INFO: rcu detected stall in __xfrm_decode_session
5 views
Skip to first unread message
syzbot
Apr 14, 2019, 4:51:35 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 226f96b0 ANDROID: sdcardfs: fix potential crash when reser..
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=103b7490400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9015d1e2403e29b6
dashboard link: https://syzkaller.appspot.com/bug?extid=02718e292ac1af537bf9
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13897d80400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+02718e...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
INFO: rcu_preempt self-detected stall on CPU
0-...: (1 GPs behind) idle=c37/140000000000001/0 softirq=7357/7358
fqs=12499
(t=12500 jiffies g=1208 c=1207 q=83)
Task dump for CPU 0:
syz-executor0 R running task 28096 4312 3955 0x2002000c
0000000000000f73 f9a9a8cb61184120 ffff8801db206ff0 ffffffff8140c8fc
ffff8801db21f4c0 0000000000000000 dffffc0000000000 ffffffff844bef00
ffffffff844bef84 ffff8801db207010 ffffffff8140cb87 ffffffff844bef48
Call Trace:
<IRQ> [<ffffffff8140c8fc>] sched_show_task+0x2cb/0x2d6
kernel/sched/core.c:5089
[<ffffffff8140cb87>] dump_cpu_task+0x79/0x7e kernel/sched/core.c:9046
[<ffffffff8141704d>] rcu_dump_cpu_stacks+0x150/0x164 kernel/rcu/tree.c:1233
[<ffffffff81417c4a>] print_cpu_stall kernel/rcu/tree.c:1340 [inline]
[<ffffffff81417c4a>] check_cpu_stall kernel/rcu/tree.c:1404 [inline]
[<ffffffff81417c4a>] __rcu_pending kernel/rcu/tree.c:3892 [inline]
[<ffffffff81417c4a>] rcu_pending kernel/rcu/tree.c:3956 [inline]
[<ffffffff81417c4a>] rcu_check_callbacks.cold.75+0x5c3/0xd20
kernel/rcu/tree.c:2796
[<ffffffff8129a7da>] update_process_times+0x3a/0x70
kernel/time/timer.c:1427
[<ffffffff812c5195>] tick_sched_handle.isra.15+0x55/0xf0
kernel/time/tick-sched.c:151
[<ffffffff812c5822>] tick_sched_timer+0x72/0x120
kernel/time/tick-sched.c:1097
[<ffffffff8129dd4d>] __run_hrtimer kernel/time/hrtimer.c:1261 [inline]
[<ffffffff8129dd4d>] __hrtimer_run_queues+0x3ad/0x1000
kernel/time/hrtimer.c:1325
[<ffffffff8129f4c1>] hrtimer_interrupt+0x1b1/0x430
kernel/time/hrtimer.c:1359
[<ffffffff810ad284>] local_apic_timer_interrupt+0x74/0xa0
arch/x86/kernel/apic/apic.c:901
[<ffffffff838c534c>] smp_apic_timer_interrupt+0x7c/0xa0
arch/x86/kernel/apic/apic.c:925
[<ffffffff838c4290>] apic_timer_interrupt+0xa0/0xb0
arch/x86/entry/entry_64.S:741
[<ffffffff833c9b39>] __xfrm_decode_session+0x69/0x100
net/xfrm/xfrm_policy.c:2403
[<ffffffff834a3d9e>] xfrm_decode_session_reverse include/net/xfrm.h:1114
[inline]
[<ffffffff834a3d9e>] icmpv6_route_lookup+0x2ce/0x440 net/ipv6/icmp.c:362
[<ffffffff834a5b99>] icmp6_send+0xee9/0x1b80 net/ipv6/icmp.c:507
[<ffffffff8355b491>] icmpv6_send+0xb1/0x1b0 net/ipv6/ip6_icmp.c:42
[<ffffffff8346309d>] ip6_pkt_drop+0x16d/0x430 net/ipv6/route.c:2472
[<ffffffff8346337c>] ip6_pkt_discard+0x1c/0x20 net/ipv6/route.c:2479
[<ffffffff834360bd>] dst_input include/net/dst.h:504 [inline]
[<ffffffff834360bd>] ip6_rcv_finish+0x13d/0x640 net/ipv6/ip6_input.c:62
[<ffffffff83438bdb>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff83438bdb>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff83438bdb>] ipv6_rcv+0x10cb/0x1cd0 net/ipv6/ip6_input.c:186
[<ffffffff82f7eb06>] __netif_receive_skb_core+0x12d6/0x2940
net/core/dev.c:4019
[<ffffffff82f801cb>] __netif_receive_skb+0x5b/0x1b0 net/core/dev.c:4054
[<ffffffff82f84756>] process_backlog+0x216/0x6a0 net/core/dev.c:4647
[<ffffffff82f81592>] napi_poll net/core/dev.c:4885 [inline]
[<ffffffff82f81592>] net_rx_action+0x3a2/0xdb0 net/core/dev.c:4950
[<ffffffff838c5bec>] __do_softirq+0x22c/0xa1a kernel/softirq.c:273
[<ffffffff838c399c>] do_softirq_own_stack+0x1c/0x30
arch/x86/entry/entry_64.S:929
<EOI> [<ffffffff8113d9d4>] do_softirq.part.16+0x54/0x60
kernel/softirq.c:317
[<ffffffff8113f6c9>] do_softirq+0x19/0x20 kernel/softirq.c:320
[<ffffffff82f7caac>] netif_rx_ni+0xec/0x3a0 net/core/dev.c:3653
[<ffffffff82753187>] tun_get_user+0xbe7/0x2410 drivers/net/tun.c:1264
[<ffffffff82754bc5>] tun_chr_write_iter+0xd5/0x190 drivers/net/tun.c:1283
[<ffffffff8151ce0d>] new_sync_write fs/read_write.c:478 [inline]
[<ffffffff8151ce0d>] __vfs_write+0x30d/0x3f0 fs/read_write.c:491
[<ffffffff8151e9f1>] vfs_write+0x191/0x4e0 fs/read_write.c:538
[<ffffffff81520ff9>] SYSC_write fs/read_write.c:585 [inline]
[<ffffffff81520ff9>] SyS_write+0xd9/0x1c0 fs/read_write.c:577
[<ffffffff81006d96>] do_syscall_32_irqs_on arch/x86/entry/common.c:392
[inline]
[<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0
arch/x86/entry/common.c:459
[<ffffffff838c406a>] sysenter_flags_fixed+0xd/0x17
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 226f96b0 ANDROID: sdcardfs: fix potential crash when reser..
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=103b7490400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9015d1e2403e29b6
dashboard link: https://syzkaller.appspot.com/bug?extid=02718e292ac1af537bf9
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13897d80400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+02718e...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
INFO: rcu_preempt self-detected stall on CPU
0-...: (1 GPs behind) idle=c37/140000000000001/0 softirq=7357/7358
fqs=12499
(t=12500 jiffies g=1208 c=1207 q=83)
Task dump for CPU 0:
syz-executor0 R running task 28096 4312 3955 0x2002000c
0000000000000f73 f9a9a8cb61184120 ffff8801db206ff0 ffffffff8140c8fc
ffff8801db21f4c0 0000000000000000 dffffc0000000000 ffffffff844bef00
ffffffff844bef84 ffff8801db207010 ffffffff8140cb87 ffffffff844bef48
Call Trace:
<IRQ> [<ffffffff8140c8fc>] sched_show_task+0x2cb/0x2d6
kernel/sched/core.c:5089
[<ffffffff8140cb87>] dump_cpu_task+0x79/0x7e kernel/sched/core.c:9046
[<ffffffff8141704d>] rcu_dump_cpu_stacks+0x150/0x164 kernel/rcu/tree.c:1233
[<ffffffff81417c4a>] print_cpu_stall kernel/rcu/tree.c:1340 [inline]
[<ffffffff81417c4a>] check_cpu_stall kernel/rcu/tree.c:1404 [inline]
[<ffffffff81417c4a>] __rcu_pending kernel/rcu/tree.c:3892 [inline]
[<ffffffff81417c4a>] rcu_pending kernel/rcu/tree.c:3956 [inline]
[<ffffffff81417c4a>] rcu_check_callbacks.cold.75+0x5c3/0xd20
kernel/rcu/tree.c:2796
[<ffffffff8129a7da>] update_process_times+0x3a/0x70
kernel/time/timer.c:1427
[<ffffffff812c5195>] tick_sched_handle.isra.15+0x55/0xf0
kernel/time/tick-sched.c:151
[<ffffffff812c5822>] tick_sched_timer+0x72/0x120
kernel/time/tick-sched.c:1097
[<ffffffff8129dd4d>] __run_hrtimer kernel/time/hrtimer.c:1261 [inline]
[<ffffffff8129dd4d>] __hrtimer_run_queues+0x3ad/0x1000
kernel/time/hrtimer.c:1325
[<ffffffff8129f4c1>] hrtimer_interrupt+0x1b1/0x430
kernel/time/hrtimer.c:1359
[<ffffffff810ad284>] local_apic_timer_interrupt+0x74/0xa0
arch/x86/kernel/apic/apic.c:901
[<ffffffff838c534c>] smp_apic_timer_interrupt+0x7c/0xa0
arch/x86/kernel/apic/apic.c:925
[<ffffffff838c4290>] apic_timer_interrupt+0xa0/0xb0
arch/x86/entry/entry_64.S:741
[<ffffffff833c9b39>] __xfrm_decode_session+0x69/0x100
net/xfrm/xfrm_policy.c:2403
[<ffffffff834a3d9e>] xfrm_decode_session_reverse include/net/xfrm.h:1114
[inline]
[<ffffffff834a3d9e>] icmpv6_route_lookup+0x2ce/0x440 net/ipv6/icmp.c:362
[<ffffffff834a5b99>] icmp6_send+0xee9/0x1b80 net/ipv6/icmp.c:507
[<ffffffff8355b491>] icmpv6_send+0xb1/0x1b0 net/ipv6/ip6_icmp.c:42
[<ffffffff8346309d>] ip6_pkt_drop+0x16d/0x430 net/ipv6/route.c:2472
[<ffffffff8346337c>] ip6_pkt_discard+0x1c/0x20 net/ipv6/route.c:2479
[<ffffffff834360bd>] dst_input include/net/dst.h:504 [inline]
[<ffffffff834360bd>] ip6_rcv_finish+0x13d/0x640 net/ipv6/ip6_input.c:62
[<ffffffff83438bdb>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
[<ffffffff83438bdb>] NF_HOOK include/linux/netfilter.h:249 [inline]
[<ffffffff83438bdb>] ipv6_rcv+0x10cb/0x1cd0 net/ipv6/ip6_input.c:186
[<ffffffff82f7eb06>] __netif_receive_skb_core+0x12d6/0x2940
net/core/dev.c:4019
[<ffffffff82f801cb>] __netif_receive_skb+0x5b/0x1b0 net/core/dev.c:4054
[<ffffffff82f84756>] process_backlog+0x216/0x6a0 net/core/dev.c:4647
[<ffffffff82f81592>] napi_poll net/core/dev.c:4885 [inline]
[<ffffffff82f81592>] net_rx_action+0x3a2/0xdb0 net/core/dev.c:4950
[<ffffffff838c5bec>] __do_softirq+0x22c/0xa1a kernel/softirq.c:273
[<ffffffff838c399c>] do_softirq_own_stack+0x1c/0x30
arch/x86/entry/entry_64.S:929
<EOI> [<ffffffff8113d9d4>] do_softirq.part.16+0x54/0x60
kernel/softirq.c:317
[<ffffffff8113f6c9>] do_softirq+0x19/0x20 kernel/softirq.c:320
[<ffffffff82f7caac>] netif_rx_ni+0xec/0x3a0 net/core/dev.c:3653
[<ffffffff82753187>] tun_get_user+0xbe7/0x2410 drivers/net/tun.c:1264
[<ffffffff82754bc5>] tun_chr_write_iter+0xd5/0x190 drivers/net/tun.c:1283
[<ffffffff8151ce0d>] new_sync_write fs/read_write.c:478 [inline]
[<ffffffff8151ce0d>] __vfs_write+0x30d/0x3f0 fs/read_write.c:491
[<ffffffff8151e9f1>] vfs_write+0x191/0x4e0 fs/read_write.c:538
[<ffffffff81520ff9>] SYSC_write fs/read_write.c:585 [inline]
[<ffffffff81520ff9>] SyS_write+0xd9/0x1c0 fs/read_write.c:577
[<ffffffff81006d96>] do_syscall_32_irqs_on arch/x86/entry/common.c:392
[inline]
[<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0
arch/x86/entry/common.c:459
[<ffffffff838c406a>] sysenter_flags_fixed+0xd/0x17
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages