INFO: rcu detected stall in mrp_join

INFO: rcu detected stall in mrp_join_timer (2)
Status: upstream: reported on 2020/02/16 10:49
Reported-by: syzbot+67edf33871a80247d3c0@syzkaller.appspotmail.com
First crash: 748d, last: 6d04h

similar bugs (5):
Kernel	Title	Count	Last	Reported	Patched	Status
linux-4.14	INFO: rcu detected stall in mrp_join_timer	7	588d	753d	0/1	auto-closed as invalid on 2020/10/17 01:22
upstream	INFO: rcu detected stall in mrp_join_timer	1	750d	750d	0/22	closed as invalid on 2020/01/09 08:13
linux-4.19	INFO: rcu detected stall in mrp_join_timer	28	438d	750d	0/1	auto-closed as invalid on 2021/03/15 12:15
linux-4.14	BUG: soft lockup in mrp_join_timer	1	311d	311d	0/1	auto-closed as invalid on 2021/07/20 15:25
linux-4.19	BUG: soft lockup in mrp_join_timer (2)	32	1d06h	286d	0/1	upstream: reported on 2021/04/16 18:29

Sample crash report:

rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 	1-...!: (10501 ticks this GP) idle=985/1/0x4000000000000000 softirq=104000/104000 fqs=15 
	(t=10502 jiffies g=145801 q=540)
rcu: rcu_preempt kthread starved for 10440 jiffies! g145801 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28944 pid:   14 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4986 [inline]
 __schedule+0xab2/0x4e90 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881
 rcu_gp_fqs_loop+0x186/0x810 kernel/rcu/tree.c:1963
 rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2136
 kthread+0x2e9/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 26117 Comm: kworker/u4:12 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:440 [inline]
RIP: 0010:smp_call_function_many_cond+0x452/0xc20 kernel/smp.c:969
Code: 0b 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 20 81 0b 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 33 06 00 00 8b 43 08 31
RSP: 0018:ffffc90011857a08 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff8880b9d3f3a0 RCX: 0000000000000000
RDX: ffff88802e054180 RSI: ffffffff816c0800 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff816c0826 R11: 0000000000000000 R12: ffffed10173a7e75
R13: 0000000000000001 R14: ffff8880b9d3f3a8 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c016bdc120 CR3: 000000000b88e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x56/0xa0 kernel/smp.c:1135
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:1112 [inline]
 text_poke_bp_batch+0x1b1/0x510 arch/x86/kernel/alternative.c:1300
 text_poke_flush arch/x86/kernel/alternative.c:1470 [inline]
 text_poke_flush arch/x86/kernel/alternative.c:1467 [inline]
 text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1477
 arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:146
 jump_label_update+0x1da/0x400 kernel/jump_label.c:830
 static_key_enable_cpuslocked+0x1b1/0x260 kernel/jump_label.c:177
 static_key_enable+0x16/0x20 kernel/jump_label.c:190
 toggle_allocation_gate mm/kfence/core.c:734 [inline]
 toggle_allocation_gate+0x100/0x390 mm/kfence/core.c:726
 process_one_work+0x9ac/0x1650 kernel/workqueue.c:2307
 worker_thread+0x657/0x1110 kernel/workqueue.c:2454
 kthread+0x2e9/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
NMI backtrace for cpu 1
CPU: 1 PID: 506 Comm: syz-executor.5 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
 rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343
 print_cpu_stall kernel/rcu/tree_stall.h:604 [inline]
 check_cpu_stall kernel/rcu/tree_stall.h:688 [inline]
 rcu_pending kernel/rcu/tree.c:3919 [inline]
 rcu_sched_clock_irq.cold+0x5c/0x759 kernel/rcu/tree.c:2617
 update_process_times+0x16d/0x200 kernel/time/timer.c:1785
 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226
 tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
 __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103
 sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1097
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:30 [inline]
RIP: 0010:__orc_find+0x83/0xf0 arch/x86/kernel/unwind_orc.c:52
Code: 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 <48> 01 d8 48 39 c1 73 b0 4c 8d 63 fc 49 39 ec 73 b3 4d 29 ee 49 c1
RSP: 0018:ffffc90000fd8710 EFLAGS: 00000246
RAX: fffffffffb454dd7 RBX: ffffffff8e06df00 RCX: ffffffff894c2cc4
RDX: 0000000000000000 RSI: ffffffff8ea8d59e RDI: ffffffff8e06dedc
RBP: ffffffff8e06df00 R08: ffffffff8ea8d59e R09: 0000000000000001
R10: fffff520001fb111 R11: 0000000000088078 R12: ffffffff8e06df04
R13: ffffffff8e06dedc R14: ffffffff8e06defc R15: dffffc0000000000
 orc_find arch/x86/kernel/unwind_orc.c:173 [inline]
 unwind_next_frame+0x32a/0x1ce0 arch/x86/kernel/unwind_orc.c:443
 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:437 [inline]
 __kasan_slab_alloc+0x85/0xb0 mm/kasan/common.c:470
 kasan_slab_alloc include/linux/kasan.h:260 [inline]
 slab_post_alloc_hook mm/slab.h:732 [inline]
 slab_alloc_node mm/slab.c:3253 [inline]
 kmem_cache_alloc_node+0x2ea/0x590 mm/slab.c:3591
 __alloc_skb+0x215/0x340 net/core/skbuff.c:414
 alloc_skb include/linux/skbuff.h:1158 [inline]
 mrp_pdu_init net/802/mrp.c:313 [inline]
 mrp_pdu_append_vecattr_event+0x80a/0x10b0 net/802/mrp.c:412
 mrp_attr_event+0x191/0x280 net/802/mrp.c:507
 mrp_mad_event net/802/mrp.c:587 [inline]
 mrp_join_timer+0x5a/0xc0 net/802/mrp.c:604
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x67c/0xa30 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:sidtab_context_to_sid+0x0/0x1100 security/selinux/ss/sidtab.c:266
Code: e9 b2 fe ff ff e8 20 5f 19 fe eb a2 48 89 de 48 c7 c7 80 7d 36 8c e8 9f c0 5a 00 e9 ec fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 <41> 57 41 56 41 55 41 54 49 89 fc 55 48 89 f5 53 48 89 d3 48 81 ec
RSP: 0018:ffffc9000364fa18 EFLAGS: 00000216
RAX: 0000000000000f78 RBX: 0000000000000001 RCX: ffffc9000b061000
RDX: ffffc9000364fd30 RSI: ffffc9000364fbd8 RDI: ffff8880257c4000
RBP: ffff88807f315000 R08: 0000000000000000 R09: ffffc9000364fbd8
R10: ffffffff83a6e885 R11: 0000000000000018 R12: ffff8880753d0b60
R13: 0000000000000000 R14: ffff88807f315008 R15: dffffc0000000000
 security_compute_sid.part.0+0xb61/0x15f0 security/selinux/ss/services.c:1904
 security_compute_sid security/selinux/ss/services.c:1936 [inline]
 security_transition_sid+0xbc/0x190 security/selinux/ss/services.c:1936
 socket_sockcreate_sid security/selinux/hooks.c:4590 [inline]
 socket_sockcreate_sid security/selinux/hooks.c:4582 [inline]
 selinux_socket_post_create+0x60f/0x7c0 security/selinux/hooks.c:4643
 security_socket_post_create+0x64/0xc0 security/security.c:2167
 __sock_create+0x64a/0x790 net/socket.c:1484
 sock_create net/socket.c:1519 [inline]
 __sys_socketpair+0x242/0x570 net/socket.c:1623
 __do_sys_socketpair net/socket.c:1672 [inline]
 __se_sys_socketpair net/socket.c:1669 [inline]
 __x64_sys_socketpair+0x93/0xf0 net/socket.c:1669
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fbeef0da059
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbeeda4f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
RAX: ffffffffffffffda RBX: 00007fbeef1ecf60 RCX: 00007fbeef0da059
RDX: 0000000000000000 RSI: 0000002000000003 RDI: 0000000000000001
RBP: 00007fbeef13408d R08: 0000000000000000 R09: 0000000000000000
R10: 00000000200005c0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff6e2c2a8f R14: 00007fbeeda4f300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	0b 00                	or     (%rax),%eax
   2:	85 ed                	test   %ebp,%ebp
   4:	74 4d                	je     0x53
   6:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
   d:	fc ff df
  10:	4d 89 f4             	mov    %r14,%r12
  13:	4c 89 f5             	mov    %r14,%rbp
  16:	49 c1 ec 03          	shr    $0x3,%r12
  1a:	83 e5 07             	and    $0x7,%ebp
  1d:	49 01 c4             	add    %rax,%r12
  20:	83 c5 03             	add    $0x3,%ebp
  23:	e8 20 81 0b 00       	callq  0xb8148
  28:	f3 90                	pause
* 2a:	41 0f b6 04 24       	movzbl (%r12),%eax <-- trapping instruction
  2f:	40 38 c5             	cmp    %al,%bpl
  32:	7c 08                	jl     0x3c
  34:	84 c0                	test   %al,%al
  36:	0f 85 33 06 00 00    	jne    0x66f
  3c:	8b 43 08             	mov    0x8(%rbx),%eax
  3f:	31                   	.byte 0x31

Crashes (56):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Title
ci-upstream-kasan-gce-selinux-root	2022/01/22 00:57	upstream	9b57f4589857	214351e1	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root	2021/12/25 14:01	upstream	b927dfc67d05	6caa12e4	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root	2021/12/22 12:40	upstream	2f47a9a4dfa3	6caa12e4	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root	2021/12/18 03:24	upstream	6441998e2e37	44068e19	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce	2021/12/07 23:17	upstream	cd8c917a56f2	0230ba3e	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root	2021/11/24 11:13	upstream	5d9f4cf36721	545ab074	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root	2021/11/05 02:20	upstream	7ddb58cb0eca	4c1be0be	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root	2021/09/26 11:28	upstream	a5e0aceabef6	8cac236e	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root	2021/09/04 18:39	upstream	f1583cb1be35	d236a457	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root	2021/08/10 09:01	upstream	36a21d51725a	6972b106	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root	2021/07/02 04:12	upstream	e058a84bfddc	658ebc66	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root	2021/05/21 13:42	upstream	f01da525b3de	3c7fef33	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root	2021/05/03 02:20	upstream	d2b6f8a17919	77e2b668	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root	2021/04/23 23:44	upstream	18a3c5f7abfd	17f0b706	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-root	2021/02/21 12:41	upstream	e767b3530acb	3e5ed8b4	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root	2021/01/23 17:49	upstream	fe75a21824e7	52e37319	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-linux-next-kasan-gce-root	2021/06/03 13:18	linux-next	a1f92694393a	0740de69	.config	log	report	info	INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce	2021/01/10 20:46	upstream	2ff90100ace8	2c1f2513	.config	log	report	info
ci-upstream-kasan-gce	2020/12/20 10:19	upstream	467f8165a2b0	04201c06	.config	log	report	info
ci-upstream-kasan-gce-root	2020/11/07 03:05	upstream	bf3e76289cd2	64069d48	.config	log	report	info
ci-upstream-kasan-gce	2020/11/04 18:28	upstream	4ef8451b3326	cba33199	.config	log	report	info
ci-upstream-kasan-gce	2020/10/12 23:38	upstream	bbf5c979011a	d32b0bbf	.config	log	report	info
ci-upstream-kasan-gce	2020/09/12 04:39	upstream	e8878ab82545	79fb24e2	.config	log	report
ci-upstream-kasan-gce	2020/09/04 21:21	upstream	59126901f200	abf9ba4f	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/29 18:17	upstream	4d41ead6ead9	d5a3ae1f	.config	log	report
ci-upstream-kasan-gce	2020/08/26 00:43	upstream	abb3438d69fb	344da168	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/23 08:32	upstream	c3d8f220d012	1da71ab0	.config	log	report
ci-upstream-kasan-gce-root	2020/08/23 06:37	upstream	c3d8f220d012	1da71ab0	.config	log	report
ci-upstream-kasan-gce-root	2020/08/21 01:44	upstream	da2968ff879b	1d75fe45	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/08/20 17:35	upstream	7eac66d0456f	ed282a3a	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/16 12:06	upstream	d84835b118ed	424dd8e7	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/16 09:07	upstream	d84835b118ed	424dd8e7	.config	log	report
ci-upstream-kasan-gce	2020/08/16 01:51	upstream	c9c9735c46f5	424dd8e7	.config	log	report
ci-upstream-kasan-gce	2020/08/13 03:13	upstream	fb893de323e2	bc15f7db	.config	log	report
ci-upstream-kasan-gce-root	2020/08/07 06:28	upstream	47ec5303d73e	1f122f88	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/08/03 07:21	upstream	5a30a78924ec	196277c4	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/07/21 14:45	upstream	4fa640dc5230	d88894e6	.config	log	report
ci-upstream-kasan-gce	2020/07/13 03:01	upstream	4437dd6e8f71	9ebcc5b1	.config	log	report
ci-upstream-kasan-gce-root	2020/07/03 16:20	upstream	cd77006e01b3	bed10395	.config	log	report
ci-upstream-kasan-gce	2020/05/24 20:44	upstream	caffb99b6929	bd28eb9d	.config	log	report
ci-upstream-kasan-gce-root	2020/03/13 12:10	upstream	3cc6e2c599cd	d850e9d0	.config	log	report
ci-upstream-kasan-gce-root	2020/02/23 19:23	upstream	0a115e5f23b9	2c36e7a7	.config	log	report
ci-upstream-kasan-gce	2020/02/12 02:06	upstream	0a679e13ea30	4d1ab643	.config	log	report
ci-upstream-kasan-gce-root	2020/02/08 05:37	upstream	41dcd67e8868	06150bf1	.config	log	report
ci-upstream-kasan-gce	2020/02/02 01:47	upstream	94f2630b1897	2274ad39	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/01/31 21:13	upstream	ccaaaf6fe5a5	c30117b2	.config	log	report
ci-upstream-kasan-gce-selinux-root	2020/01/30 01:33	upstream	b3a608222336	5ed23f9a	.config	log	report
ci-upstream-kasan-gce-root	2020/01/24 05:13	upstream	4703d9119972	2e95ab33	.config	log	report
ci-upstream-kasan-gce-smack-root	2020/01/19 19:03	upstream	8f8972a3127f	0342f8c7	.config	log	report
ci-upstream-kasan-gce	2020/01/14 09:13	upstream	b3a987b0264d	32881205	.config	log	report
ci-upstream-kasan-gce	2020/01/10 06:53	upstream	e69ec487b2c7	4de4e9f0	.config	log	report
ci-upstream-kasan-gce-386	2020/07/30 18:19	upstream	d3590ebf6f91	233283a1	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/11/07 20:27	linux-next	c34f157421f6	64069d48	.config	log	report	info
ci-upstream-linux-next-kasan-gce-root	2020/08/23 20:50	linux-next	494d311a82bb	cef5ae68	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/07/22 12:40	linux-next	de2e69cfe54a	128cd85f	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2020/07/13 07:44	linux-next	d31958b30ea3	9ebcc5b1	.config	log	report