syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in pie_timer

Status: upstream: reported C repro on 2019/09/09 01:30
Reported-by: syzbot+0a0c3fe5b56362824f8c@syzkaller.appspotmail.com
First crash: 1939d, last: 841d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in pie_timer (5) net 2 1136d 1139d 0/28 closed as invalid on 2022/02/08 10:00
upstream INFO: rcu detected stall in pie_timer (4) net 1 1316d 1316d 0/28 auto-closed as invalid on 2021/08/22 00:34
upstream INFO: rcu detected stall in pie_timer (2) net 2 1898d 1902d 0/28 auto-closed as invalid on 2020/01/18 03:16
upstream INFO: rcu detected stall in pie_timer net C 19 1903d 1938d 13/28 fixed on 2019/10/15 23:40
upstream INFO: rcu detected stall in pie_timer (3) net 4 1575d 1644d 0/28 auto-closed as invalid on 2020/12/06 09:21
Fix bisection attempts (20)
Created Duration User Patch Repo Result
2022/01/22 10:44 17m bisect fix linux-4.19.y error job log
2021/09/25 14:42 37m bisect fix linux-4.19.y OK (0) job log log
2021/08/26 14:10 31m bisect fix linux-4.19.y OK (0) job log log
2021/07/27 13:16 29m bisect fix linux-4.19.y OK (0) job log log
2021/06/27 12:44 31m bisect fix linux-4.19.y OK (0) job log log
2021/05/28 12:11 33m bisect fix linux-4.19.y OK (0) job log log
2021/04/28 11:40 31m bisect fix linux-4.19.y OK (0) job log log
2021/03/29 10:31 32m bisect fix linux-4.19.y OK (0) job log log
2021/02/27 09:10 34m bisect fix linux-4.19.y OK (0) job log log
2020/12/30 09:23 29m bisect fix linux-4.19.y OK (0) job log log
2020/11/30 08:48 34m bisect fix linux-4.19.y OK (0) job log log
2020/10/31 08:16 32m bisect fix linux-4.19.y OK (0) job log log
2020/10/01 07:41 34m bisect fix linux-4.19.y OK (0) job log log
2020/06/09 20:00 33m bisect fix linux-4.19.y OK (0) job log log
2020/05/10 19:23 33m bisect fix linux-4.19.y OK (0) job log log
2020/04/10 18:50 32m bisect fix linux-4.19.y OK (0) job log log
2020/03/11 18:14 35m bisect fix linux-4.19.y OK (0) job log log
2020/02/10 17:27 33m bisect fix linux-4.19.y OK (0) job log log
2020/01/11 11:52 36m bisect fix linux-4.19.y OK (0) job log log
2019/12/12 11:14 33m bisect fix linux-4.19.y OK (0) job log log

Sample crash report:
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [syz-executor358:20725]
Modules linked in:
irq event stamp: 8300853
hardirqs last  enabled at (8300852): [<ffffffff881950e9>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (8300852): [<ffffffff881950e9>] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:184
hardirqs last disabled at (8300853): [<ffffffff81003d00>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last  enabled at (25666): [<ffffffff8704a826>] inet6_fill_ifla6_attrs+0x1926/0x1df0 net/ipv6/addrconf.c:5362
softirqs last disabled at (25723): [<ffffffff813927d5>] invoke_softirq kernel/softirq.c:372 [inline]
softirqs last disabled at (25723): [<ffffffff813927d5>] irq_exit+0x215/0x260 kernel/softirq.c:412
CPU: 0 PID: 20725 Comm: syz-executor358 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa3/0xe0 kernel/locking/spinlock.c:184
Code: 48 c7 c0 88 82 f1 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 2f 48 83 3d 7c 31 d8 01 00 74 15 48 89 df 57 9d <0f> 1f 44 00 00 eb b2 e8 fb eb e6 f8 eb c0 0f 0b 0f 0b 48 c7 c7 88
RSP: 0018:ffff8880ba007bb8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3051 RBX: 0000000000000286 RCX: 1ffff11009aa6dac
RDX: dffffc0000000000 RSI: ffff88804d536d40 RDI: 0000000000000286
RBP: ffff8880ba022b40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000022b40 R14: 0000000000000000 R15: ffff8880ba022b40
FS:  00007fdb2c58f700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffa6cb9408 CR3: 0000000062b58000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __mod_timer kernel/time/timer.c:1071 [inline]
 mod_timer+0x4ea/0x1010 kernel/time/timer.c:1114
 pie_timer+0x67b/0x740 net/sched/sch_pie.c:438
 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
 __run_timers kernel/time/timer.c:1696 [inline]
 run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x215/0x260 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:generic_exec_single+0x317/0x490 kernel/smp.c:154
Code: 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 5a 01 00 00 48 83 3d 61 04 99 08 00 0f 84 db 00 00 00 e8 3e 07 0a 00 48 89 df 57 9d <0f> 1f 44 00 00 45 31 e4 e9 39 fe ff ff e8 27 07 0a 00 0f 0b e9 3a
RSP: 0018:ffff88804d53fb08 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff88804d536440 RBX: 0000000000000293 RCX: 1ffff11009aa6da2
RDX: 0000000000000000 RSI: ffffffff81587e32 RDI: 0000000000000293
RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804d53fb80
R13: ffff88804d53fc40 R14: ffffffff81767200 R15: ffff88804d53647c
 smp_call_function_single+0x1cf/0x420 kernel/smp.c:299
 task_function_call+0xe0/0x170 kernel/events/core.c:115
 perf_install_in_context+0x238/0x3c0 kernel/events/core.c:2623
 __do_sys_perf_event_open kernel/events/core.c:10924 [inline]
 __se_sys_perf_event_open+0xe5d/0x2720 kernel/events/core.c:10549
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fdb2c5de9d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fdb2c58f318 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 00007fdb2c667428 RCX: 00007fdb2c5de9d9
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000440
RBP: 00007fdb2c667420 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fdb2c634174
R13: 00007fffa6cb93af R14: 00007fdb2c58f400 R15: 0000000000022000
----------------
Code disassembly (best guess):
   0:	48 c7 c0 88 82 f1 89 	mov    $0xffffffff89f18288,%rax
   7:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
   e:	fc ff df
  11:	48 c1 e8 03          	shr    $0x3,%rax
  15:	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1)
  19:	75 2f                	jne    0x4a
  1b:	48 83 3d 7c 31 d8 01 	cmpq   $0x0,0x1d8317c(%rip)        # 0x1d8319f
  22:	00
  23:	74 15                	je     0x3a
  25:	48 89 df             	mov    %rbx,%rdi
  28:	57                   	push   %rdi
  29:	9d                   	popfq
* 2a:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1) <-- trapping instruction
  2f:	eb b2                	jmp    0xffffffe3
  31:	e8 fb eb e6 f8       	callq  0xf8e6ec31
  36:	eb c0                	jmp    0xfffffff8
  38:	0f 0b                	ud2
  3a:	0f 0b                	ud2
  3c:	48                   	rex.W
  3d:	c7                   	.byte 0xc7
  3e:	c7                   	(bad)
  3f:	88                   	.byte 0x88

