syzbot

 sign-in | mailing list | source | docs
🐞 Open [78]
🐞 Fixed [22]
🐞 Invalid [393]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in rcu_sync_func (3)

Status: auto-obsoleted due to no activity on 2025/08/01 09:23
First crash: 192d, last: 117d
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in rcu_sync_func bluetooth 2 1 2217d 2213d 0/29 auto-closed as invalid on 2019/11/01 16:33
upstream general protection fault in rcu_sync_func (2) bluetooth 2 1 1253d 1249d 0/29 auto-closed as invalid on 2022/06/22 01:15
upstream general protection fault in rcu_sync_func (3) bluetooth 2 2 1083d 1096d 0/29 auto-obsoleted due to no activity on 2022/11/09 20:30
android-54 general protection fault in rcu_sync_func (2) 2 23 699d 995d 0/2 auto-obsoleted due to no activity on 2024/01/09 18:18
android-54 general protection fault in rcu_sync_func 2 2 1427d 1456d 0/2 auto-closed as invalid on 2022/01/28 23:25

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 6896 Comm: syz.1.1746 Tainted: G        W         5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:__wake_up_common kernel/sched/wait.c:86 [inline]
RIP: 0010:__wake_up_locked+0x5a/0x120 kernel/sched/wait.c:151
Code: 74 12 4c 89 ff e8 06 44 47 00 48 ba 00 00 00 00 00 fc ff df 4d 8b 37 4d 39 fe 0f 84 b5 00 00 00 4d 89 f4 4c 89 f0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 e7 e8 d8 43 47 00 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff8881db9175a0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 1ffff1103bd6bf12 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff8881deb5f898
RBP: ffff8881db9175d0 R08: 0000000000000004 R09: 0000000000000003
R10: ffffed103b722ea8 R11: 1ffff1103b722ea8 R12: 0000000000000000
R13: ffff8881deb5f894 R14: 0000000000000000 R15: ffff8881deb5f8a0
FS:  00007fb4e45d86c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000001d697c000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rcu_sync_func+0xb6/0x240 kernel/rcu/sync.c:87
 rcu_sync_enter+0x1f4/0x330 kernel/rcu/sync.c:150
 percpu_down_write+0x23/0x2e0 kernel/locking/percpu-rwsem.c:146
 hci_uart_tty_close+0x107/0x220 drivers/bluetooth/hci_ldisc.c:536
 tty_ldisc_close drivers/tty/tty_ldisc.c:494 [inline]
 tty_ldisc_kill+0x101/0x220 drivers/tty/tty_ldisc.c:642
 tty_ldisc_release+0x1a5/0x200 drivers/tty/tty_ldisc.c:814
 tty_release_struct+0x29/0xe0 drivers/tty/tty_io.c:1614
 tty_release+0xc5c/0x12e0 drivers/tty/tty_io.c:1787
 __fput+0x2a3/0x730 fs/file_table.c:281
 ____fput+0x15/0x20 fs/file_table.c:314
 task_work_run+0x146/0x170 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xa43/0x2660 kernel/exit.c:861
 do_group_exit+0x13e/0x300 kernel/exit.c:984
 get_signal+0xdee/0x13d0 kernel/signal.c:2738
 do_signal+0xad/0xda0 arch/x86/kernel/signal.c:809
 exit_to_usermode_loop+0xc4/0x1b0 arch/x86/entry/common.c:159
 prepare_exit_to_usermode+0x18e/0x1f0 arch/x86/entry/common.c:194
 syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
 do_syscall_64+0x13e/0x170 arch/x86/entry/common.c:300
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7fb4e5f90969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb4e45d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffea RBX: 00007fb4e61b8080 RCX: 00007fb4e5f90969
RDX: 0000000000000048 RSI: 00002000000003c0 RDI: 0100000000000000
RBP: 00007fb4e6012ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fb4e61b8080 R15: 00007ffd3f3f82d8
Modules linked in:
---[ end trace 72738242cad05b58 ]---
RIP: 0010:__wake_up_common kernel/sched/wait.c:86 [inline]
RIP: 0010:__wake_up_locked+0x5a/0x120 kernel/sched/wait.c:151
Code: 74 12 4c 89 ff e8 06 44 47 00 48 ba 00 00 00 00 00 fc ff df 4d 8b 37 4d 39 fe 0f 84 b5 00 00 00 4d 89 f4 4c 89 f0 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 e7 e8 d8 43 47 00 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff8881db9175a0 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 1ffff1103bd6bf12 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff8881deb5f898
RBP: ffff8881db9175d0 R08: 0000000000000004 R09: 0000000000000003
R10: ffffed103b722ea8 R11: 1ffff1103b722ea8 R12: 0000000000000000
R13: ffff8881deb5f894 R14: 0000000000000000 R15: ffff8881deb5f8a0
FS:  00007fb4e45d86c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000001d697c000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	74 12                	je     0x14
   2:	4c 89 ff             	mov    %r15,%rdi
   5:	e8 06 44 47 00       	call   0x474410
   a:	48 ba 00 00 00 00 00 	movabs $0xdffffc0000000000,%rdx
  11:	fc ff df
  14:	4d 8b 37             	mov    (%r15),%r14
  17:	4d 39 fe             	cmp    %r15,%r14
  1a:	0f 84 b5 00 00 00    	je     0xd5
  20:	4d 89 f4             	mov    %r14,%r12
  23:	4c 89 f0             	mov    %r14,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1) <-- trapping instruction
  2e:	74 12                	je     0x42
  30:	4c 89 e7             	mov    %r12,%rdi
  33:	e8 d8 43 47 00       	call   0x474410
  38:	48                   	rex.W
  39:	ba 00 00 00 00       	mov    $0x0,%edx
  3e:	00 fc                	add    %bh,%ah

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/03 09:15 android12-5.4 cd8e74fa0fa3 b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan general protection fault in rcu_sync_func
2025/03/13 10:50 android12-5.4 6b07fcd94a6a 44be8b44 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan general protection fault in rcu_sync_func
2025/02/17 07:00 android12-5.4 39762b7a60e9 40a34ec9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan general protection fault in rcu_sync_func
* Struck through repros no longer work on HEAD.