bisecting fixing commit since f4cc0ed9b2c72687303b035379c5824a02224354
building syzkaller on 7509bf360eba1461ac6059e4cacfbc29c9d2d4c7
testing commit f4cc0ed9b2c72687303b035379c5824a02224354 with gcc (GCC) 8.1.0
kernel signature: 1c01e899bb0572c518ef0075054a4d657a854b8bd24793485a787dec6a371ee2
run #0: crashed: INFO: rcu detected stall in corrupted
run #1: crashed: INFO: rcu detected stall in corrupted
run #2: crashed: INFO: rcu detected stall in sendfile64
run #3: crashed: INFO: rcu detected stall in corrupted
run #4: crashed: INFO: rcu detected stall in ext4_file_write_iter
run #5: crashed: INFO: rcu detected stall in corrupted
run #6: crashed: INFO: rcu detected stall in corrupted
run #7: crashed: INFO: rcu detected stall in sendfile64
run #8: crashed: INFO: rcu detected stall in sendfile64
run #9: crashed: INFO: rcu detected stall in corrupted
testing current HEAD 78d697fc93f98054e36a3ab76dca1a88802ba7be
testing commit 78d697fc93f98054e36a3ab76dca1a88802ba7be with gcc (GCC) 8.1.0
kernel signature: 10b13dbd98000de30227f0bede5e75b5b5dbc58a8177e1d19817eef27a15e98d
run #0: crashed: INFO: rcu detected stall in sendfile64
run #1: crashed: INFO: rcu detected stall in corrupted
run #2: crashed: INFO: rcu detected stall in corrupted
run #3: crashed: INFO: rcu detected stall in corrupted
run #4: crashed: INFO: rcu detected stall in corrupted
run #5: crashed: INFO: rcu detected stall in corrupted
run #6: crashed: INFO: rcu detected stall in corrupted
run #7: crashed: INFO: rcu detected stall in corrupted
run #8: crashed: INFO: rcu detected stall in corrupted
run #9: crashed: INFO: rcu detected stall in corrupted
revisions tested: 2, total time: 27m23.262915645s (build: 16m44.896937304s, test: 9m51.598888502s)
the crash still happens on HEAD
commit msg: Linux 4.14.172
crash: INFO: rcu detected stall in corrupted
team0: Port device team_slave_1 added
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
device hsr_slave_0 entered promiscuous mode
INFO: rcu_sched self-detected stall on CPU
INFO: rcu_preempt detected stalls on CPUs/tasks:
1-...: (10500 ticks this GP) idle=b82/140000000000001/0 softirq=11055/11055 fqs=0
(t=10501 jiffies g=767 c=766 q=6)
rcu_sched kthread starved for 10501 jiffies! g767 c766 f0x0 RCU_GP_WAIT_FQS(3) ->state=0x0 ->cpu=0
(detected by 0, t=10502 jiffies, g=1268, c=1267, q=156)
All QSes seen, last rcu_preempt kthread activity 10502 (4294953459-4294942957), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu_sched R
syz-executor.4 R running task
running task
27000 6941 6899 0x00000000
29832 9 2 0x80000000
Call Trace:
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x780/0x1d20 kernel/sched/core.c:3384
sched_show_task.cold.89+0x2e1/0x342 kernel/sched/core.c:5168
print_other_cpu_stall kernel/rcu/tree.c:1501 [inline]
check_cpu_stall kernel/rcu/tree.c:1616 [inline]
__rcu_pending kernel/rcu/tree.c:3390 [inline]
rcu_pending kernel/rcu/tree.c:3452 [inline]
rcu_check_callbacks.cold.77+0xc96/0xcfa kernel/rcu/tree.c:2792
update_process_times+0x2a/0x60 kernel/time/timer.c:1590
schedule+0x7f/0x1b0 kernel/sched/core.c:3428
tick_sched_handle+0x7b/0x140 kernel/time/tick-sched.c:165
schedule_timeout+0x40c/0xcc0 kernel/time/timer.c:1746
tick_sched_timer+0x34/0xf0 kernel/time/tick-sched.c:1223
__run_hrtimer kernel/time/hrtimer.c:1223 [inline]
__hrtimer_run_queues+0x297/0xaf0 kernel/time/hrtimer.c:1287
rcu_gp_kthread+0xbbf/0x1e00 kernel/rcu/tree.c:2255
kthread+0x338/0x400 kernel/kthread.c:232
hrtimer_interrupt+0x1ae/0x600 kernel/time/hrtimer.c:1321
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1075 [inline]
smp_apic_timer_interrupt+0x11f/0x5d0 arch/x86/kernel/apic/apic.c:1100
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792
NMI backtrace for cpu 1
RIP: 0010:memset_erms+0x9/0x10 arch/x86/lib/memset_64.S:66
RSP: 0018:ffff88807958f5c0 EFLAGS: 00010246 ORIG_RAX: ffffffffffffff10
RAX: 0000000000000000 RBX: ffff88807000b000 RCX: 0000000000001000
RDX: 0000000000001000 RSI: 0000000000000000 RDI: ffff88807000b000
RBP: ffff88807958f5e0 R08: 0000000000000000 R09: ffff88807000b000
R10: ffffed100e0017ff R11: ffff88807000bfff R12: 0000000000001000
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000006f36
memset include/linux/string.h:332 [inline]
zero_user_segments include/linux/highmem.h:203 [inline]
zero_user_segment include/linux/highmem.h:215 [inline]
ext4_mpage_readpages+0x6aa/0x13e0 fs/ext4/readpage.c:217
ext4_readpage+0x126/0x370 fs/ext4/inode.c:3351
generic_file_buffered_read mm/filemap.c:2140 [inline]
generic_file_read_iter+0x1074/0x1e40 mm/filemap.c:2273
ext4_file_read_iter+0x139/0x350 fs/ext4/file.c:76
call_read_iter include/linux/fs.h:1771 [inline]
generic_file_splice_read+0x349/0x6b0 fs/splice.c:307
CPU: 1 PID: 6936 Comm: syz-executor.1 Not tainted 4.14.172-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
do_splice_to+0xe3/0x120 fs/splice.c:880
splice_direct_to_actor+0x20d/0x750 fs/splice.c:952
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xf7/0x13b lib/dump_stack.c:58
nmi_cpu_backtrace.cold.4+0x3e/0x76 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0xe5/0x119 lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_single_cpu_backtrace include/linux/nmi.h:158 [inline]
rcu_dump_cpu_stacks+0x172/0x1bf kernel/rcu/tree.c:1396
do_splice_direct+0x144/0x250 fs/splice.c:1061
print_cpu_stall kernel/rcu/tree.c:1542 [inline]
check_cpu_stall kernel/rcu/tree.c:1610 [inline]
__rcu_pending kernel/rcu/tree.c:3390 [inline]
rcu_pending kernel/rcu/tree.c:3452 [inline]
rcu_check_callbacks.cold.77+0x415/0xcfa kernel/rcu/tree.c:2792
update_process_times+0x2a/0x60 kernel/time/timer.c:1590
do_sendfile+0x463/0xd00 fs/read_write.c:1441
tick_sched_handle+0x7b/0x140 kernel/time/tick-sched.c:165
tick_sched_timer+0x34/0xf0 kernel/time/tick-sched.c:1223
SYSC_sendfile64 fs/read_write.c:1496 [inline]
SyS_sendfile64+0x97/0x110 fs/read_write.c:1488
__run_hrtimer kernel/time/hrtimer.c:1223 [inline]
__hrtimer_run_queues+0x297/0xaf0 kernel/time/hrtimer.c:1287
do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
hrtimer_interrupt+0x1ae/0x600 kernel/time/hrtimer.c:1321
entry_SYSCALL_64_after_hwframe+0x42/0xb7
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1075 [inline]
smp_apic_timer_interrupt+0x11f/0x5d0 arch/x86/kernel/apic/apic.c:1100
RIP: 0033:0x459519
apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792
RSP: 002b:00007fb70abb7c78 EFLAGS: 00000246
ORIG_RAX: 0000000000000028
RIP: 0010:update_stack_state+0x19/0x5d0 arch/x86/kernel/unwind_frame.c:208
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459519
RDX: 0000000020000000 RSI: 0000000000000003 RDI: 0000000000000003
RSP: 0018:ffff88808a7ef4d8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff10
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
RAX: dffffc0000000000 RBX: ffff88808a7ef5e0 RCX: ffff88808a7ef638
R10: 00008080fffffffe R11: 0000000000000246 R12: 00007fb70abb86d4
RDX: dffffc0000000000 RSI: ffff88808a7efc50 RDI: ffff88808a7ef5e0
RBP: ffff88808a7ef4f8 R08: 1ffff110114fdec6 R09: ffff88808a7ef590
R13: 00000000004c6af0 R14: 00000000004dbd68 R15: 00000000ffffffff
R10: ffff88808a7ef618 R11: ffff88808a7ef63f R12: 1ffff110114fdea6
R13: 0000000000000000 R14: ffff88808a7ef5e0 R15: ffff88808a7efc50
rcu_preempt kthread starved for 10502 jiffies! g1268 c1267 f0x2 RCU_GP_WAIT_FQS(3) ->state=0x0 ->cpu=0
unwind_next_frame.part.8+0x1a3/0xa10 arch/x86/kernel/unwind_frame.c:333
rcu_preempt R
running task 29720 8 2 0x80000000
Call Trace:
context_switch kernel/sched/core.c:2808 [inline]
__schedule+0x780/0x1d20 kernel/sched/core.c:3384
unwind_next_frame+0x3e/0x50 arch/x86/kernel/unwind_frame.c:287
__save_stack_trace+0x6e/0xd0 arch/x86/kernel/stacktrace.c:44
save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59
schedule+0x7f/0x1b0 kernel/sched/core.c:3428
save_stack+0x43/0xd0 mm/kasan/kasan.c:447
schedule_timeout+0x40c/0xcc0 kernel/time/timer.c:1746
rcu_gp_kthread+0xbbf/0x1e00 kernel/rcu/tree.c:2255
kthread+0x338/0x400 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
set_track mm/kasan/kasan.c:459 [inline]
kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:551
__do_kmalloc mm/slab.c:3720 [inline]
__kmalloc+0x15b/0x7b0 mm/slab.c:3729
kmalloc_array include/linux/slab.h:607 [inline]
kcalloc include/linux/slab.h:618 [inline]
iter_file_splice_write+0x126/0xc20 fs/splice.c:692
do_splice_from fs/splice.c:851 [inline]
direct_splice_actor+0x104/0x1c0 fs/splice.c:1018
splice_direct_to_actor+0x27c/0x750 fs/splice.c:973
do_splice_direct+0x144/0x250 fs/splice.c:1061
do_sendfile+0x463/0xd00 fs/read_write.c:1441
SYSC_sendfile64 fs/read_write.c:1496 [inline]
SyS_sendfile64+0x97/0x110 fs/read_write.c:1488
do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459519
RSP: 002b:00007f32b32e0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459519
RDX: 0000000020000000 RSI: 0000000000000003 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 00008080fffffffe R11: 0000000000000246 R12: 00007f32b32e16d4
R13: 00000000004c6af0 R14: 00000000004dbd68 R15: 00000000ffffffff