[syzbot] [kernel?] WARNING in exit_itimers

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+d9da13b17db05637e02d@syzkaller.appspotmail.com>
To: anna-maria@linutronix.de, frederic@kernel.org,
	 linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	 tglx@linutronix.de
Subject: [syzbot] [kernel?] WARNING in exit_itimers
Date: Sat, 01 Mar 2025 04:45:24 -0800	[thread overview]
Message-ID: <67c30164.050a0220.dc10f.0167.GAE@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    d082ecbc71e9 Linux 6.14-rc4
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=173537a4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=299fb852e91f4f3c
dashboard link: https://syzkaller.appspot.com/bug?extid=d9da13b17db05637e02d
compiler:       aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-d082ecbc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bdb92972b307/vmlinux-d082ecbc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/15450a9ada87/Image-d082ecbc.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d9da13b17db05637e02d@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 0 PID: 21835 at kernel/time/posix-timers.c:1109 exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109
Modules linked in:
CPU: 0 UID: 0 PID: 21835 Comm: syz.0.5419 Not tainted 6.14.0-rc4-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109
lr : itimer_delete kernel/time/posix-timers.c:1081 [inline]
lr : exit_itimers+0x17c/0x34c kernel/time/posix-timers.c:1103
sp : ffff800088ffbbf0
x29: ffff800088ffbbf0 x28: 0000000000000001 x27: f0f0000007b99a38
x26: 0000000000000000 x25: 0000000000000000 x24: f0f0000007b99240
x23: 0000000000000000 x22: f0f0000007b99240 x21: f0f0000007b99240
x20: 0000000000000001 x19: f0f0000007b99240 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffea2d02c8
x14: f0f0000007b992c0 x13: ffff8000828500c8 x12: 0000000000000001
x11: 00000355b7b9e14b x10: 5d48c5ec52c2bb1a x9 : b4052c63a0d52864
x8 : ffff800088ffbe38 x7 : fdf0000003263488 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000001000001 x3 : 00000000000001f4
x2 : fff000007f8d0758 x1 : f0f0000007b99240 x0 : fdf0000016d5fb60
Call trace:
 exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109 (P)
 do_exit+0x17c/0x98c kernel/exit.c:912
 do_group_exit+0x34/0x90 kernel/exit.c:1087
 copy_siginfo_to_user+0x0/0xec kernel/signal.c:3036
 do_signal+0x94/0x360 arch/arm64/kernel/signal.c:1658
 do_notify_resume+0xd8/0x164 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xc0/0xe0 arch/arm64/kernel/entry-common.c:745
 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
rcuref - imbalanced put()
WARNING: CPU: 0 PID: 21835 at lib/rcuref.c:267 rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
Modules linked in:
CPU: 0 UID: 0 PID: 21835 Comm: syz.0.5419 Tainted: G        W          6.14.0-rc4-syzkaller #0
Tainted: [W]=WARN
Hardware name: linux,dummy-virt (DT)
pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
lr : rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
sp : ffff800088ffbbd0
x29: ffff800088ffbbd0 x28: 0000000000000001 x27: f0f0000007b99a38
x26: 0000000000000000 x25: 0000000000000000 x24: f0f0000007b99240
x23: 0000000000000000 x22: f0f0000007b99240 x21: f0f0000007b99240
x20: 00000000ffffffff x19: fdf0000016d5fc28 x18: 000000000001cf9f
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800088ffb560
x14: 00000000ffffffea x13: ffff800088ffb988 x12: ffff80008292d920
x11: fffffffffffd8010 x10: fffffffffffd7fe8 x9 : 0000000000009be8
x8 : c0000000ffffe67f x7 : ffff80008287d898 x6 : 0000000000023ba8
x5 : ffff8000828a14c8 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : f0f0000007b99240
Call trace:
 rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267 (P)
 __rcuref_put include/linux/rcuref.h:94 [inline]
 rcuref_put include/linux/rcuref.h:150 [inline]
 posixtimer_putref include/linux/posix-timers.h:226 [inline]
 posix_timer_cleanup_ignored kernel/time/posix-timers.c:977 [inline]
 exit_itimers+0x334/0x34c kernel/time/posix-timers.c:1114
 do_exit+0x17c/0x98c kernel/exit.c:912
 do_group_exit+0x34/0x90 kernel/exit.c:1087
 copy_siginfo_to_user+0x0/0xec kernel/signal.c:3036
 do_signal+0x94/0x360 arch/arm64/kernel/signal.c:1658
 do_notify_resume+0xd8/0x164 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xc0/0xe0 arch/arm64/kernel/entry-common.c:745
 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
---[ end trace 0000000000000000 ]---


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

                 reply	other threads:[~2025-03-01 12:45 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=67c30164.050a0220.dc10f.0167.GAE@google.com \
    --to=syzbot+d9da13b17db05637e02d@syzkaller.appspotmail.com \
    --cc=anna-maria@linutronix.de \
    --cc=frederic@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.