syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12475] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: soft lockup in do_unlinkat

Status: auto-closed as invalid on 2020/11/14 18:34
Subsystems: kvm
[Documentation on labels]
Reported-by: syzbot+2006cb63b9782d6b722e@syzkaller.appspotmail.com
First crash: 1342d, last: 1342d

Sample crash report:
watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [syz-executor.4:6851]
Modules linked in:
irq event stamp: 16808764
hardirqs last  enabled at (16808763): [<ffffffff81334d6c>] kvm_wait+0x13c/0x1d0 arch/x86/kernel/kvm.c:830
hardirqs last disabled at (16808764): [<ffffffff882936c5>] irqentry_enter+0x25/0x40 kernel/entry/common.c:318
softirqs last  enabled at (16749816): [<ffffffff88400f2f>] asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
softirqs last disabled at (16749589): [<ffffffff88400f2f>] asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
CPU: 1 PID: 6851 Comm: syz-executor.4 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
Code: 80 e1 07 80 c1 03 38 c1 7c bc 48 89 df e8 0a 1d 89 f9 eb b2 cc cc cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d 96 07 57 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 86 07 57 00 f4 c3 cc cc 41 56 53 65
RSP: 0018:ffffc90005567ba8 EFLAGS: 00000286
RAX: 1ffffffff129a2a2 RBX: ffff888214ae8040 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff81334d6c
RBP: 0000000000000003 R08: dffffc0000000000 R09: fffffbfff167d6aa
R10: fffffbfff167d6aa R11: 0000000000000000 R12: ffff888214ae8040
R13: 1ffff1104295d008 R14: 0000000000000286 R15: dffffc0000000000
FS:  0000000003066940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000306fa98 CR3: 0000000068138000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 arch_safe_halt arch/x86/include/asm/paravirt.h:150 [inline]
 kvm_wait+0x169/0x1d0 arch/x86/kernel/kvm.c:830
 pv_wait arch/x86/include/asm/paravirt.h:666 [inline]
 pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline]
 __pv_queued_spin_lock_slowpath+0x701/0xc00 kernel/locking/qspinlock.c:508
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:656 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock+0x5bf/0x800 kernel/locking/spinlock_debug.c:113
 spin_lock include/linux/spinlock.h:354 [inline]
 ext4_lock_group fs/ext4/ext4.h:3197 [inline]
 ext4_free_inode+0x5bd/0xd00 fs/ext4/ialloc.c:309
 ext4_evict_inode+0xe16/0x1090 fs/ext4/inode.c:324
 evict+0x2bb/0x6d0 fs/inode.c:576
 do_unlinkat+0x3de/0x7e0 fs/namei.c:3902
 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cf87
Code: 00 66 90 b8 58 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 dd b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffea6b81dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045cf87
RDX: 00007ffea6b81df0 RSI: 00007ffea6b81df0 RDI: 00007ffea6b81e80
RBP: 0000000000000d64 R08: 0000000000000000 R09: 0000000000000011
R10: 000000000000000a R11: 0000000000000246 R12: 00007ffea6b82f10
R13: 0000000003067a60 R14: 0000000000000000 R15: 00007ffea6b82f10
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 13246 Comm: syz-executor.5 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:check_memory_region+0x4/0x2f0 mm/kasan/generic.c:191
Code: 89 eb 0c 31 db 48 c7 c7 5f 88 0b 89 4c 89 fe 31 c0 e8 5d 37 a9 ff eb d3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 41 57 41 56 <41> 55 41 54 53 b0 01 48 85 f6 0f 84 0d 02 00 00 48 89 fb 48 f7 d3
RSP: 0018:ffffc90000007b08 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff88805e40e080 RCX: ffffffff8159faf4
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8b3eb4c0
RBP: ffffc90000007c78 R08: dffffc0000000000 R09: fffffbfff167d699
R10: fffffbfff167d699 R11: 0000000000000000 R12: 0000000000000004
R13: ffff88805e40e080 R14: ffff88805e40ea08 R15: 0000000000000000
FS:  0000000001eec940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000400200 CR3: 000000021aa7d000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 instrument_atomic_read include/linux/instrumented.h:56 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:110 [inline]
 __lock_acquire+0xbf4/0x2ab0 kernel/locking/lockdep.c:4396
 lock_acquire+0x160/0x730 kernel/locking/lockdep.c:5005
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x9e/0xc0 kernel/locking/spinlock.c:159
 debug_object_activate+0x62/0x5f0 lib/debugobjects.c:636
 debug_hrtimer_activate kernel/time/hrtimer.c:420 [inline]
 debug_activate kernel/time/hrtimer.c:480 [inline]
 enqueue_hrtimer kernel/time/hrtimer.c:969 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1541 [inline]
 __hrtimer_run_queues+0x510/0x930 kernel/time/hrtimer.c:1588
 hrtimer_interrupt+0x373/0xd60 kernel/time/hrtimer.c:1650
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
 __sysvec_apic_timer_interrupt+0xf0/0x260 arch/x86/kernel/apic/apic.c:1097
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 sysvec_apic_timer_interrupt+0x94/0xf0 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:770 [inline]
RIP: 0010:lock_release+0x3c4/0x750 kernel/locking/lockdep.c:5026
Code: 48 c1 e8 03 42 80 3c 28 00 74 0c 48 c7 c7 f8 14 4d 89 e8 4f b1 5a 00 48 83 3d 8f f7 f2 07 00 0f 84 5c 03 00 00 4c 89 e7 57 9d <0f> 1f 44 00 00 65 48 8b 04 25 28 00 00 00 48 3b 44 24 50 0f 85 40
RSP: 0018:ffffc900172cfbf8 EFLAGS: 00000286
RAX: 1ffffffff129a29f RBX: 1ffff1100bc81d2c RCX: b19908f02fb45bc3
RDX: dffffc0000000000 RSI: ffff88805e40e9b8 RDI: 0000000000000286
RBP: 1ffff92002e59f88 R08: dffffc0000000000 R09: fffffbfff167d6aa
R10: fffffbfff167d6aa R11: 0000000000000000 R12: 0000000000000286
R13: dffffc0000000000 R14: 0000000000000003 R15: ffff88805e40e964
 up_read+0x12/0x20 kernel/locking/rwsem.c:1573
 __ext4_new_inode+0x24bb/0x5180 fs/ext4/ialloc.c:1061
 ext4_symlink+0x4f6/0xef0 fs/ext4/namei.c:3303
 vfs_symlink+0x36f/0x500 fs/namei.c:3959
 do_symlinkat+0x18b/0x420 fs/namei.c:3986
 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45cf67
Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff35437838 EFLAGS: 00000202 ORIG_RAX: 0000000000000058
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045cf67
RDX: 00007fff354378d7 RSI: 00000000004c2d1f RDI: 00007fff354378c0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017
R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000001
R13: 00007fff35437870 R14: 0000000000000000 R15: 00007fff35437880

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/08/16 18:33 upstream 2cc3c4b3c2e9 424dd8e7 .config console log report ci-upstream-kasan-gce-smack-root
* Struck through repros no longer work on HEAD.