[syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2)

[syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2)

[syzbot]

Hello,

syzbot found the following issue on:

HEAD commit:    feffde684ac2 Merge tag 'for-6.13-rc1-tag' of git://git.ker..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10b08020580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=50c7a61469ce77e7
dashboard link: https://syzkaller.appspot.com/bug?extid=882589c97d51a9de68eb
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e8a8df980000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3bb09093023b/disk-feffde68.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9e37e48dc48a/vmlinux-feffde68.xz
kernel image: https://storage.googleapis.com/syzbot-assets/36b46b3a6421/bzImage-feffde68.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	(detected by 0, t=17825 jiffies, g=10505, q=929 ncpus=2)
rcu: All QSes seen, last rcu_preempt kthread activity 11791 (4294964533-4294952742), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 11791 jiffies! g10505 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:25784 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x1850/0x4c30 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6848
 schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6002 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__sanitizer_cov_trace_cmp8+0x0/0x90 kernel/kcov.c:293
Code: 10 48 89 74 0a 18 4c 89 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 4c 8b 04 24 65 48 8b 0c 25 00 d6 03 00 65 8b 05 70 61
RSP: 0018:ffffc90000a18c98 EFLAGS: 00000046
RAX: ffffffff8bcbfbf7 RBX: ffff88805d8d6340 RCX: ffff88803141bc00
RDX: 0000000000010000 RSI: ffff88805d8d6340 RDI: ffff88805d8d6340
RBP: 1ffff1100bb1ac68 R08: ffffffff818d04c0 R09: 1ffffffff20328be
R10: dffffc0000000000 R11: fffffbfff20328bf R12: ffff8880b872c9d0
R13: ffff8880b872c9d0 R14: ffff88805d8d6340 R15: ffff88805d8d6340
FS:  000055557e00b500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f29e4db6bd0 CR3: 00000000622f2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 timerqueue_add+0x4b/0x290 lib/timerqueue.c:38
 enqueue_hrtimer+0x1b2/0x3c0 kernel/time/hrtimer.c:1084
 __run_hrtimer kernel/time/hrtimer.c:1756 [inline]
 __hrtimer_run_queues+0x6cb/0xd30 kernel/time/hrtimer.c:1803
 hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1865
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:mas_wr_store_type+0x2a/0x16c0 lib/maple_tree.c:4212
Code: 55 41 57 41 56 41 55 41 54 53 48 81 ec c8 00 00 00 49 89 fe 49 bc 00 00 00 00 00 fc ff df e8 ad 78 d8 f5 4c 89 f0 48 c1 e8 03 <48> 89 84 24 80 00 00 00 42 80 3c 20 00 74 08 4c 89 f7 e8 5f 60 43
RSP: 0018:ffffc900031174c0 EFLAGS: 00000a02
RAX: 1ffff92000622ec4 RBX: 0000000000000000 RCX: ffff88803141bc00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003117620
RBP: ffffc900031176f0 R08: ffffffff8bc6b87c R09: ffffffff8bc761f0
R10: 0000000000000005 R11: ffff88803141bc00 R12: dffffc0000000000
R13: ffffc90003117620 R14: ffffc90003117620 R15: dffffc0000000000
 mas_preallocate+0x27d/0x8d0 lib/maple_tree.c:5540
 vma_iter_prealloc mm/vma.h:349 [inline]
 __mmap_new_vma mm/vma.c:2349 [inline]
 __mmap_region+0x1b89/0x2cd0 mm/vma.c:2456
 mmap_region+0x1d0/0x2c0 mm/mmap.c:1347
 do_mmap+0x8f0/0x1000 mm/mmap.c:496
 vm_mmap_pgoff+0x1dd/0x3d0 mm/util.c:580
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa71757ff53
Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
RSP: 002b:00007ffedb7e9bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: fffffffffffff000 RCX: 00007fa71757ff53
RDX: 0000000000000000 RSI: 0000000000801000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffedb7e9c30
R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Re: [syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2)

[Liam R. Howlett]

* syzbot <syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com> [241209 04:12]:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    feffde684ac2 Merge tag 'for-6.13-rc1-tag' of git://git.ker..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=10b08020580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=50c7a61469ce77e7
> dashboard link: https://syzkaller.appspot.com/bug?extid=882589c97d51a9de68eb
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e8a8df980000

Check hot fixes in case this is related to known issues.

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable

> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/3bb09093023b/disk-feffde68.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/9e37e48dc48a/vmlinux-feffde68.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/36b46b3a6421/bzImage-feffde68.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com
> 
> rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> rcu: 	(detected by 0, t=17825 jiffies, g=10505, q=929 ncpus=2)
> rcu: All QSes seen, last rcu_preempt kthread activity 11791 (4294964533-4294952742), jiffies_till_next_fqs=1, root ->qsmask 0x0
> rcu: rcu_preempt kthread starved for 11791 jiffies! g10505 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
> rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
> rcu: RCU grace-period kthread stack dump:
> task:rcu_preempt     state:R  running task     stack:25784 pid:17    tgid:17    ppid:2      flags:0x00004000
> Call Trace:
>  <TASK>
>  context_switch kernel/sched/core.c:5369 [inline]
>  __schedule+0x1850/0x4c30 kernel/sched/core.c:6756
>  __schedule_loop kernel/sched/core.c:6833 [inline]
>  schedule+0x14b/0x320 kernel/sched/core.c:6848
>  schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
>  rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
>  rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
>  kthread+0x2f0/0x390 kernel/kthread.c:389
>  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
>  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>  </TASK>
> rcu: Stack dump where RCU GP kthread last ran:
> Sending NMI from CPU 0 to CPUs 1:
> NMI backtrace for cpu 1
> CPU: 1 UID: 0 PID: 6002 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
> RIP: 0010:__sanitizer_cov_trace_cmp8+0x0/0x90 kernel/kcov.c:293
> Code: 10 48 89 74 0a 18 4c 89 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 4c 8b 04 24 65 48 8b 0c 25 00 d6 03 00 65 8b 05 70 61
> RSP: 0018:ffffc90000a18c98 EFLAGS: 00000046
> RAX: ffffffff8bcbfbf7 RBX: ffff88805d8d6340 RCX: ffff88803141bc00
> RDX: 0000000000010000 RSI: ffff88805d8d6340 RDI: ffff88805d8d6340
> RBP: 1ffff1100bb1ac68 R08: ffffffff818d04c0 R09: 1ffffffff20328be
> R10: dffffc0000000000 R11: fffffbfff20328bf R12: ffff8880b872c9d0
> R13: ffff8880b872c9d0 R14: ffff88805d8d6340 R15: ffff88805d8d6340
> FS:  000055557e00b500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f29e4db6bd0 CR3: 00000000622f2000 CR4: 00000000003526f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  <NMI>
>  </NMI>
>  <IRQ>
>  timerqueue_add+0x4b/0x290 lib/timerqueue.c:38
>  enqueue_hrtimer+0x1b2/0x3c0 kernel/time/hrtimer.c:1084
>  __run_hrtimer kernel/time/hrtimer.c:1756 [inline]
>  __hrtimer_run_queues+0x6cb/0xd30 kernel/time/hrtimer.c:1803
>  hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1865
>  local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
>  __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
>  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
>  sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
>  </IRQ>
>  <TASK>
>  asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
> RIP: 0010:mas_wr_store_type+0x2a/0x16c0 lib/maple_tree.c:4212
> Code: 55 41 57 41 56 41 55 41 54 53 48 81 ec c8 00 00 00 49 89 fe 49 bc 00 00 00 00 00 fc ff df e8 ad 78 d8 f5 4c 89 f0 48 c1 e8 03 <48> 89 84 24 80 00 00 00 42 80 3c 20 00 74 08 4c 89 f7 e8 5f 60 43
> RSP: 0018:ffffc900031174c0 EFLAGS: 00000a02
> RAX: 1ffff92000622ec4 RBX: 0000000000000000 RCX: ffff88803141bc00
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003117620
> RBP: ffffc900031176f0 R08: ffffffff8bc6b87c R09: ffffffff8bc761f0
> R10: 0000000000000005 R11: ffff88803141bc00 R12: dffffc0000000000
> R13: ffffc90003117620 R14: ffffc90003117620 R15: dffffc0000000000
>  mas_preallocate+0x27d/0x8d0 lib/maple_tree.c:5540
>  vma_iter_prealloc mm/vma.h:349 [inline]
>  __mmap_new_vma mm/vma.c:2349 [inline]
>  __mmap_region+0x1b89/0x2cd0 mm/vma.c:2456
>  mmap_region+0x1d0/0x2c0 mm/mmap.c:1347
>  do_mmap+0x8f0/0x1000 mm/mmap.c:496
>  vm_mmap_pgoff+0x1dd/0x3d0 mm/util.c:580
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7fa71757ff53
> Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
> RSP: 002b:00007ffedb7e9bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
> RAX: ffffffffffffffda RBX: fffffffffffff000 RCX: 00007fa71757ff53
> RDX: 0000000000000000 RSI: 0000000000801000 RDI: 0000000000000000
> RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
> R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffedb7e9c30
> R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
>  </TASK>
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> 
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
> 
> If you want syzbot to run the reproducer, reply with:
> #syz test: git://repo/address.git branch-or-commit-hash
> If you attach or paste a git patch, syzbot will apply it before testing.
> 
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
> 
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
> 
> If you want to undo deduplication, reply with:
> #syz undup

Re: [syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2)

[syzbot]

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: rcu detected stall in corrupted

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	(detected by 0, t=12997 jiffies, g=15009, q=2022 ncpus=2)
rcu: All QSes seen, last rcu_preempt kthread activity 12997 (4294963490-4294950493), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 12997 jiffies! g15009 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:25624 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x1850/0x4c30 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6848
 schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 6541 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00172-g6e165f544379 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5853
Code: 2b 00 74 08 4c 89 f7 e8 8a 0a 8b 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc900042ff080 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff9200085fe1c RCX: ffff888025bf8ad8
RDX: dffffc0000000000 RSI: ffffffff8c0aa9a0 RDI: ffffffff8c5f98c0
RBP: ffffc900042ff1d8 R08: ffffffff942a0887 R09: 1ffffffff2854110
R10: dffffc0000000000 R11: fffffbfff2854111 R12: 1ffff9200085fe18
R13: dffffc0000000000 R14: ffffc900042ff0e0 R15: 0000000000000246
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe0e0053440 CR3: 000000002d710000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 </IRQ>
 <TASK>
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_read_lock include/linux/rcupdate.h:849 [inline]
 page_ext_get+0x3d/0x2a0 mm/page_ext.c:525
 page_table_check_clear+0x4b/0x550 mm/page_table_check.c:74
 get_and_clear_full_ptes include/linux/pgtable.h:712 [inline]
 zap_present_folio_ptes mm/memory.c:1510 [inline]
 zap_present_ptes mm/memory.c:1595 [inline]
 do_zap_pte_range mm/memory.c:1697 [inline]
 zap_pte_range mm/memory.c:1739 [inline]
 zap_pmd_range mm/memory.c:1822 [inline]
 zap_pud_range mm/memory.c:1851 [inline]
 zap_p4d_range mm/memory.c:1872 [inline]
 unmap_page_range+0x376a/0x48d0 mm/memory.c:1893
 unmap_vmas+0x3cc/0x5f0 mm/memory.c:1983
 exit_mmap+0x288/0xd50 mm/mmap.c:1263
 __mmput+0x115/0x3c0 kernel/fork.c:1406
 exit_mm+0x220/0x310 kernel/exit.c:570
 do_exit+0x9b2/0x28e0 kernel/exit.c:925
 do_group_exit+0x207/0x2c0 kernel/exit.c:1087
 get_signal+0x16b2/0x1750 kernel/signal.c:3017
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f479f176197
Code: Unable to access opcode bytes at 0x7f479f17616d.
RSP: 002b:00007fffa52fadc0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
RAX: fffffffffffffe00 RBX: 000000000000199b RCX: 00007f479f176197
RDX: 0000000040000000 RSI: 00007fffa52fadfc RDI: 00000000ffffffff
RBP: 00007fffa52fadfc R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 00007fffa52fae80
R13: 00007fffa52fae88 R14: 0000000000000009 R15: 0000000000000000
 </TASK>


Tested on:

commit:         6e165f54 mm/page_isolation: fixup isolate_single_pageb..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable
console output: https://syzkaller.appspot.com/x/log.txt?x=1571d4df980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=6da4e19788a025a7
dashboard link: https://syzkaller.appspot.com/bug?extid=882589c97d51a9de68eb
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Note: no patches were applied.

