INFO: rcu detected stall in udpv6_setsockopt
4 views
Skip to first unread message
syzbot
Apr 14, 2019, 5:33:14 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 8fe42840 Merge 4.9.141 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1669af1b200000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a5ba9f73b6da1d
dashboard link: https://syzkaller.appspot.com/bug?extid=7c6fba358824d60ec563
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7c6fba...@syzkaller.appspotmail.com
[25296] 0 25296 18178 8749 26 4 0
1000 syz-executor.3
[25350] 0 25350 18145 8746 26 4 0
1000 syz-executor.4
[25388] 0 25384 18244 5 27 4 0
1000 syz-executor.1
Out of memory: Kill process 2379 (syz-executor.0) score 1005 or sacrifice
child
Killed process 2379 (syz-executor.0) total-vm:72580kB, anon-rss:180kB,
file-rss:34816kB, shmem-rss:0kB
INFO: rcu_preempt detected stalls on CPUs/tasks:
Tasks blocked on level-0 rcu_node (CPUs 0-1): P25389
(detected by 0, t=10502 jiffies, g=44549, c=44548, q=10286)
syz-executor.1 R running task 26168 25389 2098 0x00000004
ffff8801db607c60 ffffffff813fa6fd ffffffff813fa504 ffff8801d985c740
ffffffff830cd6c0 0000000000000096 ffff8801d985cb20 dffffc0000000000
ffff8801db607c98 ffffffff81404e39 000000000000ae04 000000000000282e
Call Trace:
<IRQ>
[<ffffffff813fa6fd>] sched_show_task.cold.35+0x279/0x31f
kernel/sched/core.c:5317
[<ffffffff81404e39>] rcu_print_detail_task_stall_rnp+0xc2/0xfe
kernel/rcu/tree_plugin.h:530
[<ffffffff81405f5f>] rcu_print_detail_task_stall
kernel/rcu/tree_plugin.h:543 [inline]
[<ffffffff81405f5f>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
[<ffffffff81405f5f>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
[<ffffffff81405f5f>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
[<ffffffff81405f5f>] rcu_pending kernel/rcu/tree.c:3551 [inline]
[<ffffffff81405f5f>] rcu_check_callbacks.cold.69+0x757/0xd27
kernel/rcu/tree.c:2880
[<ffffffff81267470>] update_process_times+0x30/0x70
kernel/time/timer.c:1629
[<ffffffff8129641a>] tick_sched_handle.isra.5+0x4a/0xf0
kernel/time/tick-sched.c:151
[<ffffffff81296536>] tick_sched_timer+0x76/0x130
kernel/time/tick-sched.c:1190
[<ffffffff8126a197>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
[<ffffffff8126a197>] __hrtimer_run_queues+0x357/0xe30
kernel/time/hrtimer.c:1319
[<ffffffff8126c681>] hrtimer_interrupt+0x1b1/0x430
kernel/time/hrtimer.c:1353
[<ffffffff810912d4>] local_apic_timer_interrupt+0x74/0xa0
arch/x86/kernel/apic/apic.c:937
[<ffffffff8281b76c>] smp_apic_timer_interrupt+0x7c/0xb0
arch/x86/kernel/apic/apic.c:961
[<ffffffff8281902d>] apic_timer_interrupt+0x9d/0xb0
arch/x86/entry/entry_64.S:648
<EOI>
[<ffffffff812270c8>] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1908
[<ffffffff81227438>] vprintk+0x28/0x30 kernel/printk/printk.c:1918
[<ffffffff8122745d>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1919
[<ffffffff81402f9f>] vprintk_func kernel/printk/internal.h:36 [inline]
[<ffffffff81402f9f>] printk+0xaf/0xd7 kernel/printk/printk.c:1980
[<ffffffff8222d9e8>] lowmem_scan.cold.1+0x1f9/0x35b
drivers/staging/android/lowmemorykiller.c:177
[<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
[<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
[<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
[<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
[<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
[<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
[<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
[<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
[<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345
[inline]
[<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
[<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0
mm/page_alloc.c:3862
[<ffffffff814c9e8b>] __alloc_pages include/linux/gfp.h:433 [inline]
[<ffffffff814c9e8b>] __alloc_pages_node include/linux/gfp.h:446 [inline]
[<ffffffff814c9e8b>] alloc_pages_node include/linux/gfp.h:460 [inline]
[<ffffffff814c9e8b>] __vmalloc_area_node mm/vmalloc.c:1644 [inline]
[<ffffffff814c9e8b>] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702
[<ffffffff814ca71b>] __vmalloc_node mm/vmalloc.c:1745 [inline]
[<ffffffff814ca71b>] __vmalloc_node_flags mm/vmalloc.c:1759 [inline]
[<ffffffff814ca71b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1774
[<ffffffff82450f79>] xt_alloc_table_info+0xc9/0x100
net/netfilter/x_tables.c:997
[<ffffffff82787355>] do_replace net/ipv6/netfilter/ip6_tables.c:1175
[inline]
[<ffffffff82787355>] do_ip6t_set_ctl+0x235/0x470
net/ipv6/netfilter/ip6_tables.c:1712
[<ffffffff823e290d>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff823e290d>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff826f53f8>] ipv6_setsockopt+0xc8/0x130
net/ipv6/ipv6_sockglue.c:922
[<ffffffff82709a3a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1351
[<ffffffff822a747a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
[<ffffffff822a4d76>] SYSC_setsockopt net/socket.c:1785 [inline]
[<ffffffff822a4d76>] SyS_setsockopt+0x166/0x260 net/socket.c:1764
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
syz-executor.1 R running task 26168 25389 2098 0x80000004
ffff8801db607c60 ffffffff813fa6fd ffffffff813fa504 ffff8801d985c740
ffffffff830cd6c0 0000000000000096 ffff8801d985cb20 dffffc0000000000
ffff8801db607c98 ffffffff81404e39 ffffffff830cda40 000000000000282e
Call Trace:
<IRQ>
[<ffffffff813fa6fd>] sched_show_task.cold.35+0x279/0x31f
kernel/sched/core.c:5317
[<ffffffff81404e39>] rcu_print_detail_task_stall_rnp+0xc2/0xfe
kernel/rcu/tree_plugin.h:530
[<ffffffff81405fb7>] rcu_print_detail_task_stall
kernel/rcu/tree_plugin.h:545 [inline]
[<ffffffff81405fb7>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
[<ffffffff81405fb7>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
[<ffffffff81405fb7>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
[<ffffffff81405fb7>] rcu_pending kernel/rcu/tree.c:3551 [inline]
[<ffffffff81405fb7>] rcu_check_callbacks.cold.69+0x7af/0xd27
kernel/rcu/tree.c:2880
[<ffffffff81267470>] update_process_times+0x30/0x70
kernel/time/timer.c:1629
[<ffffffff8129641a>] tick_sched_handle.isra.5+0x4a/0xf0
kernel/time/tick-sched.c:151
[<ffffffff81296536>] tick_sched_timer+0x76/0x130
kernel/time/tick-sched.c:1190
[<ffffffff8126a197>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
[<ffffffff8126a197>] __hrtimer_run_queues+0x357/0xe30
kernel/time/hrtimer.c:1319
[<ffffffff8126c681>] hrtimer_interrupt+0x1b1/0x430
kernel/time/hrtimer.c:1353
[<ffffffff810912d4>] local_apic_timer_interrupt+0x74/0xa0
arch/x86/kernel/apic/apic.c:937
[<ffffffff8281b76c>] smp_apic_timer_interrupt+0x7c/0xb0
arch/x86/kernel/apic/apic.c:961
[<ffffffff8281902d>] apic_timer_interrupt+0x9d/0xb0
arch/x86/entry/entry_64.S:648
<EOI>
[<ffffffff812270c8>] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1908
[<ffffffff81227438>] vprintk+0x28/0x30 kernel/printk/printk.c:1918
[<ffffffff8122745d>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1919
[<ffffffff81402f9f>] vprintk_func kernel/printk/internal.h:36 [inline]
[<ffffffff81402f9f>] printk+0xaf/0xd7 kernel/printk/printk.c:1980
[<ffffffff8222d9e8>] lowmem_scan.cold.1+0x1f9/0x35b
drivers/staging/android/lowmemorykiller.c:177
