syzbot

 sign-in | mailing list | source | docs
🐞 Open [1659]
Subsystems
🐞 Fixed [5984]
🐞 Invalid [14726]
Missing Backports [131]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: rcu detected stall in file_free

Status: auto-obsoleted due to no activity on 2025/01/18 07:51
Subsystems: fs
[Documentation on labels]
First crash: 183d, last: 92d

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...!: (1 ticks this GP) idle=6344/1/0x4000000000000000 softirq=22156/22156 fqs=0
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P7755/1:b..l P5238/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=19785, q=475 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7775 Comm: syz.5.796 Not tainted 6.12.0-rc3-syzkaller-00420-g715ca9dd687f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:taprio_set_budgets+0x12b/0x370 net/sched/sch_taprio.c:666
Code: 00 00 00 4c 89 fe e8 f4 d8 c8 f7 49 83 ff 0f 0f 87 63 01 00 00 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 <74> 08 4c 89 ef e8 7b 98 32 f8 4b 8b 2c 66 48 b8 00 00 00 00 00 fc
RSP: 0018:ffffc90000a18c30 EFLAGS: 00000046
RAX: 1ffff11005e22381 RBX: ffff88802f111930 RCX: dffffc0000000000
RDX: 0000000000010000 RSI: 0000000000000001 RDI: 0000000000000010
RBP: 0000000000000000 R08: ffffffff89cc13ec R09: 1ffff11005e22390
R10: dffffc0000000000 R11: ffffed1005e22391 R12: 0000000000000004
R13: ffff88802f111c08 R14: ffff88802f111c00 R15: 0000000000000001
FS:  000055559512a500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c380017 CR3: 0000000063fc4000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 advance_sched+0x98d/0xca0 net/sched/sch_taprio.c:977
 __run_hrtimer kernel/time/hrtimer.c:1691 [inline]
 __hrtimer_run_queues+0x59d/0xd50 kernel/time/hrtimer.c:1755
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1817
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1026 [inline]
 __sysvec_apic_timer_interrupt+0x112/0x3f0 arch/x86/kernel/apic/apic.c:1043
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1037
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:58 [inline]
RIP: 0010:stack_access_ok arch/x86/kernel/unwind_orc.c:393 [inline]
RIP: 0010:deref_stack_reg arch/x86/kernel/unwind_orc.c:403 [inline]
RIP: 0010:unwind_next_frame+0xb89/0x22d0 arch/x86/kernel/unwind_orc.c:585
Code: 5c 24 40 49 8b 6d 08 49 8d 5d 10 49 89 df 49 c1 ef 03 43 80 3c 27 00 74 08 48 89 df e8 e0 3a bd 00 4c 8b 74 24 08 4d 8b 66 10 <48> b8 00 00 00 00 00 fc ff df 48 8b 4c 24 20 0f b6 04 01 84 c0 0f
RSP: 0018:ffffc900041878b0 EFLAGS: 00000246
RAX: 1ffff92000830f31 RBX: ffffc90004187990 RCX: ffffffff90306cfc
RDX: ffffffff90a73ac8 RSI: 0000000000000002 RDI: ffffffff814166e0
RBP: ffffc90004180000 R08: 000000000000000c R09: ffffc90004187a70
R10: dffffc0000000000 R11: ffffffff8180a0e0 R12: ffffc90004188000
R13: ffffc90004187980 R14: ffffc90004187980 R15: 1ffff92000830f32
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4579 [inline]
 kmem_cache_free+0x1a2/0x420 mm/slub.c:4681
 file_free+0x24/0x1f0 fs/file_table.c:65
 task_work_run+0x251/0x310 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2be817dff9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd38542128 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00000000000277d9 RCX: 00007f2be817dff9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f2be8337a80 R08: 0000000000000001 R09: 00007ffd3854241f
R10: 00007f2be8000000 R11: 0000000000000246 R12: 0000000000027811
R13: 00007ffd38542230 R14: 0000000000000032 R15: ffffffffffffffff
 </TASK>
task:syz-executor    state:R  running task     stack:12368 pid:5238  tgid:5238  ppid:5232   flags:0x00000000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5322 [inline]
 __schedule+0x1895/0x4b30 kernel/sched/core.c:6682
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6861
 preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6885
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 copy_pte_range mm/memory.c:1194 [inline]
 copy_pmd_range+0x7b90/0x85f0 mm/memory.c:1255
 copy_pud_range mm/memory.c:1292 [inline]
 copy_p4d_range mm/memory.c:1316 [inline]
 copy_page_range+0x99f/0xe90 mm/memory.c:1414
 dup_mmap kernel/fork.c:750 [inline]
 dup_mm kernel/fork.c:1674 [inline]
 copy_mm+0x11fb/0x1f40 kernel/fork.c:1723
 copy_process+0x1845/0x3d50 kernel/fork.c:2372
 kernel_clone+0x226/0x8f0 kernel/fork.c:2784
 __do_sys_clone kernel/fork.c:2927 [inline]
 __se_sys_clone kernel/fork.c:2911 [inline]
 __x64_sys_clone+0x258/0x2a0 kernel/fork.c:2911
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5f8c974853
RSP: 002b:00007fff176e4268 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5f8c974853
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 000055557d8b47d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000000277a0 R14: 0000000000027689 R15: 00007fff176e43f0
 </TASK>
task:syz.3.785       state:R  running task     stack:23088 pid:7755  tgid:7751  ppid:5708   flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5322 [inline]
 __schedule+0x1895/0x4b30 kernel/sched/core.c:6682
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6861
 preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6885
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1691 [inline]
 zap_pmd_range mm/memory.c:1739 [inline]
 zap_pud_range mm/memory.c:1768 [inline]
 zap_p4d_range mm/memory.c:1789 [inline]
 unmap_page_range+0x36b1/0x40e0 mm/memory.c:1810
 unmap_vmas+0x3cc/0x5f0 mm/memory.c:1900
 exit_mmap+0x275/0xc40 mm/mmap.c:1874
 __mmput+0x115/0x390 kernel/fork.c:1347
 exit_mm+0x220/0x310 kernel/exit.c:571
 do_exit+0x9b2/0x28e0 kernel/exit.c:926
 do_group_exit+0x207/0x2c0 kernel/exit.c:1088
 get_signal+0x16a3/0x1740 kernel/signal.c:2917
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fac7c57dff9
RSP: 002b:00007fac7d3160e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fac7c735f88 RCX: 00007fac7c57dff9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fac7c735f88
RBP: 00007fac7c735f80 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac7c735f8c
R13: 0000000000000000 R14: 00007ffc878d3be0 R15: 00007ffc878d3cc8
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g19785 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=1 timer-softirq=10568
rcu: rcu_preempt kthread starved for 10502 jiffies! g19785 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:24912 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5322 [inline]
 __schedule+0x1895/0x4b30 kernel/sched/core.c:6682
 __schedule_loop kernel/sched/core.c:6759 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6774
 schedule_timeout+0x1be/0x310 kernel/time/timer.c:2615
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
 kthread+0x2f2/0x390 kernel/kthread.c:389
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/20 07:43 upstream 715ca9dd687f cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root INFO: rcu detected stall in file_free
2024/09/11 21:40 upstream 7c6a3a65ace7 d94c83d8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root INFO: rcu detected stall in file_free
2024/08/06 20:38 upstream eb5e56d14912 e1bdb00a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root INFO: rcu detected stall in file_free
2024/07/21 05:17 upstream 2c9b3512402e b88348e9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root INFO: rcu detected stall in file_free
2024/07/30 13:03 linux-next 931a3b3bccc9 a4e01e1e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root INFO: rcu detected stall in file_free
* Struck through repros no longer work on HEAD.