syzbot

 sign-in | mailing list | source | docs
🐞 Open [1650]
Subsystems
🐞 Fixed [6000]
🐞 Invalid [14794]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: rcu detected stall in snd_seq_timer_continue

Status: closed as invalid on 2018/02/14 13:54
Subsystems: sound
[Documentation on labels]
Reported-by: syzbot+ca64de11c0b69f702498@syzkaller.appspotmail.com
First crash: 2569d, last: 2569d

Sample crash report:
INFO: rcu_sched detected stalls on CPUs/tasks:
	0-...!: (1 ticks this GP) idle=27e/140000000000001/0 softirq=94547/94547 fqs=0 
	(detected by 1, t=125002 jiffies, g=52366, c=52365, q=307)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3542 Comm: syz-executor4 Not tainted 4.15.0-rc8+ #173
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:debug_spin_unlock kernel/locking/spinlock_debug.c:103 [inline]
RIP: 0010:do_raw_spin_unlock+0x1c7/0x300 kernel/locking/spinlock_debug.c:134
RSP: 0018:ffff8801db207a50 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: ffff8801d34dbbf0 RCX: 1ffff1003b3345cd
RDX: 1ffff1003a69b77f RSI: 0000000000000001 RDI: ffffffff868c8c88
RBP: ffff8801db207ad8 R08: ffff8801d34dbc08 R09: 1ffff1003b640f3e
R10: ffff8801db2079b8 R11: 0000000000000000 R12: 1ffff1003b640f4a
R13: ffff8801d34dbbf8 R14: ffff8801d34dbc00 R15: ffff8801db207ab0
FS:  0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f770ab40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000020e6ffd0 CR3: 00000001c2039001 CR4: 00000000001626f0
Call Trace:
 <IRQ>
 __raw_spin_unlock include/linux/spinlock_api_smp.h:151 [inline]
 _raw_spin_unlock+0x22/0x30 kernel/locking/spinlock.c:176
 spin_unlock include/linux/spinlock.h:350 [inline]
 snd_hrtimer_callback+0x9c/0x3b0 sound/core/hrtimer.c:74
 __run_hrtimer kernel/time/hrtimer.c:1211 [inline]
 __hrtimer_run_queues+0x358/0xe20 kernel/time/hrtimer.c:1275
 hrtimer_interrupt+0x1c2/0x5e0 kernel/time/hrtimer.c:1309
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1025 [inline]
 smp_apic_timer_interrupt+0x14a/0x700 arch/x86/kernel/apic/apic.c:1050
 apic_timer_interrupt+0xa9/0xb0 arch/x86/entry/entry_64.S:926
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:777 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x5e/0xba kernel/locking/spinlock.c:184
RSP: 0018:ffff8801bf89f6a0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff11
RAX: dffffc0000000000 RBX: 0000000000000282 RCX: 0000000000000000
RDX: 1ffffffff0d19175 RSI: 0000000000000001 RDI: 0000000000000282
RBP: ffff8801bf89f6b0 R08: ffff8801d4cdc198 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8801d4cdc180
R13: ffff8801d4cdc180 R14: 0000000000000002 R15: ffff8801d4cdc150
 spin_unlock_irqrestore include/linux/spinlock.h:365 [inline]
 snd_seq_timer_continue+0x1f5/0x280 sound/core/seq/seq_timer.c:434
 snd_seq_queue_process_event sound/core/seq/seq_queue.c:703 [inline]
 snd_seq_control_queue+0x2f8/0x640 sound/core/seq/seq_queue.c:759
 event_input_timer+0x25/0x30 sound/core/seq/seq_system.c:118
 snd_seq_deliver_single_event.constprop.11+0x310/0x970 sound/core/seq/seq_clientmgr.c:621
 snd_seq_deliver_event+0x189/0x870 sound/core/seq/seq_clientmgr.c:822
 snd_seq_client_enqueue_event+0x2b6/0x420 sound/core/seq/seq_clientmgr.c:940
 snd_seq_write+0x356/0x740 sound/core/seq/seq_clientmgr.c:1069
 __vfs_write+0xef/0x970 fs/read_write.c:480
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline]
 do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389
 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
RIP: 0023:0xf7f2fc79
RSP: 002b:00000000f770a08c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
RAX: ffffffffffffffda RBX: 000000000000001b RCX: 0000000020e6ffd0
RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 1e 01 00 00 48 c7 c7 88 8c 8c 86 48 b8 00 00 00 00 00 fc ff df c7 43 08 ff ff ff ff <48> 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 02 01 00 00 48 83 3d b8 
rcu_sched kthread starved for 125002 jiffies! g52366 c52365 f0x0 RCU_GP_WAIT_FQS(3) ->state=0x402 ->cpu=0
rcu_sched       I23456     8      2 0x80000000
Call Trace:
 context_switch kernel/sched/core.c:2799 [inline]
 __schedule+0x8eb/0x2060 kernel/sched/core.c:3375
 schedule+0xf5/0x430 kernel/sched/core.c:3434
 schedule_timeout+0x118/0x230 kernel/time/timer.c:1793
 rcu_gp_kthread+0x9e5/0x1930 kernel/rcu/tree.c:2314
 kthread+0x33c/0x400 kernel/kthread.c:238
 ret_from_fork+0x37/0x50 arch/x86/entry/entry_64.S:530

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/01/15 23:18 upstream a8750ddca918 e17f4a5d .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.