[moderation] [fs?] BUG: soft lockup in __cleanup_mnt
0 views
Skip to first unread message
syzbot
Jul 19, 2024, 7:14:22 AM (8 days ago) Jul 19
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c912bf709078 Merge remote-tracking branches 'origin/arm64-..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=112140e6980000
kernel config: https://syzkaller.appspot.com/x/.config?x=79a49b0b9ffd6585
dashboard link: https://syzkaller.appspot.com/bug?extid=f2a76ec4635995909c44
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
CC: [bra...@kernel.org ja...@suse.cz linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fea69a9d153c/disk-c912bf70.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/be06762a72ef/vmlinux-c912bf70.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6c8e58b4215d/Image-c912bf70.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f2a76e...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 21s! [syz-executor:6289]
Modules linked in:
irq event stamp: 1034258
hardirqs last enabled at (1034257): [<ffff8000803cae50>] __call_rcu_common kernel/rcu/tree.c:3094 [inline]
hardirqs last enabled at (1034257): [<ffff8000803cae50>] call_rcu+0x648/0xb08 kernel/rcu/tree.c:3176
hardirqs last disabled at (1034258): [<ffff80008afc1a54>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (1034258): [<ffff80008afc1a54>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last enabled at (997786): [<ffff80008003067c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (997784): [<ffff800080030648>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 1 PID: 6289 Comm: syz-executor Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_local_irq_restore+0x8/0xc arch/arm64/include/asm/irqflags.h:197
lr : lock_is_held_type+0x150/0x1a8 kernel/locking/lockdep.c:5827
sp : ffff80009a8675c0
x29: ffff80009a8675c0 x28: 1fffe00019820922 x27: 0000000000000008
x26: ffff0000d8a73c80 x25: ffff80008f047000 x24: 00007dfe9aa1c3a0
x23: fffffdffbf75e3a4 x22: ffff0000d8a73c80 x21: ffff80008f2d7ac0
x20: 0000000000000000 x19: 0000000000000000 x18: ffff80009a867180
x17: 0000000000030dac x16: ffff80008032b884 x15: 0000000000000001
x14: ffff80008f100568 x13: dfff800000000000 x12: 000000002d2a6f2c
x11: 0000000000000003 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : ffff800080c518e0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : 0000000000000000 x1 : 0000000000000080 x0 : 0000000000000000
Call trace:
__daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline]
arch_local_irq_restore+0x8/0xc arch/arm64/include/asm/irqflags.h:195
lock_is_held include/linux/lockdep.h:231 [inline]
__might_resched+0x48/0x4d0 kernel/sched/core.c:10158
__might_sleep+0x90/0xe4 kernel/sched/core.c:10125
dput+0x34/0x290 fs/dcache.c:840
cleanup_mnt+0x330/0x3dc fs/namespace.c:1266
__cleanup_mnt+0x20/0x30 fs/namespace.c:1274
task_work_run+0x230/0x2e0 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x4e4/0x1ac8 kernel/exit.c:876
do_group_exit+0x194/0x22c kernel/exit.c:1025
get_signal+0x1414/0x1530 kernel/signal.c:2909
do_signal+0x238/0x2924 arch/arm64/kernel/signal.c:1308
do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8087 Comm: syz-executor Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : check_kcov_mode kernel/kcov.c:175 [inline]
pc : write_comp_data kernel/kcov.c:236 [inline]
pc : __sanitizer_cov_trace_const_cmp8+0x34/0x80 kernel/kcov.c:311
lr : generic_test_bit include/asm-generic/bitops/generic-non-atomic.h:128 [inline]
lr : folio_test_unevictable include/linux/page-flags.h:596 [inline]
lr : folio_mark_accessed+0xfc/0x6a4 mm/swap.c:472
sp : ffff8000a00b6f70
x29: ffff8000a00b6f80 x28: 0000000000000000 x27: 1fffffbff86ed168
x26: 1fffffbff86ed169 x25: dfff800000000000 x24: dfff800000000000
x23: 1fffe0001b193b6e x22: 0000000000000000 x21: 05ffc0000000512c
x20: fffffdffc3768b48 x19: fffffdffc3768b40 x18: ffff0001fea899d0
x17: ffff80008f0fd000 x16: ffff800082f8f174 x15: 0000000000000001
x14: 1fffe000180e5a2d x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000180e5a2e x10: 0000000000ff0100 x9 : 0000000000000001
x8 : ffff0000d26d0000 x7 : ffff800080af3b10 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080af4310
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
check_kcov_mode kernel/kcov.c:173 [inline]
write_comp_data kernel/kcov.c:236 [inline]
__sanitizer_cov_trace_const_cmp8+0x34/0x80 kernel/kcov.c:311
zap_present_folio_ptes mm/memory.c:1490 [inline]
zap_present_ptes mm/memory.c:1564 [inline]
zap_pte_range mm/memory.c:1606 [inline]
zap_pmd_range mm/memory.c:1724 [inline]
zap_pud_range mm/memory.c:1753 [inline]
zap_p4d_range mm/memory.c:1774 [inline]
unmap_page_range+0x1b90/0x2e58 mm/memory.c:1795
unmap_single_vma mm/memory.c:1841 [inline]
unmap_vmas+0x378/0x598 mm/memory.c:1885
exit_mmap+0x1cc/0xcb8 mm/mmap.c:3341
__mmput+0xec/0x390 kernel/fork.c:1346
mmput+0x70/0xac kernel/fork.c:1368
exit_mm+0x148/0x210 kernel/exit.c:567
do_exit+0x468/0x1ac8 kernel/exit.c:863
do_group_exit+0x194/0x22c kernel/exit.c:1025
get_signal+0x1414/0x1530 kernel/signal.c:2909
do_signal+0x238/0x2924 arch/arm64/kernel/signal.c:1308
do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c912bf709078 Merge remote-tracking branches 'origin/arm64-..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=112140e6980000
kernel config: https://syzkaller.appspot.com/x/.config?x=79a49b0b9ffd6585
dashboard link: https://syzkaller.appspot.com/bug?extid=f2a76ec4635995909c44
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
CC: [bra...@kernel.org ja...@suse.cz linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/fea69a9d153c/disk-c912bf70.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/be06762a72ef/vmlinux-c912bf70.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6c8e58b4215d/Image-c912bf70.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f2a76e...@syzkaller.appspotmail.com
watchdog: BUG: soft lockup - CPU#1 stuck for 21s! [syz-executor:6289]
Modules linked in:
irq event stamp: 1034258
hardirqs last enabled at (1034257): [<ffff8000803cae50>] __call_rcu_common kernel/rcu/tree.c:3094 [inline]
hardirqs last enabled at (1034257): [<ffff8000803cae50>] call_rcu+0x648/0xb08 kernel/rcu/tree.c:3176
hardirqs last disabled at (1034258): [<ffff80008afc1a54>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
hardirqs last disabled at (1034258): [<ffff80008afc1a54>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
softirqs last enabled at (997786): [<ffff80008003067c>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (997784): [<ffff800080030648>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
CPU: 1 PID: 6289 Comm: syz-executor Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : arch_local_irq_restore+0x8/0xc arch/arm64/include/asm/irqflags.h:197
lr : lock_is_held_type+0x150/0x1a8 kernel/locking/lockdep.c:5827
sp : ffff80009a8675c0
