[moderation] [kernfs?] BUG: soft lockup in lo_ioctl
1 view
Skip to first unread message
syzbot
2:47 AM (16 hours ago) 2:47 AM
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 5cbb61bf4168 arm64/fpsimd: ptrace: zero target's fpsimd_st..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15d1602e580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a834c6344141a58b
dashboard link: https://syzkaller.appspot.com/bug?extid=032914d0cee40b29b5f3
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
CC: [drive...@lists.linux.dev gre...@linuxfoundation.org linux-...@vger.kernel.org t...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/04156ec16593/disk-5cbb61bf.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bfa041e2c79/vmlinux-5cbb61bf.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a92d82d8a79e/Image-5cbb61bf.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+032914...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz.0.346:6232]
Modules linked in:
irq event stamp: 1168
hardirqs last enabled at (1167): [<ffff8000867440d8>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:187 [inline]
hardirqs last enabled at (1167): [<ffff8000867440d8>] _raw_spin_unlock_irq+0x30/0x80 kernel/locking/spinlock.c:206
hardirqs last disabled at (1168): [<ffff800086720b00>] __el1_irq arch/arm64/kernel/entry-common.c:493 [inline]
hardirqs last disabled at (1168): [<ffff800086720b00>] el1_interrupt+0x28/0x60 arch/arm64/kernel/entry-common.c:509
softirqs last enabled at (1160): [<ffff800080309064>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (1160): [<ffff800080309064>] handle_softirqs+0xbc4/0xd34 kernel/softirq.c:650
softirqs last disabled at (1155): [<ffff8000800204b0>] __do_softirq+0x14/0x20 kernel/softirq.c:656
CPU: 1 UID: 0 PID: 6232 Comm: syz.0.346 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __sanitizer_cov_trace_pc+0x44/0x5c kernel/kcov.c:231
lr : __sanitizer_cov_trace_pc+0x28/0x5c kernel/kcov.c:217
sp : ffff800094296bf0
x29: ffff800094296bf0 x28: ffff800089112678 x27: dfff800000000000
x26: 1fffe0001e2cf1cd x25: dfff800000000000 x24: 0000000000000001
x23: ffff0000c6028000 x22: ffff800086b228c0 x21: ffff800086b22900
x20: ffff0000c6028000 x19: ffff80008193b374 x18: 1fffe00035c25820
x17: ffff8000888db000 x16: ffff80008898cfc0 x15: ffff0001ae12c10c
x14: ffff0001ae12c108 x13: 0000000000000001 x12: 0000000000000000
x11: ffff80008a343d08 x10: 0000000000080000 x9 : 0000000000017e7d
x8 : ffff80009b5fb000 x7 : ffff800080eb32d4 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080eac348
x2 : 0000000000000001 x1 : ffff0000c6028000 x0 : 0000000000000001
Call trace:
__sanitizer_cov_trace_pc+0x44/0x5c kernel/kcov.c:223 (P)
preempt_count+0x14/0x68 arch/arm64/include/asm/preempt.h:11
check_preemption_disabled+0x30/0xe0 lib/smp_processor_id.c:16
debug_smp_processor_id+0x20/0x2c lib/smp_processor_id.c:58
rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
rcu_is_watching+0x50/0x134 kernel/rcu/tree.c:752
rcu_read_lock_held_common+0x20/0x8c kernel/rcu/update.c:109
rcu_read_lock_held+0x28/0x6c kernel/rcu/update.c:349
kernfs_root+0xf0/0x240 fs/kernfs/kernfs-internal.h:75
kernfs_active+0x58/0x124 fs/kernfs/dir.c:40
kernfs_activate_one+0xb0/0x270 fs/kernfs/dir.c:1436
kernfs_activate+0x4c/0x90 fs/kernfs/dir.c:1467
kernfs_add_one+0x284/0x398 fs/kernfs/dir.c:869
__kernfs_create_file+0x218/0x2d4 fs/kernfs/file.c:1086
sysfs_add_file_mode_ns+0x1d8/0x294 fs/sysfs/file.c:313
create_files fs/sysfs/group.c:82 [inline]
internal_create_group+0x52c/0xadc fs/sysfs/group.c:189
sysfs_create_group+0x2c/0x3c fs/sysfs/group.c:215
loop_sysfs_init drivers/block/loop.c:731 [inline]
loop_configure+0x7d4/0xc1c drivers/block/loop.c:1076
lo_ioctl+0x20c/0x1684 drivers/block/loop.c:1534
blkdev_ioctl+0x574/0x904 block/ioctl.c:797
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__arm64_sys_ioctl+0x14c/0x1c4 fs/ioctl.c:583
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723
el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_local_irq_enable arch/arm64/include/asm/irqflags.h:48 [inline]
NMI backtrace for cpu 0 skipped: idling at default_idle_call+0xd0/0xfc kernel/sched/idle.c:129
