[syzbot] [mm?] INFO: rcu detected stall in sys_io_uring_enter (3)
5 views
Skip to first unread message
syzbot
10:15 AM (5 hours ago) 10:15 AM
to ak...@linux-foundation.org, linux-...@vger.kernel.org, linu...@kvack.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8ffd015db85f Linux 6.15-rc2
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=137b4fe4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a972ee73c2fcf8ca
dashboard link: https://syzkaller.appspot.com/bug?extid=a62ea1d07ee6ab5ec277
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2640fd4fd0f2/disk-8ffd015d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1c5931df89bc/vmlinux-8ffd015d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f8fece45017d/bzImage-8ffd015d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a62ea1...@syzkaller.appspotmail.com
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6067/1:b..l
rcu: (detected by 1, t=10503 jiffies, g=10825, q=1601 ncpus=2)
task:syz.0.44 state:R running task stack:22760 pid:6067 tgid:6065 ppid:5852 task_flags:0x400140 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x1b88/0x5240 kernel/sched/core.c:6767
preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090
irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x167/0x2f0 arch/x86/include/asm/irqflags.h:-1
Code: c7 44 24 10 00 00 00 00 9c 8f 44 24 10 f7 44 24 10 00 02 00 00 0f 85 fd 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 65 48 8b 45 00 <48> 3b 44 24 38 0f 85 72 01 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc9000b6ef1e8 EFLAGS: 00000206
RAX: 85be2b162476f200 RBX: ffffffff8ed3dfa0 RCX: 85be2b162476f200
RDX: 0000000000000000 RSI: ffffffff8e4fde18 RDI: ffffffff8ca1b520
RBP: ffffffff9368d020 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000002 R14: 0000000000000246 R15: 0000000000000000
rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
rcu_read_lock include/linux/rcupdate.h:841 [inline]
class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
unwind_next_frame+0xd5/0x23b0 arch/x86/kernel/unwind_orc.c:479
arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
save_stack+0xfc/0x1f0 mm/page_owner.c:156
__reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1262 [inline]
__free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2680
discard_slab mm/slub.c:2720 [inline]
__put_partials+0x160/0x1c0 mm/slub.c:3189
put_cpu_partial+0x17e/0x250 mm/slub.c:3264
__slab_free+0x294/0x390 mm/slub.c:4516
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:250 [inline]
slab_post_alloc_hook mm/slub.c:4151 [inline]
kmem_cache_alloc_bulk_noprof+0x4fe/0x7c0 mm/slub.c:5375
__io_alloc_req_refill+0xa3/0x330 io_uring/io_uring.c:963
io_alloc_req io_uring/io_uring.h:450 [inline]
io_submit_sqes+0xc47/0x1ce0 io_uring/io_uring.c:2331
__do_sys_io_uring_enter io_uring/io_uring.c:3402 [inline]
__se_sys_io_uring_enter+0x2cd/0x3560 io_uring/io_uring.c:3336
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f744438d169
RSP: 002b:00007f74451ef038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: ffffffffffffffda RBX: 00007f74445a6080 RCX: 00007f744438d169
RDX: 0000000000000000 RSI: 00000000000047f6 RDI: 0000000000000008
RBP: 00007f744440e990 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f74445a6080 R15: 00007f74446cfa28
</TASK>
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 8ffd015db85f Linux 6.15-rc2
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=137b4fe4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a972ee73c2fcf8ca
dashboard link: https://syzkaller.appspot.com/bug?extid=a62ea1d07ee6ab5ec277
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2640fd4fd0f2/disk-8ffd015d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1c5931df89bc/vmlinux-8ffd015d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f8fece45017d/bzImage-8ffd015d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a62ea1...@syzkaller.appspotmail.com
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6067/1:b..l
rcu: (detected by 1, t=10503 jiffies, g=10825, q=1601 ncpus=2)
task:syz.0.44 state:R running task stack:22760 pid:6067 tgid:6065 ppid:5852 task_flags:0x400140 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x1b88/0x5240 kernel/sched/core.c:6767
preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090
irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x167/0x2f0 arch/x86/include/asm/irqflags.h:-1
Code: c7 44 24 10 00 00 00 00 9c 8f 44 24 10 f7 44 24 10 00 02 00 00 0f 85 fd 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 65 48 8b 45 00 <48> 3b 44 24 38 0f 85 72 01 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc9000b6ef1e8 EFLAGS: 00000206
RAX: 85be2b162476f200 RBX: ffffffff8ed3dfa0 RCX: 85be2b162476f200
RDX: 0000000000000000 RSI: ffffffff8e4fde18 RDI: ffffffff8ca1b520
RBP: ffffffff9368d020 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000002 R14: 0000000000000246 R15: 0000000000000000
rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
rcu_read_lock include/linux/rcupdate.h:841 [inline]
class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
unwind_next_frame+0xd5/0x23b0 arch/x86/kernel/unwind_orc.c:479
arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
save_stack+0xfc/0x1f0 mm/page_owner.c:156
__reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1262 [inline]
__free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2680
discard_slab mm/slub.c:2720 [inline]
__put_partials+0x160/0x1c0 mm/slub.c:3189
put_cpu_partial+0x17e/0x250 mm/slub.c:3264
__slab_free+0x294/0x390 mm/slub.c:4516
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:250 [inline]
slab_post_alloc_hook mm/slub.c:4151 [inline]
kmem_cache_alloc_bulk_noprof+0x4fe/0x7c0 mm/slub.c:5375
__io_alloc_req_refill+0xa3/0x330 io_uring/io_uring.c:963
io_alloc_req io_uring/io_uring.h:450 [inline]
io_submit_sqes+0xc47/0x1ce0 io_uring/io_uring.c:2331
__do_sys_io_uring_enter io_uring/io_uring.c:3402 [inline]
__se_sys_io_uring_enter+0x2cd/0x3560 io_uring/io_uring.c:3336
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f744438d169
RSP: 002b:00007f74451ef038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
RAX: ffffffffffffffda RBX: 00007f74445a6080 RCX: 00007f744438d169
RDX: 0000000000000000 RSI: 00000000000047f6 RDI: 0000000000000008
RBP: 00007f744440e990 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f74445a6080 R15: 00007f74446cfa28
</TASK>
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages