LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [syzbot] WARNING in trc_read_check_handler
@ 2021-08-05  9:06 syzbot
  2021-08-05 16:09 ` Paul E. McKenney
  2021-12-01 20:50 ` syzbot
  0 siblings, 2 replies; 6+ messages in thread
From: syzbot @ 2021-08-05  9:06 UTC (permalink / raw)
  To: jgross, linux-kernel, mingo, namit, paulmck, peterz, syzkaller-bugs

Hello,

syzbot found the following issue on:

HEAD commit:    8d4b477da1a8 Add linux-next specific files for 20210730
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=12774fda300000
kernel config:  https://syzkaller.appspot.com/x/.config?x=4adf4987f875c210
dashboard link: https://syzkaller.appspot.com/bug?extid=fe9d8c955bd1d0f02dc1
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10acec72300000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12aeb472300000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fe9d8c955bd1d0f02dc1@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 0 PID: 14 at kernel/rcu/tasks.h:901 trc_read_check_handler+0x248/0x2e0 kernel/rcu/tasks.h:920
Modules linked in:
CPU: 0 PID: 14 Comm: rcu_preempt Not tainted 5.14.0-rc3-next-20210730-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:trc_read_check_handler+0x248/0x2e0 kernel/rcu/tasks.h:901
Code: 48 c1 ea 03 0f b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 0c 84 c0 74 08 4c 89 e7 e8 b4 6f 5a 00 c6 83 19 04 00 00 01 e9 5a fe ff ff <0f> 0b 31 c9 ba 01 00 00 00 be 03 00 00 00 48 c7 c7 e0 dd 97 8b e8
RSP: 0018:ffffc90000007f78 EFLAGS: 00010047
RAX: 0000000000000001 RBX: ffff888011ac9c80 RCX: ffffffff8160ce50
RDX: fffffbfff2045b5c RSI: 0000000000000004 RDI: ffffffff9022dae0
RBP: ffff888011ac9c80 R08: 0000000000000001 R09: 0000000000000003
R10: fffffbfff2045b5c R11: 0000000000000000 R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b9d32a08
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff7ce84138 CR3: 0000000070a24000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 flush_smp_call_function_queue+0x34b/0x640 kernel/smp.c:663
 __sysvec_call_function_single+0x95/0x3d0 arch/x86/kernel/smp.c:248
 sysvec_call_function_single+0x8e/0xc0 arch/x86/kernel/smp.c:243
 </IRQ>
 asm_sysvec_call_function_single+0x12/0x20 arch/x86/include/asm/idtentry.h:646
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:199
Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 6e ca 2a f8 48 89 ef e8 16 40 2b f8 e8 71 7b 4b f8 fb bf 01 00 00 00 <e8> 86 18 1f f8 65 8b 05 6f 8e d1 76 85 c0 74 02 5d c3 e8 eb e3 cf
RSP: 0018:ffffc90000d37d58 EFLAGS: 00000202
RAX: 000000000005a55b RBX: ffff8880b9c32800 RCX: 1ffffffff1ada649
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffffff8b987640 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff817bdce8 R11: 1ffff1101738651e R12: 0000000000000040
R13: ffffffff8b987a40 R14: dffffc0000000000 R15: ffffffff8d6d91ec
 rcu_gp_cleanup+0x86c/0xb30 kernel/rcu/tree.c:2092
 rcu_gp_kthread+0x1ef/0x320 kernel/rcu/tree.c:2132
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [syzbot] WARNING in trc_read_check_handler
  2021-08-05  9:06 [syzbot] WARNING in trc_read_check_handler syzbot
@ 2021-08-05 16:09 ` Paul E. McKenney
  2021-12-01 20:50 ` syzbot
  1 sibling, 0 replies; 6+ messages in thread
From: Paul E. McKenney @ 2021-08-05 16:09 UTC (permalink / raw)
  To: syzbot; +Cc: jgross, linux-kernel, mingo, namit, peterz, syzkaller-bugs

On Thu, Aug 05, 2021 at 02:06:19AM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    8d4b477da1a8 Add linux-next specific files for 20210730
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=12774fda300000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=4adf4987f875c210
> dashboard link: https://syzkaller.appspot.com/bug?extid=fe9d8c955bd1d0f02dc1
> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10acec72300000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12aeb472300000
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+fe9d8c955bd1d0f02dc1@syzkaller.appspotmail.com
> 
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 14 at kernel/rcu/tasks.h:901 trc_read_check_handler+0x248/0x2e0 kernel/rcu/tasks.h:920

Good catch, but this should be at least partially addressed by
2ebb034d17e1 ("rcu-tasks: Wait for trc_read_check_handler() IPIs").
This commit has been offered to -next, and should appear in the next
-next to appear.