Crashes (28):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/05/25 13:06 linux-4.19.y 3f8a27f9e27b 647c0e27 .config console log report syz C ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/12/23 10:44 linux-4.19.y 3f8a27f9e27b 6caa12e4 .config console log report syz C ci2-linux-4-19 BUG: soft lockup in pie_timer
2019/09/22 09:34 linux-4.19.y d573e8a79f70 d96e88f3 .config console log report syz C ci2-linux-4-19
2021/01/28 09:10 linux-4.19.y c4ff839de17f eefc07f2 .config console log report info ci2-linux-4-19 INFO: rcu detected stall in pie_timer
2022/09/10 18:17 linux-4.19.y 3f8a27f9e27b 356d8217 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2022/08/03 13:53 linux-4.19.y 3f8a27f9e27b 1c9013ac .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2022/07/27 19:33 linux-4.19.y 3f8a27f9e27b da9d0366 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2022/07/25 13:50 linux-4.19.y 3f8a27f9e27b 664c519c .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2022/06/17 11:51 linux-4.19.y 3f8a27f9e27b cb58b3b2 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2022/05/25 05:04 linux-4.19.y 3f8a27f9e27b 647c0e27 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2022/04/30 23:28 linux-4.19.y 3f8a27f9e27b 2df221f6 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2022/04/07 08:48 linux-4.19.y 3f8a27f9e27b 53c67432 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2022/03/23 19:44 linux-4.19.y 3f8a27f9e27b 5ff41e94 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/12/04 18:18 linux-4.19.y 3f8a27f9e27b a617004c .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/11/28 08:49 linux-4.19.y 3f8a27f9e27b 63eeac02 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/11/18 06:48 linux-4.19.y 3f8a27f9e27b cafff8b6 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/11/16 17:55 linux-4.19.y 3f8a27f9e27b 600426bd .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/11/11 07:00 linux-4.19.y 3f8a27f9e27b 75b04091 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/11/09 02:26 linux-4.19.y 3f8a27f9e27b 8ab17e57 .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/11/04 08:50 linux-4.19.y 3f8a27f9e27b 4c1be0be .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2021/10/23 03:34 linux-4.19.y 3f8a27f9e27b 282f03fb .config console log report info ci2-linux-4-19 BUG: soft lockup in pie_timer
2020/09/01 06:39 linux-4.19.y f6d5cb9e2c06 d5a3ae1f .config console log report ci2-linux-4-19
2020/08/10 05:22 linux-4.19.y 961f830af065 70301872 .config console log report ci2-linux-4-19
2020/07/17 08:36 linux-4.19.y 17a87580a885 54b3c45e .config console log report ci2-linux-4-19
2020/07/08 21:38 linux-4.19.y 399849e4654e 9f9845eb .config console log report ci2-linux-4-19
2019/10/16 08:26 linux-4.19.y dafd634415a7 d4ea592f .config console log report ci2-linux-4-19
2019/09/20 11:45 linux-4.19.y dbc29aff8d04 d96e88f3 .config console log report ci2-linux-4-19
2019/09/09 00:29 linux-4.19.y e7d2672c66e4 a60cb4cd .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.