x29: ffff80009a8675c0 x28: 1fffe00019820922 x27: 0000000000000008
x26: ffff0000d8a73c80 x25: ffff80008f047000 x24: 00007dfe9aa1c3a0
x23: fffffdffbf75e3a4 x22: ffff0000d8a73c80 x21: ffff80008f2d7ac0
x20: 0000000000000000 x19: 0000000000000000 x18: ffff80009a867180
x17: 0000000000030dac x16: ffff80008032b884 x15: 0000000000000001
x14: ffff80008f100568 x13: dfff800000000000 x12: 000000002d2a6f2c
x11: 0000000000000003 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 00000000000000c0 x7 : ffff800080c518e0 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : 0000000000000000 x1 : 0000000000000080 x0 : 0000000000000000
Call trace:
__daif_local_irq_restore arch/arm64/include/asm/irqflags.h:175 [inline]
arch_local_irq_restore+0x8/0xc arch/arm64/include/asm/irqflags.h:195
lock_is_held include/linux/lockdep.h:231 [inline]
__might_resched+0x48/0x4d0 kernel/sched/core.c:10158
__might_sleep+0x90/0xe4 kernel/sched/core.c:10125
dput+0x34/0x290 fs/dcache.c:840
cleanup_mnt+0x330/0x3dc fs/namespace.c:1266
__cleanup_mnt+0x20/0x30 fs/namespace.c:1274
task_work_run+0x230/0x2e0 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x4e4/0x1ac8 kernel/exit.c:876
do_group_exit+0x194/0x22c kernel/exit.c:1025
get_signal+0x1414/0x1530 kernel/signal.c:2909
do_signal+0x238/0x2924 arch/arm64/kernel/signal.c:1308
do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8087 Comm: syz-executor Not tainted 6.10.0-rc7-syzkaller-gc912bf709078 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : check_kcov_mode kernel/kcov.c:175 [inline]
pc : write_comp_data kernel/kcov.c:236 [inline]
pc : __sanitizer_cov_trace_const_cmp8+0x34/0x80 kernel/kcov.c:311
lr : generic_test_bit include/asm-generic/bitops/generic-non-atomic.h:128 [inline]
lr : folio_test_unevictable include/linux/page-flags.h:596 [inline]
lr : folio_mark_accessed+0xfc/0x6a4 mm/swap.c:472
sp : ffff8000a00b6f70
x29: ffff8000a00b6f80 x28: 0000000000000000 x27: 1fffffbff86ed168
x26: 1fffffbff86ed169 x25: dfff800000000000 x24: dfff800000000000
x23: 1fffe0001b193b6e x22: 0000000000000000 x21: 05ffc0000000512c
x20: fffffdffc3768b48 x19: fffffdffc3768b40 x18: ffff0001fea899d0
x17: ffff80008f0fd000 x16: ffff800082f8f174 x15: 0000000000000001
x14: 1fffe000180e5a2d x13: 0000000000000000 x12: 0000000000000000
x11: ffff6000180e5a2e x10: 0000000000ff0100 x9 : 0000000000000001
x8 : ffff0000d26d0000 x7 : ffff800080af3b10 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080af4310
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
check_kcov_mode kernel/kcov.c:173 [inline]
write_comp_data kernel/kcov.c:236 [inline]
__sanitizer_cov_trace_const_cmp8+0x34/0x80 kernel/kcov.c:311
zap_present_folio_ptes mm/memory.c:1490 [inline]
zap_present_ptes mm/memory.c:1564 [inline]
zap_pte_range mm/memory.c:1606 [inline]
zap_pmd_range mm/memory.c:1724 [inline]
zap_pud_range mm/memory.c:1753 [inline]
zap_p4d_range mm/memory.c:1774 [inline]
unmap_page_range+0x1b90/0x2e58 mm/memory.c:1795
unmap_single_vma mm/memory.c:1841 [inline]
unmap_vmas+0x378/0x598 mm/memory.c:1885
exit_mmap+0x1cc/0xcb8 mm/mmap.c:3341
__mmput+0xec/0x390 kernel/fork.c:1346
mmput+0x70/0xac kernel/fork.c:1368
exit_mm+0x148/0x210 kernel/exit.c:567
do_exit+0x468/0x1ac8 kernel/exit.c:863
do_group_exit+0x194/0x22c kernel/exit.c:1025
get_signal+0x1414/0x1530 kernel/signal.c:2909
do_signal+0x238/0x2924 arch/arm64/kernel/signal.c:1308
do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages