syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: soft lockup in __do_munmap

Status: auto-closed as invalid on 2019/07/03 13:55
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+a8894e5dec4133f2b023@syzkaller.appspotmail.com
First crash: 2216d, last: 2216d

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
watchdog: BUG: soft lockup - CPU#0 stuck for 123s! [syz-executor4:21497]
Modules linked in:
irq event stamp: 26870
hardirqs last  enabled at (26869): [<ffffffff81007bd9>] trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (26870): [<ffffffff81007bf5>] trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last  enabled at (2278): [<ffffffff882007b2>] __do_softirq+0x7b2/0xb11 kernel/softirq.c:319
softirqs last disabled at (2197): [<ffffffff814d50a0>] invoke_softirq kernel/softirq.c:373 [inline]
softirqs last disabled at (2197): [<ffffffff814d50a0>] irq_exit+0x180/0x1d0 kernel/softirq.c:413
CPU: 0 PID: 21497 Comm: syz-executor4 Not tainted 4.20.0+ #9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:write_comp_data+0x1e/0x70 kernel/kcov.c:122
Code: 48 89 34 d1 48 89 11 5d c3 0f 1f 00 65 4c 8b 04 25 40 ee 01 00 65 8b 05 20 f8 7f 7e a9 00 01 1f 00 75 51 41 8b 80 d8 12 00 00 <83> f8 03 75 45 49 8b 80 e0 12 00 00 45 8b 80 dc 12 00 00 4c 8b 08
RSP: 0018:ffff88805e2fed08 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000002 RBX: ffffed100bc5fdbc RCX: ffffffff81757a28
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005
RBP: ffff88805e2fed10 R08: ffff88808f596200 R09: ffffed1015ce5ba9
R10: ffffed1015ce5ba8 R11: ffff8880ae72dd47 R12: dffffc0000000000
R13: 1ffff1100bc5fdac R14: 0000000000000001 R15: 1ffff1100bc5fdb3
FS:  00007f1a722e0700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2e22e000 CR3: 0000000083c25000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 csd_lock_wait kernel/smp.c:108 [inline]
 smp_call_function_single+0x288/0x660 kernel/smp.c:302
 smp_call_function_many+0x924/0xb10 kernel/smp.c:434
 on_each_cpu_mask+0x41/0x250 kernel/smp.c:634
 on_each_cpu_cond_mask+0x18e/0x240 kernel/smp.c:686
 native_flush_tlb_others+0x2d7/0x6c0 arch/x86/mm/tlb.c:712
 flush_tlb_others arch/x86/include/asm/paravirt.h:68 [inline]
 flush_tlb_mm_range+0x3c0/0x610 arch/x86/mm/tlb.c:763
 pmdp_invalidate+0x309/0x3c0 mm/pgtable-generic.c:189
 __split_huge_pmd_locked+0xc41/0x2a70 mm/huge_memory.c:2149
 __split_huge_pmd+0x51c/0xc10 mm/huge_memory.c:2263
 split_huge_pmd_address+0x231/0x2a0 mm/huge_memory.c:2304
 vma_adjust_trans_huge+0x295/0x310 mm/huge_memory.c:2320
 __vma_adjust+0x181/0x1840 mm/mmap.c:813
 vma_adjust include/linux/mm.h:2303 [inline]
 __split_vma+0x481/0x570 mm/mmap.c:2685
 __do_munmap+0xca1/0xef0 mm/mmap.c:2777
 do_munmap mm/mmap.c:2836 [inline]
 mmap_region+0x698/0x1ca0 mm/mmap.c:1729
 do_mmap+0xa09/0x1220 mm/mmap.c:1559
 do_mmap_pgoff include/linux/mm.h:2378 [inline]
 vm_mmap_pgoff+0x20b/0x2b0 mm/util.c:350
 ksys_mmap_pgoff+0x4f8/0x650 mm/mmap.c:1609
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline]
 __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91
 do_syscall_64+0x1a3/0x800 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457ec9
Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f1a722dfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
RDX: 000000000200000e RSI: 0000000000e7e000 RDI: 0000000020000000
RBP: 000000000073c040 R08: 0000000000000008 R09: 0000000000000000
R10: 0000000000000013 R11: 0000000000000246 R12: 00007f1a722e06d4
R13: 00000000004c39e5 R14: 00000000004d65c8 R15: 00000000ffffffff
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 3470 Comm: kworker/1:2 Not tainted 4.20.0+ #9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events rht_deferred_worker
RIP: 0010:__preempt_count_dec_and_test arch/x86/include/asm/preempt.h:94 [inline]
RIP: 0010:rcu_read_unlock_sched_notrace include/linux/rcupdate.h:745 [inline]
RIP: 0010:trace_lock_release include/trace/events/lock.h:58 [inline]
RIP: 0010:lock_release+0x6c0/0xc40 kernel/locking/lockdep.c:3859
Code: 48 01 d0 c6 00 00 48 8b 15 85 01 f4 08 49 89 57 c0 c6 00 f8 e8 01 da 06 00 85 c0 74 0d 80 3d 3e ab f3 08 00 0f 84 0c 02 00 00 <65> ff 0d a9 b0 9d 7e 0f 85 ce fa ff ff e8 f5 3e 9c ff e9 c4 fa ff
RSP: 0018:ffff88809a8675f8 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 1ffff1101350cec6 RCX: 1ffffffff14b7adf
RDX: 0000000000000001 RSI: 1ffff1101350ceb0 RDI: ffff88809a884d7c
RBP: ffff88809a8676f8 R08: ffff88809a884500 R09: fffffbfff14bb0d0
R10: 0000000000000000 R11: ffffffff8a5d867b R12: ffffffff8a5d8620
R13: ffffffff838fa757 R14: dffffc0000000000 R15: ffff88809a8676d0
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000008e1d5000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __mutex_unlock_slowpath+0xe9/0x870 kernel/locking/mutex.c:1197
 mutex_unlock+0xd/0x10 kernel/locking/mutex.c:713
 rht_deferred_worker+0xee7/0x1de0 lib/rhashtable.c:422
 process_one_work+0xd0c/0x1ce0 kernel/workqueue.c:2153
 worker_thread+0x143/0x14a0 kernel/workqueue.c:2296
 kthread+0x357/0x430 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/01/04 13:54 upstream 96d4f267e40f 7da23925 .config console log report ci-upstream-kasan-gce-smack-root
* Struck through repros no longer work on HEAD.