:1061
Code: f6 c4 01 74 35 8b 82 54 14 00 00 85 c0 74 2b 8b 82 30 14 00 00 83 f8 02 75 20 48 8b 8a 38 14 00 00 8b 92 34 14 00 00 48 8b 01 <48> 83 c0 01 48 39 c2 76 07 48 89 34 c1 48 89 01 c3 66 2e 0f 1f 84
RSP: 0018:ffffc900061f7008 EFLAGS: 00000246
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc9000f386000
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005
RBP: ffffc900061f71d8 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000017 R15: 0000000000000002
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2384 [inline]
 xfrm_tmpl_resolve+0x2f3/0xd40 net/xfrm/xfrm_policy.c:2429
 xfrm_resolve_and_create_bundle+0x123/0x2590 net/xfrm/xfrm_policy.c:2719
 xfrm_lookup_with_ifid+0x235/0x2130 net/xfrm/xfrm_policy.c:3053
 xfrm_lookup net/xfrm/xfrm_policy.c:3177 [inline]
 xfrm_lookup_route+0x36/0x1e0 net/xfrm/xfrm_policy.c:3188
 ip_route_output_flow+0xa6/0xc0 net/ipv4/route.c:2774
 udp_sendmsg+0x1a21/0x26d0 net/ipv4/udp.c:1201
 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:817
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:671
 ____sys_sendmsg+0x331/0x810 net/socket.c:2362
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416
 __sys_sendmmsg+0x196/0x4b0 net/socket.c:2506
 __do_sys_sendmmsg net/socket.c:2535 [inline]
 __se_sys_sendmmsg net/socket.c:2532 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2532
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5f9
Code: Bad RIP value.
RSP: 002b:00007febd4223c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045d5f9
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000118d028 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007ffcdc6e0e3f R14: 00007febd42249c0 R15: 000000000118cfec
INFO: task syz-executor.4:8788 can't die for more than 147 seconds.
task:syz-executor.4  state:R  running task     stack:24096 pid: 8788 ppid:  6910 flags:0x00004006
Call Trace:
 context_switch kernel/sched/core.c:3777 [inline]
 __schedule+0xec5/0x2200 kernel/sched/core.c:4526
 preempt_schedule_irq+0xbf/0x1b0 kernel/sched/core.c:4787
 irqentry_exit_cond_resched kernel/entry/common.c:356 [inline]
 irqentry_exit_cond_resched kernel/entry/common.c:348 [inline]
 irqentry_exit+0x65/0x90 kernel/entry/common.c:386
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:631
RIP: 0010:__seqprop_sequence include/linux/seqlock.h:261 [inline]
RIP: 0010:xfrm_state_find+0x30a/0x4d50 net/xfrm/xfrm_state.c:1061
Code: 0f 1f 44 00 00 8b 05 25 d6 91 04 31 ff 89 c3 89 85 ac fe ff ff 83 e3 01 89 de e8 41 c9 75 fa 85 db 74 28 e8 d8 cc 75 fa f3 90 <44> 8b 35 ff d5 91 04 31 ff 44 89 f3 83 e3 01 89 de e8 20 c9 75 fa
RSP: 0018:ffffc90006207008 EFLAGS: 00000246
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc90011597000
RDX: 0000000000040000 RSI: ffffffff86ff4bd8 RDI: 0000000000000005
RBP: ffffc900062071d8 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000017 R15: 0000000000000002
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2384 [inline]
 xfrm_tmpl_resolve+0x2f3/0xd40 net/xfrm/xfrm_policy.c:2429
 xfrm_resolve_and_create_bundle+0x123/0x2590 net/xfrm/xfrm_policy.c:2719
 xfrm_lookup_with_ifid+0x235/0x2130 net/xfrm/xfrm_policy.c:3053
 xfrm_lookup net/xfrm/xfrm_policy.c:3177 [inline]
 xfrm_lookup_route+0x36/0x1e0 net/xfrm/xfrm_policy.c:3188
 ip_route_output_flow+0xa6/0xc0 net/ipv4/route.c:2774
 udp_sendmsg+0x1a21/0x26d0 net/ipv4/udp.c:1201
 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:817
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:671
 ____sys_sendmsg+0x331/0x810 net/socket.c:2362
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416
 __sys_sendmmsg+0x196/0x4b0 net/socket.c:2506
 __do_sys_sendmmsg net/socket.c:2535 [inline]
 __se_sys_sendmmsg net/socket.c:2532 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2532
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5f9
Code: Bad RIP value.
