Received: by 10.223.148.5 with SMTP id 5csp6105301wrq; Wed, 17 Jan 2018 09:25:16 -0800 (PST) X-Google-Smtp-Source: ACJfBot+waQObdZ2GKeT/mXGPvTh890RddeCmUb4q/lVJcOuVsRfbJAx+eHysniv65YYonDjtCNt X-Received: by 10.98.59.149 with SMTP id w21mr31519251pfj.7.1516209916060; Wed, 17 Jan 2018 09:25:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516209916; cv=none; d=google.com; s=arc-20160816; b=uvncMnJIwkTzPyqscdNHAnNXelBwiQwam07p0tQFwHKmno59B+SRcyECLmYmtUeQJT YrJCJWNE5msn7/vZhhawGla+BtwUqPeGzsBP6Ew71NA3A8s4dAXgIIeemG86WAN6X0KH RD7ovYcufb+ojNj2bRaHf4B7zCpMTiCQekp+wFzznYCtGUadwjcI8i+x/YPBUyXQuTkR 7h92ltUL7JFjKtGb2NFHoZqsegip4km4r+QwMmMEWjlElE7HjZa45L6c4Ki6M4PkK6TT BMyYWgwVJF8XiLJrKkb36U7VWCwRtH/bUodSUT5+6OIVH2W4wdspnRuwyKI2/19F3Wv3 ahtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:arc-authentication-results; bh=ShR0jrgq9NV5wET4OfXtE/eRzDXcR52uN99TmgXcGgE=; b=OGbB6UJFdfqQ4VsmwhLIhj+X7jOzKo+eY09KpZdThzEeBAfTztDrnPTen1OJQlMJS9 /5E3YevJZuIBDM8PMyxeTDhSzzoX8EoVjIC0+lxUltUolAV1juZEk7OlFwSl4Xrl2UT2 1ctk4yaAwGwbkV9ZX7wB5uhHjYAdT328fmEFAeG3bNQxN5FwlaM4V8MdXNxHDA3p7Por eT/dLAbwmZ6I/k+PhciChiRL1R2yI2NBb8tpCn60XSsrsOeBc+jXr3qkECpIDyhbbcoI rc7C0Klr0WTPcv6ltO3d8pyKA4/hr1nHiHe6aCKqjJ1farKVOq3e9wl/rupZOJ/cgz8N uOAw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d2si4896128plo.114.2018.01.17.09.25.00; Wed, 17 Jan 2018 09:25:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753906AbeAQRYh (ORCPT + 99 others); Wed, 17 Jan 2018 12:24:37 -0500 Received: from outprodmail02.cc.columbia.edu ([128.59.72.51]:36667 "EHLO outprodmail02.cc.columbia.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750969AbeAQRYf (ORCPT ); Wed, 17 Jan 2018 12:24:35 -0500 Received: from hazelnut (hazelnut.cc.columbia.edu [128.59.213.250]) by outprodmail02.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id w0HHNCdv057297 for ; Wed, 17 Jan 2018 12:24:34 -0500 Received: from hazelnut (localhost.localdomain [127.0.0.1]) by hazelnut (Postfix) with ESMTP id 286977E for ; Wed, 17 Jan 2018 12:24:35 -0500 (EST) Received: from sendprodmail04.cc.columbia.edu (sendprodmail04.cc.columbia.edu [128.59.72.16]) by hazelnut (Postfix) with ESMTP id 047D180 for ; Wed, 17 Jan 2018 12:24:35 -0500 (EST) Received: from mail-wr0-f199.google.com (mail-wr0-f199.google.com [209.85.128.199]) by sendprodmail04.cc.columbia.edu (8.14.4/8.14.4) with ESMTP id w0HHOX38042991 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 17 Jan 2018 12:24:34 -0500 Received: by mail-wr0-f199.google.com with SMTP id p4so13637056wrf.4 for ; Wed, 17 Jan 2018 09:24:33 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ShR0jrgq9NV5wET4OfXtE/eRzDXcR52uN99TmgXcGgE=; b=ON18sSL0Yqc2Jj0Hn8lqICglTuu/7bd9GCFZs/RfZzNNOxU3Q6T+cxJrRybdSFf+RH jPymvBCB1B6kLEBGEKSKerZeS1qn8wkbSC5613Wh4PjMfeNFemfrhwJKu49lLCyzzeGl GVh8GlkPwrbvGBXPk7+Bk/GooL1i1eCUcilVQSht1pCXkgQFUIQfFJzfhLLFJEtnTjpA dZYCfz4YmtCdem9dZa8YoJZSnsEjaR8cZM/RFWOsdqs8o/jfpLmnuEQilq0KSLG2RnMw jcX3zxVbMSWy1d+O5DZWGuon244y1XuoCv1QgFHUesXyLzKhxDlrStSt93W/Yx6HmFqJ 8Yug== X-Gm-Message-State: AKwxyteYpN8CBNJRHpBvkEQmc0bPiCNFB1Zn2TTVQ+nPJT0cDy93XWsC bHfqgF9mj56wXz0QGLr3BBH1lcIEmtWrTeIkzGpNXvwES1dUXCeNL+lVGLXHi8rQUUQp9E4eF5N p5wXYbFS/Mb3DaLYKXswXMi+8qMMdk1o42UlSN9X+RnocuAkv X-Received: by 10.80.179.6 with SMTP id q6mr3861972edd.87.1516209873068; Wed, 17 Jan 2018 09:24:33 -0800 (PST) X-Received: by 10.80.179.6 with SMTP id q6mr3861943edd.87.1516209872586; Wed, 17 Jan 2018 09:24:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.182.139 with HTTP; Wed, 17 Jan 2018 09:24:32 -0800 (PST) In-Reply-To: <20180117170520.GA12606@kroah.com> References: <20180117170520.GA12606@kroah.com> From: Shankara Pailoor Date: Wed, 17 Jan 2018 09:24:32 -0800 Message-ID: Subject: Re: RCU stall in 8250 serial driver Linux 4.15-rc1 To: Greg KH Cc: jslaby@suse.com, LKML , syzkaller , linux-serial@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-No-Spam-Score: Local X-Scanned-By: MIMEDefang 2.78 on 128.59.72.16 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Greg, Sorry for that. Here is the stack trace. C Program below TCP: request_sock_TCP: Possible SYN flooding on port 20003. Sending cookies. Check SNMP counters. TCP: request_sock_TCP: Possible SYN flooding on port 20003. Sending cookies. Check SNMP counters. TCP: request_sock_TCP: Possible SYN flooding on port 20003. Sending cookies. Check SNMP counters. INFO: rcu_sched detected stalls on CPUs/tasks: 1-....: (5686 ticks this GP) idle=59e/140000000000000/0 softirq=13217/13218 fqs=15550 (detected by 3, t=65002 jiffies, g=3309, c=3308, q=1338676) Sending NMI from CPU 3 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 3206 Comm: syzkaller260107 Not tainted 4.15.0-rc1 #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8800b5688000 task.stack: ffff8800b5ae0000 RIP: 0010:inb arch/x86/include/asm/io.h:348 [inline] RIP: 0010:io_serial_in+0x60/0x80 drivers/tty/serial/8250/8250_port.c:434 RSP: 0018:ffff880105086320 EFLAGS: 00000002 RAX: dffffc0000000000 RBX: 00000000000003fd RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffffb7699720 RBP: ffffffffb76996e0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: 1ffff10016ad112c R12: 0000000000000020 R13: fffffbfff6ed3323 R14: fffffbfff6ed32e6 R15: ffffffffb769991a FS: 00000000012d3880(0000) GS:ffff880105080000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200007b6 CR3: 00000000ba7eb004 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: serial_in drivers/tty/serial/8250/8250.h:111 [inline] wait_for_xmitr+0x8a/0x1d0 drivers/tty/serial/8250/8250_port.c:2033 serial8250_console_putchar+0x19/0x50 drivers/tty/serial/8250/8250_port.c:3170 uart_console_write+0x98/0xc0 drivers/tty/serial/serial_core.c:1858 serial_port_out include/linux/serial_core.h:265 [inline] serial8250_console_write+0x2ad/0x890 drivers/tty/serial/8250/8250_port.c:3243 trace_console_rcuidle include/trace/events/printk.h:10 [inline] call_console_drivers kernel/printk/printk.c:1556 [inline] console_unlock+0x635/0xb40 kernel/printk/printk.c:2233 log_output kernel/printk/printk.c:1675 [inline] vprintk_emit+0x391/0x480 kernel/printk/printk.c:1745 vprintk_func+0x52/0xc0 kernel/printk/printk_safe.c:379 printk+0xaa/0xca kernel/printk/printk.c:1829 tcp_syn_flood_action net/ipv4/tcp_input.c:6171 [inline] tcp_conn_request+0x2c91/0x2fc0 net/ipv4/tcp_input.c:6215 tcp_v4_conn_request+0x14f/0x200 net/ipv4/tcp_ipv4.c:1318 tcp_rcv_state_process+0x900/0x4770 net/ipv4/tcp_input.c:5819 tcp_v4_do_rcv+0x550/0x7c0 net/ipv4/tcp_ipv4.c:1490 tcp_v4_rcv+0x2c2d/0x2d30 net/ipv4/tcp_ipv4.c:1719 ip_local_deliver_finish+0x317/0xbf0 net/ipv4/ip_input.c:216 NF_HOOK include/linux/netfilter.h:250 [inline] ip_local_deliver+0x1ba/0x640 net/ipv4/ip_input.c:257 dst_input include/net/dst.h:466 [inline] ip_rcv_finish+0x867/0x1970 net/ipv4/ip_input.c:397 NF_HOOK include/linux/netfilter.h:250 [inline] ip_rcv+0xb9d/0x1650 net/ipv4/ip_input.c:493 __netif_receive_skb_core+0x1e56/0x3330 net/core/dev.c:4461 __netif_receive_skb+0x27/0x1a0 net/core/dev.c:4526 rcu_read_unlock include/linux/rcupdate.h:683 [inline] process_backlog+0x1d8/0x6b0 net/core/dev.c:5206 napi_poll net/core/dev.c:5604 [inline] net_rx_action+0x66b/0x1330 net/core/dev.c:5669 trace_softirq_exit include/trace/events/irq.h:142 [inline] __do_softirq+0x25e/0xabe kernel/softirq.c:286 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:984 do_softirq.part.16+0x70/0x90 kernel/softirq.c:88 __local_bh_enable_ip+0x17c/0x1b0 kernel/softirq.c:161 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:727 [inline] ip_finish_output2+0x8ad/0x1370 net/ipv4/ip_output.c:231 ip_finish_output+0x727/0xb20 net/ipv4/ip_output.c:317 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip_output+0x1cf/0x720 net/ipv4/ip_output.c:405 dst_output include/net/dst.h:460 [inline] ip_local_out+0x8e/0x160 net/ipv4/ip_output.c:124 ip_queue_xmit+0x934/0x1890 net/ipv4/ip_output.c:504 tcp_transmit_skb+0x19a9/0x35d0 net/ipv4/tcp_output.c:1176 tcp_connect+0x2824/0x3890 net/ipv4/tcp_output.c:3498 C program: // autogenerated by syzkaller (http://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include __attribute__((noreturn)) static void doexit(int status) { volatile unsigned i; syscall(__NR_exit_group, status); for (i = 0;; i++) { } } #define NORETURN __attribute__((noreturn)) #include #include const int kFailStatus = 67; const int kRetryStatus = 69; NORETURN static void fail(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit((e == ENOMEM || e == EAGAIN) ? kRetryStatus : kFailStatus); } NORETURN static void exitf(const char* msg, ...) { int e = errno; fflush(stdout); va_list args; va_start(args, msg); vfprintf(stderr, msg, args); va_end(args); fprintf(stderr, " (errno %d)\n", e); doexit(kRetryStatus); } static uint64_t current_time_ms() { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) fail("clock_gettime failed"); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void test(); void loop() { int iter; for (iter = 0;; iter++) { int pid = fork(); if (pid < 0) fail("clone failed"); if (pid == 0) { prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); setpgrp(); test(); doexit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { int res = waitpid(-1, &status, __WALL | WNOHANG); if (res == pid) break; usleep(1000); if (current_time_ms() - start > 5 * 1000) { kill(-pid, SIGKILL); kill(pid, SIGKILL); while (waitpid(-1, &status, __WALL) != pid) { } break; } } } } long r[28]; void test() { memset(r, -1, sizeof(r)); r[0] = syscall(__NR_mmap, 0x20000000ul, 0x3b8000ul, 0x3ul, 0x32ul, 0xfffffffffffffffful, 0x0ul); r[1] = syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul); *(uint16_t*)0x200007b6 = (uint16_t)0x2; *(uint16_t*)0x200007b8 = (uint16_t)0x234e; *(uint32_t*)0x200007ba = (uint32_t)0x0; *(uint8_t*)0x200007be = (uint8_t)0x0; *(uint8_t*)0x200007bf = (uint8_t)0x0; *(uint8_t*)0x200007c0 = (uint8_t)0x0; *(uint8_t*)0x200007c1 = (uint8_t)0x0; *(uint8_t*)0x200007c2 = (uint8_t)0x0; *(uint8_t*)0x200007c3 = (uint8_t)0x0; *(uint8_t*)0x200007c4 = (uint8_t)0x0; *(uint8_t*)0x200007c5 = (uint8_t)0x0; r[13] = syscall(__NR_bind, r[1], 0x200007b6ul, 0x10ul); r[14] = syscall(__NR_listen, r[1], 0x0ul); r[15] = syscall(__NR_socket, 0x2ul, 0x1ul, 0x0ul); *(uint16_t*)0x200008e6 = (uint16_t)0x2; *(uint16_t*)0x200008e8 = (uint16_t)0x234e; *(uint32_t*)0x200008ea = (uint32_t)0x100007f; *(uint8_t*)0x200008ee = (uint8_t)0x0; *(uint8_t*)0x200008ef = (uint8_t)0x0; *(uint8_t*)0x200008f0 = (uint8_t)0x0; *(uint8_t*)0x200008f1 = (uint8_t)0x0; *(uint8_t*)0x200008f2 = (uint8_t)0x0; *(uint8_t*)0x200008f3 = (uint8_t)0x0; *(uint8_t*)0x200008f4 = (uint8_t)0x0; *(uint8_t*)0x200008f5 = (uint8_t)0x0; r[27] = syscall(__NR_connect, r[15], 0x200008e6ul, 0x10ul); } int main() { int i; for (i = 0; i < 8; i++) { if (fork() == 0) { loop(); return 0; } } sleep(1000000); return 0; } Regards, Shankara On Wed, Jan 17, 2018 at 9:05 AM, Greg KH wrote: > On Wed, Jan 17, 2018 at 08:53:06AM -0800, Shankara Pailoor wrote: >> Hi, >> >> Syzkaller found the following rcu stall report in Linux 4.15-rc1: >> https://pastebin.com/NyZ9JdRv >> >> The following C program reproduces it: https://pastebin.com/gqwDWWpA >> >> Configs Here: https://pastebin.com/v6M3iKi1 > > I don't visit random web sites for random bugs. Please include all of > the information in the email itself. > > thanks, > > greg k-h