[<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
[<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
[<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
[<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
[<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
[<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
[<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
[<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
[<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345
[inline]
[<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
[<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0
mm/page_alloc.c:3862
[<ffffffff814c9e8b>] __alloc_pages include/linux/gfp.h:433 [inline]
[<ffffffff814c9e8b>] __alloc_pages_node include/linux/gfp.h:446 [inline]
[<ffffffff814c9e8b>] alloc_pages_node include/linux/gfp.h:460 [inline]
[<ffffffff814c9e8b>] __vmalloc_area_node mm/vmalloc.c:1644 [inline]
[<ffffffff814c9e8b>] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702
[<ffffffff814ca71b>] __vmalloc_node mm/vmalloc.c:1745 [inline]
[<ffffffff814ca71b>] __vmalloc_node_flags mm/vmalloc.c:1759 [inline]
[<ffffffff814ca71b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1774
[<ffffffff82450f79>] xt_alloc_table_info+0xc9/0x100
net/netfilter/x_tables.c:997
[<ffffffff82787355>] do_replace net/ipv6/netfilter/ip6_tables.c:1175
[inline]
[<ffffffff82787355>] do_ip6t_set_ctl+0x235/0x470
net/ipv6/netfilter/ip6_tables.c:1712
[<ffffffff823e290d>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff823e290d>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff826f53f8>] ipv6_setsockopt+0xc8/0x130
net/ipv6/ipv6_sockglue.c:922
[<ffffffff82709a3a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1351
[<ffffffff822a747a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
[<ffffffff822a4d76>] SYSC_setsockopt net/socket.c:1785 [inline]
[<ffffffff822a4d76>] SyS_setsockopt+0x166/0x260 net/socket.c:1764
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
ip6_tunnel: 6tnl0 xmit: Local address not yet configured!
BUG: Bad rss-counter state mm:ffff8801b249b180 idx:0 val:5
audit_printk_skb: 234 callbacks suppressed
audit: type=1400 audit(1553322113.233:226242): avc: denied { net_raw }
for pid=25410 comm="syz-executor.2" capability=13
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.243:226243): avc: denied { sys_admin }
for pid=25409 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.253:226244): avc: denied { create }
for pid=25411 comm="syz-executor.4"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1553322113.253:226245): avc: denied { write } for
pid=25411 comm="syz-executor.4"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1553322113.273:226246): avc: denied { sys_admin }
for pid=25409 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.293:226247): avc: denied { net_admin }
for pid=25409 comm="syz-executor.0" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.343:226248): avc: denied { sys_admin }
for pid=25409 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.343:226249): avc: denied { sys_admin }
for pid=25409 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.383:226250): avc: denied { sys_admin }
for pid=25413 comm="syz-executor.3" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.473:226251): avc: denied { net_admin }
for pid=25409 comm="syz-executor.0" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 8fe42840 Merge 4.9.141 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1669af1b200000
kernel config: https://syzkaller.appspot.com/x/.config?x=22a5ba9f73b6da1d
dashboard link: https://syzkaller.appspot.com/bug?extid=7c6fba358824d60ec563
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7c6fba...@syzkaller.appspotmail.com
[25296] 0 25296 18178 8749 26 4 0
1000 syz-executor.3
[25350] 0 25350 18145 8746 26 4 0
1000 syz-executor.4
[25388] 0 25384 18244 5 27 4 0
1000 syz-executor.1
Out of memory: Kill process 2379 (syz-executor.0) score 1005 or sacrifice
child
Killed process 2379 (syz-executor.0) total-vm:72580kB, anon-rss:180kB,
file-rss:34816kB, shmem-rss:0kB
INFO: rcu_preempt detected stalls on CPUs/tasks:
Tasks blocked on level-0 rcu_node (CPUs 0-1): P25389
(detected by 0, t=10502 jiffies, g=44549, c=44548, q=10286)
syz-executor.1 R running task 26168 25389 2098 0x00000004
ffff8801db607c60 ffffffff813fa6fd ffffffff813fa504 ffff8801d985c740
ffffffff830cd6c0 0000000000000096 ffff8801d985cb20 dffffc0000000000
ffff8801db607c98 ffffffff81404e39 000000000000ae04 000000000000282e
Call Trace:
<IRQ>
[<ffffffff813fa6fd>] sched_show_task.cold.35+0x279/0x31f
kernel/sched/core.c:5317
[<ffffffff81404e39>] rcu_print_detail_task_stall_rnp+0xc2/0xfe
kernel/rcu/tree_plugin.h:530
[<ffffffff81405f5f>] rcu_print_detail_task_stall
kernel/rcu/tree_plugin.h:543 [inline]
[<ffffffff81405f5f>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
[<ffffffff81405f5f>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
[<ffffffff81405f5f>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
[<ffffffff81405f5f>] rcu_pending kernel/rcu/tree.c:3551 [inline]
[<ffffffff81405f5f>] rcu_check_callbacks.cold.69+0x757/0xd27
kernel/rcu/tree.c:2880
[<ffffffff81267470>] update_process_times+0x30/0x70
kernel/time/timer.c:1629
[<ffffffff8129641a>] tick_sched_handle.isra.5+0x4a/0xf0
kernel/time/tick-sched.c:151
[<ffffffff81296536>] tick_sched_timer+0x76/0x130
kernel/time/tick-sched.c:1190
[<ffffffff8126a197>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
[<ffffffff8126a197>] __hrtimer_run_queues+0x357/0xe30
kernel/time/hrtimer.c:1319
[<ffffffff8126c681>] hrtimer_interrupt+0x1b1/0x430
kernel/time/hrtimer.c:1353
[<ffffffff810912d4>] local_apic_timer_interrupt+0x74/0xa0
arch/x86/kernel/apic/apic.c:937
[<ffffffff8281b76c>] smp_apic_timer_interrupt+0x7c/0xb0
arch/x86/kernel/apic/apic.c:961
[<ffffffff8281902d>] apic_timer_interrupt+0x9d/0xb0
arch/x86/entry/entry_64.S:648
<EOI>
[<ffffffff812270c8>] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1908
[<ffffffff81227438>] vprintk+0x28/0x30 kernel/printk/printk.c:1918
[<ffffffff8122745d>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1919
[<ffffffff81402f9f>] vprintk_func kernel/printk/internal.h:36 [inline]
[<ffffffff81402f9f>] printk+0xaf/0xd7 kernel/printk/printk.c:1980
[<ffffffff8222d9e8>] lowmem_scan.cold.1+0x1f9/0x35b
drivers/staging/android/lowmemorykiller.c:177
[<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
[<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
[<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
[<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
[<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
[<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
[<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
[<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
[<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345
[inline]
[<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
[<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0
mm/page_alloc.c:3862
[<ffffffff814c9e8b>] __alloc_pages include/linux/gfp.h:433 [inline]
[<ffffffff814c9e8b>] __alloc_pages_node include/linux/gfp.h:446 [inline]
[<ffffffff814c9e8b>] alloc_pages_node include/linux/gfp.h:460 [inline]
[<ffffffff814c9e8b>] __vmalloc_area_node mm/vmalloc.c:1644 [inline]
[<ffffffff814c9e8b>] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702
[<ffffffff814ca71b>] __vmalloc_node mm/vmalloc.c:1745 [inline]
[<ffffffff814ca71b>] __vmalloc_node_flags mm/vmalloc.c:1759 [inline]
[<ffffffff814ca71b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1774
[<ffffffff82450f79>] xt_alloc_table_info+0xc9/0x100
net/netfilter/x_tables.c:997
[<ffffffff82787355>] do_replace net/ipv6/netfilter/ip6_tables.c:1175
[inline]
[<ffffffff82787355>] do_ip6t_set_ctl+0x235/0x470
net/ipv6/netfilter/ip6_tables.c:1712
[<ffffffff823e290d>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff823e290d>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff826f53f8>] ipv6_setsockopt+0xc8/0x130
net/ipv6/ipv6_sockglue.c:922
[<ffffffff82709a3a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1351
[<ffffffff822a747a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
[<ffffffff822a4d76>] SYSC_setsockopt net/socket.c:1785 [inline]
[<ffffffff822a4d76>] SyS_setsockopt+0x166/0x260 net/socket.c:1764
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
syz-executor.1 R running task 26168 25389 2098 0x80000004
ffff8801db607c60 ffffffff813fa6fd ffffffff813fa504 ffff8801d985c740
ffffffff830cd6c0 0000000000000096 ffff8801d985cb20 dffffc0000000000
ffff8801db607c98 ffffffff81404e39 ffffffff830cda40 000000000000282e
Call Trace:
<IRQ>
[<ffffffff813fa6fd>] sched_show_task.cold.35+0x279/0x31f
kernel/sched/core.c:5317
[<ffffffff81404e39>] rcu_print_detail_task_stall_rnp+0xc2/0xfe
kernel/rcu/tree_plugin.h:530
[<ffffffff81405fb7>] rcu_print_detail_task_stall
kernel/rcu/tree_plugin.h:545 [inline]
[<ffffffff81405fb7>] print_other_cpu_stall kernel/rcu/tree.c:1408 [inline]
[<ffffffff81405fb7>] check_cpu_stall kernel/rcu/tree.c:1520 [inline]
[<ffffffff81405fb7>] __rcu_pending kernel/rcu/tree.c:3487 [inline]
[<ffffffff81405fb7>] rcu_pending kernel/rcu/tree.c:3551 [inline]
[<ffffffff81405fb7>] rcu_check_callbacks.cold.69+0x7af/0xd27
kernel/rcu/tree.c:2880
[<ffffffff81267470>] update_process_times+0x30/0x70
kernel/time/timer.c:1629
[<ffffffff8129641a>] tick_sched_handle.isra.5+0x4a/0xf0
kernel/time/tick-sched.c:151
[<ffffffff81296536>] tick_sched_timer+0x76/0x130
kernel/time/tick-sched.c:1190
[<ffffffff8126a197>] __run_hrtimer kernel/time/hrtimer.c:1255 [inline]
[<ffffffff8126a197>] __hrtimer_run_queues+0x357/0xe30
kernel/time/hrtimer.c:1319
[<ffffffff8126c681>] hrtimer_interrupt+0x1b1/0x430
kernel/time/hrtimer.c:1353
[<ffffffff810912d4>] local_apic_timer_interrupt+0x74/0xa0
arch/x86/kernel/apic/apic.c:937
[<ffffffff8281b76c>] smp_apic_timer_interrupt+0x7c/0xb0
arch/x86/kernel/apic/apic.c:961
[<ffffffff8281902d>] apic_timer_interrupt+0x9d/0xb0
arch/x86/entry/entry_64.S:648
<EOI>
[<ffffffff812270c8>] vprintk_emit+0x448/0x790 kernel/printk/printk.c:1908
[<ffffffff81227438>] vprintk+0x28/0x30 kernel/printk/printk.c:1918
[<ffffffff8122745d>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1919
[<ffffffff81402f9f>] vprintk_func kernel/printk/internal.h:36 [inline]
[<ffffffff81402f9f>] printk+0xaf/0xd7 kernel/printk/printk.c:1980
[<ffffffff8222d9e8>] lowmem_scan.cold.1+0x1f9/0x35b
drivers/staging/android/lowmemorykiller.c:177
[<ffffffff81449cc6>] do_shrink_slab mm/vmscan.c:398 [inline]
[<ffffffff81449cc6>] shrink_slab.part.8+0x3c6/0xa00 mm/vmscan.c:501
[<ffffffff814557fd>] shrink_slab mm/vmscan.c:465 [inline]
[<ffffffff814557fd>] shrink_node+0x1ed/0x740 mm/vmscan.c:2602
[<ffffffff814560c7>] shrink_zones mm/vmscan.c:2749 [inline]
[<ffffffff814560c7>] do_try_to_free_pages mm/vmscan.c:2791 [inline]
[<ffffffff814560c7>] try_to_free_pages+0x377/0xb80 mm/vmscan.c:3002
[<ffffffff81428a01>] __perform_reclaim mm/page_alloc.c:3324 [inline]
[<ffffffff81428a01>] __alloc_pages_direct_reclaim mm/page_alloc.c:3345
[inline]
[<ffffffff81428a01>] __alloc_pages_slowpath mm/page_alloc.c:3697 [inline]
[<ffffffff81428a01>] __alloc_pages_nodemask+0x981/0x1bd0
mm/page_alloc.c:3862
[<ffffffff814c9e8b>] __alloc_pages include/linux/gfp.h:433 [inline]
[<ffffffff814c9e8b>] __alloc_pages_node include/linux/gfp.h:446 [inline]
[<ffffffff814c9e8b>] alloc_pages_node include/linux/gfp.h:460 [inline]
[<ffffffff814c9e8b>] __vmalloc_area_node mm/vmalloc.c:1644 [inline]
[<ffffffff814c9e8b>] __vmalloc_node_range+0x25b/0x600 mm/vmalloc.c:1702
[<ffffffff814ca71b>] __vmalloc_node mm/vmalloc.c:1745 [inline]
[<ffffffff814ca71b>] __vmalloc_node_flags mm/vmalloc.c:1759 [inline]
[<ffffffff814ca71b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1774
[<ffffffff82450f79>] xt_alloc_table_info+0xc9/0x100
net/netfilter/x_tables.c:997
[<ffffffff82787355>] do_replace net/ipv6/netfilter/ip6_tables.c:1175
[inline]
[<ffffffff82787355>] do_ip6t_set_ctl+0x235/0x470
net/ipv6/netfilter/ip6_tables.c:1712
[<ffffffff823e290d>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
[<ffffffff823e290d>] nf_setsockopt+0x6d/0xc0 net/netfilter/nf_sockopt.c:114
[<ffffffff826f53f8>] ipv6_setsockopt+0xc8/0x130
net/ipv6/ipv6_sockglue.c:922
[<ffffffff82709a3a>] udpv6_setsockopt+0x4a/0x90 net/ipv6/udp.c:1351
[<ffffffff822a747a>] sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:2706
[<ffffffff822a4d76>] SYSC_setsockopt net/socket.c:1785 [inline]
[<ffffffff822a4d76>] SyS_setsockopt+0x166/0x260 net/socket.c:1764
[<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
[<ffffffff82817893>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
ip6_tunnel: 6tnl0 xmit: Local address not yet configured!
BUG: Bad rss-counter state mm:ffff8801b249b180 idx:0 val:5
audit_printk_skb: 234 callbacks suppressed
audit: type=1400 audit(1553322113.233:226242): avc: denied { net_raw }
for pid=25410 comm="syz-executor.2" capability=13
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.243:226243): avc: denied { sys_admin }
for pid=25409 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.253:226244): avc: denied { create }
for pid=25411 comm="syz-executor.4"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1553322113.253:226245): avc: denied { write } for
pid=25411 comm="syz-executor.4"
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tclass=netlink_generic_socket permissive=1
audit: type=1400 audit(1553322113.273:226246): avc: denied { sys_admin }
for pid=25409 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.293:226247): avc: denied { net_admin }
for pid=25409 comm="syz-executor.0" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.343:226248): avc: denied { sys_admin }
for pid=25409 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.343:226249): avc: denied { sys_admin }
for pid=25409 comm="syz-executor.0" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.383:226250): avc: denied { sys_admin }
for pid=25413 comm="syz-executor.3" capability=21
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
audit: type=1400 audit(1553322113.473:226251): avc: denied { net_admin }
for pid=25409 comm="syz-executor.0" capability=12
scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns
permissive=1
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 19, 2019, 2:22:04 AM9/19/19
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages