Re: srcu: BUG in __synchronize_srcu

From: Dmitry Vyukov
Date: Fri Mar 10 2017 - 14:43:45 EST

Next message: Shakeel Butt: "[PATCH] mm: fix condition for throttle_direct_reclaim"
Previous message: matthew . gerlach: "[PATCH v5 2/4] fpga pr ip: Core driver support for Altera Partial Reconfiguration IP."
In reply to: Andrey Konovalov: "Re: srcu: BUG in __synchronize_srcu"
Next in thread: Paul E. McKenney: "Re: srcu: BUG in __synchronize_srcu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Mar 10, 2017 at 8:29 PM, 'Andrey Konovalov' via syzkaller
<syzkaller@xxxxxxxxxxxxxxxx> wrote:
> On Fri, Mar 10, 2017 at 8:28 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote:
>> Hi,
>>
>> I've got the following error report while fuzzing the kernel with
>> syzkaller on an arm64 board.
>
> This also happened on x86 a few times during fuzzing, however it
> wasn't reproducible.

FWIW here are 2 crashes that we hit on x86_64 on
linux-next/56b8bad5e066c23e8fa273ef5fba50bd3da2ace8:

kernel BUG at kernel/rcu/srcu.c:436!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 26567 Comm: syz-executor3 Not tainted 4.11.0-rc1-next-20170308+ #2
Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 01/01/2011
task: ffff8801cbcba4c0 task.stack: ffff8801d1258000
RIP: 0010:__synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412
RSP: 0018:ffff8801d125ea00 EFLAGS: 00010287
RAX: dffffc0000000000 RBX: ffff8801d125ea90 RCX: 0000000000000000
RDX: 1ffffffff0cf68f0 RSI: 0000000000000040 RDI: ffffffff867b4788
RBP: ffff8801d125eb40 R08: ffffffff867b4780 R09: ffffffff867b4778
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003a24bd46
R13: ffffffff867b4700 R14: ffffffff85680588 R15: ffff8801d125ea90
FS: 00007f55c1334700(0000) GS:ffff8801dbf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c81cbd7200 CR3: 00000001da67d000 CR4: 00000000001426e0
Call Trace:
synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:516
__mmu_notifier_release+0x373/0x6c0 mm/mmu_notifier.c:102
mmu_notifier_release include/linux/mmu_notifier.h:235 [inline]
exit_mmap+0x3cc/0x490 mm/mmap.c:2941
__mmput kernel/fork.c:881 [inline]
mmput+0x22b/0x6e0 kernel/fork.c:903
exit_mm kernel/exit.c:557 [inline]
do_exit+0xa41/0x28f0 kernel/exit.c:865
do_group_exit+0x149/0x420 kernel/exit.c:982
get_signal+0x7e0/0x1820 kernel/signal.c:2318
do_signal+0xd2/0x2190 arch/x86/kernel/signal.c:808
exit_to_usermode_loop+0x200/0x2a0 arch/x86/entry/common.c:157
prepare_exit_to_usermode arch/x86/entry/common.c:191 [inline]
syscall_return_slowpath+0x4d3/0x570 arch/x86/entry/common.c:260
entry_SYSCALL_64_fastpath+0xbc/0xbe
RIP: 0033:0x44fb79
RSP: 002b:00007f55c1333b58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
RAX: 0000000000000026 RBX: 00000000007080a8 RCX: 000000000044fb79
RDX: 0000000000000000 RSI: 000000002003a000 RDI: ffffffffffffff9c
RBP: 0000000000000331 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffff9c
R13: 000000002003a000 R14: 0000000000000000 R15: 0000000000000000
Code: e8 e1 3e f8 ff 85 c0 0f 85 9a fd ff ff be ff ff ff ff 48 c7 c7
c0 d9 12 85 e8 c8 3e f8 ff 85 c0 0f 85 81 fd ff ff e9 12 fa ff ff <0f>
0b c6 44 24 20 00 e9 e5 fc ff ff c6 44 24 20 00 41 bf 01 00
RIP: __synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412 RSP: ffff8801d125ea00
---[ end trace c25c3b4c622f543d ]---

------------[ cut here ]------------
QAT: Invalid ioctl
kernel BUG at kernel/rcu/srcu.c:436!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 3886 Comm: kworker/u4:10 Not tainted 4.11.0-rc1-next-20170308+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 01/01/2011
Workqueue: events_unbound fsnotify_mark_destroy_workfn
task: ffff8801c384c880 task.stack: ffff8801d9658000
RIP: 0010:__synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412
RSP: 0018:ffff8801d965f250 EFLAGS: 00010287
RAX: dffffc0000000000 RBX: ffff8801d965f2e0 RCX: 0000000000000000
RDX: 1ffffffff0cf81a8 RSI: 0000000000000040 RDI: ffffffff867c0d48
RBP: ffff8801d965f390 R08: ffffffff867c0d40 R09: ffffffff867c0d38
R10: 0000000000000006 R11: 0000000000000000 R12: 1ffff1003b2cbe50
R13: ffffffff867c0cc0 R14: ffffffff85680588 R15: ffff8801d965f2e0
FS: 0000000000000000(0000) GS:ffff8801dbe00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001ddbc37000 CR3: 00000001c46e2000 CR4: 00000000001406f0
Call Trace:
synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:516
fsnotify_mark_destroy_list+0x19d/0x540 fs/notify/mark.c:539
fsnotify_mark_destroy_workfn+0xe/0x10 fs/notify/mark.c:549
process_one_work+0xbd0/0x1c10 kernel/workqueue.c:2097
worker_thread+0x223/0x1990 kernel/workqueue.c:2231
kthread+0x326/0x3f0 kernel/kthread.c:229
ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430
Code: e8 e1 3e f8 ff 85 c0 0f 85 9a fd ff ff be ff ff ff ff 48 c7 c7
c0 d9 12 85 e8 c8 3e f8 ff 85 c0 0f 85 81 fd ff ff e9 12 fa ff ff <0f>
0b c6 44 24 20 00 e9 e5 fc ff ff c6 44 24 20 00 41 bf 01 00
RIP: __synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412 RSP: ffff8801d965f250
---[ end trace 4aa6116de274db2a ]---

Next message: Shakeel Butt: "[PATCH] mm: fix condition for throttle_direct_reclaim"
Previous message: matthew . gerlach: "[PATCH v5 2/4] fpga pr ip: Core driver support for Altera Partial Reconfiguration IP."
In reply to: Andrey Konovalov: "Re: srcu: BUG in __synchronize_srcu"
Next in thread: Paul E. McKenney: "Re: srcu: BUG in __synchronize_srcu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]