syzbot

 sign-in | mailing list | source | docs
🐞 Open [196]
🐞 Fixed [42]
🐞 Invalid [470]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in raw_setsockopt

Status: auto-closed as invalid on 2019/08/20 15:32
Reported-by: syzbot+1d81511cca0ec2e7ea0b@syzkaller.appspotmail.com
First crash: 2100d, last: 2100d

Sample crash report:
lowmemorykiller: Killing 'syz-executor.5' (834) (tgid 834), adj 1000,
   to free 34868kB on behalf of 'kswapd0' (33) because
   cache 140kB is below limit 6144kB for oom_score_adj 0
   Free memory is -35584kB above reserved
ODEBUG: Out of memory. ODEBUG disabled
INFO: rcu_preempt detected stalls on CPUs/tasks:
	Tasks blocked on level-0 rcu_node (CPUs 0-1): P27199
	(detected by 0, t=10502 jiffies, g=34274, c=34273, q=18345)
syz-executor.5  R  running task    26520 27199  14810 0x00000004
 ffff8801db607c90 ffffffff813fa9e1 ffffffff813fa7e0 ffff8801a9eac740
 ffff8801a9eac740 ffffffff830d1800 0000000000000096 ffff8801a9eacb20
 dffffc0000000000 ffff8801db607cc8 ffffffff814054ea 00000000000085e1
Call Trace:
 <IRQ> 
 [<ffffffff813fa9e1>] sched_show_task.cold+0x27f/0x327 kernel/sched/core.c:5317
 [<ffffffff814054ea>] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530
 [<ffffffff814066d5>] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:543 [inline]
 [<ffffffff814066d5>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
 [<ffffffff814066d5>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
 [<ffffffff814066d5>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
 [<ffffffff814066d5>] rcu_pending kernel/rcu/tree.c:3551 [inline]
 [<ffffffff814066d5>] rcu_check_callbacks.cold+0x761/0xd2f kernel/rcu/tree.c:2880
 [<ffffffff81267031>] update_process_times+0x31/0x70 kernel/time/timer.c:1629
 [<ffffffff8129609a>] tick_sched_handle.isra.0+0x4a/0xf0 kernel/time/tick-sched.c:151
 [<ffffffff812961ba>] tick_sched_timer+0x7a/0x130 kernel/time/tick-sched.c:1190
 [<ffffffff81269cb3>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
 [<ffffffff81269cb3>] __hrtimer_run_queues+0x313/0xe00 kernel/time/hrtimer.c:1319
 [<ffffffff8126c1e6>] hrtimer_interrupt+0x1b6/0x450 kernel/time/hrtimer.c:1353
 [<ffffffff81090286>] local_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:937
 [<ffffffff8281a9b9>] smp_apic_timer_interrupt+0x79/0xb0 arch/x86/kernel/apic/apic.c:961
 [<ffffffff8281822d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648
 <EOI> 
 [<ffffffff81226d6f>] vprintk_emit+0x43f/0x6f0 kernel/printk/printk.c:1908
 [<ffffffff81227048>] vprintk+0x28/0x30 kernel/printk/printk.c:1918
 [<ffffffff814035d9>] vprintk_func kernel/printk/internal.h:36 [inline]
 [<ffffffff814035d9>] printk+0xc2/0xf5 kernel/printk/printk.c:1980
 [<ffffffff82230ce2>] lowmem_scan.cold+0x2d7/0x361 drivers/staging/android/lowmemorykiller.c:177
 [<ffffffff8144a81f>] do_shrink_slab mm/vmscan.c:398 [inline]
 [<ffffffff8144a81f>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:501
 [<ffffffff814562ad>] shrink_slab mm/vmscan.c:465 [inline]
 [<ffffffff814562ad>] shrink_node+0x1ed/0x750 mm/vmscan.c:2602
 [<ffffffff81456ba7>] shrink_zones mm/vmscan.c:2749 [inline]
 [<ffffffff81456ba7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
 [<ffffffff81456ba7>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3002
