From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752485AbdLVLfS (ORCPT ); Fri, 22 Dec 2017 06:35:18 -0500 Received: from mail-pf0-f179.google.com ([209.85.192.179]:34016 "EHLO mail-pf0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750995AbdLVLfQ (ORCPT ); Fri, 22 Dec 2017 06:35:16 -0500 X-Google-Smtp-Source: ACJfBosdsdDv5ZruBHVIl5lTv2EBewF84kpFevuBwyu7+1LDvziXQTr8EfKmAiXpH/y2GQOoeDGGYTYmbmcW79xxjww= MIME-Version: 1.0 In-Reply-To: <20171219180440.GC7829@linux.vnet.ibm.com> References: <20171219180440.GC7829@linux.vnet.ibm.com> From: Dmitry Vyukov Date: Fri, 22 Dec 2017 12:34:54 +0100 Message-ID: Subject: Re: BUG: unable to handle kernel paging request in delayed_put_task_struct To: Paul McKenney Cc: syzbot , Andrew Morton , Davidlohr Bueso , LKML , Ingo Molnar , Peter Zijlstra , rppt@linux.vnet.ibm.com, Stephen Smalley , syzkaller-bugs@googlegroups.com, Al Viro Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 19, 2017 at 7:04 PM, Paul E. McKenney wrote: > On Tue, Dec 19, 2017 at 01:15:26PM +0100, Dmitry Vyukov wrote: >> On Sun, Dec 3, 2017 at 3:24 PM, syzbot >> >> wrote: >> > Hello, >> > >> > syzkaller hit the following crash on >> > 5bef2980adef8a6032d4f4709aebe9486181052f >> > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master >> > compiler: gcc (GCC) 7.1.1 20170620 >> > .config is attached >> > Raw console output is attached. >> > >> > Unfortunately, I don't have any reproducer for this bug yet. > > That does make things more difficult. Nevertheless... > >> > BUG: unable to handle kernel paging request at fffffffffffffff8 >> > IP: delayed_put_task_struct+0x87/0x3d0 kernel/exit.c:178 >> > netlink: 6 bytes leftover after parsing attributes in process >> > `syz-executor0'. >> > PGD 5e28067 P4D 5e28067 PUD 5e2a067 PMD 0 >> > Oops: 0002 [#1] SMP KASAN >> > Dumping ftrace buffer: >> > (ftrace buffer empty) >> > Modules linked in: >> > CPU: 1 PID: 5363 Comm: syz-executor4 Not tainted 4.15.0-rc1-next-20171128+ >> > #54 >> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >> > Google 01/01/2011 >> > task: ffff8801d8d244c0 task.stack: ffff8801c15d8000 >> > RIP: 0010:delayed_put_task_struct+0x87/0x3d0 kernel/exit.c:178 >> > RSP: 0018:ffff8801db5078b0 EFLAGS: 00010206 >> > RAX: ffff8801d8d244c0 RBX: 1ffff1003b6a0f17 RCX: ffffffff81872631 >> > RDX: 0000000000000100 RSI: 000000003189bbb1 RDI: ffff8801d8bbb480 >> > RBP: ffff8801db507980 R08: 0000000000000005 R09: 0000000000000002 >> > R10: 0000000000000000 R11: ffffffff8748cd60 R12: ffff8801d8bbb5d0 >> > R13: ffff8801d8bbb5d8 R14: ffff8801d8bba1c0 R15: ffff8801db507c58 >> > FS: 00007f251e195700(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000 >> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> > CR2: fffffffffffffff8 CR3: 00000001980c2000 CR4: 00000000001426e0 >> > Call Trace: >> > >> > __rcu_reclaim kernel/rcu/rcu.h:172 [inline] > > If you do find a reproducer, please try reproducing with > CONFIG_DEBUG_OBJECTS_RCU_HEAD=y, which checks for the call_rcu() > equivalent to double frees. This looks like a generally useful config for debugging, so I just enabled CONFIG_DEBUG_OBJECTS* in all runs. But this particular bug was already root caused. You can see that it's marked as a duplicate of "BUG: unable to handle kernel paging request in __switch_to" in the previous email. All syzbot reported bugs are here: https://groups.google.com/forum/#!forum/syzkaller-bugs You can find "BUG: unable to handle kernel paging request in __switch_to" there and see what was the resolution.