							Thanx, Paul

> Modules linked in:
> CPU: 0 PID: 14 Comm: rcu_preempt Not tainted 5.14.0-rc3-next-20210730-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:trc_read_check_handler+0x248/0x2e0 kernel/rcu/tasks.h:901
> Code: 48 c1 ea 03 0f b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 0c 84 c0 74 08 4c 89 e7 e8 b4 6f 5a 00 c6 83 19 04 00 00 01 e9 5a fe ff ff <0f> 0b 31 c9 ba 01 00 00 00 be 03 00 00 00 48 c7 c7 e0 dd 97 8b e8
> RSP: 0018:ffffc90000007f78 EFLAGS: 00010047
> RAX: 0000000000000001 RBX: ffff888011ac9c80 RCX: ffffffff8160ce50
> RDX: fffffbfff2045b5c RSI: 0000000000000004 RDI: ffffffff9022dae0
> RBP: ffff888011ac9c80 R08: 0000000000000001 R09: 0000000000000003
> R10: fffffbfff2045b5c R11: 0000000000000000 R12: 0000000000000000
> R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b9d32a08
> FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007fff7ce84138 CR3: 0000000070a24000 CR4: 00000000001506f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  <IRQ>
>  flush_smp_call_function_queue+0x34b/0x640 kernel/smp.c:663
>  __sysvec_call_function_single+0x95/0x3d0 arch/x86/kernel/smp.c:248
>  sysvec_call_function_single+0x8e/0xc0 arch/x86/kernel/smp.c:243
>  </IRQ>
>  asm_sysvec_call_function_single+0x12/0x20 arch/x86/include/asm/idtentry.h:646
> RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
> RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:199
> Code: 0f 1f 44 00 00 55 48 8b 74 24 08 48 89 fd 48 83 c7 18 e8 6e ca 2a f8 48 89 ef e8 16 40 2b f8 e8 71 7b 4b f8 fb bf 01 00 00 00 <e8> 86 18 1f f8 65 8b 05 6f 8e d1 76 85 c0 74 02 5d c3 e8 eb e3 cf
> RSP: 0018:ffffc90000d37d58 EFLAGS: 00000202
> RAX: 000000000005a55b RBX: ffff8880b9c32800 RCX: 1ffffffff1ada649
> RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
> RBP: ffffffff8b987640 R08: 0000000000000001 R09: 0000000000000001
> R10: ffffffff817bdce8 R11: 1ffff1101738651e R12: 0000000000000040
> R13: ffffffff8b987a40 R14: dffffc0000000000 R15: ffffffff8d6d91ec
>  rcu_gp_cleanup+0x86c/0xb30 kernel/rcu/tree.c:2092
>  rcu_gp_kthread+0x1ef/0x320 kernel/rcu/tree.c:2132
>  kthread+0x3e5/0x4d0 kernel/kthread.c:319
>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this issue, for details see:
> https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [syzbot] WARNING in trc_read_check_handler
  2021-08-05  9:06 [syzbot] WARNING in trc_read_check_handler syzbot
  2021-08-05 16:09 ` Paul E. McKenney
@ 2021-12-01 20:50 ` syzbot
  2021-12-01 21:09   ` Paul E. McKenney
  1 sibling, 1 reply; 6+ messages in thread
From: syzbot @ 2021-12-01 20:50 UTC (permalink / raw)
  To: bigeasy, jgross, jiangshanlai, joel, josh, linux-kernel,
	mathieu.desnoyers, mingo, namit, netdev, paulmck, peterz, rcu,
	rdunlap, rostedt, syzkaller-bugs

syzbot suspects this issue was fixed by commit:

commit 96017bf9039763a2e02dcc6adaa18592cd73a39d
Author: Paul E. McKenney <paulmck@kernel.org>
Date:   Wed Jul 28 17:53:41 2021 +0000

    rcu-tasks: Simplify trc_read_check_handler() atomic operations

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1281d89db00000
start commit:   5319255b8df9 selftests/bpf: Skip verifier tests that fail ..
git tree:       bpf-next
kernel config:  https://syzkaller.appspot.com/x/.config?x=9290a409049988d4
dashboard link: https://syzkaller.appspot.com/bug?extid=fe9d8c955bd1d0f02dc1
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14990477300000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=105ebd84b00000

If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: rcu-tasks: Simplify trc_read_check_handler() atomic operations

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [syzbot] WARNING in trc_read_check_handler
  2021-12-01 20:50 ` syzbot
@ 2021-12-01 21:09   ` Paul E. McKenney
  2021-12-04  9:50     ` Dmitry Vyukov
  0 siblings, 1 reply; 6+ messages in thread
From: Paul E. McKenney @ 2021-12-01 21:09 UTC (permalink / raw)
  To: syzbot
  Cc: bigeasy, jgross, jiangshanlai, joel, josh, linux-kernel,
	mathieu.desnoyers, mingo, namit, netdev, peterz, rcu, rdunlap,
	rostedt, syzkaller-bugs

On Wed, Dec 01, 2021 at 12:50:07PM -0800, syzbot wrote:
> syzbot suspects this issue was fixed by commit:
> 
> commit 96017bf9039763a2e02dcc6adaa18592cd73a39d
> Author: Paul E. McKenney <paulmck@kernel.org>
> Date:   Wed Jul 28 17:53:41 2021 +0000
> 
>     rcu-tasks: Simplify trc_read_check_handler() atomic operations
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1281d89db00000
> start commit:   5319255b8df9 selftests/bpf: Skip verifier tests that fail ..
> git tree:       bpf-next
> kernel config:  https://syzkaller.appspot.com/x/.config?x=9290a409049988d4
> dashboard link: https://syzkaller.appspot.com/bug?extid=fe9d8c955bd1d0f02dc1
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14990477300000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=105ebd84b00000
> 
> If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: rcu-tasks: Simplify trc_read_check_handler() atomic operations

> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Give or take.  There were quite a few related bugs, so some or all of
the following commits might also have helped:

cbe0d8d91415c rcu-tasks: Wait for trc_read_check_handler() IPIs
18f08e758f34e rcu-tasks: Add trc_inspect_reader() checks for exiting critical section
46aa886c483f5 rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader

Quibbles aside, it is nice to get an automated email about having fixed
a bug as opposed to having added one.  ;-)

							Thanx, Paul

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [syzbot] WARNING in trc_read_check_handler
  2021-12-01 21:09   ` Paul E. McKenney
@ 2021-12-04  9:50     ` Dmitry Vyukov
  2021-12-04 15:07       ` Paul E. McKenney
  0 siblings, 1 reply; 6+ messages in thread
From: Dmitry Vyukov @ 2021-12-04  9:50 UTC (permalink / raw)
  To: paulmck
  Cc: syzbot, bigeasy, jgross, jiangshanlai, joel, josh, linux-kernel,
	mathieu.desnoyers, mingo, namit, netdev, peterz, rcu, rdunlap,
	rostedt, syzkaller-bugs

On Wed, 1 Dec 2021 at 22:09, Paul E. McKenney <paulmck@kernel.org> wrote:
>
> On Wed, Dec 01, 2021 at 12:50:07PM -0800, syzbot wrote:
> > syzbot suspects this issue was fixed by commit:
> >
> > commit 96017bf9039763a2e02dcc6adaa18592cd73a39d
> > Author: Paul E. McKenney <paulmck@kernel.org>
> > Date:   Wed Jul 28 17:53:41 2021 +0000
> >
> >     rcu-tasks: Simplify trc_read_check_handler() atomic operations
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1281d89db00000
> > start commit:   5319255b8df9 selftests/bpf: Skip verifier tests that fail ..
> > git tree:       bpf-next
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=9290a409049988d4
> > dashboard link: https://syzkaller.appspot.com/bug?extid=fe9d8c955bd1d0f02dc1
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14990477300000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=105ebd84b00000
> >
> > If the result looks correct, please mark the issue as fixed by replying with:
>
> #syz fix: rcu-tasks: Simplify trc_read_check_handler() atomic operations
>
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
>
> Give or take.  There were quite a few related bugs, so some or all of
> the following commits might also have helped:
>
> cbe0d8d91415c rcu-tasks: Wait for trc_read_check_handler() IPIs
> 18f08e758f34e rcu-tasks: Add trc_inspect_reader() checks for exiting critical section
> 46aa886c483f5 rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader

Thanks for checking. If we don't have one exact fix, let's go with
what syzbot suggested. At this point it does not matter much since all
of them are in most trees I assume. We just need to close the bug with
something.

#syz fix: rcu-tasks: Simplify trc_read_check_handler() atomic operations

> Quibbles aside, it is nice to get an automated email about having fixed
> a bug as opposed to having added one.  ;-)

Yes, but one is not possible without the other :-)

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [syzbot] WARNING in trc_read_check_handler
  2021-12-04  9:50     ` Dmitry Vyukov
@ 2021-12-04 15:07       ` Paul E. McKenney
  0 siblings, 0 replies; 6+ messages in thread
From: Paul E. McKenney @ 2021-12-04 15:07 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: syzbot, bigeasy, jgross, jiangshanlai, joel, josh, linux-kernel,
	mathieu.desnoyers, mingo, namit, netdev, peterz, rcu, rdunlap,
	rostedt, syzkaller-bugs

On Sat, Dec 04, 2021 at 10:50:47AM +0100, Dmitry Vyukov wrote:
> On Wed, 1 Dec 2021 at 22:09, Paul E. McKenney <paulmck@kernel.org> wrote:
> >
> > On Wed, Dec 01, 2021 at 12:50:07PM -0800, syzbot wrote:
> > > syzbot suspects this issue was fixed by commit:
> > >
> > > commit 96017bf9039763a2e02dcc6adaa18592cd73a39d
> > > Author: Paul E. McKenney <paulmck@kernel.org>
> > > Date:   Wed Jul 28 17:53:41 2021 +0000
> > >
> > >     rcu-tasks: Simplify trc_read_check_handler() atomic operations
> > >
> > > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1281d89db00000
> > > start commit:   5319255b8df9 selftests/bpf: Skip verifier tests that fail ..
> > > git tree:       bpf-next
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=9290a409049988d4
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=fe9d8c955bd1d0f02dc1
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=14990477300000
> > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=105ebd84b00000
> > >
> > > If the result looks correct, please mark the issue as fixed by replying with:
> >
> > #syz fix: rcu-tasks: Simplify trc_read_check_handler() atomic operations
> >
> > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> >
> > Give or take.  There were quite a few related bugs, so some or all of
> > the following commits might also have helped:
> >
> > cbe0d8d91415c rcu-tasks: Wait for trc_read_check_handler() IPIs
> > 18f08e758f34e rcu-tasks: Add trc_inspect_reader() checks for exiting critical section
> > 46aa886c483f5 rcu-tasks: Fix IPI failure handling in trc_wait_for_one_reader
> 
> Thanks for checking. If we don't have one exact fix, let's go with
> what syzbot suggested. At this point it does not matter much since all
> of them are in most trees I assume. We just need to close the bug with
> something.
> 
> #syz fix: rcu-tasks: Simplify trc_read_check_handler() atomic operations

Fair enough!

> > Quibbles aside, it is nice to get an automated email about having fixed
> > a bug as opposed to having added one.  ;-)
> 
> Yes, but one is not possible without the other :-)

But of course it is possible!  For example, syzkaller might find a bug
that was already fixed, and then before notifying me about the bug, you
see the fix.  For example, by failing to reproduce a mainline bug on -rcu.

Not that I particularly want to be auto-spammed about bugs that I have
already fixed, mind you!  ;-)

							Thanx, Paul

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-12-04 15:08 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-05  9:06 [syzbot] WARNING in trc_read_check_handler syzbot
2021-08-05 16:09 ` Paul E. McKenney
2021-12-01 20:50 ` syzbot
2021-12-01 21:09   ` Paul E. McKenney
2021-12-04  9:50     ` Dmitry Vyukov
2021-12-04 15:07       ` Paul E. McKenney

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).