syzbot

 sign-in | mailing list | source | docs
🐞 Open [970] 🐞 Fixed [3880] 🐞 Invalid [8364] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

INFO: rcu detected stall in mrp_join_timer (2)

Status: auto-closed as invalid on 2022/07/04 18:27
Reported-by: syzbot+67edf33871a80247d3c0@syzkaller.appspotmail.com
First crash: 906d, last: 120d
similar bugs (5):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 INFO: rcu detected stall in mrp_join_timer 7 745d 910d 0/1 auto-closed as invalid on 2020/10/17 01:22
upstream INFO: rcu detected stall in mrp_join_timer 1 908d 908d 0/22 closed as invalid on 2020/01/09 08:13
linux-4.19 INFO: rcu detected stall in mrp_join_timer 28 596d 908d 0/1 auto-closed as invalid on 2021/03/15 12:15
linux-4.14 BUG: soft lockup in mrp_join_timer 1 469d 469d 0/1 auto-closed as invalid on 2021/07/20 15:25
linux-4.19 BUG: soft lockup in mrp_join_timer (2) 48 8d09h 444d 0/1 upstream: reported on 2021/04/16 18:29

Sample crash report:
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 	1-...!: (10501 ticks this GP) idle=985/1/0x4000000000000000 softirq=104000/104000 fqs=15 
	(t=10502 jiffies g=145801 q=540)
rcu: rcu_preempt kthread starved for 10440 jiffies! g145801 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28944 pid:   14 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4986 [inline]
 __schedule+0xab2/0x4e90 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881
 rcu_gp_fqs_loop+0x186/0x810 kernel/rcu/tree.c:1963
 rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2136
 kthread+0x2e9/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 26117 Comm: kworker/u4:12 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:440 [inline]
RIP: 0010:smp_call_function_many_cond+0x452/0xc20 kernel/smp.c:969
Code: 0b 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 20 81 0b 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 33 06 00 00 8b 43 08 31
RSP: 0018:ffffc90011857a08 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff8880b9d3f3a0 RCX: 0000000000000000
RDX: ffff88802e054180 RSI: ffffffff816c0800 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff816c0826 R11: 0000000000000000 R12: ffffed10173a7e75
R13: 0000000000000001 R14: ffff8880b9d3f3a8 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c016bdc120 CR3: 000000000b88e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x56/0xa0 kernel/smp.c:1135
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:1112 [inline]
 text_poke_bp_batch+0x1b1/0x510 arch/x86/kernel/alternative.c:1300
 text_poke_flush arch/x86/kernel/alternative.c:1470 [inline]
 text_poke_flush arch/x86/kernel/alternative.c:1467 [inline]
 text_poke_finish+0x16/0x30 arch/x86/kernel/alternative.c:1477
 arch_jump_label_transform_apply+0x13/0x20 arch/x86/kernel/jump_label.c:146
 jump_label_update+0x1da/0x400 kernel/jump_label.c:830
 static_key_enable_cpuslocked+0x1b1/0x260 kernel/jump_label.c:177
 static_key_enable+0x16/0x20 kernel/jump_label.c:190
 toggle_allocation_gate mm/kfence/core.c:734 [inline]
 toggle_allocation_gate+0x100/0x390 mm/kfence/core.c:726
 process_one_work+0x9ac/0x1650 kernel/workqueue.c:2307
 worker_thread+0x657/0x1110 kernel/workqueue.c:2454
 kthread+0x2e9/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
NMI backtrace for cpu 1
CPU: 1 PID: 506 Comm: syz-executor.5 Not tainted 5.16.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
 rcu_dump_cpu_stacks+0x25e/0x3f0 kernel/rcu/tree_stall.h:343
 print_cpu_stall kernel/rcu/tree_stall.h:604 [inline]