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 5cbb61bf4168 arm64/fpsimd: ptrace: zero target's fpsimd_st..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15d1602e580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a834c6344141a58b
dashboard link: https://syzkaller.appspot.com/bug?extid=032914d0cee40b29b5f3
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
userspace arch: arm64
CC: [drive...@lists.linux.dev gre...@linuxfoundation.org linux-...@vger.kernel.org t...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/04156ec16593/disk-5cbb61bf.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6bfa041e2c79/vmlinux-5cbb61bf.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a92d82d8a79e/Image-5cbb61bf.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+032914...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz.0.346:6232]
Modules linked in:
irq event stamp: 1168
hardirqs last enabled at (1167): [<ffff8000867440d8>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:187 [inline]
hardirqs last enabled at (1167): [<ffff8000867440d8>] _raw_spin_unlock_irq+0x30/0x80 kernel/locking/spinlock.c:206
hardirqs last disabled at (1168): [<ffff800086720b00>] __el1_irq arch/arm64/kernel/entry-common.c:493 [inline]
hardirqs last disabled at (1168): [<ffff800086720b00>] el1_interrupt+0x28/0x60 arch/arm64/kernel/entry-common.c:509
softirqs last enabled at (1160): [<ffff800080309064>] softirq_handle_end kernel/softirq.c:468 [inline]
softirqs last enabled at (1160): [<ffff800080309064>] handle_softirqs+0xbc4/0xd34 kernel/softirq.c:650
softirqs last disabled at (1155): [<ffff8000800204b0>] __do_softirq+0x14/0x20 kernel/softirq.c:656
CPU: 1 UID: 0 PID: 6232 Comm: syz.0.346 Tainted: G L syzkaller #0 PREEMPT
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : __sanitizer_cov_trace_pc+0x44/0x5c kernel/kcov.c:231
lr : __sanitizer_cov_trace_pc+0x28/0x5c kernel/kcov.c:217
sp : ffff800094296bf0
x29: ffff800094296bf0 x28: ffff800089112678 x27: dfff800000000000
x26: 1fffe0001e2cf1cd x25: dfff800000000000 x24: 0000000000000001
x23: ffff0000c6028000 x22: ffff800086b228c0 x21: ffff800086b22900
x20: ffff0000c6028000 x19: ffff80008193b374 x18: 1fffe00035c25820
x17: ffff8000888db000 x16: ffff80008898cfc0 x15: ffff0001ae12c10c
x14: ffff0001ae12c108 x13: 0000000000000001 x12: 0000000000000000
x11: ffff80008a343d08 x10: 0000000000080000 x9 : 0000000000017e7d
x8 : ffff80009b5fb000 x7 : ffff800080eb32d4 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080eac348
x2 : 0000000000000001 x1 : ffff0000c6028000 x0 : 0000000000000001
Call trace:
__sanitizer_cov_trace_pc+0x44/0x5c kernel/kcov.c:223 (P)
preempt_count+0x14/0x68 arch/arm64/include/asm/preempt.h:11
check_preemption_disabled+0x30/0xe0 lib/smp_processor_id.c:16
debug_smp_processor_id+0x20/0x2c lib/smp_processor_id.c:58
rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
rcu_is_watching+0x50/0x134 kernel/rcu/tree.c:752
rcu_read_lock_held_common+0x20/0x8c kernel/rcu/update.c:109
rcu_read_lock_held+0x28/0x6c kernel/rcu/update.c:349
kernfs_root+0xf0/0x240 fs/kernfs/kernfs-internal.h:75
kernfs_active+0x58/0x124 fs/kernfs/dir.c:40
kernfs_activate_one+0xb0/0x270 fs/kernfs/dir.c:1436
kernfs_activate+0x4c/0x90 fs/kernfs/dir.c:1467
kernfs_add_one+0x284/0x398 fs/kernfs/dir.c:869
__kernfs_create_file+0x218/0x2d4 fs/kernfs/file.c:1086
sysfs_add_file_mode_ns+0x1d8/0x294 fs/sysfs/file.c:313
create_files fs/sysfs/group.c:82 [inline]
internal_create_group+0x52c/0xadc fs/sysfs/group.c:189
sysfs_create_group+0x2c/0x3c fs/sysfs/group.c:215
loop_sysfs_init drivers/block/loop.c:731 [inline]
loop_configure+0x7d4/0xc1c drivers/block/loop.c:1076
lo_ioctl+0x20c/0x1684 drivers/block/loop.c:1534
blkdev_ioctl+0x574/0x904 block/ioctl.c:797
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:597 [inline]
__se_sys_ioctl fs/ioctl.c:583 [inline]
__arm64_sys_ioctl+0x14c/0x1c4 fs/ioctl.c:583
__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723
el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0 skipped: idling at __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:26 [inline]
NMI backtrace for cpu 0 skipped: idling at arch_local_irq_enable arch/arm64/include/asm/irqflags.h:48 [inline]
NMI backtrace for cpu 0 skipped: idling at default_idle_call+0xd0/0xfc kernel/sched/idle.c:129
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages