linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dmitry Vyukov <dvyukov@google.com>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: Lai Jiangshan <jiangshanlai@gmail.com>,
	"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
	Josh Triplett <josh@joshtriplett.org>,
	Steven Rostedt <rostedt@goodmis.org>,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	LKML <linux-kernel@vger.kernel.org>,
	syzkaller <syzkaller@googlegroups.com>,
	Kostya Serebryany <kcc@google.com>
Subject: Re: srcu: BUG in __synchronize_srcu
Date: Fri, 10 Mar 2017 20:42:42 +0100	[thread overview]
Message-ID: <CACT4Y+ZQvQue+DpE0Rm3q6JP=y6gt=Shzb9TVePpaKZj7ia4MA@mail.gmail.com> (raw)
In-Reply-To: <CAAeHK+yeM99Lvod-EfZPGxMBbmDSzBDRzaLwB+upqYeq6uCZ1Q@mail.gmail.com>

On Fri, Mar 10, 2017 at 8:29 PM, 'Andrey Konovalov' via syzkaller
<syzkaller@googlegroups.com> wrote:
> On Fri, Mar 10, 2017 at 8:28 PM, Andrey Konovalov <andreyknvl@google.com> wrote:
>> Hi,
>>
>> I've got the following error report while fuzzing the kernel with
>> syzkaller on an arm64 board.
>
> This also happened on x86 a few times during fuzzing, however it
> wasn't reproducible.


FWIW here are 2 crashes that we hit on x86_64 on
linux-next/56b8bad5e066c23e8fa273ef5fba50bd3da2ace8:

kernel BUG at kernel/rcu/srcu.c:436!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 26567 Comm: syz-executor3 Not tainted 4.11.0-rc1-next-20170308+ #2
Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 01/01/2011
task: ffff8801cbcba4c0 task.stack: ffff8801d1258000
RIP: 0010:__synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412
RSP: 0018:ffff8801d125ea00 EFLAGS: 00010287
RAX: dffffc0000000000 RBX: ffff8801d125ea90 RCX: 0000000000000000
RDX: 1ffffffff0cf68f0 RSI: 0000000000000040 RDI: ffffffff867b4788
RBP: ffff8801d125eb40 R08: ffffffff867b4780 R09: ffffffff867b4778
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003a24bd46
R13: ffffffff867b4700 R14: ffffffff85680588 R15: ffff8801d125ea90
FS:  00007f55c1334700(0000) GS:ffff8801dbf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c81cbd7200 CR3: 00000001da67d000 CR4: 00000000001426e0
Call Trace:
 synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:516
 __mmu_notifier_release+0x373/0x6c0 mm/mmu_notifier.c:102
 mmu_notifier_release include/linux/mmu_notifier.h:235 [inline]
 exit_mmap+0x3cc/0x490 mm/mmap.c:2941
 __mmput kernel/fork.c:881 [inline]
 mmput+0x22b/0x6e0 kernel/fork.c:903
 exit_mm kernel/exit.c:557 [inline]
 do_exit+0xa41/0x28f0 kernel/exit.c:865
 do_group_exit+0x149/0x420 kernel/exit.c:982
 get_signal+0x7e0/0x1820 kernel/signal.c:2318
 do_signal+0xd2/0x2190 arch/x86/kernel/signal.c:808
 exit_to_usermode_loop+0x200/0x2a0 arch/x86/entry/common.c:157
 prepare_exit_to_usermode arch/x86/entry/common.c:191 [inline]
 syscall_return_slowpath+0x4d3/0x570 arch/x86/entry/common.c:260
 entry_SYSCALL_64_fastpath+0xbc/0xbe
RIP: 0033:0x44fb79
RSP: 002b:00007f55c1333b58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
RAX: 0000000000000026 RBX: 00000000007080a8 RCX: 000000000044fb79
RDX: 0000000000000000 RSI: 000000002003a000 RDI: ffffffffffffff9c
RBP: 0000000000000331 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffff9c
R13: 000000002003a000 R14: 0000000000000000 R15: 0000000000000000
Code: e8 e1 3e f8 ff 85 c0 0f 85 9a fd ff ff be ff ff ff ff 48 c7 c7
c0 d9 12 85 e8 c8 3e f8 ff 85 c0 0f 85 81 fd ff ff e9 12 fa ff ff <0f>
0b c6 44 24 20 00 e9 e5 fc ff ff c6 44 24 20 00 41 bf 01 00
RIP: __synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412 RSP: ffff8801d125ea00
---[ end trace c25c3b4c622f543d ]---


------------[ cut here ]------------
QAT: Invalid ioctl
kernel BUG at kernel/rcu/srcu.c:436!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 3886 Comm: kworker/u4:10 Not tainted 4.11.0-rc1-next-20170308+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 01/01/2011
Workqueue: events_unbound fsnotify_mark_destroy_workfn
task: ffff8801c384c880 task.stack: ffff8801d9658000
RIP: 0010:__synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412
RSP: 0018:ffff8801d965f250 EFLAGS: 00010287
RAX: dffffc0000000000 RBX: ffff8801d965f2e0 RCX: 0000000000000000
RDX: 1ffffffff0cf81a8 RSI: 0000000000000040 RDI: ffffffff867c0d48
RBP: ffff8801d965f390 R08: ffffffff867c0d40 R09: ffffffff867c0d38
R10: 0000000000000006 R11: 0000000000000000 R12: 1ffff1003b2cbe50
R13: ffffffff867c0cc0 R14: ffffffff85680588 R15: ffff8801d965f2e0
FS:  0000000000000000(0000) GS:ffff8801dbe00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001ddbc37000 CR3: 00000001c46e2000 CR4: 00000000001406f0
Call Trace:
 synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:516
 fsnotify_mark_destroy_list+0x19d/0x540 fs/notify/mark.c:539
 fsnotify_mark_destroy_workfn+0xe/0x10 fs/notify/mark.c:549
 process_one_work+0xbd0/0x1c10 kernel/workqueue.c:2097
 worker_thread+0x223/0x1990 kernel/workqueue.c:2231
 kthread+0x326/0x3f0 kernel/kthread.c:229
 ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430
Code: e8 e1 3e f8 ff 85 c0 0f 85 9a fd ff ff be ff ff ff ff 48 c7 c7
c0 d9 12 85 e8 c8 3e f8 ff 85 c0 0f 85 81 fd ff ff e9 12 fa ff ff <0f>
0b c6 44 24 20 00 e9 e5 fc ff ff c6 44 24 20 00 41 bf 01 00
RIP: __synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412 RSP: ffff8801d965f250
---[ end trace 4aa6116de274db2a ]---

  reply	other threads:[~2017-03-10 19:43 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-10 19:28 srcu: BUG in __synchronize_srcu Andrey Konovalov
2017-03-10 19:29 ` Andrey Konovalov
2017-03-10 19:42   ` Dmitry Vyukov [this message]
2017-03-10 22:26   ` Paul E. McKenney
2017-03-11 14:25     ` Mathieu Desnoyers
2017-03-11 20:06       ` Paul E. McKenney
2017-03-14  7:47     ` Lance Roy
2017-03-14 16:21       ` Paul E. McKenney
2017-03-27 12:36         ` Dmitry Vyukov
2017-03-27 14:16           ` Paul E. McKenney
2017-03-27 14:51             ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACT4Y+ZQvQue+DpE0Rm3q6JP=y6gt=Shzb9TVePpaKZj7ia4MA@mail.gmail.com' \
    --to=dvyukov@google.com \
    --cc=andreyknvl@google.com \
    --cc=jiangshanlai@gmail.com \
    --cc=josh@joshtriplett.org \
    --cc=kcc@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=paulmck@linux.vnet.ibm.com \
    --cc=rostedt@goodmis.org \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).