Re: WARNING in rcu_process_callbacks

From: Thomas Gleixner
Date: Sat Dec 23 2017 - 14:37:38 EST

Next message: SF Markus Elfring: "[PATCH] pinctrl: at91: Delete an error message for a failed memory allocation in at91_pinctrl_mux_mask()"
Previous message: Thomas Gleixner: "[GIT pull] x86/pti: Preparatory changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 23 Dec 2017, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on 6084b576dca2e898f5c101baef151f7bfdbb606d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> RBP: 00007f50826f4a90 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
> R13: 00007f50826f4bc8 R14: 00000000004b75bb R15: 0000000000000000
> WARNING: CPU: 0 PID: 7719 at kernel/rcu/tree.c:2714 arch_local_irq_disable
> arch/x86/include/asm/paravirt.h:772 [inline]

So the only thing which triggers a BUG in that code is the paravirt stuff

#define PVOP_TEST_NULL(op) BUG_ON(op == NULL)

Your config has PARAVIRT_DEBUG=y

So this is again something which got executed before a gazillion of times
and then something becomes NULL. In this case it's pv_irq_ops.irq_disable

I've seen such unexplainable NULL pointers in quite some sysbot bug reports
lately. The irq_desc->irq_data.common issue is more or less the same
problem. This really stinks like a stray pointer.

Thanks,

tglx

Next message: SF Markus Elfring: "[PATCH] pinctrl: at91: Delete an error message for a failed memory allocation in at91_pinctrl_mux_mask()"
Previous message: Thomas Gleixner: "[GIT pull] x86/pti: Preparatory changes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]