[syzbot] [mm?] INFO: rcu detected stall in sys_unlinkat (3)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+61ec37db8c428baeb677@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
	 linux-mm@kvack.org, pasha.tatashin@soleen.com,
	 syzkaller-bugs@googlegroups.com
Subject: [syzbot] [mm?] INFO: rcu detected stall in sys_unlinkat (3)
Date: Fri, 06 Jun 2025 07:28:31 -0700	[thread overview]
Message-ID: <6842fb0f.a00a0220.29ac89.0042.GAE@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    92a09c47464d Linux 6.15-rc5
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=143530f4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=91c351a0f6229e67
dashboard link: https://syzkaller.appspot.com/bug?extid=61ec37db8c428baeb677
compiler:       Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1891731f8dec/disk-92a09c47.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d0de4fa2c8c2/vmlinux-92a09c47.xz
kernel image: https://storage.googleapis.com/syzbot-assets/53a4edfaecf1/bzImage-92a09c47.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+61ec37db8c428baeb677@syzkaller.appspotmail.com

sched: DL replenish lagged too much
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6265/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=19425, q=859 ncpus=2)
task:syz-executor    state:R  running task     stack:22008 pid:6265  tgid:6265  ppid:6251   task_flags:0x400140 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x16e2/0x4cd0 kernel/sched/core.c:6767
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7090
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline]
RIP: 0010:raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline]
RIP: 0010:atomic_read include/linux/atomic/atomic-instrumented.h:33 [inline]
RIP: 0010:__page_table_check_zero+0x1f9/0x510 mm/page_table_check.c:142
Code: 89 ee e8 fa 26 93 ff 4c 39 ed 0f 84 6c 01 00 00 4c 8b 3d 5a 2c db 0b 4d 01 e7 4c 89 ff be 04 00 00 00 e8 7a 1b f5 ff 4c 89 f8 <48> c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 84 c0 0f 85
RSP: 0018:ffffc9000b5ef790 EFLAGS: 00000256
RAX: ffff88801d1b29b8 RBX: 0000000000000000 RCX: ffffffff822cabd6
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff88801d1b29b8
RBP: 0000000000000008 R08: ffff88801d1b29bb R09: 1ffff11003a36537
R10: dffffc0000000000 R11: ffffed1003a36538 R12: ffff88801d1b2970
R13: 0000000000000003 R14: 000000000005d6e9 R15: ffff88801d1b29b8
 page_table_check_free include/linux/page_table_check.h:41 [inline]
 free_pages_prepare mm/page_alloc.c:1263 [inline]
 __free_frozen_pages+0xb22/0xcd0 mm/page_alloc.c:2725
 __slab_free+0x326/0x400 mm/slub.c:4553
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x22/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4327 [inline]
 __kmalloc_noprof+0x27a/0x4f0 mm/slub.c:4339
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 tomoyo_encode2 security/tomoyo/realpath.c:45 [inline]
 tomoyo_encode+0x28b/0x550 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x58d/0x5d0 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x213/0x4b0 security/tomoyo/file.c:822
 tomoyo_path_rmdir+0xa2/0xe0 security/tomoyo/tomoyo.c:195
 security_path_rmdir+0x167/0x360 security/security.c:1949
 do_rmdir+0x219/0x630 fs/namei.c:4506
 __do_sys_unlinkat fs/namei.c:4683 [inline]
 __se_sys_unlinkat fs/namei.c:4677 [inline]
 __x64_sys_unlinkat+0xc2/0xf0 fs/namei.c:4677
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f36e318df47
RSP: 002b:00007ffdf6aecb78 EFLAGS: 00000207 ORIG_RAX: 0000000000000107
RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f36e318df47
RDX: 0000000000000200 RSI: 00007ffdf6aedd20 RDI: 00000000ffffff9c
RBP: 00007f36e321089d R08: 000055555c96962b R09: 0000000000000000
R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffdf6aedd20
R13: 00007f36e321089d R14: 0000000000033668 R15: 00007ffdf6aeedf0
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

                 reply	other threads:[~2025-06-06 14:28 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6842fb0f.a00a0220.29ac89.0042.GAE@google.com \
    --to=syzbot+61ec37db8c428baeb677@syzkaller.appspotmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=pasha.tatashin@soleen.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.