From: syzbot+0925ea3f5745e9005733@syzkaller.appspotmail.com (syzbot)
To: linux-security-module@vger.kernel.org
Subject: INFO: rcu detected stall in pppol2tp_sendmsg
Date: Mon, 10 Sep 2018 23:06:02 -0700 [thread overview]
Message-ID: <000000000000b8e87005759244ec@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 11da3a7f84f1 Linux 4.19-rc3
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10577ada400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9917ff4b798e1a1e
dashboard link: https://syzkaller.appspot.com/bug?extid=0925ea3f5745e9005733
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0925ea3f5745e9005733 at syzkaller.appspotmail.com
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 0-....: (1 GPs behind) idle=142/1/0x4000000000000002
softirq=27118/27119 fqs=5247
rcu: (t=10500 jiffies g=38069 q=255)
NMI backtrace for cpu 0
CPU: 0 PID: 11502 Comm: syz-executor2 Not tainted 4.19.0-rc3+ #10
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
nmi_cpu_backtrace.cold.3+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1b3/0x1ed lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_single_cpu_backtrace include/linux/nmi.h:162 [inline]
rcu_dump_cpu_stacks+0x175/0x1c2 kernel/rcu/tree.c:1340
print_cpu_stall.cold.78+0x2d3/0x524 kernel/rcu/tree.c:1478
check_cpu_stall kernel/rcu/tree.c:1550 [inline]
__rcu_pending kernel/rcu/tree.c:3276 [inline]
rcu_pending kernel/rcu/tree.c:3319 [inline]
rcu_check_callbacks+0xfd9/0x1990 kernel/rcu/tree.c:2665
update_process_times+0x2d/0x70 kernel/time/timer.c:1636
tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164
tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
__run_hrtimer kernel/time/hrtimer.c:1398 [inline]
__hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460
hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1029 [inline]
smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1054
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:security_xfrm_policy_lookup+0x58/0xd0 security/security.c:1675
Code: 3b fe 41 0f b6 c5 49 bc 00 00 00 00 00 fc ff df 89 45 d4 e8 1a f2 3b
fe 48 8d 7b 18 48 89 f8 48 c1 e8 03 42 80 3c 20 00 75 58 <8b> 55 d4 44 89
fe 4c 89 f7 48 8b 43 18 e8 36 91 9d 04 31 ff 41 89
RSP: 0018:ffff8801ba216ee0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff1317fd6 RBX: ffffffff898bfe98 RCX: ffffc90005017000
RDX: 0000000000040000 RSI: ffffffff8342dea6 RDI: ffffffff898bfeb0
RBP: ffff8801ba216f10 R08: ffff8801d2b54480 R09: 1ffffffff12b43d5
R10: ffffed003b5c4732 R11: ffff8801dae23993 R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 00000000000000df
xfrm_sk_policy_lookup+0x32b/0x640 net/xfrm/xfrm_policy.c:1203
xfrm_lookup_with_ifid+0x2a1/0x2b80 net/xfrm/xfrm_policy.c:2063
xfrm_lookup net/xfrm/xfrm_policy.c:2200 [inline]
xfrm_lookup_route+0x3c/0x1f0 net/xfrm/xfrm_policy.c:2211
ip6_dst_lookup_flow+0x1c6/0x270 net/ipv6/ip6_output.c:1085
inet6_csk_route_socket+0x8bd/0x1020 net/ipv6/inet6_connection_sock.c:110
inet6_csk_xmit+0x118/0x630 net/ipv6/inet6_connection_sock.c:125
l2tp_xmit_core net/l2tp/l2tp_core.c:1030 [inline]
l2tp_xmit_skb+0x1465/0x1860 net/l2tp/l2tp_core.c:1132
pppol2tp_sendmsg+0x4b1/0x6c0 net/l2tp/l2tp_ppp.c:329
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x51d/0x930 net/socket.c:2114
__sys_sendmmsg+0x246/0x6d0 net/socket.c:2209
__do_sys_sendmmsg net/socket.c:2238 [inline]
__se_sys_sendmmsg net/socket.c:2235 [inline]
__x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2235
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4572a9
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f7ab090fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f7ab09106d4 RCX: 00000000004572a9
RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000006
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d4a20 R14: 00000000004c8fe5 R15: 0000000000000000
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller at googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
WARNING: multiple messages have this Message-ID (diff)
From: syzbot <syzbot+0925ea3f5745e9005733@syzkaller.appspotmail.com>
To: jmorris@namei.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, serge@hallyn.com,
syzkaller-bugs@googlegroups.com
Subject: INFO: rcu detected stall in pppol2tp_sendmsg
Date: Mon, 10 Sep 2018 23:06:02 -0700 [thread overview]
Message-ID: <000000000000b8e87005759244ec@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 11da3a7f84f1 Linux 4.19-rc3
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10577ada400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9917ff4b798e1a1e
dashboard link: https://syzkaller.appspot.com/bug?extid=0925ea3f5745e9005733
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0925ea3f5745e9005733@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 0-....: (1 GPs behind) idle=142/1/0x4000000000000002
softirq=27118/27119 fqs=5247
rcu: (t=10500 jiffies g=38069 q=255)
NMI backtrace for cpu 0
CPU: 0 PID: 11502 Comm: syz-executor2 Not tainted 4.19.0-rc3+ #10
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
nmi_cpu_backtrace.cold.3+0x63/0xa2 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1b3/0x1ed lib/nmi_backtrace.c:62
arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
trigger_single_cpu_backtrace include/linux/nmi.h:162 [inline]
rcu_dump_cpu_stacks+0x175/0x1c2 kernel/rcu/tree.c:1340
print_cpu_stall.cold.78+0x2d3/0x524 kernel/rcu/tree.c:1478
check_cpu_stall kernel/rcu/tree.c:1550 [inline]
__rcu_pending kernel/rcu/tree.c:3276 [inline]
rcu_pending kernel/rcu/tree.c:3319 [inline]
rcu_check_callbacks+0xfd9/0x1990 kernel/rcu/tree.c:2665
update_process_times+0x2d/0x70 kernel/time/timer.c:1636
tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164
tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
__run_hrtimer kernel/time/hrtimer.c:1398 [inline]
__hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460
hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1029 [inline]
smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1054
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:864
</IRQ>
RIP: 0010:security_xfrm_policy_lookup+0x58/0xd0 security/security.c:1675
Code: 3b fe 41 0f b6 c5 49 bc 00 00 00 00 00 fc ff df 89 45 d4 e8 1a f2 3b
fe 48 8d 7b 18 48 89 f8 48 c1 e8 03 42 80 3c 20 00 75 58 <8b> 55 d4 44 89
fe 4c 89 f7 48 8b 43 18 e8 36 91 9d 04 31 ff 41 89
RSP: 0018:ffff8801ba216ee0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff1317fd6 RBX: ffffffff898bfe98 RCX: ffffc90005017000
RDX: 0000000000040000 RSI: ffffffff8342dea6 RDI: ffffffff898bfeb0
RBP: ffff8801ba216f10 R08: ffff8801d2b54480 R09: 1ffffffff12b43d5
R10: ffffed003b5c4732 R11: ffff8801dae23993 R12: dffffc0000000000
R13: 0000000000000001 R14: 0000000000000000 R15: 00000000000000df
xfrm_sk_policy_lookup+0x32b/0x640 net/xfrm/xfrm_policy.c:1203
xfrm_lookup_with_ifid+0x2a1/0x2b80 net/xfrm/xfrm_policy.c:2063
xfrm_lookup net/xfrm/xfrm_policy.c:2200 [inline]
xfrm_lookup_route+0x3c/0x1f0 net/xfrm/xfrm_policy.c:2211
ip6_dst_lookup_flow+0x1c6/0x270 net/ipv6/ip6_output.c:1085
inet6_csk_route_socket+0x8bd/0x1020 net/ipv6/inet6_connection_sock.c:110
inet6_csk_xmit+0x118/0x630 net/ipv6/inet6_connection_sock.c:125
l2tp_xmit_core net/l2tp/l2tp_core.c:1030 [inline]
l2tp_xmit_skb+0x1465/0x1860 net/l2tp/l2tp_core.c:1132
pppol2tp_sendmsg+0x4b1/0x6c0 net/l2tp/l2tp_ppp.c:329
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x51d/0x930 net/socket.c:2114
__sys_sendmmsg+0x246/0x6d0 net/socket.c:2209
__do_sys_sendmmsg net/socket.c:2238 [inline]
__se_sys_sendmmsg net/socket.c:2235 [inline]
__x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2235
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4572a9
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f7ab090fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f7ab09106d4 RCX: 00000000004572a9
RDX: 0800000000000059 RSI: 0000000020005fc0 RDI: 0000000000000006
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d4a20 R14: 00000000004c8fe5 R15: 0000000000000000
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
next reply other threads:[~2018-09-11 6:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-11 6:06 syzbot [this message]
2018-09-11 6:06 ` INFO: rcu detected stall in pppol2tp_sendmsg syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000b8e87005759244ec@google.com \
--to=syzbot+0925ea3f5745e9005733@syzkaller.appspotmail.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.