[moderation] [mm?] BUG: soft lockup in pid_child_should_wake
0 views
Skip to first unread message
syzbot
Jun 1, 2026, 3:21:23 PM (19 hours ago) Jun 1
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4b4362973b6f Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=1385b6ec580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f52fb4a6d220c448
dashboard link: https://syzkaller.appspot.com/bug?extid=063521b27286f0089b74
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
CC: [ak...@linux-foundation.org axelra...@google.com bao...@kernel.org b...@redhat.com chr...@kernel.org kas...@tencent.com linux-...@vger.kernel.org linu...@kvack.org nph...@gmail.com qi.z...@linux.dev shakee...@linux.dev shik...@huaweicloud.com wei...@google.com youngj...@lge.com yua...@google.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cdc9dd8cab69/disk-4b436297.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bb74747f86d/vmlinux-4b436297.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a20d7153214f/Image-4b436297.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+063521...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#0 stuck for 70s! [syz.7.1244:10838]
Modules linked in:
irq event stamp: 2180
hardirqs last enabled at (2179): [<ffff8000867a1b28>] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:840
hardirqs last disabled at (2180): [<ffff8000867a1b28>] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:840
softirqs last enabled at (2178): [<ffff800080309080>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (2178): [<ffff800080309080>] handle_softirqs+0xbc4/0xd34 kernel/softirq.c:650
softirqs last disabled at (2173): [<ffff8000800204b0>] __do_softirq+0x14/0x20 kernel/softirq.c:656
CPU: 0 UID: 0 PID: 10838 Comm: syz.7.1244 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 60001000 (nZCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : 0000ffff8f64c32c
lr : 0000ffff8f667f08
sp : 0000fffff8c58310
x29: 0000fffff8c58310 x28: 0000ffff8f9e0440 x27: ffff80008192fde8
x26: 0000ffff8f9f6448 x25: 000000000004356f x24: 0000ffff8f1ff008
x23: 0000ffff8f9e03b8 x22: 0000000000000001 x21: 0000000000000000
x20: 0000ffff8f9e0000 x19: ffff80008192fb38 x18: 0000ffff8f7d78c8
x17: 0000ffff8f767e80 x16: 0000ffff8f9c0010 x15: 000000233d3b39a3
x14: 0000000000006ed0 x13: 000000007fffffff x12: 0000ffff90715000
x11: 000000003b9ac9ff x10: 0000ffff8f9e2000 x9 : 0000ffff8f9e0000
x8 : 000000008192fb3c x7 : 0000ffff8f9e0530 x6 : 0000ffff8f9e2530
x5 : 0000000000001b38 x4 : 0000000000001b38 x3 : ffff80008192fb38
x2 : 000000008192fb39 x1 : ffff80008192fb38 x0 : 0000000000000004
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 4693 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __sanitizer_cov_trace_pc+0x8/0x5c kernel/kcov.c:210
lr : local_lock_release include/linux/local_lock_internal.h:60 [inline]
lr : __folio_batch_add_and_move+0x5c0/0xac0 mm/swap.c:201
sp : ffff8000985272f0
x29: ffff800098527320 x28: 1fffe00035c0e9b6 x27: 0000000000000000
x26: ffff80008e635000 x25: dfff800000000000 x24: ffff80008e635ce0
x23: fffffdffc3d659c8 x22: 0000000000000000 x21: ffff80008892edb0
x20: ffff0001ae0749a8 x19: ffff0001ae074980 x18: 0000000000000000
x17: 0000000000000002 x16: 0000000000000000 x15: 0000000000000000
x14: ffff0001fea577c0 x13: 0000000000000001 x12: 0000000000000004
x11: ffff700011cd19b0 x10: 0000000000ff0100 x9 : ffff0000dc5a8000
x8 : ffff0000dc5a8000 x7 : ffff800080938bd8 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080938f94
x2 : 0000000000000000 x1 : ffff0000dc5a8000 x0 : 0000000000000000
Call trace:
__sanitizer_cov_trace_pc+0x8/0x5c kernel/kcov.c:210 (P)
folio_activate+0xf8/0x124 mm/swap.c:339
folio_mark_accessed+0x210/0x820 mm/swap.c:486
zap_present_folio_ptes mm/memory.c:1641 [inline]
zap_present_ptes mm/memory.c:1714 [inline]
do_zap_pte_range mm/memory.c:1816 [inline]
zap_pte_range mm/memory.c:1918 [inline]
zap_pmd_range mm/memory.c:2004 [inline]
zap_pud_range mm/memory.c:2032 [inline]
zap_p4d_range mm/memory.c:2053 [inline]
__zap_vma_range+0x168c/0x404c mm/memory.c:2093
unmap_vmas+0x2d4/0x438 mm/memory.c:2162
exit_mmap+0x1e8/0xaf8 mm/mmap.c:1300
__mmput+0xe4/0x2f0 kernel/fork.c:1178
mmput+0x70/0xa8 kernel/fork.c:1201
exit_mm+0x190/0x26c kernel/exit.c:582
do_exit+0x518/0x1a6c kernel/exit.c:964
do_group_exit+0x194/0x22c kernel/exit.c:1119
__do_sys_exit_group kernel/exit.c:1130 [inline]
__se_sys_exit_group kernel/exit.c:1128 [inline]
pid_child_should_wake+0x0/0x110 kernel/exit.c:1128
