syzbot


BUG: soft lockup in pipe_read

Status: upstream: reported syz repro on 2024/01/25 02:05
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+8b31216d2ea3f2c6905b@syzkaller.appspotmail.com
First crash: 83d, last: 83d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [fs?] BUG: soft lockup in pipe_read 0 (1) 2024/01/25 02:05
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in pipe_read (2) kasan mm 1 669d 669d 0/26 auto-closed as invalid on 2022/09/12 02:39
Last patch testing requests (1)
Created Duration User Patch Repo Result
2024/02/05 20:25 18m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log

Sample crash report:
watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [syz-execprog:6302]
Modules linked in:
irq event stamp: 9320
hardirqs last  enabled at (9319): [<ffff800080031c54>] local_daif_restore+0x1c/0x3c arch/arm64/include/asm/daifflags.h:75
hardirqs last disabled at (9320): [<ffff80008a82ca9c>] __el1_irq arch/arm64/kernel/entry-common.c:499 [inline]
hardirqs last disabled at (9320): [<ffff80008a82ca9c>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:517
softirqs last  enabled at (9314): [<ffff80008003144c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (9312): [<ffff800080031418>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 0 PID: 6302 Comm: syz-execprog Not tainted 6.7.0-rc8-syzkaller-g0802e17d9aca #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : access_ok arch/arm64/include/asm/uaccess.h:46 [inline]
pc : copy_to_user_iter lib/iov_iter.c:22 [inline]
pc : iterate_ubuf include/linux/iov_iter.h:29 [inline]
pc : iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
pc : iterate_and_advance include/linux/iov_iter.h:271 [inline]
pc : _copy_to_iter+0x1b0/0x1500 lib/iov_iter.c:186
lr : copy_to_user_iter lib/iov_iter.c:20 [inline]
lr : iterate_ubuf include/linux/iov_iter.h:29 [inline]
lr : iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
lr : iterate_and_advance include/linux/iov_iter.h:271 [inline]
lr : _copy_to_iter+0x190/0x1500 lib/iov_iter.c:186
sp : ffff8000977276c0
x29: ffff8000977277f0 x28: dfff800000000000 x27: ffff700012ee4ee8
x26: 1ffff00012ee4f77 x25: 000000400156f5f0 x24: ffff0000ccf41e2c
x23: ffff800097727bb8 x22: ffff0000ccf41e00 x21: 0000000000000000
x20: 0000000000000001 x19: ffff800097727bc8 x18: 0000000000000000
x17: 0000000000000000 x16: ffff80008a830fdc x15: 0000000000000001
x14: 0000000000000000 x13: 0000000000000004 x12: ffff0000ccf41e00
x11: 0000000000ff0100 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000000 x7 : ffff8000808bc19c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
 access_ok arch/arm64/include/asm/uaccess.h:46 [inline]
 copy_to_user_iter lib/iov_iter.c:22 [inline]
 iterate_ubuf include/linux/iov_iter.h:29 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:245 [inline]
 iterate_and_advance include/linux/iov_iter.h:271 [inline]
 _copy_to_iter+0x1b0/0x1500 lib/iov_iter.c:186
 copy_page_to_iter+0x200/0x2f8 lib/iov_iter.c:381
 pipe_read+0x454/0xfe0 fs/pipe.c:337
 call_read_iter include/linux/fs.h:2014 [inline]
 new_sync_read fs/read_write.c:389 [inline]
 vfs_read+0x5b4/0x8a4 fs/read_write.c:470
 ksys_read+0x15c/0x26c fs/read_write.c:613
 __do_sys_read fs/read_write.c:623 [inline]
 __se_sys_read fs/read_write.c:621 [inline]
 __arm64_sys_read+0x7c/0x90 fs/read_write.c:621
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 6211 Comm: udevd Not tainted 6.7.0-rc8-syzkaller-g0802e17d9aca #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]
pc : __do_softirq+0x1c0/0xce4 kernel/softirq.c:537
lr : __do_softirq+0x1bc/0xce4 kernel/softirq.c:537
sp : ffff800080017f20
x29: ffff800080017f90 x28: ffff0000d8c25a00 x27: ffff800097267b20
x26: ffff80008e45a500 x25: ffff0000d8c25a08 x24: dfff800000000000
x23: ffff0000d8c25a00 x22: ffff0001b4166500 x21: ffff0001b4152c6c
x20: 0000000000000186 x19: ffff0001b4166500 x18: 0000000000000000
x17: ffff800125d0c000 x16: ffff800080318564 x15: 0000000000000001
x14: ffff80008e4f0448 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000000100 x10: 0000000000000003 x9 : 0000000000000000
x8 : 000000000002bea4 x7 : ffff8000804272d4 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000003 x1 : ffff80008a99d720 x0 : ffff800125d0c000
Call trace:
 __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]
 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]
 __do_softirq+0x1c0/0xce4 kernel/softirq.c:537
 ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
 call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:886
 do_softirq_own_stack+0x20/0x2c arch/arm64/kernel/irq.c:86
 invoke_softirq kernel/softirq.c:434 [inline]
 __irq_exit_rcu+0x1d8/0x434 kernel/softirq.c:632
 irq_exit_rcu+0x14/0x84 kernel/softirq.c:644
 __el1_irq arch/arm64/kernel/entry-common.c:503 [inline]
 el1_interrupt+0x38/0x68 arch/arm64/kernel/entry-common.c:517
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:522
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:591
 __daif_local_irq_restore arch/arm64/include/asm/irqflags.h:176 [inline]
 arch_local_irq_restore arch/arm64/include/asm/irqflags.h:196 [inline]
 seqcount_lockdep_reader_access+0xe0/0x100 include/linux/seqlock.h:104
 read_seqbegin include/linux/seqlock.h:847 [inline]
 read_seqbegin_or_lock include/linux/seqlock.h:1151 [inline]
 prepend_path+0xd8/0xaf8 fs/d_path.c:166
 d_absolute_path+0x13c/0x27c fs/d_path.c:234
 tomoyo_get_absolute_path security/tomoyo/realpath.c:101 [inline]
 tomoyo_realpath_from_path+0x24c/0x4cc security/tomoyo/realpath.c:271
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x218/0x588 security/tomoyo/file.c:822
 tomoyo_inode_getattr+0x28/0x38 security/tomoyo/tomoyo.c:122
 security_inode_getattr+0xd8/0x124 security/security.c:2153
 vfs_getattr fs/stat.c:173 [inline]
 vfs_statx+0x184/0x420 fs/stat.c:248
 vfs_fstatat+0x118/0x25c fs/stat.c:299
 __do_sys_newfstatat fs/stat.c:463 [inline]
 __se_sys_newfstatat fs/stat.c:457 [inline]
 __arm64_sys_newfstatat+0x104/0x184 fs/stat.c:457
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/21 01:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 0802e17d9aca 9bd8dcda .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: soft lockup in pipe_read
* Struck through repros no longer work on HEAD.