syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING in atomic_notifier_call_chain

Status: closed as invalid on 2024/09/13 10:29
Subsystems: kernel
[Documentation on labels]
First crash: 159d, last: 159d

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6261 at kernel/rcu/tree_plugin.h:442 __rcu_read_unlock+0x94/0x110 kernel/rcu/tree_plugin.h:442
Modules linked in:
CPU: 0 UID: 0 PID: 6261 Comm: syz.2.141 Not tainted 6.11.0-rc4-next-20240822-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:__rcu_read_unlock+0x94/0x110 kernel/rcu/tree_plugin.h:442
Code: 41 83 3f 00 75 29 42 0f b6 04 23 84 c0 75 62 41 8b 45 00 3d 00 00 00 40 73 0f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 <0f> 0b 90 eb eb 4c 89 f7 e8 7f 00 00 00 eb cd 44 89 e9 80 e1 07 80
RSP: 0018:fffffe000000cdb8 EFLAGS: 00010086
RAX: 00000000ffffffff RBX: 1ffff1100e6f4808 RCX: ffffffff817033b0
RDX: 0000000000000000 RSI: ffffffff8c609f00 RDI: ffffffff8c609ec0
RBP: 00000000ffffffff R08: ffffffff901c12ef R09: 1ffffffff203825d
R10: dffffc0000000000 R11: fffffbfff203825e R12: dffffc0000000000
R13: ffff8880737a4044 R14: ffff8880737a3c00 R15: fffffe000000ce60
FS:  00007f728b6c76c0(0000) GS:ffff8880b9000000(0000) knlGS:ffff8880b9000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90004c5fff8 CR3: 000000005fbbc000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <#DF>
 rcu_read_unlock include/linux/rcupdate.h:882 [inline]
 atomic_notifier_call_chain+0x16b/0x180 kernel/notifier.c:232
 notify_die+0x1be/0x240 kernel/notifier.c:596
 exc_double_fault+0x12b/0x1b0 arch/x86/kernel/traps.c:468
 asm_exc_double_fault+0x23/0x30 arch/x86/include/asm/idtentry.h:668
RIP: 0010:error_entry+0xd/0x140 arch/x86/entry/entry_64.S:1007
Code: fd ff ff 85 db 0f 85 8e fd ff ff 0f 01 f8 e9 86 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 56 48 8b 74 24 08 48 89 7c 24 08 52 51 <50> 41 50 41 51 41 52 41 53 53 55 41 54 41 55 41 56 41 57 56 31 f6
RSP: 0018:ffffc90004c60000 EFLAGS: 00010092
RAX: ffffc90004c600b8 RBX: ffffc90004c600b8 RCX: ffffffff8be0176a
RDX: 0000000000000000 RSI: ffffffff8be0128d RDI: ffffc90004c600b8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </#DF>
 <TASK>
 </TASK>
irq event stamp: 1666
hardirqs last  enabled at (1665): [<ffffffff8bc8fc23>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last  enabled at (1665): [<ffffffff8bc8fc23>] _raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202
hardirqs last disabled at (1666): [<ffffffff8bc71055>] __schedule+0x335/0x4b30 kernel/sched/core.c:6567
softirqs last  enabled at (1568): [<ffffffff81575f14>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last  enabled at (1568): [<ffffffff81575f14>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last  enabled at (1568): [<ffffffff81575f14>] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
softirqs last disabled at (1439): [<ffffffff81575f14>] __do_softirq kernel/softirq.c:588 [inline]
softirqs last disabled at (1439): [<ffffffff81575f14>] invoke_softirq kernel/softirq.c:428 [inline]
softirqs last disabled at (1439): [<ffffffff81575f14>] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
---[ end trace 0000000000000000 ]---
BUG: TASK stack guard page was hit at ffffc90004c5fff8 (stack is ffffc90004c60000..ffffc90004c68000)
Oops: stack guard page: 0000 [#2] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 6261 Comm: syz.2.141 Tainted: G      D W          6.11.0-rc4-next-20240822-syzkaller #0
Tainted: [D]=DIE, [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:error_entry+0xd/0x140 arch/x86/entry/entry_64.S:1007
Code: fd ff ff 85 db 0f 85 8e fd ff ff 0f 01 f8 e9 86 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 56 48 8b 74 24 08 48 89 7c 24 08 52 51 <50> 41 50 41 51 41 52 41 53 53 55 41 54 41 55 41 56 41 57 56 31 f6
RSP: 0018:ffffc90004c60000 EFLAGS: 00010092
RAX: ffffc90004c600b8 RBX: ffffc90004c600b8 RCX: ffffffff8be0176a
RDX: 0000000000000000 RSI: ffffffff8be0128d RDI: ffffc90004c600b8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f728b6c76c0(0000) GS:ffff8880b9000000(0000) knlGS:ffff8880b9000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90004c5fff8 CR3: 000000005fbbc000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <#DF>
 </#DF>
 <TASK>
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:error_entry+0xb/0x140 arch/x86/entry/entry_64.S:1007
Code: e9 96 fd ff ff 85 db 0f 85 8e fd ff ff 0f 01 f8 e9 86 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 56 48 8b 74 24 08 48 89 7c 24 08 <52> 51 50 41 50 41 51 41 52 41 53 53 55 41 54 41 55 41 56 41 57 56
RSP: 0018:ffffc90004c60000 EFLAGS: 00010096
RAX: ffffc90004c600a8 RBX: ffffc90004c600a8 RCX: ffffffff8be0176a
RDX: 0000000000000000 RSI: ffffffff8be0128d RDI: ffffc90004c600a8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f728b6c76c0(0000) GS:ffff8880b9000000(0000) knlGS:ffff8880b9000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90004c5fff8 CR3: 000000005fbbc000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	85 db                	test   %ebx,%ebx
   2:	0f 85 8e fd ff ff    	jne    0xfffffd96
   8:	0f 01 f8             	swapgs
   b:	e9 86 fd ff ff       	jmp    0xfffffd96
  10:	66 2e 0f 1f 84 00 00 	cs nopw 0x0(%rax,%rax,1)
  17:	00 00 00
  1a:	56                   	push   %rsi
  1b:	48 8b 74 24 08       	mov    0x8(%rsp),%rsi
  20:	48 89 7c 24 08       	mov    %rdi,0x8(%rsp)
  25:	52                   	push   %rdx
  26:	51                   	push   %rcx
* 27:	50                   	push   %rax <-- trapping instruction
  28:	41 50                	push   %r8
  2a:	41 51                	push   %r9
  2c:	41 52                	push   %r10
  2e:	41 53                	push   %r11
  30:	53                   	push   %rbx
  31:	55                   	push   %rbp
  32:	41 54                	push   %r12
  34:	41 55                	push   %r13
  36:	41 56                	push   %r14
  38:	41 57                	push   %r15
  3a:	56                   	push   %rsi
  3b:	31 f6                	xor    %esi,%esi

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/22 16:25 linux-next 6a7917c89f21 295a4b50 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in atomic_notifier_call_chain
2024/08/22 15:34 linux-next 6a7917c89f21 295a4b50 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root WARNING in atomic_notifier_call_chain
* Struck through repros no longer work on HEAD.