Bug: rcu detected stall in sys_nanosleep
From: Teng Wang
Date: Wed Sep 13 2023 - 02:55:23 EST
Dear All,
This bug was found in linux Kernel v6.2.10
Syzkaller hit 'INFO: rcu detected stall in sys_nanosleep' bug.
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 0-....: (5654 ticks this GP) idle=4404/1/0x4000000000000000 softirq=110753/110753 fqs=5038
(t=21006 jiffies g=155341 q=665 ncpus=2)
CPU: 0 PID: 27912 Comm: syz-executor.1 Not tainted 6.2.10 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
RIP: 0010:put_pid_ns+0x2/0xf0
Code: 00 48 8b 7b 48 be 01 00 00 00 e8 f9 36 f4 ff 48 8d 73 e8 48 8b 3d 2e 06 42 02 5b e9 b8 6a 13 00 0f 1f 84 00 00 00 00 00 41 56 <41> 55 41 54 55 48 89 fd 53 e8 d0 2b 01 00 48 81 fd 20 0f e5 aa 74
RSP: 0018:ffff9bae00003ef8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff8b385780ce00 RCX: 000000008020001f
RDX: 0000000000000001 RSI: ffffffffaab80b09 RDI: ffff8b38566d4198
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffa94ba927
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b38566d4198
R13: ffff8b38bdc2ae38 R14: 000000000000000a R15: 0000000000000000
FS: 0000000002ef2980(0000) GS:ffff8b38bdc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa94a220a08 CR3: 0000000017906005 CR4: 00000000003706f0
Call Trace:
<IRQ>
put_pid.part.4+0x5f/0x90
delayed_put_pid+0x1c/0x30
rcu_core+0x353/0x8f0
__do_softirq+0xd9/0x2cb
irq_exit_rcu+0x91/0xc0
sysvec_apic_timer_interrupt+0x8a/0xb0
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:finish_task_switch+0x90/0x260
Code: 41 c7 46 34 00 00 00 00 48 8b 83 d8 09 00 00 48 85 c0 0f 85 7c 01 00 00 48 89 df e8 ea fd ff 00 fb 65 48 8b 04 25 40 99 02 00 <81> a0 10 0a 00 00 ff ff ff bf 4d 85 ed 74 18 4c 3b a8 a8 04 00 00
RSP: 0018:ffff9bae0891bd70 EFLAGS: 00000282
RAX: ffff8b3857e58000 RBX: ffff8b38bdc2a0c0 RCX: 0000000000000002
RDX: 0000000080000002 RSI: 0000000000000000 RDI: 00000000ffffffff
RBP: ffff9bae0891bda8 R08: ffff8b38bdc1e5c0 R09: 0000000000009277
R10: ffff9bae0891bb78 R11: 0000000000259400 R12: ffff8b3857e58000
R13: 0000000000000000 R14: ffff8b3857e5a000 R15: 0000000000002001
__schedule+0x2e0/0x790
schedule+0x4b/0xa0
do_nanosleep+0xa7/0x180
hrtimer_nanosleep+0xb4/0x160
__x64_sys_nanosleep+0xc4/0x110
do_syscall_64+0x37/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x469340
Code: ff 77 47 f3 c3 0f 1f 44 00 00 55 53 48 89 f5 48 89 fb 48 83 ec 18 e8 0f 38 00 00 48 89 ee 89 c2 48 89 df b8 23 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2a 89 d7 89 44 24 0c e8 4d 38 00 00 8b 44 24
RSP: 002b:00007ffcd7ea02c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000023
RAX: ffffffffffffffda RBX: 00007ffcd7ea0300 RCX: 0000000000469340
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffcd7ea0300
RBP: 0000000000000000 R08: 00007f23d816b700 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000004f5b6
R13: 0000000000000005 R14: 00000000011ac14c R15: ffffffffffffffff
</TASK>
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 0-.... } 21511 jiffies s: 27473 root: 0x1/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 27912 Comm: syz-executor.1 Not tainted 6.2.10 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
RIP: 0010:asm_sysvec_apic_timer_interrupt+0x0/0x20
Code: e9 15 06 00 00 0f 1f 44 00 00 0f 01 ca fc 6a ff e8 e5 04 00 00 48 89 c4 48 89 e7 e8 6a 22 ec ff e9 f5 05 00 00 0f 1f 44 00 00 <0f> 01 ca fc 6a ff e8 c5 04 00 00 48 89 c4 48 89 e7 e8 da 20 ec ff
RSP: 0018:ffff9bae00003ed8 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff8b38bdc2adc0 RCX: ffffffffa94926e5
RDX: ffff8b3857e58000 RSI: 0000000000000100 RDI: ffff8b3857590000
RBP: ffff8b38575909b8 R08: 0000000000000000 R09: ffffffffa94ba927
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b3857590000
R13: ffff8b38bdc2ae38 R14: 000000000000000a R15: 0000000000000000
FS: 0000000002ef2980(0000) GS:ffff8b38bdc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa94a220a08 CR3: 0000000017906005 CR4: 00000000003706f0
Call Trace:
<IRQ>
RIP: 0010:rethook_flush_task+0x1/0x80
Code: 75 b4 eb d0 e8 80 57 fb ff 48 89 df 48 c7 c6 f0 3c 5e a9 e8 91 45 f4 ff 5b 5d 41 5c 41 5d e9 66 57 fb ff 66 0f 1f 44 00 00 55 <53> 48 89 fd e8 56 57 fb ff 48 8b 9d d8 0a 00 00 48 c7 85 d8 0a 00
RSP: 0018:ffff9bae00003f00 EFLAGS: 00000246
delayed_put_task_struct+0x1d/0x110
rcu_core+0x353/0x8f0
__do_softirq+0xd9/0x2cb
irq_exit_rcu+0x91/0xc0
sysvec_apic_timer_interrupt+0x8a/0xb0
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20
RIP: 0010:finish_task_switch+0x90/0x260
Code: 41 c7 46 34 00 00 00 00 48 8b 83 d8 09 00 00 48 85 c0 0f 85 7c 01 00 00 48 89 df e8 ea fd ff 00 fb 65 48 8b 04 25 40 99 02 00 <81> a0 10 0a 00 00 ff ff ff bf 4d 85 ed 74 18 4c 3b a8 a8 04 00 00
RSP: 0018:ffff9bae0891bd70 EFLAGS: 00000282
RAX: ffff8b3857e58000 RBX: ffff8b38bdc2a0c0 RCX: 0000000000000002
RDX: 0000000080000002 RSI: 0000000000000000 RDI: 00000000ffffffff
RBP: ffff9bae0891bda8 R08: ffff8b38bdc1e5c0 R09: 0000000000009277
R10: ffff9bae0891bb78 R11: 0000000000259400 R12: ffff8b3857e58000
R13: 0000000000000000 R14: ffff8b3857e5a000 R15: 0000000000002001
__schedule+0x2e0/0x790
schedule+0x4b/0xa0
do_nanosleep+0xa7/0x180
hrtimer_nanosleep+0xb4/0x160
__x64_sys_nanosleep+0xc4/0x110
do_syscall_64+0x37/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x469340
Code: ff 77 47 f3 c3 0f 1f 44 00 00 55 53 48 89 f5 48 89 fb 48 83 ec 18 e8 0f 38 00 00 48 89 ee 89 c2 48 89 df b8 23 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2a 89 d7 89 44 24 0c e8 4d 38 00 00 8b 44 24
RSP: 002b:00007ffcd7ea02c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000023
RAX: ffffffffffffffda RBX: 00007ffcd7ea0300 RCX: 0000000000469340
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffcd7ea0300
RBP: 0000000000000000 R08: 00007f23d816b700 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000004f5b6
R13: 0000000000000005 R14: 00000000011ac14c R15: ffffffffffffffff
</TASK>