 check_cpu_stall kernel/rcu/tree_stall.h:688 [inline]
 rcu_pending kernel/rcu/tree.c:3919 [inline]
 rcu_sched_clock_irq.cold+0x5c/0x759 kernel/rcu/tree.c:2617
 update_process_times+0x16d/0x200 kernel/time/timer.c:1785
 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226
 tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
 __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103
 sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1097
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:30 [inline]
RIP: 0010:__orc_find+0x83/0xf0 arch/x86/kernel/unwind_orc.c:52
Code: 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 48 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 <48> 01 d8 48 39 c1 73 b0 4c 8d 63 fc 49 39 ec 73 b3 4d 29 ee 49 c1
RSP: 0018:ffffc90000fd8710 EFLAGS: 00000246
RAX: fffffffffb454dd7 RBX: ffffffff8e06df00 RCX: ffffffff894c2cc4
RDX: 0000000000000000 RSI: ffffffff8ea8d59e RDI: ffffffff8e06dedc
RBP: ffffffff8e06df00 R08: ffffffff8ea8d59e R09: 0000000000000001
R10: fffff520001fb111 R11: 0000000000088078 R12: ffffffff8e06df04
R13: ffffffff8e06dedc R14: ffffffff8e06defc R15: dffffc0000000000
 orc_find arch/x86/kernel/unwind_orc.c:173 [inline]
 unwind_next_frame+0x32a/0x1ce0 arch/x86/kernel/unwind_orc.c:443
 arch_stack_walk+0x7d/0xe0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:437 [inline]
 __kasan_slab_alloc+0x85/0xb0 mm/kasan/common.c:470
 kasan_slab_alloc include/linux/kasan.h:260 [inline]
 slab_post_alloc_hook mm/slab.h:732 [inline]
 slab_alloc_node mm/slab.c:3253 [inline]
 kmem_cache_alloc_node+0x2ea/0x590 mm/slab.c:3591
 __alloc_skb+0x215/0x340 net/core/skbuff.c:414
 alloc_skb include/linux/skbuff.h:1158 [inline]
 mrp_pdu_init net/802/mrp.c:313 [inline]
 mrp_pdu_append_vecattr_event+0x80a/0x10b0 net/802/mrp.c:412
 mrp_attr_event+0x191/0x280 net/802/mrp.c:507
 mrp_mad_event net/802/mrp.c:587 [inline]
 mrp_join_timer+0x5a/0xc0 net/802/mrp.c:604
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x67c/0xa30 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:sidtab_context_to_sid+0x0/0x1100 security/selinux/ss/sidtab.c:266
Code: e9 b2 fe ff ff e8 20 5f 19 fe eb a2 48 89 de 48 c7 c7 80 7d 36 8c e8 9f c0 5a 00 e9 ec fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 <41> 57 41 56 41 55 41 54 49 89 fc 55 48 89 f5 53 48 89 d3 48 81 ec
RSP: 0018:ffffc9000364fa18 EFLAGS: 00000216
RAX: 0000000000000f78 RBX: 0000000000000001 RCX: ffffc9000b061000
RDX: ffffc9000364fd30 RSI: ffffc9000364fbd8 RDI: ffff8880257c4000
RBP: ffff88807f315000 R08: 0000000000000000 R09: ffffc9000364fbd8
R10: ffffffff83a6e885 R11: 0000000000000018 R12: ffff8880753d0b60
R13: 0000000000000000 R14: ffff88807f315008 R15: dffffc0000000000
 security_compute_sid.part.0+0xb61/0x15f0 security/selinux/ss/services.c:1904
 security_compute_sid security/selinux/ss/services.c:1936 [inline]
 security_transition_sid+0xbc/0x190 security/selinux/ss/services.c:1936
 socket_sockcreate_sid security/selinux/hooks.c:4590 [inline]
 socket_sockcreate_sid security/selinux/hooks.c:4582 [inline]
 selinux_socket_post_create+0x60f/0x7c0 security/selinux/hooks.c:4643
 security_socket_post_create+0x64/0xc0 security/security.c:2167
 __sock_create+0x64a/0x790 net/socket.c:1484
 sock_create net/socket.c:1519 [inline]
 __sys_socketpair+0x242/0x570 net/socket.c:1623
 __do_sys_socketpair net/socket.c:1672 [inline]
 __se_sys_socketpair net/socket.c:1669 [inline]
 __x64_sys_socketpair+0x93/0xf0 net/socket.c:1669
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fbeef0da059
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbeeda4f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
RAX: ffffffffffffffda RBX: 00007fbeef1ecf60 RCX: 00007fbeef0da059
RDX: 0000000000000000 RSI: 0000002000000003 RDI: 0000000000000001
RBP: 00007fbeef13408d R08: 0000000000000000 R09: 0000000000000000
R10: 00000000200005c0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fff6e2c2a8f R14: 00007fbeeda4f300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	0b 00                	or     (%rax),%eax
   2:	85 ed                	test   %ebp,%ebp
   4:	74 4d                	je     0x53
   6:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
   d:	fc ff df
  10:	4d 89 f4             	mov    %r14,%r12
  13:	4c 89 f5             	mov    %r14,%rbp
  16:	49 c1 ec 03          	shr    $0x3,%r12
  1a:	83 e5 07             	and    $0x7,%ebp
  1d:	49 01 c4             	add    %rax,%r12
  20:	83 c5 03             	add    $0x3,%ebp
  23:	e8 20 81 0b 00       	callq  0xb8148
  28:	f3 90                	pause
* 2a:	41 0f b6 04 24       	movzbl (%r12),%eax <-- trapping instruction
  2f:	40 38 c5             	cmp    %al,%bpl
  32:	7c 08                	jl     0x3c
  34:	84 c0                	test   %al,%al
  36:	0f 85 33 06 00 00    	jne    0x66f
  3c:	8b 43 08             	mov    0x8(%rbx),%eax
  3f:	31                   	.byte 0x31

Crashes (57):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2022/01/22 00:57 upstream 9b57f4589857 214351e1 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root 2021/12/25 14:01 upstream b927dfc67d05 6caa12e4 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root 2021/12/22 12:40 upstream 2f47a9a4dfa3 6caa12e4 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root 2021/12/18 03:24 upstream 6441998e2e37 44068e19 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce 2021/12/07 23:17 upstream cd8c917a56f2 0230ba3e .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root 2021/11/24 11:13 upstream 5d9f4cf36721 545ab074 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root 2021/11/05 02:20 upstream 7ddb58cb0eca 4c1be0be .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root 2021/09/26 11:28 upstream a5e0aceabef6 8cac236e .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root 2021/09/04 18:39 upstream f1583cb1be35 d236a457 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root 2021/08/10 09:01 upstream 36a21d51725a 6972b106 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root 2021/07/02 04:12 upstream e058a84bfddc 658ebc66 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root 2021/05/21 13:42 upstream f01da525b3de 3c7fef33 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root 2021/05/03 02:20 upstream d2b6f8a17919 77e2b668 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-smack-root 2021/04/23 23:44 upstream 18a3c5f7abfd 17f0b706 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-root 2021/02/21 12:41 upstream e767b3530acb 3e5ed8b4 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce-selinux-root 2021/01/23 17:49 upstream fe75a21824e7 52e37319 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-net-this-kasan-gce 2022/03/06 18:26 net afb3cc1a397d 7bdd8b2c .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-linux-next-kasan-gce-root 2021/06/03 13:18 linux-next a1f92694393a 0740de69 .config log report info INFO: rcu detected stall in mrp_join_timer
ci-upstream-kasan-gce 2021/01/10 20:46 upstream 2ff90100ace8 2c1f2513 .config log report info
ci-upstream-kasan-gce 2020/12/20 10:19 upstream 467f8165a2b0 04201c06 .config log report info
ci-upstream-kasan-gce-root 2020/11/07 03:05 upstream bf3e76289cd2 64069d48 .config log report info
ci-upstream-kasan-gce 2020/11/04 18:28 upstream 4ef8451b3326 cba33199 .config log report info
ci-upstream-kasan-gce 2020/10/12 23:38 upstream bbf5c979011a d32b0bbf .config log report info
ci-upstream-kasan-gce 2020/09/12 04:39 upstream e8878ab82545 79fb24e2 .config log report
ci-upstream-kasan-gce 2020/09/04 21:21 upstream 59126901f200 abf9ba4f .config log report
ci-upstream-kasan-gce-smack-root 2020/08/29 18:17 upstream 4d41ead6ead9 d5a3ae1f .config log report
ci-upstream-kasan-gce 2020/08/26 00:43 upstream abb3438d69fb 344da168 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/23 08:32 upstream c3d8f220d012 1da71ab0 .config log report
ci-upstream-kasan-gce-root 2020/08/23 06:37 upstream c3d8f220d012 1da71ab0 .config log report
ci-upstream-kasan-gce-root 2020/08/21 01:44 upstream da2968ff879b 1d75fe45 .config log report
ci-upstream-kasan-gce-smack-root 2020/08/20 17:35 upstream 7eac66d0456f ed282a3a .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/16 12:06 upstream d84835b118ed 424dd8e7 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/16 09:07 upstream d84835b118ed 424dd8e7 .config log report
ci-upstream-kasan-gce 2020/08/16 01:51 upstream c9c9735c46f5 424dd8e7 .config log report
ci-upstream-kasan-gce 2020/08/13 03:13 upstream fb893de323e2 bc15f7db .config log report
ci-upstream-kasan-gce-root 2020/08/07 06:28 upstream 47ec5303d73e 1f122f88 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/03 07:21 upstream 5a30a78924ec 196277c4 .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/21 14:45 upstream 4fa640dc5230 d88894e6 .config log report
ci-upstream-kasan-gce 2020/07/13 03:01 upstream 4437dd6e8f71 9ebcc5b1 .config log report
ci-upstream-kasan-gce-root 2020/07/03 16:20 upstream cd77006e01b3 bed10395 .config log report
ci-upstream-kasan-gce 2020/05/24 20:44 upstream caffb99b6929 bd28eb9d .config log report
ci-upstream-kasan-gce-root 2020/03/13 12:10 upstream 3cc6e2c599cd d850e9d0 .config log report
ci-upstream-kasan-gce-root 2020/02/23 19:23 upstream 0a115e5f23b9 2c36e7a7 .config log report
ci-upstream-kasan-gce 2020/02/12 02:06 upstream 0a679e13ea30 4d1ab643 .config log report
ci-upstream-kasan-gce-root 2020/02/08 05:37 upstream 41dcd67e8868 06150bf1 .config log report
ci-upstream-kasan-gce 2020/02/02 01:47 upstream 94f2630b1897 2274ad39 .config log report
ci-upstream-kasan-gce-smack-root 2020/01/31 21:13 upstream ccaaaf6fe5a5 c30117b2 .config log report
ci-upstream-kasan-gce-selinux-root 2020/01/30 01:33 upstream b3a608222336 5ed23f9a .config log report
ci-upstream-kasan-gce-root 2020/01/24 05:13 upstream 4703d9119972 2e95ab33 .config log report
ci-upstream-kasan-gce-smack-root 2020/01/19 19:03 upstream 8f8972a3127f 0342f8c7 .config log report
ci-upstream-kasan-gce 2020/01/14 09:13 upstream b3a987b0264d 32881205 .config log report
ci-upstream-kasan-gce 2020/01/10 06:53 upstream e69ec487b2c7 4de4e9f0 .config log report
ci-upstream-kasan-gce-386 2020/07/30 18:19 upstream d3590ebf6f91 233283a1 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/11/07 20:27 linux-next c34f157421f6 64069d48 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/08/23 20:50 linux-next 494d311a82bb cef5ae68 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/22 12:40 linux-next de2e69cfe54a 128cd85f .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/13 07:44 linux-next d31958b30ea3 9ebcc5b1 .config log report