Received: by 10.223.185.116 with SMTP id b49csp2337233wrg; Mon, 12 Feb 2018 08:05:27 -0800 (PST) X-Google-Smtp-Source: AH8x224S9r3vL2cuIDHBgFpwbYRVUu6SrxiQqxngVOPuAnFc0NNHB5lXPfKzziusQHmtLMLL6Bmp X-Received: by 2002:a17:902:1c1:: with SMTP id b59-v6mr11173143plb.325.1518451527201; Mon, 12 Feb 2018 08:05:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518451527; cv=none; d=google.com; s=arc-20160816; b=CfVDTSHg0y7IoX1Y2O08d6vxhCNDZBcESfXXhIUNwQQdyH2cpg0LN9sfYtqWTWa88i 5nuo89LoBYenT5Mx3T4AuxYmZAbEU7h8n4NkrM0/3Vncz5LoOmzrsTM8tp6Ge/I+XqbC 1qMBuQHJlQ76OF7jrp4LMQ+xwSg2cIj9ZJpdRJCAFfzLiDV9LkLTFuzTrn2/wvHxsY0Z T/nYXEojRct7Whb8irvQHzPGi3JjApKRv3X4xQvWimi79/F0DJ52XIG9Dn9i+5jjMfZe HKs+Gm1hSu9QRTdowHcVcKY0wXTAjoG6hSNu43lL7l7qDB1vpekheAGjd3+IA35jqXkX Bj1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=BiqCJ1v24Pmfnc3KaF1n8QT8NLmX1QBnBpG3i5CstMc=; b=DqOWD9ZdslFI2rIzwN6bUM0N7LVhraVvpfq2STBlQ/k49CVO8F+Av2kpYuRgsJVRrI Yj3CAR7sIc4g9/jFR6qa8+SrLlEsVLPW0QwN+rB5hz/lascaafDqLpBXtiPIY0GPKgRd gukkBeJYPFdQvtjMgbjdHzUsQeSV9KvQCzgwFJ0YqCb4jH5EOkM5B2wwn2XqG7qzFV/w F9w8g60gxQTB/eYnbHX0eASTEmhtVU43bU36W6AMZqMGphOM05Tj55bpCEkWYNOffWux njr+2uhQv6sN8DyblshWDiZQ7kJKrCR38WYu5d6NGAPK1kYU4KCACiizgukLe8buLVSL 6Vlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=v8CnNfDO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 95-v6si118310plc.397.2018.02.12.08.05.07; Mon, 12 Feb 2018 08:05:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=v8CnNfDO; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934912AbeBLQDb (ORCPT + 99 others); Mon, 12 Feb 2018 11:03:31 -0500 Received: from mail-pg0-f41.google.com ([74.125.83.41]:38237 "EHLO mail-pg0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932878AbeBLQD3 (ORCPT ); Mon, 12 Feb 2018 11:03:29 -0500 Received: by mail-pg0-f41.google.com with SMTP id l24so1735089pgc.5 for ; Mon, 12 Feb 2018 08:03:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BiqCJ1v24Pmfnc3KaF1n8QT8NLmX1QBnBpG3i5CstMc=; b=v8CnNfDOJ3lsR2mEGsWyhKriPYcKJghenh8pTk12Sl7Zz5ndHSlhpIU317lBK9x9ek RhxtfXfeyubI1fPvkzMDJFoT7SOEwORfNcx7GKj50fqgsjCr0KKl9UDXkJemLHsOSDdA s4+ZjNWvvlcmbYh+mpH7xLiwO8ZdRuyuy+Om5AN6zqrMT6GQAFxwRzA+iQ/F2EuOioxR 9XIqKjG9KB9j2atlO077eovKEFgQhpvvQTA1J8vK6LEswlwRlBsx0RNfXUCjcLJwB4Q9 7KaCNPtNHW4kRCOmwXnj9Utchl7hogcMOV80K7DpV7+fUR4ksLFkOmCwGVicUAJM4Q6S 1OGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=BiqCJ1v24Pmfnc3KaF1n8QT8NLmX1QBnBpG3i5CstMc=; b=KrWVJMNLriOK+UsEElJM9PavxFXo+L2CfwnpbMXWfya/Kr9pt/kGgMIYyiNwVSp4/4 LkYq+0FpJrDMeid1LZ/kU9OD+kNlTM7Cdz0mnJYyLs5JbjEHLnzD7Y39nmIpMf3Am62T vG1uY9ljoGGL5tvyzKrDuCNZK/6Slr9ckFEaftfRKSS4X09/pSJMw3qhcgJ7vQFfQeen ++E6W0LlWACJdrYRdOf6ocShlbSUzXXqfmls1fcGc2AepTiM0vXgP/lFjy7Pk4URyQD1 Swhss2WfkQT/5y2dFtMQZCOy7yS4sJY0WQ22ZEWWrAE0YQ5VEaAEMEfmjh2iUK2mCHie 1oug== X-Gm-Message-State: APf1xPDJ+vPp6oRiZbFZu5ZBj0fSWFbdsFO3dVqOIs4wiUZreRgBgttm +tyYo6LFdlEjOtIULrvqN8+zqQm4jMrQ7GUAvRv+8g== X-Received: by 10.98.35.211 with SMTP id q80mr11914633pfj.64.1518451408710; Mon, 12 Feb 2018 08:03:28 -0800 (PST) MIME-Version: 1.0 Received: by 10.236.140.151 with HTTP; Mon, 12 Feb 2018 08:03:08 -0800 (PST) In-Reply-To: <001a113f8734783e94056505f8fd@google.com> References: <001a113f8734783e94056505f8fd@google.com> From: Dmitry Vyukov Date: Mon, 12 Feb 2018 17:03:08 +0100 Message-ID: Subject: Re: lost connection to test machine (4) To: syzbot , Alexei Starovoitov , Daniel Borkmann , netdev Cc: LKML , syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 12, 2018 at 5:00 PM, syzbot wrote: > Hello, > > syzbot hit the following crash on bpf-next commit > 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +0000) > Merge tag 'usercopy-v4.16-rc1' of > git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux > > So far this crash happened 898 times on bpf-next, net-next, upstream. > C reproducer is attached. > syzkaller reproducer is attached. > Raw console output is attached. > compiler: gcc (GCC) 7.1.1 20170620 > .config is attached. The reproducer first causes several tasks spending minutes at this stack: [ 110.762189] NMI backtrace for cpu 2 [ 110.762206] CPU: 2 PID: 3760 Comm: syz-executor Not tainted 4.15.0+ #96 [ 110.762210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 110.762224] RIP: 0010:mutex_spin_on_owner+0x303/0x420 [ 110.762232] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.103 msecs [ 110.762237] RSP: 0018:ffff88005be470e8 EFLAGS: 00000246 [ 110.762268] RAX: ffff88006ca00000 RBX: 0000000000000000 RCX: ffffffff81554165 [ 110.762275] RDX: 0000000000000001 RSI: 1ffffffff0d97884 RDI: 0000000000000000 [ 110.762281] RBP: ffff88005be47210 R08: dffffc0000000001 R09: fffffbfff0db2b75 [ 110.762286] R10: fffffbfff0db2b74 R11: ffffffff86d95ba7 R12: ffffffff86d95ba0 [ 110.762292] R13: ffffed000b7c8e25 R14: dffffc0000000000 R15: ffff880064691040 [ 110.762300] FS: 00007f84ed029700(0000) GS:ffff88006cb00000(0000) knlGS:0000000000000000 [ 110.762305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.762311] CR2: 00007fd565f7b1b0 CR3: 000000005bddf002 CR4: 00000000001606e0 [ 110.762316] Call Trace: [ 110.762383] __mutex_lock.isra.1+0x97d/0x1440 [ 110.762659] __mutex_lock_slowpath+0xe/0x10 [ 110.762668] mutex_lock+0x3e/0x50 [ 110.762677] pcpu_alloc+0x846/0xfe0 [ 110.762778] __alloc_percpu_gfp+0x27/0x30 [ 110.762801] array_map_alloc+0x484/0x690 [ 110.762832] SyS_bpf+0xa27/0x4770 [ 110.763190] do_syscall_64+0x297/0x760 [ 110.763260] entry_SYSCALL_64_after_hwframe+0x21/0x86 and later machine dies with: [ 191.484308] Kernel panic - not syncing: Out of memory and no killable processes... [ 191.484308] [ 191.485740] CPU: 3 PID: 746 Comm: kworker/3:1 Not tainted 4.15.0+ #96 [ 191.486761] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 191.488071] Workqueue: events pcpu_balance_workfn [ 191.488821] Call Trace: [ 191.489299] dump_stack+0x175/0x225 [ 191.490590] panic+0x22a/0x4be [ 191.493061] out_of_memory.cold.31+0x20/0x21 [ 191.496380] __alloc_pages_slowpath+0x1d98/0x28a0 [ 191.503616] __alloc_pages_nodemask+0x89c/0xc60 [ 191.507876] pcpu_populate_chunk+0x1fd/0x9b0 [ 191.510114] pcpu_balance_workfn+0x1019/0x1450 [ 191.517804] process_one_work+0x9d5/0x1460 [ 191.522714] worker_thread+0x1cc/0x1410 [ 191.529319] kthread+0x304/0x3c0 The original message with attachments is here: https://groups.google.com/d/msg/syzkaller-bugs/Km3xEZu9zzU/rO-7XuwZAgAJ > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+adb03f3f0bb57ce3acda@syzkaller.appspotmail.com > It will help syzbot understand when the bug is fixed. See footer for > details. > If you forward the report, please keep this part and the footer. > > > > --- > This bug is generated by a dumb bot. It may contain errors. > See https://goo.gl/tpsmEJ for details. > Direct all questions to syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. > If you forgot to add the Reported-by tag, once the fix for this bug is > merged > into any tree, please reply to this email with: > #syz fix: exact-commit-title > If you want to test a patch for this bug, please reply with: > #syz test: git://repo/address.git branch > and provide the patch inline or as an attachment. > To mark this as a duplicate of another syzbot report, please reply with: > #syz dup: exact-subject-of-another-report > If it's a one-off invalid bug report, please reply with: > #syz invalid > Note: if the crash happens again, it will cause creation of a new bug > report. > Note: all commands must start from beginning of the line in the email body. > > -- > You received this message because you are subscribed to the Google Groups > "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/syzkaller-bugs/001a113f8734783e94056505f8fd%40google.com. > For more options, visit https://groups.google.com/d/optout.