RSP: 002b:00007f6df3a85c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045d5f9
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000118d028 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007ffe805a040f R14: 00007f6df3a869c0 R15: 000000000118cfec
INFO: task syz-executor.1:8794 can't die for more than 149 seconds.
task:syz-executor.1  state:R  running task     stack:25760 pid: 8794 ppid:  6904 flags:0x0000400e
Call Trace:
 context_switch kernel/sched/core.c:3777 [inline]
 __schedule+0xec5/0x2200 kernel/sched/core.c:4526
 preempt_schedule_irq+0xbf/0x1b0 kernel/sched/core.c:4787
 irqentry_exit_cond_resched kernel/entry/common.c:356 [inline]
 irqentry_exit_cond_resched kernel/entry/common.c:348 [inline]
 irqentry_exit+0x65/0x90 kernel/entry/common.c:386
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:631
RIP: 0010:__seqprop_sequence include/linux/seqlock.h:261 [inline]
RIP: 0010:xfrm_state_find+0x30a/0x4d50 net/xfrm/xfrm_state.c:1061
Code: 0f 1f 44 00 00 8b 05 25 d6 91 04 31 ff 89 c3 89 85 ac fe ff ff 83 e3 01 89 de e8 41 c9 75 fa 85 db 74 28 e8 d8 cc 75 fa f3 90 <44> 8b 35 ff d5 91 04 31 ff 44 89 f3 83 e3 01 89 de e8 20 c9 75 fa
RSP: 0018:ffffc900058a7008 EFLAGS: 00000246
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc9000af64000
RDX: 0000000000040000 RSI: ffffffff86ff4bd8 RDI: 0000000000000005
RBP: ffffc900058a71d8 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000017 R15: 0000000000000002
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2384 [inline]
 xfrm_tmpl_resolve+0x2f3/0xd40 net/xfrm/xfrm_policy.c:2429
 xfrm_resolve_and_create_bundle+0x123/0x2590 net/xfrm/xfrm_policy.c:2719
 xfrm_lookup_with_ifid+0x235/0x2130 net/xfrm/xfrm_policy.c:3053
 xfrm_lookup net/xfrm/xfrm_policy.c:3177 [inline]
 xfrm_lookup_route+0x36/0x1e0 net/xfrm/xfrm_policy.c:3188
 ip_route_output_flow+0xa6/0xc0 net/ipv4/route.c:2774
 udp_sendmsg+0x1a21/0x26d0 net/ipv4/udp.c:1201
 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:817
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:671
 ____sys_sendmsg+0x331/0x810 net/socket.c:2362
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416
 __sys_sendmmsg+0x196/0x4b0 net/socket.c:2506
 __do_sys_sendmmsg net/socket.c:2535 [inline]
 __se_sys_sendmmsg net/socket.c:2532 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2532
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45d5f9
Code: Bad RIP value.
RSP: 002b:00007fc6dd82cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000027a40 RCX: 000000000045d5f9
RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003
RBP: 000000000118d028 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cfec
R13: 00007ffe410d2dff R14: 00007fc6dd82d9c0 R15: 000000000118cfec
INFO: task syz-executor.5:8820 can't die for more than 151 seconds.
