syzbot

 sign-in | mailing list | source | docs
🐞 Open [120] 🐞 Fixed [1] 🐞 Invalid [36] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: scheduling while atomic in unlink_anon_vmas

Status: upstream: reported C repro on 2024/03/21 21:06
Bug presence: origin:lts
[Documentation on labels]
Reported-by: syzbot+a65f9b622c7c6ff70866@syzkaller.appspotmail.com
First crash: 46d, last: 32d
Bug presence (2)
Date Name Commit Repro Result
2024/03/21 lts (merge base) 883d1a956208 C [report] BUG: scheduling while atomic in exit_to_user_mode_loop
2024/04/04 upstream (ToT) c85af715cac0 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-15 BUG: scheduling while atomic in unlink_anon_vmas origin:lts C 1 14d 14d 0/2 upstream: reported C repro on 2024/04/22 04:42
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/04/18 10:13 6m retest repro android14-6.1 report log
2024/04/18 09:23 25m retest repro android14-6.1 report log

Sample crash report:
BUG: scheduling while atomic: syz-executor351/320/0x00000002
Modules linked in:
Preemption disabled at:
[<ffffffff81586e73>] rwsem_write_trylock+0x93/0x290 kernel/locking/rwsem.c:264
CPU: 0 PID: 320 Comm: syz-executor351 Not tainted 6.1.75-syzkaller-00120-gebcdb9dc211f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
 dump_stack+0x15/0x1b lib/dump_stack.c:113
 __schedule_bug+0x195/0x260 kernel/sched/core.c:5960
 schedule_debug kernel/sched/core.c:5987 [inline]
 __schedule+0xcf7/0x1550 kernel/sched/core.c:6622
 schedule+0xc3/0x180 kernel/sched/core.c:6805
 rwsem_down_write_slowpath+0xddf/0x20a0 kernel/locking/rwsem.c:1227
 __down_write_common kernel/locking/rwsem.c:1357 [inline]
 __down_write kernel/locking/rwsem.c:1366 [inline]
 down_write+0x21/0x30 kernel/locking/rwsem.c:1619
 lock_anon_vma_root mm/rmap.c:253 [inline]
 unlink_anon_vmas+0xf0/0x5b0 mm/rmap.c:410
 free_pgtables+0x4af/0x660 mm/memory.c:441
 exit_mmap+0x415/0x940 mm/mmap.c:3341
 __mmput+0x95/0x310 kernel/fork.c:1298
 mmput+0x56/0x170 kernel/fork.c:1321
 exit_mm kernel/exit.c:566 [inline]
 do_exit+0xb29/0x2b80 kernel/exit.c:862
 do_group_exit+0x21a/0x2d0 kernel/exit.c:1025
 __do_sys_exit_group kernel/exit.c:1036 [inline]
 __se_sys_exit_group kernel/exit.c:1034 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1034
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f9e8eeac039
Code: Unable to access opcode bytes at 0x7f9e8eeac00f.
RSP: 002b:00007ffe0d2754b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9e8eeac039
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f9e8ef282b0 R08: ffffffffffffffb8 R09: 00000000000000a0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9e8ef282b0
R13: 0000000000000000 R14: 00007f9e8ef28d20 R15: 00007f9e8ee7d1d0
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/04 08:53 android14-6.1 ebcdb9dc211f 51c4dcff .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-android-6-1-perf BUG: scheduling while atomic in unlink_anon_vmas
2024/03/21 21:04 android14-6.1 b75112544779 7a239ce7 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-android-6-1 BUG: scheduling while atomic in unlink_anon_vmas
* Struck through repros no longer work on HEAD.