 [<ffffffff81429390>] __perform_reclaim mm/page_alloc.c:3324 [inline]
 [<ffffffff81429390>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline]
 [<ffffffff81429390>] __alloc_pages_slowpath mm/page_alloc.c:3695 [inline]
 [<ffffffff81429390>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3852
 [<ffffffff814cb2cb>] __alloc_pages include/linux/gfp.h:433 [inline]
 [<ffffffff814cb2cb>] __alloc_pages_node include/linux/gfp.h:446 [inline]
 [<ffffffff814cb2cb>] alloc_pages_node include/linux/gfp.h:460 [inline]
 [<ffffffff814cb2cb>] __vmalloc_area_node mm/vmalloc.c:1644 [inline]
 [<ffffffff814cb2cb>] __vmalloc_node_range+0x25b/0x610 mm/vmalloc.c:1702
 [<ffffffff814cbb4c>] __vmalloc_node mm/vmalloc.c:1745 [inline]
 [<ffffffff814cbb4c>] __vmalloc_node_flags mm/vmalloc.c:1759 [inline]
 [<ffffffff814cbb4c>] vmalloc+0x5c/0x70 mm/vmalloc.c:1774
 [<ffffffff82450fa8>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997
 [<ffffffff82613a4b>] do_replace net/ipv4/netfilter/ip_tables.c:1146 [inline]
 [<ffffffff82613a4b>] do_ipt_set_ctl+0x22b/0x470 net/ipv4/netfilter/ip_tables.c:1693
 [<ffffffff823e3a4d>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 [<ffffffff823e3a4d>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
 [<ffffffff824c1a8a>] ip_setsockopt net/ipv4/ip_sockglue.c:1247 [inline]
 [<ffffffff824c1a8a>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1232
 [<ffffffff82560023>] raw_setsockopt+0xb3/0xd0 net/ipv4/raw.c:833
 [<ffffffff822aa9da>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710
 [<ffffffff822a84c9>] SYSC_setsockopt net/socket.c:1785 [inline]
 [<ffffffff822a84c9>] SyS_setsockopt+0x159/0x240 net/socket.c:1764
 [<ffffffff810056bd>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
 [<ffffffff82816a93>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
syz-executor.5  R  running task    26520 27199  14810 0x80000004
 ffff8801db607c90 ffffffff813fa9e1 ffffffff813fa7e0 ffff8801a9eac740
 ffff8801a9eac740 ffffffff830d1800 0000000000000096 ffff8801a9eacb20
 dffffc0000000000 ffff8801db607cc8 ffffffff814054ea ffffffff830d1b80
Call Trace:
 <IRQ> 
 [<ffffffff813fa9e1>] sched_show_task.cold+0x27f/0x327 kernel/sched/core.c:5317
 [<ffffffff814054ea>] rcu_print_detail_task_stall_rnp+0xc2/0xfe kernel/rcu/tree_plugin.h:530
 [<ffffffff8140672d>] rcu_print_detail_task_stall kernel/rcu/tree_plugin.h:545 [inline]
 [<ffffffff8140672d>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
 [<ffffffff8140672d>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
 [<ffffffff8140672d>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
 [<ffffffff8140672d>] rcu_pending kernel/rcu/tree.c:3551 [inline]
 [<ffffffff8140672d>] rcu_check_callbacks.cold+0x7b9/0xd2f kernel/rcu/tree.c:2880
 [<ffffffff81267031>] update_process_times+0x31/0x70 kernel/time/timer.c:1629
 [<ffffffff8129609a>] tick_sched_handle.isra.0+0x4a/0xf0 kernel/time/tick-sched.c:151
 [<ffffffff812961ba>] tick_sched_timer+0x7a/0x130 kernel/time/tick-sched.c:1190
 [<ffffffff81269cb3>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
 [<ffffffff81269cb3>] __hrtimer_run_queues+0x313/0xe00 kernel/time/hrtimer.c:1319
 [<ffffffff8126c1e6>] hrtimer_interrupt+0x1b6/0x450 kernel/time/hrtimer.c:1353
 [<ffffffff81090286>] local_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:937