Re: [syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2)

[Liam R. Howlett]

* syzbot <syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com> [241209 21:48]:
> Hello,
> 
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> INFO: rcu detected stall in corrupted
> 
> rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> rcu: 	(detected by 0, t=12997 jiffies, g=15009, q=2022 ncpus=2)
> rcu: All QSes seen, last rcu_preempt kthread activity 12997 (4294963490-4294950493), jiffies_till_next_fqs=1, root ->qsmask 0x0
> rcu: rcu_preempt kthread starved for 12997 jiffies! g15009 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
> rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
> rcu: RCU grace-period kthread stack dump:
> task:rcu_preempt     state:R  running task     stack:25624 pid:17    tgid:17    ppid:2      flags:0x00004000
> Call Trace:
>  <TASK>
>  context_switch kernel/sched/core.c:5369 [inline]
>  __schedule+0x1850/0x4c30 kernel/sched/core.c:6756
>  __schedule_loop kernel/sched/core.c:6833 [inline]
>  schedule+0x14b/0x320 kernel/sched/core.c:6848
>  schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
>  rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
>  rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
>  kthread+0x2f0/0x390 kernel/kthread.c:389
>  ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
>  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>  </TASK>
> rcu: Stack dump where RCU GP kthread last ran:
> CPU: 0 UID: 0 PID: 6541 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00172-g6e165f544379 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
> RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5853
> Code: 2b 00 74 08 4c 89 f7 e8 8a 0a 8b 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
> RSP: 0018:ffffc900042ff080 EFLAGS: 00000206
> RAX: 0000000000000001 RBX: 1ffff9200085fe1c RCX: ffff888025bf8ad8
> RDX: dffffc0000000000 RSI: ffffffff8c0aa9a0 RDI: ffffffff8c5f98c0
> RBP: ffffc900042ff1d8 R08: ffffffff942a0887 R09: 1ffffffff2854110
> R10: dffffc0000000000 R11: fffffbfff2854111 R12: 1ffff9200085fe18
> R13: dffffc0000000000 R14: ffffc900042ff0e0 R15: 0000000000000246
> FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007fe0e0053440 CR3: 000000002d710000 CR4: 00000000003526f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  <IRQ>
>  </IRQ>
>  <TASK>
>  rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
>  rcu_read_lock include/linux/rcupdate.h:849 [inline]
>  page_ext_get+0x3d/0x2a0 mm/page_ext.c:525
>  page_table_check_clear+0x4b/0x550 mm/page_table_check.c:74
>  get_and_clear_full_ptes include/linux/pgtable.h:712 [inline]
>  zap_present_folio_ptes mm/memory.c:1510 [inline]
>  zap_present_ptes mm/memory.c:1595 [inline]
>  do_zap_pte_range mm/memory.c:1697 [inline]
>  zap_pte_range mm/memory.c:1739 [inline]
>  zap_pmd_range mm/memory.c:1822 [inline]
>  zap_pud_range mm/memory.c:1851 [inline]
>  zap_p4d_range mm/memory.c:1872 [inline]
>  unmap_page_range+0x376a/0x48d0 mm/memory.c:1893
>  unmap_vmas+0x3cc/0x5f0 mm/memory.c:1983
>  exit_mmap+0x288/0xd50 mm/mmap.c:1263
>  __mmput+0x115/0x3c0 kernel/fork.c:1406
>  exit_mm+0x220/0x310 kernel/exit.c:570
>  do_exit+0x9b2/0x28e0 kernel/exit.c:925
>  do_group_exit+0x207/0x2c0 kernel/exit.c:1087
>  get_signal+0x16b2/0x1750 kernel/signal.c:3017
>  arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
>  exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
>  exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
>  __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
>  syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
>  do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7f479f176197
> Code: Unable to access opcode bytes at 0x7f479f17616d.
> RSP: 002b:00007fffa52fadc0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
> RAX: fffffffffffffe00 RBX: 000000000000199b RCX: 00007f479f176197
> RDX: 0000000040000000 RSI: 00007fffa52fadfc RDI: 00000000ffffffff
> RBP: 00007fffa52fadfc R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000293 R12: 00007fffa52fae80
> R13: 00007fffa52fae88 R14: 0000000000000009 R15: 0000000000000000
>  </TASK>

This stack trace is significantly different than the one pointing to
maple tree code.  It rules out the vma tree being the issue as we are
now being interrupted in page table clean up.  It doesn't rule out the
tree checking taking too long and causing a timeout.

A C reproducer would help, so hopefully one will be produced by the bot.

Thanks,
Liam

Re: [syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2)

[syzbot]

syzbot has bisected this issue to:

commit 5a781ccbd19e4664babcbe4b4ead7aa2b9283d22
Author: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Date:   Sat Sep 29 00:59:43 2018 +0000

    tc: Add support for configuring the taprio scheduler

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=117df818580000
start commit:   feffde684ac2 Merge tag 'for-6.13-rc1-tag' of git://git.ker..
git tree:       upstream
final oops:     https://syzkaller.appspot.com/x/report.txt?x=137df818580000
console output: https://syzkaller.appspot.com/x/log.txt?x=157df818580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=50c7a61469ce77e7
dashboard link: https://syzkaller.appspot.com/bug?extid=882589c97d51a9de68eb
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e8a8df980000

Reported-by: syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com
Fixes: 5a781ccbd19e ("tc: Add support for configuring the taprio scheduler")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Re: [syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2)

[Liam R. Howlett]

* syzbot <syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com> [250102 19:47]:
> syzbot has bisected this issue to:
> 
> commit 5a781ccbd19e4664babcbe4b4ead7aa2b9283d22
> Author: Vinicius Costa Gomes <vinicius.gomes@intel.com>
> Date:   Sat Sep 29 00:59:43 2018 +0000
> 
>     tc: Add support for configuring the taprio scheduler
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=117df818580000
> start commit:   feffde684ac2 Merge tag 'for-6.13-rc1-tag' of git://git.ker..
> git tree:       upstream
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=137df818580000
> console output: https://syzkaller.appspot.com/x/log.txt?x=157df818580000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=50c7a61469ce77e7
> dashboard link: https://syzkaller.appspot.com/bug?extid=882589c97d51a9de68eb
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e8a8df980000
> 
> Reported-by: syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com
> Fixes: 5a781ccbd19e ("tc: Add support for configuring the taprio scheduler")
> 
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> 

This looks wrong, if this is a bug (which looks like it is since it has
a syzbot reproducer?), then it's different than the previous two reports
and probably not related.


Vinicius,

Looking at the patch, it seems you missed some users of -1 vs
TAPRIO_ALL_GATES_OPEN in taprio_peek().  The comment in taprio_dequeue()
is useful - maybe the gate_mask rcu lock/unlock could be a function and
have that comment live in a static inline function?

Thanks,
Liam

Re: [syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2)

[Hillf Danton]

On Fri, 3 Jan 2025 10:20:34 -0500 "Liam R. Howlett" <Liam.Howlett@oracle.com>
> * syzbot <syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com> [250102 19:47]:
> > syzbot has bisected this issue to:
> > 
> > commit 5a781ccbd19e4664babcbe4b4ead7aa2b9283d22
> > Author: Vinicius Costa Gomes <vinicius.gomes@intel.com>
> > Date:   Sat Sep 29 00:59:43 2018 +0000
> > 
> >     tc: Add support for configuring the taprio scheduler
> > 
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=117df818580000
> > start commit:   feffde684ac2 Merge tag 'for-6.13-rc1-tag' of git://git.ker..
> > git tree:       upstream
> > final oops:     https://syzkaller.appspot.com/x/report.txt?x=137df818580000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=157df818580000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=50c7a61469ce77e7
> > dashboard link: https://syzkaller.appspot.com/bug?extid=882589c97d51a9de68eb
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10e8a8df980000
> > 
> > Reported-by: syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com
> > Fixes: 5a781ccbd19e ("tc: Add support for configuring the taprio scheduler")
> > 
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> > 
> 
> This looks wrong, if this is a bug (which looks like it is since it has
> a syzbot reproducer?), then it's different than the previous two reports
> and probably not related.
> 
In case you missed it, take a look at
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb66df20a720

> 
> Vinicius,
> 
> Looking at the patch, it seems you missed some users of -1 vs
> TAPRIO_ALL_GATES_OPEN in taprio_peek().  The comment in taprio_dequeue()
> is useful - maybe the gate_mask rcu lock/unlock could be a function and
> have that comment live in a static inline function?
> 
> Thanks,
> Liam