[v6.6] WARNING in rcu_check_gp_start_stall
1 view
Skip to first unread message
syzbot
Jun 17, 2025, 9:49:29 AM6/17/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c2603c511feb Linux 6.6.93
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=153155d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=486bade17c8c30b9
dashboard link: https://syzkaller.appspot.com/bug?extid=6af04f09bb7a907b0789
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8754f950a6e7/disk-c2603c51.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b19332dbf63/vmlinux-c2603c51.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb245e836038/bzImage-c2603c51.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6af04f...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at kernel/rcu/tree_stall.h:1001 rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:993
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.6.93-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:1001
Code: ff ff ff 48 c7 c7 a0 d4 ec 96 be 04 00 00 00 e8 3a 18 6e 00 48 89 df b8 01 00 00 00 87 05 1c af 7c 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff c0 4f d3 8c 74 47 48 c7 c0 1c dc 49 8e 48 c1 e8 03
RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffffffff8cd34fc0 RCX: ffffffff81702576
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd34fc0
RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff2dd9a94 R12: 0000000000002904
R13: 1ffff110171c7a6a R14: 0000000000000a02 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd8a5c8844c CR3: 000000002f3c5000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
rcu_core+0x612/0x1720 kernel/rcu/tree.c:2458
handle_softirqs+0x280/0x820 kernel/softirq.c:578
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:148
Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 63 10 42 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56
RSP: 0018:ffffffff8ca07d80 EFLAGS: 000002c2
RAX: 763299b17fa21700 RBX: ffffffff81618a7b RCX: 763299b17fa21700
RDX: 0000000000000001 RSI: ffffffff8aaab2c0 RDI: ffffffff8afc6780
RBP: ffffffff8ca07eb8 R08: ffff8880b8e36d4b R09: 1ffff110171c6da9
R10: dffffc0000000000 R11: ffffed10171c6daa R12: ffffffff8e49a768
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1952670
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:747
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:170 [inline]
do_idle+0x1eb/0x510 kernel/sched/idle.c:282
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
rest_init+0x2e2/0x300 init/main.c:732
arch_call_rest_init+0xe/0x10 init/main.c:829
start_kernel+0x459/0x4e0 init/main.c:1074
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
x86_64_start_kernel+0x60/0x60 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
</TASK>
----------------
Code disassembly (best guess):
0: cc int3
1: cc int3
2: cc int3
3: cc int3
4: cc int3
5: cc int3
6: cc int3
7: f3 0f 1e fa endbr64
b: 0f 0b ud2
d: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
14: 00 00 00
17: f3 0f 1e fa endbr64
1b: 66 90 xchg %ax,%ax
1d: 0f 00 2d 63 10 42 00 verw 0x421063(%rip) # 0x421087
24: f3 0f 1e fa endbr64
28: fb sti
29: f4 hlt
* 2a: c3 ret <-- trapping instruction
2b: cc int3
2c: cc int3
2d: cc int3
2e: cc int3
2f: cc int3
30: cc int3
31: cc int3
32: cc int3
33: cc int3
34: cc int3
35: cc int3
36: cc int3
37: 66 0f 1f 00 nopw (%rax)
3b: 55 push %rbp
3c: 41 57 push %r15
3e: 41 56 push %r14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c2603c511feb Linux 6.6.93
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=153155d4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=486bade17c8c30b9
dashboard link: https://syzkaller.appspot.com/bug?extid=6af04f09bb7a907b0789
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8754f950a6e7/disk-c2603c51.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3b19332dbf63/vmlinux-c2603c51.xz
kernel image: https://storage.googleapis.com/syzbot-assets/cb245e836038/bzImage-c2603c51.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6af04f...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at kernel/rcu/tree_stall.h:1001 rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:993
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.6.93-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:1001
Code: ff ff ff 48 c7 c7 a0 d4 ec 96 be 04 00 00 00 e8 3a 18 6e 00 48 89 df b8 01 00 00 00 87 05 1c af 7c 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff c0 4f d3 8c 74 47 48 c7 c0 1c dc 49 8e 48 c1 e8 03
RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffffffff8cd34fc0 RCX: ffffffff81702576
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd34fc0
RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff2dd9a94 R12: 0000000000002904
R13: 1ffff110171c7a6a R14: 0000000000000a02 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd8a5c8844c CR3: 000000002f3c5000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
rcu_core+0x612/0x1720 kernel/rcu/tree.c:2458
handle_softirqs+0x280/0x820 kernel/softirq.c:578
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:148
Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 63 10 42 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56
RSP: 0018:ffffffff8ca07d80 EFLAGS: 000002c2
RAX: 763299b17fa21700 RBX: ffffffff81618a7b RCX: 763299b17fa21700
RDX: 0000000000000001 RSI: ffffffff8aaab2c0 RDI: ffffffff8afc6780
RBP: ffffffff8ca07eb8 R08: ffff8880b8e36d4b R09: 1ffff110171c6da9
R10: dffffc0000000000 R11: ffffed10171c6daa R12: ffffffff8e49a768
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1952670
arch_safe_halt arch/x86/include/asm/paravirt.h:108 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:747
default_idle_call+0x6c/0xa0 kernel/sched/idle.c:97
cpuidle_idle_call kernel/sched/idle.c:170 [inline]
do_idle+0x1eb/0x510 kernel/sched/idle.c:282
cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:380
rest_init+0x2e2/0x300 init/main.c:732
arch_call_rest_init+0xe/0x10 init/main.c:829
start_kernel+0x459/0x4e0 init/main.c:1074
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:555
x86_64_start_kernel+0x60/0x60 arch/x86/kernel/head64.c:536
secondary_startup_64_no_verify+0x179/0x17b
</TASK>
----------------
Code disassembly (best guess):
0: cc int3
1: cc int3
2: cc int3
3: cc int3
4: cc int3
5: cc int3
6: cc int3
7: f3 0f 1e fa endbr64
b: 0f 0b ud2
d: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
14: 00 00 00
17: f3 0f 1e fa endbr64
1b: 66 90 xchg %ax,%ax
1d: 0f 00 2d 63 10 42 00 verw 0x421063(%rip) # 0x421087
24: f3 0f 1e fa endbr64
28: fb sti
29: f4 hlt
* 2a: c3 ret <-- trapping instruction
2b: cc int3
2c: cc int3
2d: cc int3
2e: cc int3
2f: cc int3
30: cc int3
31: cc int3
32: cc int3
33: cc int3
34: cc int3
35: cc int3
36: cc int3
37: 66 0f 1f 00 nopw (%rax)
3b: 55 push %rbp
3c: 41 57 push %r15
3e: 41 56 push %r14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 23, 2025, 1:42:29 AM8/23/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: bb9c90ab9c5a Linux 6.6.102
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12bf3fa2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7b989b97a0687b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=6af04f09bb7a907b0789
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=169f8c42580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/44e2224124c3/disk-bb9c90ab.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/33e0aef7ff42/vmlinux-bb9c90ab.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0515bc436228/bzImage-bb9c90ab.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6af04f...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6230 at kernel/rcu/tree_stall.h:1001 rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:993
Modules linked in:
CPU: 0 PID: 6230 Comm: syz.3.100 Not tainted 6.6.102-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd35440
Call Trace:
<IRQ>
rcu_core+0x612/0x1720 kernel/rcu/tree.c:2462
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
Code: 00 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 aa 8f f0 f6 48 89 df e8 c2 61 f1 f6 e8 7d fd 14 f7 fb bf 01 00 00 00 <e8> 12 7a e4 f6 65 8b 05 33 c9 8c 75 85 c0 74 02 5b c3 e8 10 ab 89
RSP: 0018:ffffc90004477c98 EFLAGS: 00000282
RAX: ccc96983d0685600 RBX: ffff88802bfea500 RCX: ccc96983d0685600
RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: 0000000000000001
RBP: ffff88802bfea798 R08: ffffffff8e4a882f R09: 1ffffffff1c95105
R10: dffffc0000000000 R11: fffffbfff1c95106 R12: 1ffff110057fd4f3
R13: 0000000000000011 R14: dffffc0000000000 R15: 0000000000000000
spin_unlock_irq include/linux/spinlock.h:401 [inline]
get_signal+0x11f5/0x1400 kernel/signal.c:2905
arch_do_signal_or_restart+0x96/0x780 arch/x86/kernel/signal.c:310
exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f504af8ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdac18e058 EFLAGS: 00000246
RAX: fffffffffffffffc RBX: 00000000000210f7 RCX: 00007f504af8ebe9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f504b1b5fac
RBP: 0000000000000032 R08: 0000000000745d1e R09: 00000007ac18e34f
R10: 00007ffdac18e150 R11: 0000000000000246 R12: 00007f504b1b5fac
R13: 00007ffdac18e150 R14: 0000000000021129 R15: 00007ffdac18e170
2: 0f 1e fa nop %edx
5: 53 push %rbx
6: 48 89 fb mov %rdi,%rbx
9: 48 83 c7 18 add $0x18,%rdi
d: 48 8b 74 24 08 mov 0x8(%rsp),%rsi
12: e8 aa 8f f0 f6 call 0xf6f08fc1
17: 48 89 df mov %rbx,%rdi
1a: e8 c2 61 f1 f6 call 0xf6f161e1
1f: e8 7d fd 14 f7 call 0xf714fda1
24: fb sti
25: bf 01 00 00 00 mov $0x1,%edi
* 2a: e8 12 7a e4 f6 call 0xf6e47a41 <-- trapping instruction
2f: 65 8b 05 33 c9 8c 75 mov %gs:0x758cc933(%rip),%eax # 0x758cc969
36: 85 c0 test %eax,%eax
38: 74 02 je 0x3c
3a: 5b pop %rbx
3b: c3 ret
3c: e8 .byte 0xe8
3d: 10 .byte 0x10
3e: ab stos %eax,%es:(%rdi)
3f: 89 .byte 0x89
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: bb9c90ab9c5a Linux 6.6.102
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12bf3fa2580000
kernel config: https://syzkaller.appspot.com/x/.config?x=7b989b97a0687b0a
dashboard link: https://syzkaller.appspot.com/bug?extid=6af04f09bb7a907b0789
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=169f8c42580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/44e2224124c3/disk-bb9c90ab.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/33e0aef7ff42/vmlinux-bb9c90ab.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0515bc436228/bzImage-bb9c90ab.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6af04f...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 0 PID: 6230 Comm: syz.3.100 Not tainted 6.6.102-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:1001
Code: ff ff ff 48 c7 c7 80 c4 ee 96 be 04 00 00 00 e8 7a a8 6c 00 48 89 df b8 01 00 00 00 87 05 bc 98 7e 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff 40 54 d3 8c 74 47 48 c7 c0 dc bc 4a 8e 48 c1 e8 03
RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffffffff8cd35440 RCX: ffffffff81702bb6
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd35440
RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff2ddd890 R12: 0000000000002904
R13: 1ffff110171c7a6a R14: 0000000000000a02 R15: dffffc0000000000
FS: 000055556bd25500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000005bdc6000 CR4: 00000000003506f0
Call Trace:
<IRQ>
rcu_core+0x612/0x1720 kernel/rcu/tree.c:2462
handle_softirqs+0x280/0x820 kernel/softirq.c:578
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
Code: 00 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 aa 8f f0 f6 48 89 df e8 c2 61 f1 f6 e8 7d fd 14 f7 fb bf 01 00 00 00 <e8> 12 7a e4 f6 65 8b 05 33 c9 8c 75 85 c0 74 02 5b c3 e8 10 ab 89
RSP: 0018:ffffc90004477c98 EFLAGS: 00000282
RAX: ccc96983d0685600 RBX: ffff88802bfea500 RCX: ccc96983d0685600
RDX: dffffc0000000000 RSI: ffffffff8aaab9c0 RDI: 0000000000000001
RBP: ffff88802bfea798 R08: ffffffff8e4a882f R09: 1ffffffff1c95105
R10: dffffc0000000000 R11: fffffbfff1c95106 R12: 1ffff110057fd4f3
R13: 0000000000000011 R14: dffffc0000000000 R15: 0000000000000000
spin_unlock_irq include/linux/spinlock.h:401 [inline]
get_signal+0x11f5/0x1400 kernel/signal.c:2905
arch_do_signal_or_restart+0x96/0x780 arch/x86/kernel/signal.c:310
exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f504af8ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdac18e058 EFLAGS: 00000246
RAX: fffffffffffffffc RBX: 00000000000210f7 RCX: 00007f504af8ebe9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f504b1b5fac
RBP: 0000000000000032 R08: 0000000000745d1e R09: 00000007ac18e34f
R10: 00007ffdac18e150 R11: 0000000000000246 R12: 00007f504b1b5fac
R13: 00007ffdac18e150 R14: 0000000000021129 R15: 00007ffdac18e170
</TASK>
----------------
Code disassembly (best guess):
0: 00 f3 add %dh,%bl
----------------
Code disassembly (best guess):
2: 0f 1e fa nop %edx
5: 53 push %rbx
6: 48 89 fb mov %rdi,%rbx
9: 48 83 c7 18 add $0x18,%rdi
d: 48 8b 74 24 08 mov 0x8(%rsp),%rsi
12: e8 aa 8f f0 f6 call 0xf6f08fc1
17: 48 89 df mov %rbx,%rdi
1a: e8 c2 61 f1 f6 call 0xf6f161e1
1f: e8 7d fd 14 f7 call 0xf714fda1
24: fb sti
25: bf 01 00 00 00 mov $0x1,%edi
* 2a: e8 12 7a e4 f6 call 0xf6e47a41 <-- trapping instruction
2f: 65 8b 05 33 c9 8c 75 mov %gs:0x758cc933(%rip),%eax # 0x758cc969
36: 85 c0 test %eax,%eax
38: 74 02 je 0x3c
3a: 5b pop %rbx
3b: c3 ret
3c: e8 .byte 0xe8
3d: 10 .byte 0x10
3e: ab stos %eax,%es:(%rdi)
3f: 89 .byte 0x89
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Oct 5, 2025, 5:16:37 PM10/5/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: f34f16e5c632 Linux 6.6.109
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12912458580000
kernel config: https://syzkaller.appspot.com/x/.config?x=12606d4b8832c7e4
dashboard link: https://syzkaller.appspot.com/bug?extid=6af04f09bb7a907b0789
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=161f692f980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17d8d092580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1d84cf343aca/disk-f34f16e5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/613ae177a403/vmlinux-f34f16e5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6b9016970cbc/bzImage-f34f16e5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6af04f...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6037 at kernel/rcu/tree_stall.h:1001 rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:993
Modules linked in:
CPU: 0 PID: 6037 Comm: syz.1.18 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd35180
R13: 1ffff110171c7a22 R14: 0000000000000a02 R15: dffffc0000000000
FS: 00007f729de996c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
Call Trace:
<IRQ>
rcu_core+0x612/0x1720 kernel/rcu/tree.c:2462
RSP: 0018:ffffc90003727c98 EFLAGS: 00000282
RAX: 0619b065665b5600 RBX: ffff8880797240c0 RCX: 0619b065665b5600
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: 0000000000000001
RBP: ffff888079724558 R08: ffffffff8e4a82ef R09: 1ffffffff1c9505d
R10: dffffc0000000000 R11: fffffbfff1c9505e R12: 1ffff1100f2e48ab
R13: 0000000000000021 R14: dffffc0000000000 R15: 0000000000000000
Code: 00 48 c7 44 24 10 40 00 00 00 48 c7 44 24 08 00 00 00 00 e9 ad fd ff ff 66 90 48 c7 c0 a8 ff ff ff 64 48 03 04 25 00 00 00 00 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 fa 53 48
RSP: 002b:00007f729de99058 EFLAGS: 00000203
RAX: 00007f729de99668 RBX: 00007f729d1e5fa0 RCX: 00007f729d011f91
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f729d011f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f729d1e6038 R14: 00007f729d1e5fa0 R15: 00007fff506e2898
1f: e8 ad db 13 f7 call 0xf713dbd1
2f: 65 8b 05 33 a5 8b 75 mov %gs:0x758ba533(%rip),%eax # 0x758ba569
3e: 89 .byte 0x89
3f: 88 .byte 0x88
HEAD commit: f34f16e5c632 Linux 6.6.109
git tree: linux-6.6.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12912458580000
kernel config: https://syzkaller.appspot.com/x/.config?x=12606d4b8832c7e4
dashboard link: https://syzkaller.appspot.com/bug?extid=6af04f09bb7a907b0789
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=161f692f980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17d8d092580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1d84cf343aca/disk-f34f16e5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/613ae177a403/vmlinux-f34f16e5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6b9016970cbc/bzImage-f34f16e5.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6af04f...@syzkaller.appspotmail.com
------------[ cut here ]------------
Modules linked in:
CPU: 0 PID: 6037 Comm: syz.1.18 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:rcu_check_gp_start_stall+0x2dc/0x460 kernel/rcu/tree_stall.h:1001
Code: ff ff ff 48 c7 c7 a0 04 ef 96 be 04 00 00 00 e8 4a b9 6c 00 48 89 df b8 01 00 00 00 87 05 5c d9 7e 15 85 c0 0f 85 19 ff ff ff <0f> 0b 48 81 ff 80 51 d3 8c 74 47 48 c7 c0 9c b7 4a 8e 48 c1 e8 03
RSP: 0018:ffffc90000007bb8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffffffff8cd35180 RCX: ffffffff81702b36
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff8cd35180
RBP: ffffc90000007e30 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff2dde094 R12: 0000000000002904
R13: 1ffff110171c7a22 R14: 0000000000000a02 R15: dffffc0000000000
FS: 00007f729de996c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000006b000 CR3: 0000000062286000 CR4: 00000000003506f0
Call Trace:
<IRQ>
rcu_core+0x612/0x1720 kernel/rcu/tree.c:2462
handle_softirqs+0x280/0x820 kernel/softirq.c:578
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
__do_softirq kernel/softirq.c:612 [inline]
invoke_softirq kernel/softirq.c:452 [inline]
__irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
Code: 00 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 4a 63 ef f6 48 89 df e8 62 35 f0 f6 e8 ad db 13 f7 fb bf 01 00 00 00 <e8> 72 5a e3 f6 65 8b 05 33 a5 8b 75 85 c0 74 02 5b c3 e8 50 89 88
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
RSP: 0018:ffffc90003727c98 EFLAGS: 00000282
RAX: 0619b065665b5600 RBX: ffff8880797240c0 RCX: 0619b065665b5600
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: 0000000000000001
RBP: ffff888079724558 R08: ffffffff8e4a82ef R09: 1ffffffff1c9505d
R10: dffffc0000000000 R11: fffffbfff1c9505e R12: 1ffff1100f2e48ab
R13: 0000000000000021 R14: dffffc0000000000 R15: 0000000000000000
spin_unlock_irq include/linux/spinlock.h:401 [inline]
get_signal+0x11f5/0x1400 kernel/signal.c:2905
arch_do_signal_or_restart+0x96/0x780 arch/x86/kernel/signal.c:310
exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
exit_to_user_mode_prepare+0xf6/0x180 kernel/entry/common.c:210
get_signal+0x11f5/0x1400 kernel/signal.c:2905
arch_do_signal_or_restart+0x96/0x780 arch/x86/kernel/signal.c:310
exit_to_user_mode_loop+0x70/0x110 kernel/entry/common.c:174
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f729cf18760
syscall_exit_to_user_mode+0x1a/0x50 kernel/entry/common.c:302
do_syscall_64+0x61/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
Code: 00 48 c7 44 24 10 40 00 00 00 48 c7 44 24 08 00 00 00 00 e9 ad fd ff ff 66 90 48 c7 c0 a8 ff ff ff 64 48 03 04 25 00 00 00 00 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 fa 53 48
RSP: 002b:00007f729de99058 EFLAGS: 00000203
RAX: 00007f729de99668 RBX: 00007f729d1e5fa0 RCX: 00007f729d011f91
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f729d011f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f729d1e6038 R14: 00007f729d1e5fa0 R15: 00007fff506e2898
</TASK>
----------------
Code disassembly (best guess):
----------------
Code disassembly (best guess):
0: 00 f3 add %dh,%bl
2: 0f 1e fa nop %edx
5: 53 push %rbx
6: 48 89 fb mov %rdi,%rbx
9: 48 83 c7 18 add $0x18,%rdi
d: 48 8b 74 24 08 mov 0x8(%rsp),%rsi
12: e8 4a 63 ef f6 call 0xf6ef6361
2: 0f 1e fa nop %edx
5: 53 push %rbx
6: 48 89 fb mov %rdi,%rbx
9: 48 83 c7 18 add $0x18,%rdi
d: 48 8b 74 24 08 mov 0x8(%rsp),%rsi
17: 48 89 df mov %rbx,%rdi
1a: e8 62 35 f0 f6 call 0xf6f03581
1f: e8 ad db 13 f7 call 0xf713dbd1
24: fb sti
25: bf 01 00 00 00 mov $0x1,%edi
* 2a: e8 72 5a e3 f6 call 0xf6e35aa1 <-- trapping instruction
25: bf 01 00 00 00 mov $0x1,%edi
2f: 65 8b 05 33 a5 8b 75 mov %gs:0x758ba533(%rip),%eax # 0x758ba569
36: 85 c0 test %eax,%eax
38: 74 02 je 0x3c
3a: 5b pop %rbx
3b: c3 ret
3c: e8 .byte 0xe8
3d: 50 push %rax
38: 74 02 je 0x3c
3a: 5b pop %rbx
3b: c3 ret
3c: e8 .byte 0xe8
3e: 89 .byte 0x89
3f: 88 .byte 0x88
syzbot
Oct 28, 2025, 12:18:06 AM10/28/25
to syzkaller...@googlegroups.com
syzbot suspects this issue could be fixed by backporting the following commit:
commit 5f6bd380c7bdbe10f7b4e8ddcceed60ce0714c6d
git tree: upstream
Author: Peter Zijlstra <pet...@infradead.org>
Date: Mon May 27 12:06:55 2024 +0000
sched/rt: Remove default bandwidth control
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13806c92580000
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 5f6bd380c7bdbe10f7b4e8ddcceed60ce0714c6d
git tree: upstream
Author: Peter Zijlstra <pet...@infradead.org>
Date: Mon May 27 12:06:55 2024 +0000
sched/rt: Remove default bandwidth control
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13806c92580000
kernel config: https://syzkaller.appspot.com/x/.config?x=12606d4b8832c7e4
dashboard link: https://syzkaller.appspot.com/bug?extid=6af04f09bb7a907b0789
dashboard link: https://syzkaller.appspot.com/bug?extid=6af04f09bb7a907b0789
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=161f692f980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17d8d092580000
Please keep in mind that other backports might be required as well.
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17d8d092580000
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages