syzbot

 sign-in | mailing list | source | docs
🐞 Open [134]
🐞 Fixed [69]
🐞 Invalid [292]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: soft lockup in sys_clone (4)

Status: premoderation: reported on 2026/06/07 05:26
Reported-by: syzbot+aeb59791a13c5eac3c99@syzkaller.appspotmail.com
First crash: 1d05h, last: 1d05h
Similar bugs (16)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 BUG: soft lockup in sys_clone 1 1 699d 699d 0/2 auto-obsoleted due to no activity on 2024/10/06 12:58
upstream BUG: soft lockup in sys_clone kernel 1 3 2263d 2267d 0/29 closed as invalid on 2020/05/29 21:04
android-5-10 BUG: soft lockup in sys_clone (2) 1 1 274d 274d 0/2 auto-obsoleted due to no activity on 2025/12/06 02:03
android-5-10 BUG: soft lockup in sys_clone (3) 1 1 126d 126d 0/2 auto-obsoleted due to no activity on 2026/05/02 19:39
upstream INFO: rcu detected stall in sys_clone (8) mm 1 C error 427 3d03h 801d 0/29 upstream: reported C repro on 2024/03/29 00:16
linux-5.15 INFO: rcu detected stall in sys_clone (2) missing-backport origin:upstream 1 C done 137 15h32m 803d 0/3 upstream: reported C repro on 2024/03/27 00:16
android-5-15 BUG: soft lockup in sys_clone origin:upstream 1 C error 18 635d 779d 0/2 auto-obsoleted due to no activity on 2024/12/19 12:14
linux-6.6 INFO: rcu detected stall in sys_clone 1 C done 8 215d 300d 2/2 fixed on 2025/12/06 23:11
linux-5.15 INFO: rcu detected stall in sys_clone 1 1 914d 914d 0/3 auto-obsoleted due to no activity on 2024/03/15 18:08
linux-6.1 INFO: rcu detected stall in sys_clone 1 3 1061d 1134d 0/3 auto-obsoleted due to no activity on 2023/10/20 18:18
upstream INFO: rcu detected stall in sys_clone (4) kernel 1 1 1804d 1804d 0/29 auto-closed as invalid on 2021/09/27 17:49
upstream INFO: rcu detected stall in sys_clone (6) kasan mm 1 1 1475d 1475d 0/29 auto-closed as invalid on 2022/08/23 03:28
upstream INFO: rcu detected stall in sys_clone (5) kernfs 1 5 1609d 1709d 0/29 closed as invalid on 2022/02/08 10:00
upstream INFO: rcu detected stall in sys_clone (7) fs 1 1 1210d 1210d 0/29 auto-obsoleted due to no activity on 2023/05/14 17:18
linux-6.1 INFO: rcu detected stall in sys_clone (2) origin:upstream missing-backport 1 C error 75 16h40m 809d 0/3 upstream: reported C repro on 2024/03/20 15:17
linux-6.6 INFO: rcu detected stall in sys_clone (2) 1 11 20d 181d 0/2 upstream: reported on 2025/12/09 09:13

Sample crash report:
watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [syz.7.5420:19344]
Modules linked in:
CPU: 1 PID: 19344 Comm: syz.7.5420 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:trylock_clear_pending kernel/locking/qspinlock_paravirt.h:121 [inline]
RIP: 0010:pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:435 [inline]
RIP: 0010:__pv_queued_spin_lock_slowpath+0x58f/0xb70 kernel/locking/qspinlock.c:508
Code: 42 0f b6 04 38 84 c0 0f 85 c4 01 00 00 48 8b 44 24 08 c6 00 01 41 be 00 80 ff ff eb 07 f3 90 41 ff c6 74 4b 43 0f b6 44 3d 00 <84> c0 75 2e 80 3b 00 75 ea 48 89 df be 02 00 00 00 e8 3b 52 53 00
RSP: 0018:ffffc90000c27600 EFLAGS: 00000286
RAX: 0000000000000004 RBX: ffffffff86edb780 RCX: 0000000086edb700
RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffffff86edb780
RBP: ffffc90000c276f0 R08: 0000000000000000 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff0ddb6f0 R12: ffff88823ff93000
R13: 1ffffffff0ddb6f0 R14: 00000000ffffb984 R15: dffffc0000000000
FS:  00007fc4418e36c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc442ed6540 CR3: 000000012009b000 CR4: 00000000003506a0
DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000200000000300
DR3: 0000200000000300 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:554 [inline]
 queued_spin_lock_slowpath+0x47/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock include/linux/spinlock.h:184 [inline]
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0xe4/0xf0 kernel/locking/spinlock.c:151
 spin_lock include/linux/spinlock.h:355 [inline]
 __register_sysctl_table+0x7e7/0x1250 fs/proc/proc_sysctl.c:1333
 register_net_sysctl+0x2c/0x40 net/sysctl_net.c:121
 sysctl_core_net_init+0xe1/0x140 net/core/sysctl_net_core.c:627
 ops_init+0x1ba/0x4a0 net/core/net_namespace.c:144
 setup_net+0x376/0xb60 net/core/net_namespace.c:345
 copy_net_ns+0x314/0x520 net/core/net_namespace.c:486
 create_new_namespaces+0x3a2/0x650 kernel/nsproxy.c:110
 copy_namespaces+0x1d1/0x220 kernel/nsproxy.c:179
 copy_process+0x11d3/0x3300 kernel/fork.c:2271
 kernel_clone+0x233/0x960 kernel/fork.c:2650
 __do_sys_clone kernel/fork.c:2776 [inline]
 __se_sys_clone kernel/fork.c:2760 [inline]
 __x64_sys_clone+0x198/0x210 kernel/fork.c:2760
 do_syscall_64+0x31/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fc442e88e59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc4418e2fd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007fc443101fa0 RCX: 00007fc442e88e59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000c0126080
RBP: 00007fc442f1ed6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007fc443102038 R14: 00007fc443101fa0 R15: 00007ffd2eaff338
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 19326 Comm: syz.3.5416 Tainted: G        W         syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:218 [inline]
RIP: 0010:__sanitizer_cov_trace_cmp8+0x2e/0x80 kernel/kcov.c:264
Code: 48 8b 45 08 65 48 8b 0d 90 a5 9d 7e 65 8b 15 95 a5 9d 7e f7 c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 57 83 b9 dc 0a 00 00 00 <74> 4e 8b 91 b8 0a 00 00 83 fa 03 75 43 48 8b 91 c0 0a 00 00 44 8b
RSP: 0018:ffffc90000007098 EFLAGS: 00000046
RAX: ffffffff81559577 RBX: ffff88811e77c158 RCX: ffff8881265093c0
RDX: 0000000000010103 RSI: 0000008a97ae29c0 RDI: 0000008a97ae50d0
RBP: ffffc90000007098 R08: ffffc90000006f17 R09: ffffc90000006f00
R10: dffffc0000000000 R11: fffff52000000de3 R12: 0000000000002710
R13: 0000008a97ae29c0 R14: ffff88811e77c170 R15: 0000008a97ae50d0
FS:  00007fc1ec6496c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd0ec683ff8 CR3: 00000001138c5000 CR4: 00000000003506b0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000200000000300 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 hrtimer_forward+0x107/0x2a0 kernel/time/hrtimer.c:-1
 hrtimer_forward_now include/linux/hrtimer.h:504 [inline]
 perf_swevent_hrtimer+0x4a1/0x5a0 kernel/events/core.c:10494
 __run_hrtimer kernel/time/hrtimer.c:1587 [inline]
 __hrtimer_run_queues+0x34f/0x820 kernel/time/hrtimer.c:1651
 hrtimer_interrupt+0x3a6/0xdc0 kernel/time/hrtimer.c:1713
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
 __sysvec_apic_timer_interrupt+0xfa/0x3f0 arch/x86/kernel/apic/apic.c:1112
 run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:91 [inline]
 sysvec_apic_timer_interrupt+0xba/0xe0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:pagefault_disabled_dec include/linux/uaccess.h:234 [inline]
RIP: 0010:pagefault_enable include/linux/uaccess.h:261 [inline]
RIP: 0010:clear_highpage include/linux/highmem.h:265 [inline]
RIP: 0010:kernel_init_free_pages+0x78/0xf0 mm/page_alloc.c:1287
Code: 7e 49 81 c6 10 0b 00 00 4d 89 f5 49 c1 ed 03 43 0f b6 44 3d 00 84 c0 75 42 41 ff 06 48 89 df e8 1e df c3 00 43 0f b6 44 3d 00 <84> c0 75 44 41 ff 0e bf 01 00 00 00 e8 97 29 aa ff 65 8b 05 bc b4
RSP: 0018:ffffc90000007660 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffff88816d824000 RCX: 0000000000000000
RDX: 0000000000020000 RSI: 0000000000000100 RDI: ffff88816d825000
RBP: ffffc90000007688 R08: ffffea0005b60037 R09: ffffed102db00000
R10: dffffc0000000000 R11: fffff94000b6c007 R12: 00000000000000dc
R13: 1ffff11024ca13da R14: ffff888126509ed0 R15: dffffc0000000000
 post_alloc_hook mm/page_alloc.c:2451 [inline]
 prep_new_page+0xe8/0x180 mm/page_alloc.c:2462
 get_page_from_freelist+0x223b/0x23d0 mm/page_alloc.c:4254
 __alloc_pages_nodemask+0x290/0x620 mm/page_alloc.c:5384
 __alloc_pages include/linux/gfp.h:544 [inline]
 __alloc_pages_node include/linux/gfp.h:557 [inline]
 alloc_pages_node include/linux/gfp.h:571 [inline]
 alloc_pages include/linux/gfp.h:590 [inline]
 kmalloc_order+0x4c/0x160 mm/slab_common.c:843
 kmalloc_order_trace+0x16/0x80 mm/slab_common.c:859
 kmalloc_large include/linux/slab.h:484 [inline]
 __kmalloc_track_caller+0x1d4/0x320 mm/slub.c:4534
 __kmalloc_reserve net/core/skbuff.c:144 [inline]
 pskb_expand_head+0x123/0x1110 net/core/skbuff.c:1653
 __skb_cow include/linux/skbuff.h:3276 [inline]
 skb_cow_head include/linux/skbuff.h:3310 [inline]
 gre_tap_xmit+0x3c2/0x6e0 net/ipv4/ip_gre.c:743
 __netdev_start_xmit include/linux/netdevice.h:4864 [inline]
 netdev_start_xmit include/linux/netdevice.h:4878 [inline]
 xmit_one net/core/dev.c:3608 [inline]
 dev_hard_start_xmit+0x244/0x670 net/core/dev.c:3624
 sch_direct_xmit+0x261/0x8d0 net/sched/sch_generic.c:339
 qdisc_restart net/sched/sch_generic.c:404 [inline]
 __qdisc_run+0xa4b/0x13b0 net/sched/sch_generic.c:412
 qdisc_run+0x10a/0x300 include/net/pkt_sched.h:126
 net_tx_action+0x472/0x530 net/core/dev.c:5016
 __do_softirq+0x255/0x563 kernel/softirq.c:309
 asm_call_irq_on_stack+0xf/0x20
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
 do_softirq_own_stack+0x60/0x80 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:405 [inline]
 __irq_exit_rcu+0x128/0x150 kernel/softirq.c:435
 irq_exit_rcu+0x9/0x10 kernel/softirq.c:447
 sysvec_apic_timer_interrupt+0xbf/0xe0 arch/x86/kernel/apic/apic.c:1106
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:insert_entry fs/proc/proc_sysctl.c:161 [inline]
RIP: 0010:insert_header+0x946/0xdb0 fs/proc/proc_sysctl.c:240
Code: 2e 49 83 c6 40 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 f7 e8 c0 cd d8 ff 48 89 d8 49 2b 06 <4d> 8d 74 45 00 4c 89 f0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df
RSP: 0018:ffffc900020676f0 EFLAGS: 00000206
RAX: 0000000000000300 RBX: ffff888124796350 RCX: dffffc0000000000
RDX: ffffc9000550a000 RSI: 00000000000134ce RDI: 00000000000134cf
RBP: ffffc90002067798 R08: 0000000000000000 R09: 000000001ea30e00
R10: dffffc0000000000 R11: ffffed10248f2ca1 R12: ffffffff85735120
R13: ffff888112ebc000 R14: ffff888124796040 R15: 0000000000000012
 __register_sysctl_table+0x1153/0x1250 fs/proc/proc_sysctl.c:1358
 register_net_sysctl+0x2c/0x40 net/sysctl_net.c:121
 ipv4_sysctl_init_net+0x1d7/0x3b0 net/ipv4/sysctl_net_ipv4.c:1337
 ops_init+0x1ba/0x4a0 net/core/net_namespace.c:144
 setup_net+0x376/0xb60 net/core/net_namespace.c:345
 copy_net_ns+0x314/0x520 net/core/net_namespace.c:486
 create_new_namespaces+0x3a2/0x650 kernel/nsproxy.c:110
 copy_namespaces+0x1d1/0x220 kernel/nsproxy.c:179
 copy_process+0x11d3/0x3300 kernel/fork.c:2271
 kernel_clone+0x233/0x960 kernel/fork.c:2650
 __do_sys_clone kernel/fork.c:2776 [inline]
 __se_sys_clone kernel/fork.c:2760 [inline]
 __x64_sys_clone+0x198/0x210 kernel/fork.c:2760
 do_syscall_64+0x31/0x40 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fc1edbeee59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc1ec648fd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007fc1ede67fa0 RCX: 00007fc1edbeee59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000c0126080
RBP: 00007fc1edc84d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007fc1ede68038 R14: 00007fc1ede67fa0 R15: 00007ffc3ceb91c8

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/07 05:25 android13-5.10-lts 4a079a5d30eb cc095639 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-10-perf BUG: soft lockup in sys_clone
* Struck through repros no longer work on HEAD.