task:syz-executor.5  state:R  running task     stack:25840 pid: 8820 ppid:  7058 flags:0x00004006
Call Trace:
 context_switch kernel/sched/core.c:3777 [inline]
 __schedule+0xec5/0x2200 kernel/sched/core.c:4526
 preempt_schedule_irq+0xbf/0x1b0 kernel/sched/core.c:4787
 irqentry_exit_cond_resched kernel/entry/common.c:356 [inline]
 irqentry_exit_cond_resched kernel/entry/common.c:348 [inline]
 irqentry_exit+0x65/0x90 kernel/entry/common.c:386
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:631
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x4/0x20 kernel/kcov.c:284
Code: 0f 1f 44 00 00 8b 05 25 d6 91 04 31 ff 89 c3 89 85 ac fe ff ff 83 e3 01 89 de e8 41 c9 75 fa 85 db 74 28 e8 d8 cc 75 fa f3 90 <44> 8b 35 ff d5 91 04 31 ff 44 89 f3 83 e3 01 89 de e8 20 c9 75 fa
RSP: 0018:ffffc90006307008 EFLAGS: 00000246
RAX: 0000000000040000 RBX: 0000000000000001 RCX: ffffc900137a8000
RDX: 0000000000040000 RSI: ffffffff86ff4bd8 RDI: 0000000000000005
RBP: ffffc900063071d8 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000017 R15: 0000000000000002
 rep_nop arch/x86/include/asm/vdso/processor.h:13 [inline]
 cpu_relax arch/x86/include/asm/vdso/processor.h:18 [inline]
 xfrm_state_find+0x308/0x4d50 net/xfrm/xfrm_state.c:1061
 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2384 [inline]
 xfrm_tmpl_resolve+0x2f3/0xd40 net/xfrm/xfrm_policy.c:2429
 xfrm_resolve_and_create_bundle+0x123/0x2590 net/xfrm/xfrm_policy.c:2719
 xfrm_lookup_with_ifid+0x235/0x2130 net/xfrm/xfrm_policy.c:3053
 xfrm_lookup net/xfrm/xfrm_policy.c:3177 [inline]
 xfrm_lookup_route+0x36/0x1e0 net/xfrm/xfrm_policy.c:3188
 ip_route_output_flow+0xa6/0xc0 net/ipv4/route.c:2774
 udp_sendmsg+0x1a21/0x26d0 net/ipv4/udp.c:1201
 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:817
 sock_sendmsg_nosec net/socket.c:651 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:671
 ____sys_sendmsg+0x331/0x810 net/socket.c:2362
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2416
 __sys_sendmmsg+0x196/0x4b0 net/socket.c:2506

Crashes (7):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Maintainers
ci-upstream-linux-next-kasan-gce-root	2020/09/20 14:55	linux-next	b652d2a5	9564d2e9	.config	log	report	info	keescook@chromium.org, linux-kernel@vger.kernel.org, mingo@kernel.org, tglx@linutronix.de
ci-upstream-linux-next-kasan-gce-root	2020/09/13 21:41	linux-next	d5b2251d	2d3cdd63	.config	log	report		keescook@chromium.org, linux-kernel@vger.kernel.org, mingo@kernel.org, tglx@linutronix.de
ci-upstream-linux-next-kasan-gce-root	2020/09/01 17:58	linux-next	b36c9697	d5a3ae1f	.config	log	report		keescook@chromium.org, linux-kernel@vger.kernel.org, mingo@kernel.org, paulmck@kernel.org, tglx@linutronix.de
ci-upstream-linux-next-kasan-gce-root	2020/08/23 09:57	linux-next	494d311a	1da71ab0	.config	log	report		keescook@chromium.org, linux-kernel@vger.kernel.org, mingo@kernel.org, paulmck@kernel.org, tglx@linutronix.de
ci-upstream-linux-next-kasan-gce-root	2020/08/22 04:38	linux-next	494d311a	6436ce4b	.config	log	report		keescook@chromium.org, linux-kernel@vger.kernel.org, mingo@kernel.org, paulmck@kernel.org, tglx@linutronix.de
ci-upstream-linux-next-kasan-gce-root	2020/08/04 11:16	linux-next	01830e6c	196277c4	.config	log	report		keescook@chromium.org, linux-kernel@vger.kernel.org, mingo@kernel.org, tglx@linutronix.de
ci-upstream-linux-next-kasan-gce-root	2020/08/04 03:32	linux-next	01830e6c	196277c4	.config	log	report		keescook@chromium.org, linux-kernel@vger.kernel.org, mingo@kernel.org, tglx@linutronix.de