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740
el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4b4362973b6f Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=1385b6ec580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f52fb4a6d220c448
dashboard link: https://syzkaller.appspot.com/bug?extid=063521b27286f0089b74
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
CC: [ak...@linux-foundation.org axelra...@google.com bao...@kernel.org b...@redhat.com chr...@kernel.org kas...@tencent.com linux-...@vger.kernel.org linu...@kvack.org nph...@gmail.com qi.z...@linux.dev shakee...@linux.dev shik...@huaweicloud.com wei...@google.com youngj...@lge.com yua...@google.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cdc9dd8cab69/disk-4b436297.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bb74747f86d/vmlinux-4b436297.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a20d7153214f/Image-4b436297.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+063521...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#0 stuck for 70s! [syz.7.1244:10838]
Modules linked in:
irq event stamp: 2180
hardirqs last enabled at (2179): [<ffff8000867a1b28>] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:840
hardirqs last disabled at (2180): [<ffff8000867a1b28>] __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:840
softirqs last enabled at (2178): [<ffff800080309080>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (2178): [<ffff800080309080>] handle_softirqs+0xbc4/0xd34 kernel/softirq.c:650
softirqs last disabled at (2173): [<ffff8000800204b0>] __do_softirq+0x14/0x20 kernel/softirq.c:656
CPU: 0 UID: 0 PID: 10838 Comm: syz.7.1244 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 60001000 (nZCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : 0000ffff8f64c32c
lr : 0000ffff8f667f08
sp : 0000fffff8c58310
x29: 0000fffff8c58310 x28: 0000ffff8f9e0440 x27: ffff80008192fde8
x26: 0000ffff8f9f6448 x25: 000000000004356f x24: 0000ffff8f1ff008
x23: 0000ffff8f9e03b8 x22: 0000000000000001 x21: 0000000000000000
x20: 0000ffff8f9e0000 x19: ffff80008192fb38 x18: 0000ffff8f7d78c8
x17: 0000ffff8f767e80 x16: 0000ffff8f9c0010 x15: 000000233d3b39a3
x14: 0000000000006ed0 x13: 000000007fffffff x12: 0000ffff90715000
x11: 000000003b9ac9ff x10: 0000ffff8f9e2000 x9 : 0000ffff8f9e0000
x8 : 000000008192fb3c x7 : 0000ffff8f9e0530 x6 : 0000ffff8f9e2530
x5 : 0000000000001b38 x4 : 0000000000001b38 x3 : ffff80008192fb38
x2 : 000000008192fb39 x1 : ffff80008192fb38 x0 : 0000000000000004
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 4693 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __sanitizer_cov_trace_pc+0x8/0x5c kernel/kcov.c:210
lr : local_lock_release include/linux/local_lock_internal.h:60 [inline]
lr : __folio_batch_add_and_move+0x5c0/0xac0 mm/swap.c:201
sp : ffff8000985272f0
x29: ffff800098527320 x28: 1fffe00035c0e9b6 x27: 0000000000000000
x26: ffff80008e635000 x25: dfff800000000000 x24: ffff80008e635ce0
x23: fffffdffc3d659c8 x22: 0000000000000000 x21: ffff80008892edb0
x20: ffff0001ae0749a8 x19: ffff0001ae074980 x18: 0000000000000000
x17: 0000000000000002 x16: 0000000000000000 x15: 0000000000000000
x14: ffff0001fea577c0 x13: 0000000000000001 x12: 0000000000000004
x11: ffff700011cd19b0 x10: 0000000000ff0100 x9 : ffff0000dc5a8000
x8 : ffff0000dc5a8000 x7 : ffff800080938bd8 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800080938f94
x2 : 0000000000000000 x1 : ffff0000dc5a8000 x0 : 0000000000000000
Call trace:
__sanitizer_cov_trace_pc+0x8/0x5c kernel/kcov.c:210 (P)
folio_activate+0xf8/0x124 mm/swap.c:339
folio_mark_accessed+0x210/0x820 mm/swap.c:486
zap_present_folio_ptes mm/memory.c:1641 [inline]
zap_present_ptes mm/memory.c:1714 [inline]
do_zap_pte_range mm/memory.c:1816 [inline]
zap_pte_range mm/memory.c:1918 [inline]
zap_pmd_range mm/memory.c:2004 [inline]
zap_pud_range mm/memory.c:2032 [inline]
zap_p4d_range mm/memory.c:2053 [inline]
__zap_vma_range+0x168c/0x404c mm/memory.c:2093
unmap_vmas+0x2d4/0x438 mm/memory.c:2162
exit_mmap+0x1e8/0xaf8 mm/mmap.c:1300
__mmput+0xe4/0x2f0 kernel/fork.c:1178
mmput+0x70/0xa8 kernel/fork.c:1201
exit_mm+0x190/0x26c kernel/exit.c:582
do_exit+0x518/0x1a6c kernel/exit.c:964
do_group_exit+0x194/0x22c kernel/exit.c:1119
__do_sys_exit_group kernel/exit.c:1130 [inline]
__se_sys_exit_group kernel/exit.c:1128 [inline]
pid_child_should_wake+0x0/0x110 kernel/exit.c:1128
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740
el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages