lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <689fbd3a.050a0220.e29e5.002a.GAE@google.com>
Date: Fri, 15 Aug 2025 16:05:30 -0700
From: syzbot <syzbot+57f0d1e060c788fece6f@...kaller.appspotmail.com>
To: edumazet@...gle.com, kuba@...nel.org, linux-kernel@...r.kernel.org, 
	luto@...nel.org, peterz@...radead.org, sdf@...ichev.me, 
	syzkaller-bugs@...glegroups.com, tglx@...utronix.de
Subject: [syzbot] [kernel?] INFO: rcu detected stall in task_mm_cid_work (3)

Hello,

syzbot found the following issue on:

HEAD commit:    8f5ae30d69d7 Linux 6.17-rc1
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15afc842580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=a63ca1d84387f368
dashboard link: https://syzkaller.appspot.com/bug?extid=57f0d1e060c788fece6f
compiler:       gcc (Debian 12.2.0-14+deb12u1) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=156f69a2580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2ae13f77c322/disk-8f5ae30d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/998762a6b132/vmlinux-8f5ae30d.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9fc6a40b39e7/bzImage-8f5ae30d.xz

The issue was bisected to:

commit 7220e8f4d4eec0b2f682eef45e2d36c092738413
Author: Eric Dumazet <edumazet@...gle.com>
Date:   Thu Mar 27 14:44:39 2025 +0000

    net: lapbether: use netdev_lockdep_set_classes() helper

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=16b1d842580000
console output: https://syzkaller.appspot.com/x/log.txt?x=11b1d842580000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+57f0d1e060c788fece6f@...kaller.appspotmail.com
Fixes: 7220e8f4d4ee ("net: lapbether: use netdev_lockdep_set_classes() helper")

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5974/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=9577, q=872 ncpus=2)
task:syz-executor    state:R  running task     stack:23704 pid:5974  tgid:5974  ppid:5972   task_flags:0x400140 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7288
 irqentry_exit+0x36/0x90 kernel/entry/common.c:197
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:preempt_schedule_notrace+0x77/0xe0 kernel/sched/core.c:7244
Code: 08 25 ff ff ff 7f 83 f8 01 74 29 bf 01 00 00 00 e8 6e 9b ff ff 65 ff 0d 07 bb 41 08 80 3b 00 75 5d 48 8b 45 00 a8 08 75 ca 5b <5d> 41 5c 41 5d c3 cc cc cc cc 4c 8b 64 24 20 4c 89 e7 e8 52 80 03
RSP: 0018:ffffc900043cfcf8 EFLAGS: 00000246
RAX: 0000000000004000 RBX: ffff8880b84332a8 RCX: ffffffff8188c8df
RDX: 0000000000000000 RSI: fffff52000879f7f RDI: ffffffff8df5de60
RBP: ffff88802baba440 R08: 0000000000000000 R09: fffffbfff21566b2
R10: ffffffff90ab3597 R11: 0000000000000000 R12: ffffffff812c75c6
R13: ffff88802baba440 R14: ffff8880751e8ac0 R15: ffff8880b843a300
 preempt_schedule_notrace_thunk+0x16/0x30 arch/x86/entry/thunk.S:13
 rcu_is_watching+0x8e/0xc0 kernel/rcu/tree.c:752
 rcu_read_lock include/linux/rcupdate.h:842 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 sched_mm_cid_remote_clear_old kernel/sched/core.c:10757 [inline]
 task_mm_cid_work+0x5e4/0x900 kernel/sched/core.c:10817
 task_work_run+0x150/0x240 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x3f6/0x4c0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2c699c14a5
RSP: 002b:00007fff893915b0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: 0000000000000000 RBX: 0000000000000015 RCX: 00007f2c699c14a5
RDX: 00007fff893915f0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fff8939165c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000001388
R13: 00000000000927c0 R14: 000000000002319a R15: 00007fff893916b0
 </TASK>
rcu: rcu_preempt kthread starved for 2846 jiffies! g9577 f0x0 RCU_GP_INIT(4) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:29128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6961
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7288
 irqentry_exit+0x36/0x90 kernel/entry/common.c:197
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:rcu_gp_init+0x8a0/0x1640 kernel/rcu/tree.c:1804
Code: 38 d0 7c 08 84 d2 0f 85 28 09 00 00 44 8b 25 eb b4 09 0f 45 85 e4 0f 85 62 07 00 00 48 c7 c7 00 c0 5c 8e e8 e2 44 f4 09 31 c0 <48> ba 00 00 00 00 00 fc ff df 4c 8b 7c 24 18 49 01 d7 49 c7 07 00
RSP: 0018:ffffc90000157cd0 EFLAGS: 00000246
RAX: 0000000000000001 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff8de29c00 RDI: ffff88801e2e0a80
RBP: ffffffff8e5cc500 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90ab3597 R11: 0000000000000000 R12: 0000000000000001
R13: ffff8880b853b300 R14: ffffed1003c5c08e R15: ffffffff8e5cc558
 rcu_gp_kthread+0xb6/0x380 kernel/rcu/tree.c:2275
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 6019 Comm: kworker/R-wg-cr Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
Workqueue:  0x0 (wg-crypt-wg1)
RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10 kernel/sched/core.c:5225
Code: fb 09 00 00 44 8b 05 69 5c 22 0f 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 bf 6e 3a 00 fb 65 48 8b 1d fe 24 4d 12 <48> 8d bb 18 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffffc90003fafa38 EFLAGS: 00000206
RAX: 0000000000163dc5 RBX: ffff88807c7b0000 RCX: 0000000000000006
RDX: 0000000000000000 RSI: ffffffff8de4f0f5 RDI: ffffffff8c162400
RBP: ffffc90003fafa80 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90ab3597 R11: 0000000000000000 R12: ffff8880b843a300
R13: ffff88807aa0c880 R14: ffff8880b843a300 R15: ffff8880b843b170
FS:  0000000000000000(0000) GS:ffff8881246bd000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000058 CR3: 000000005ac58000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5360 [inline]
 __schedule+0x1198/0x5de0 kernel/sched/core.c:6961
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7288
 irqentry_exit+0x36/0x90 kernel/entry/common.c:197
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__list_del include/linux/list.h:196 [inline]
RIP: 0010:__list_del_entry include/linux/list.h:218 [inline]
RIP: 0010:__list_del_entry include/linux/list.h:213 [inline]
RIP: 0010:list_del include/linux/list.h:229 [inline]
RIP: 0010:detach_worker+0x105/0x200 kernel/workqueue.c:2716
Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 fc 00 00 00 48 89 ea 49 89 6e 08 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 <0f> 85 c3 00 00 00 4c 89 75 00 e8 0c 48 39 00 4c 89 e2 48 b8 00 00
RSP: 0018:ffffc90003fafd20 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff888079609100 RCX: ffffffff81824a7d
RDX: 1ffff110066d208c RSI: ffffffff81824a8b RDI: ffff8880b84395c0
RBP: ffff888033690460 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff888079609160
R13: ffff888079609168 R14: ffff8880b84395b8 R15: 0000000000000000
 worker_detach_from_pool kernel/workqueue.c:2735 [inline]
 rescuer_thread+0x841/0xea0 kernel/workqueue.c:3529
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