syzbot

 sign-in | mailing list | source | docs
🐞 Open [1506]
Subsystems
🐞 Fixed [6532]
🐞 Invalid [16677]
Missing Backports [203]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

upstream boot error: BUG: unable to handle kernel paging request in rcu_cblist_dequeue

Status: closed as invalid on 2023/05/16 10:34
Subsystems: kernel
[Documentation on labels]
First crash: 848d, last: 848d

Sample crash report:
8<--- cut here ---
Unable to handle kernel paging request at virtual address ffffffff when read
[ffffffff] *pgd=80000080007003, *pmd=deffd003, *pte=00000000
Internal error: Oops: 207 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.3.0-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at rcu_cblist_dequeue+0x28/0x3c kernel/rcu/rcu_segcblist.c:75
LR is at rcu_do_batch+0x190/0x5ec kernel/rcu/tree.c:2104
pc : [<802db7f0>]    lr : [<802d56d8>]    psr: a0000113
sp : 82601d58  ip : 82601d68  fp : 82601d64
r10: 00000100  r9 : 00000000  r8 : 82601d80
r7 : 0000000a  r6 : 81a03d14  r5 : 8261ae40  r4 : 00000001
r3 : 82601d80  r2 : 00000007  r1 : 82601d18  r0 : ffffffff
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 847d4740  DAC: fffffffd
Register r0 information: non-paged memory
Register r1 information: non-slab/vmalloc memory
Register r2 information: non-paged memory
Register r3 information: non-slab/vmalloc memory
Register r4 information: non-paged memory
Register r5 information: non-slab/vmalloc memory
Register r6 information: non-slab/vmalloc memory
Register r7 information: non-paged memory
Register r8 information: non-slab/vmalloc memory
Register r9 information: NULL pointer
Register r10 information: non-paged memory
Register r11 information: non-slab/vmalloc memory
Register r12 information: non-slab/vmalloc memory
Process swapper/0 (pid: 0, stack limit = 0x82600000)
Stack: (0x82601d58 to 0x82602000)
1d40:                                                       82601dbc 82601d68
1d60: 802d56d8 802db7d4 82601d84 dddd2f40 00000001 826f28c0 dddd2f80 00000000
1d80: ffffffff 835b9300 00000007 84dd7677 82601dbc dddd2f40 dddd2f80 8261ae40
1da0: 8260c498 00000002 826f28c0 00000001 82601dfc 82601dc0 802d6140 802d5554
1dc0: 00000001 00000000 60000113 826f28c0 00000001 826040a4 00000002 00000009
1de0: 82601ed0 00000002 00000101 8261ae40 82601e0c 82601e00 802d63fc 802d5e94
1e00: 82601e7c 82601e10 80201338 802d63f8 817f6ec0 817f6da8 04200002 82604d40
1e20: ffff8e2c 82155594 824a6344 81f8620c 0000000a 824b0280 827e15df 827e2794
1e40: 8260c498 82142fd0 824a63d0 82604080 817f6ee0 8261ae40 824b0280 8211af0c
1e60: 82601ed0 00000000 8261ae40 00000000 82601e94 82601e80 8024abf4 802011d8
1e80: 824b0264 82155594 82601ea4 82601e98 8024ae1c 8024ab30 82601ecc 82601ea8
1ea0: 817f6328 8024ae18 817f7930 20000113 ffffffff 82601f04 00000000 8261ae40
1ec0: 82601f3c 82601ed0 80200b34 817f62b8 00000000 81f9d240 000043fc 00000001
1ee0: 8261ae40 8260c498 00000000 8260c4e0 00000000 827e1666 00000000 82601f3c
1f00: 82601f10 82601f20 817f6ec0 817f7930 20000113 ffffffff 817f7924 817f6eac
1f20: 00000000 8260c498 8261ae40 8260c4e0 82601f84 82601f40 80293774 817f78f0
1f40: 8260c440 00000000 81f8620c 824af2f8 817f6ec0 84dd7677 82601f84 000000ea
1f60: 82625c7c 8260c440 00000000 8261a934 8260c440 82850000 82601f94 82601f88
1f80: 80293b00 80293500 82601fa4 82601f98 817f7c34 80293aec 82601fb4 82601fa8
1fa0: 82400bb8 817f7b64 82601ff4 82601fb8 824012f8 82400bb4 00000000 00000000
1fc0: 00000000 00000000 ffffffff 00000000 00000000 820ad6c4 82484a70 00000000
1fe0: 00000000 000008e0 00000000 82601ff8 00000000 82400c24 00000000 00000000
Backtrace: 
[<802db7c8>] (rcu_cblist_dequeue) from [<802d56d8>] (rcu_do_batch+0x190/0x5ec kernel/rcu/tree.c:2104)
[<802d5548>] (rcu_do_batch) from [<802d6140>] (rcu_core+0x2b8/0x564 kernel/rcu/tree.c:2377)
 r10:00000001 r9:826f28c0 r8:00000002 r7:8260c498 r6:8261ae40 r5:dddd2f80
 r4:dddd2f40
[<802d5e88>] (rcu_core) from [<802d63fc>] (rcu_core_si+0x10/0x14 kernel/rcu/tree.c:2394)
 r10:8261ae40 r9:00000101 r8:00000002 r7:82601ed0 r6:00000009 r5:00000002
 r4:826040a4
[<802d63ec>] (rcu_core_si) from [<80201338>] (__do_softirq+0x16c/0x480 kernel/softirq.c:571)
[<802011cc>] (__do_softirq) from [<8024abf4>] (invoke_softirq kernel/softirq.c:445 [inline])
[<802011cc>] (__do_softirq) from [<8024abf4>] (__irq_exit_rcu+0xd0/0x190 kernel/softirq.c:650)
 r10:00000000 r9:8261ae40 r8:00000000 r7:82601ed0 r6:8211af0c r5:824b0280
 r4:8261ae40
[<8024ab24>] (__irq_exit_rcu) from [<8024ae1c>] (irq_exit+0x10/0x18 kernel/softirq.c:674)
 r5:82155594 r4:824b0264
[<8024ae0c>] (irq_exit) from [<817f6328>] (generic_handle_arch_irq+0x7c/0x80 kernel/irq/handle.c:240)
[<817f62ac>] (generic_handle_arch_irq) from [<80200b34>] (__irq_svc+0x74/0xac arch/arm/kernel/entry-armv.S:221)
Exception stack(0x82601ed0 to 0x82601f18)
1ec0:                                     00000000 81f9d240 000043fc 00000001
1ee0: 8261ae40 8260c498 00000000 8260c4e0 00000000 827e1666 00000000 82601f3c
1f00: 82601f10 82601f20 817f6ec0 817f7930 20000113 ffffffff
 r9:8261ae40 r8:00000000 r7:82601f04 r6:ffffffff r5:20000113 r4:817f7930
[<817f78e4>] (default_idle_call) from [<80293774>] (cpuidle_idle_call kernel/sched/idle.c:170 [inline])
[<817f78e4>] (default_idle_call) from [<80293774>] (do_idle+0x280/0x2f0 kernel/sched/idle.c:282)
 r7:8260c4e0 r6:8261ae40 r5:8260c498 r4:00000000
[<802934f4>] (do_idle) from [<80293b00>] (cpu_startup_entry+0x20/0x24 kernel/sched/idle.c:379)
 r10:82850000 r9:8260c440 r8:8261a934 r7:00000000 r6:8260c440 r5:82625c7c
 r4:000000ea
[<80293ae0>] (cpu_startup_entry) from [<817f7c34>] (rest_init+0xdc/0xe0 init/main.c:735)
[<817f7b58>] (rest_init) from [<82400bb8>] (arch_post_acpi_subsys_init+0x0/0x20 init/main.c:834)
[<82400ba8>] (arch_call_rest_init) from [<824012f8>] (start_kernel+0x6e0/0x70c init/main.c:1088)
[<82400c18>] (start_kernel) from [<00000000>] (0x0)
Code: 089da800 e5932008 e2422001 e5832008 (e5902000) 
8<--- cut here ---
Unable to handle kernel NULL pointer dereference at virtual address 00000213 when read
[00000213] *pgd=80000080004003, *pmd=00000000
Internal error: Oops: 207 [#2] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G      D            6.3.0-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at irq_data_to_desc include/linux/irqdesc.h:124 [inline]
PC is at __irq_resolve_mapping+0x40/0x90 kernel/irq/irqdomain.c:968
LR is at rcu_read_lock include/linux/rcupdate.h:771 [inline]
LR is at __irq_resolve_mapping+0x20/0x90 kernel/irq/irqdomain.c:960
pc : [<802c0e04>]    lr : [<802c0de4>]    psr: 20000193
sp : 82601b70  ip : 82601b70  fp : 82601b8c
r10: 8261ae40  r9 : 8261ae40  r8 : 00000000
r7 : df80a00c  r6 : 00000000  r5 : 0000001b  r4 : 83094000
r3 : 83094060  r2 : 8261ae40  r1 : 0000001b  r0 : 00000207
Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 30c5387d  Table: 847d4740  DAC: fffffffd
Register r0 information: non-paged memory
Register r1 information: non-paged memory
Register r2 information: non-slab/vmalloc memory
Register r3 information:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at mm/slub.c:4649 __kmem_obj_info+0x1c4/0x21c mm/slub.c:4649
Modules linked in:
----------------
Code disassembly (best guess):
   0:	089da800 	ldmeq	sp, {fp, sp, pc}
   4:	e5932008 	ldr	r2, [r3, #8]
   8:	e2422001 	sub	r2, r2, #1
   c:	e5832008 	str	r2, [r3, #8]
* 10:	e5902000 	ldr	r2, [r0] <-- trapping instruction

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/05/06 18:28 upstream 994e2419f1e7 90c93c40 .config console log report ci-qemu2-arm32 upstream boot error: BUG: unable to handle kernel paging request in rcu_cblist_dequeue
* Struck through repros no longer work on HEAD.