 [<ffffffff8281a9b9>] smp_apic_timer_interrupt+0x79/0xb0 arch/x86/kernel/apic/apic.c:961
 [<ffffffff8281822d>] apic_timer_interrupt+0x9d/0xb0 arch/x86/entry/entry_64.S:648
 <EOI> 
 [<ffffffff81226d6f>] vprintk_emit+0x43f/0x6f0 kernel/printk/printk.c:1908
 [<ffffffff81227048>] vprintk+0x28/0x30 kernel/printk/printk.c:1918
 [<ffffffff814035d9>] vprintk_func kernel/printk/internal.h:36 [inline]
 [<ffffffff814035d9>] printk+0xc2/0xf5 kernel/printk/printk.c:1980
 [<ffffffff82230ce2>] lowmem_scan.cold+0x2d7/0x361 drivers/staging/android/lowmemorykiller.c:177
 [<ffffffff8144a81f>] do_shrink_slab mm/vmscan.c:398 [inline]
 [<ffffffff8144a81f>] shrink_slab.part.0+0x3cf/0xa20 mm/vmscan.c:501
 [<ffffffff814562ad>] shrink_slab mm/vmscan.c:465 [inline]
 [<ffffffff814562ad>] shrink_node+0x1ed/0x750 mm/vmscan.c:2602
 [<ffffffff81456ba7>] shrink_zones mm/vmscan.c:2749 [inline]
 [<ffffffff81456ba7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
 [<ffffffff81456ba7>] try_to_free_pages+0x397/0xbd0 mm/vmscan.c:3002
 [<ffffffff81429390>] __perform_reclaim mm/page_alloc.c:3324 [inline]
 [<ffffffff81429390>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345 [inline]
 [<ffffffff81429390>] __alloc_pages_slowpath mm/page_alloc.c:3695 [inline]
 [<ffffffff81429390>] __alloc_pages_nodemask+0x930/0x1a80 mm/page_alloc.c:3852
 [<ffffffff814cb2cb>] __alloc_pages include/linux/gfp.h:433 [inline]
 [<ffffffff814cb2cb>] __alloc_pages_node include/linux/gfp.h:446 [inline]
 [<ffffffff814cb2cb>] alloc_pages_node include/linux/gfp.h:460 [inline]
 [<ffffffff814cb2cb>] __vmalloc_area_node mm/vmalloc.c:1644 [inline]
 [<ffffffff814cb2cb>] __vmalloc_node_range+0x25b/0x610 mm/vmalloc.c:1702
 [<ffffffff814cbb4c>] __vmalloc_node mm/vmalloc.c:1745 [inline]
 [<ffffffff814cbb4c>] __vmalloc_node_flags mm/vmalloc.c:1759 [inline]
 [<ffffffff814cbb4c>] vmalloc+0x5c/0x70 mm/vmalloc.c:1774
 [<ffffffff82450fa8>] xt_alloc_table_info+0xc8/0x100 net/netfilter/x_tables.c:997
 [<ffffffff82613a4b>] do_replace net/ipv4/netfilter/ip_tables.c:1146 [inline]
 [<ffffffff82613a4b>] do_ipt_set_ctl+0x22b/0x470 net/ipv4/netfilter/ip_tables.c:1693
 [<ffffffff823e3a4d>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 [<ffffffff823e3a4d>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
 [<ffffffff824c1a8a>] ip_setsockopt net/ipv4/ip_sockglue.c:1247 [inline]
 [<ffffffff824c1a8a>] ip_setsockopt+0x8a/0xa0 net/ipv4/ip_sockglue.c:1232
 [<ffffffff82560023>] raw_setsockopt+0xb3/0xd0 net/ipv4/raw.c:833
 [<ffffffff822aa9da>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2710
 [<ffffffff822a84c9>] SYSC_setsockopt net/socket.c:1785 [inline]
 [<ffffffff822a84c9>] SyS_setsockopt+0x159/0x240 net/socket.c:1764
 [<ffffffff810056bd>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
 [<ffffffff82816a93>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
BUG: Bad rss-counter state mm:ffff8801c820d800 idx:0 val:4
selinux_nlmsg_perm: 22 callbacks suppressed
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27302 comm=syz-executor.2

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/21 15:31 https://android.googlesource.com/kernel/common android-4.9 1597fdfe52ba 3133098b .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.