Received: by 10.223.185.116 with SMTP id b49csp2294394wrg;
        Mon, 12 Feb 2018 07:28:46 -0800 (PST)
X-Google-Smtp-Source: AH8x226zlkUejJBFdhUX5SWvFllaouSIyH8x4nkrOXIiu+lvUWyNEH2VWCTqj3Dn/xM5dRi4aCZb
X-Received: by 2002:a17:902:82c6:: with SMTP id u6-v6mr9352589plz.401.1518449325911;
        Mon, 12 Feb 2018 07:28:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518449325; cv=none;
        d=google.com; s=arc-20160816;
        b=f8PxYhIyI9fCDJKlX/Cs5i/bMl6zYN5kcGuuzdrDrhm9tDANiLBmHpGfgveYGLPumL
         TblILA+iWkMyXtpapZgf8FN74qEWgx6aIQICnZcUNV37A5PH0fjN4Z7fssbu56/Y8IMQ
         0hH14ksPPzO/HsMA/BrylBfxboZkpJWkYAzNUQBQk2l3OPg4JwNaKwr25+rxB3SUAwcl
         5P7+j1xF9mjOMeyDLTPSBtcu80ZG5ASn3KTLUkDHCmyl8nyCAl/9o9SZbPaPY/VBUnwU
         eCAsH3T3E30NHeVAfFIRn41elVCh51JzAKOhPU1zl9X0zhVGgZy2TJEx+FYc0I1YVt8V
         l+0w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=zlPV6ZtVUU25zXzEQYRMvuYcSKQ4qV3K6kHsBrvDSGI=;
        b=jA6eVyXgUQ4AAdHavRc6jtFH266PJybqdSZOw2UTLoiU2C0ponfxHyzfcbWtBcypFE
         0rVPrWRUDZYxY02mbO15SH6bxPFN4e9lFphA8kSZOLb7r9YVLV1IY3WlJlZDhp36Wv0P
         +C0xxVtyflHZwGIMJ/ygLjF4i1+piW0yEy1jgMwM/VtbCdnJEijiT2JNvO4y2jfHvKQr
         Spg+U9w9kJoTQ7JuKfYsUWsSWMgwl9pmk9li4IKPfzJaNzfBOQ6KDG0bhnHFwsQ5G/kG
         +Txv+jtC+RyIzt9W2jI/J2KEQom68c8MH5fbjyGEnsqfxPNc+S2vSwmpleFoZhXh7RrG
         mz4A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Ef5O0KbN;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q7si5266302pgc.226.2018.02.12.07.28.26;
        Mon, 12 Feb 2018 07:28:45 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Ef5O0KbN;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753386AbeBLP1U (ORCPT <rfc822;damien271828@gmail.com>
        + 99 others); Mon, 12 Feb 2018 10:27:20 -0500
Received: from mail-pg0-f54.google.com ([74.125.83.54]:41308 "EHLO
        mail-pg0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753242AbeBLP1Q (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Feb 2018 10:27:16 -0500
Received: by mail-pg0-f54.google.com with SMTP id t4so6648549pgp.8
        for <linux-kernel@vger.kernel.org>; Mon, 12 Feb 2018 07:27:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=zlPV6ZtVUU25zXzEQYRMvuYcSKQ4qV3K6kHsBrvDSGI=;
        b=Ef5O0KbNXQoxC9NNoE7rqxLE38LQU8nvhqM6ub5tPzEtGvq09gp0KU7ZsO7FuSQyoJ
         AvxPl06dKwehaDp8Wsv0csnp+gN+QYZ1dC5BTnFCa8lpnUIA6Rh3M8vIu4CU+2wWqDtX
         vYDInN/r2MuRHI2i9A9Fjy+rXn/S/Bbv57IksxupOR2QzBQoNySyMDaGB3dxIyxuPsbh
         pENCH7MBWTJc7KKkDJp5fUi9cJVcZjTgnf+R3wRccWsUmdwNDpkf92DsedQ63ALKcuTq
         sqhcxFfQqoLhUSb9lTqJzm/iSyTqOvJOZi4OPnR2greFc7sspKi5nzWmrshS51JC+BwO
         y5WA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=zlPV6ZtVUU25zXzEQYRMvuYcSKQ4qV3K6kHsBrvDSGI=;
        b=Mdwj4uQj9bZ99dAlXmeDBJnMC3/uDYD7vmYfSGUAI7YQ5DtbjsAuYfpRrdwDMSzIzZ
         ytmrT9TijhH/4VaqyWS0qAdDwkptZxerkPLAsAAkuTkqJUu+YT5FVKuF67Hl0k25Xdw0
         nKhn+VvWGFAQ2eITB0wIryzJnIyNV8+XDQNhpaN0NH8yFZCgEfOHQwtwRj7QLZf7UxfS
         eIhuI7xut1G5MAf0ZBKypcxejt4lh1wjEV/e/1BwRsm7b8fOI8mMR2qZ38k6QS40O6gC
         G+vegatZQHxOc8tvxKVGvsxZJxNnHEtvhEJd4oxhKRRoLNgjALF1/TSXvifX4JLzpmub
         zNHQ==
X-Gm-Message-State: APf1xPDKde4L14vwNeBprLbQnpIMEI+aKhFMlbfG8v2HY93taazCmLWb
        savBUAVIjqWML7s19ZRB3iWfLSm2Ho99m8zI1P8tUYmTt4tt+hALiyw+wNS7QNq+b6Tcmg97MZ6
        DYe9sf7/tISw3D3B7Ml0mi3/oAthYTCg=
X-Received: by 10.99.101.3 with SMTP id z3mr9742741pgb.450.1518449235651; Mon,
 12 Feb 2018 07:27:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.236.140.151 with HTTP; Mon, 12 Feb 2018 07:26:55 -0800 (PST)
In-Reply-To: <001a1141ba9ea381f70565057687@google.com>
References: <001a1141ba9ea381f70565057687@google.com>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Mon, 12 Feb 2018 16:26:55 +0100
Message-ID: <CACT4Y+Z-iMWQccvthBAb2Ze4GjkVAm-B7m=b+KYg8AqEn4gw1Q@mail.gmail.com>
Subject: Re: INFO: rcu detected stall in xfrm_confirm_neigh
To:     syzbot <syzbot+7d03c810e50aaedef98a@syzkaller.appspotmail.com>
Cc:     babu.moger@oracle.com, dzickus@redhat.com,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Kate Stewart <kstewart@linuxfoundation.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Ingo Molnar <mingo@redhat.com>, npiggin@gmail.com,
        Philippe Ombredanne <pombredanne@nexb.com>,
        syzkaller-bugs@googlegroups.com,
        Thomas Gleixner <tglx@linutronix.de>,
        "the arch/x86 maintainers" <x86@kernel.org>,
        Steffen Klassert <steffen.klassert@secunet.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        David Miller <davem@davemloft.net>,
        netdev <netdev@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
X-ccpol: medium
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Feb 12, 2018 at 4:23 PM, syzbot
<syzbot+7d03c810e50aaedef98a@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot hit the following crash on net-next commit
> 9515a2e082f91457db0ecff4b65371d0fb5d9aad (Thu Jan 25 03:37:38 2018 +0000)
> net/ipv4: Allow send to local broadcast from a socket bound to a VRF
>
> So far this crash happened 6 times on net-next.
> Unfortunately, I don't have any reproducer for this crash yet.
> Raw console output is attached.
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached.


+xfrm maintainers


> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+7d03c810e50aaedef98a@syzkaller.appspotmail.com
> It will help syzbot understand when the bug is fixed. See footer for
> details.
> If you forward the report, please keep this part and the footer.
>
> INFO: rcu_sched self-detected stall on CPU
>         1-...!: (124998 ticks this GP) idle=376/140000000000001/0
> softirq=506054/506054 fqs=19
>          (t=125000 jiffies g=289415 c=289414 q=312)
> rcu_sched kthread starved for 124920 jiffies! g289415 c289414 f0x0
> RCU_GP_WAIT_FQS(3) ->state=0x0 ->cpu=0
> rcu_sched       R  running task    23456     8      2 0x80000000
> Call Trace:
>  context_switch kernel/sched/core.c:2799 [inline]
>  __schedule+0x8eb/0x2060 kernel/sched/core.c:3375
>  schedule+0xf5/0x430 kernel/sched/core.c:3434
>  schedule_timeout+0x118/0x230 kernel/time/timer.c:1793
>  rcu_gp_kthread+0x9e5/0x1930 kernel/rcu/tree.c:2314
>  kthread+0x33c/0x400 kernel/kthread.c:238
>  ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:541
> NMI backtrace for cpu 1
> CPU: 1 PID: 15893 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #210
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
>  <IRQ>
>  __dump_stack lib/dump_stack.c:17 [inline]
>  dump_stack+0x194/0x257 lib/dump_stack.c:53
>  nmi_cpu_backtrace+0x1d2/0x210 lib/nmi_backtrace.c:103
>  nmi_trigger_cpumask_backtrace+0x122/0x180 lib/nmi_backtrace.c:62
>  arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
>  trigger_single_cpu_backtrace include/linux/nmi.h:156 [inline]
>  rcu_dump_cpu_stacks+0x186/0x1d9 kernel/rcu/tree.c:1459
>  print_cpu_stall kernel/rcu/tree.c:1608 [inline]
>  check_cpu_stall.isra.61+0xbb8/0x15b0 kernel/rcu/tree.c:1676
>  __rcu_pending kernel/rcu/tree.c:3440 [inline]
>  rcu_pending kernel/rcu/tree.c:3502 [inline]
>  rcu_check_callbacks+0x256/0xd00 kernel/rcu/tree.c:2842
>  update_process_times+0x30/0x60 kernel/time/timer.c:1628
>  tick_sched_handle+0x85/0x160 kernel/time/tick-sched.c:162
>  tick_sched_timer+0x42/0x120 kernel/time/tick-sched.c:1194
>  __run_hrtimer kernel/time/hrtimer.c:1211 [inline]
>  __hrtimer_run_queues+0x358/0xe20 kernel/time/hrtimer.c:1275
>  hrtimer_interrupt+0x1c2/0x5e0 kernel/time/hrtimer.c:1309
>  local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
>  smp_apic_timer_interrupt+0x14a/0x700 arch/x86/kernel/apic/apic.c:1050
>  apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:937
>  </IRQ>
> RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
> RIP: 0010:__sanitizer_cov_trace_pc+0x3b/0x50 kernel/kcov.c:106
> RSP: 0018:ffff8801a6867820 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff11
> RAX: 0000000000010000 RBX: ffff8801caf7d200 RCX: ffffffff84acc87d
> RDX: 000000000000ffff RSI: ffffc90002aa6000 RDI: ffff8801c54c4f50
> RBP: ffff8801a6867820 R08: 0000000000000001 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801c54c4e00
> R13: dffffc0000000000 R14: ffffed00395efa5f R15: ffff8801caf7d2fc
>  xfrm_get_dst_nexthop net/xfrm/xfrm_policy.c:2732 [inline]
>  xfrm_confirm_neigh+0xad/0x270 net/xfrm/xfrm_policy.c:2759
>  dst_confirm_neigh include/net/dst.h:419 [inline]
>  raw_sendmsg+0xece/0x23b0 net/ipv4/raw.c:702
>  inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764
>  sock_sendmsg_nosec net/socket.c:630 [inline]
>  sock_sendmsg+0xca/0x110 net/socket.c:640
>  SYSC_sendto+0x361/0x5c0 net/socket.c:1747
>  SyS_sendto+0x40/0x50 net/socket.c:1715
>  entry_SYSCALL_64_fastpath+0x29/0xa0
> RIP: 0033:0x452f19
> RSP: 002b:00007f00a389ec58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
> RAX: ffffffffffffffda RBX: 000000000071bf58 RCX: 0000000000452f19
> RDX: 000000000000001e RSI: 0000000020098000 RDI: 0000000000000013
> RBP: 0000000000000510 R08: 0000000020cf9000 R09: 0000000000000010
> R10: fffffffffffffffe R11: 0000000000000212 R12: 00000000006f6a20
> R13: 00000000ffffffff R14: 00007f00a389f6d4 R15: 0000000000000001
>
>
> ---
> This bug is generated by a dumb bot. It may contain errors.
> See https://goo.gl/tpsmEJ for details.
> Direct all questions to syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report.
> If you forgot to add the Reported-by tag, once the fix for this bug is
> merged
> into any tree, please reply to this email with:
> #syz fix: exact-commit-title
> To mark this as a duplicate of another syzbot report, please reply with:
> #syz dup: exact-subject-of-another-report
> If it's a one-off invalid bug report, please reply with:
> #syz invalid
> Note: if the crash happens again, it will cause creation of a new bug
> report.
> Note: all commands must start from beginning of the line in the email body.
>
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a1141ba9ea381f70565057687%40google.com.
> For more options, visit https://groups.google.com/d/optout.