From: syzbot <syzbot+9431dc0c0741cff46a99@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, apopple@nvidia.com, byungchul@sk.com,
da.gomez@samsung.com, david@redhat.com, gourry@gourry.net,
joshua.hahnjy@gmail.com, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux-modules@vger.kernel.org,
matthew.brost@intel.com, mcgrof@kernel.org,
netdev@vger.kernel.org, petr.pavlu@suse.com, rakie.kim@sk.com,
samitolvanen@google.com, syzkaller-bugs@googlegroups.com,
ying.huang@linux.alibaba.com, ziy@nvidia.com
Subject: Re: [syzbot] [mm?] BUG: soft lockup in sys_bpf
Date: Sat, 25 Oct 2025 08:30:32 -0700 [thread overview]
Message-ID: <68fced18.050a0220.1e563d.00cd.GAE@google.com> (raw)
In-Reply-To: <68087f2f.050a0220.dd94f.0177.GAE@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 566771afc7a8 Merge tag 'v6.18-rc2-smb-server-fixes' of git..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15c8ee7c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=8345ce4ce316ca28
dashboard link: https://syzkaller.appspot.com/bug?extid=9431dc0c0741cff46a99
compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=157013cd980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=130cc7e2580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/52417ef1f782/disk-566771af.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/66730a263bf1/vmlinux-566771af.xz
kernel image: https://storage.googleapis.com/syzbot-assets/1fe0762efb1f/bzImage-566771af.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9431dc0c0741cff46a99@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5823
rcu: (detected by 1, t=10502 jiffies, g=8989, q=37467 ncpus=2)
task:syz-executor333 state:R running task stack:24744 pid:5823 tgid:5823 ppid:5816 task_flags:0x400140 flags:0x00080001
Call Trace:
<IRQ>
sched_show_task+0x49d/0x630 kernel/sched/core.c:7901
rcu_print_detail_task_stall_rnp kernel/rcu/tree_stall.h:292 [inline]
print_other_cpu_stall+0xf78/0x1340 kernel/rcu/tree_stall.h:681
check_cpu_stall kernel/rcu/tree_stall.h:857 [inline]
rcu_pending kernel/rcu/tree.c:3671 [inline]
rcu_sched_clock_irq+0xa47/0x11b0 kernel/rcu/tree.c:2706
update_process_times+0x235/0x2d0 kernel/time/timer.c:2473
tick_sched_handle kernel/time/tick-sched.c:276 [inline]
tick_nohz_handler+0x39a/0x520 kernel/time/tick-sched.c:297
__run_hrtimer kernel/time/hrtimer.c:1777 [inline]
__hrtimer_run_queues+0x506/0xd40 kernel/time/hrtimer.c:1841
hrtimer_interrupt+0x45d/0xa90 kernel/time/hrtimer.c:1903
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1041 [inline]
__sysvec_apic_timer_interrupt+0x10b/0x410 arch/x86/kernel/apic/apic.c:1058
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1052
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:instrument_atomic_read include/linux/instrumented.h:68 [inline]
RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
RIP: 0010:get_page_from_freelist+0x459/0x2960 mm/page_alloc.c:3824
Code: 8c 0d 00 48 8b 74 24 18 49 b8 00 00 00 00 00 fc ff df 48 8b 03 48 39 d8 0f 84 7e 07 00 00 48 8b 44 24 08 4c 8d a0 38 06 00 00 <4c> 89 e7 be 08 00 00 00 e8 ba 8e 0d 00 48 b9 00 00 00 00 00 fc ff
RSP: 0018:ffffc90004c97158 EFLAGS: 00000206
RAX: ffff88823fff8740 RBX: ffff88823fffc888 RCX: dffffc0000000000
RDX: 0000000000000001 RSI: ffff88813fffdf70 RDI: ffff88813fffdf70
RBP: 0000000000000000 R08: dffffc0000000000 R09: 1ffff11027fff7da
R10: dffffc0000000000 R11: ffffed1027fff7db R12: ffff88823fff8d78
R13: 0000000000000830 R14: ffffc90004c97448 R15: ffffc90004c9745c
__alloc_pages_slowpath+0x33b/0xe50 mm/page_alloc.c:4714
__alloc_frozen_pages_noprof+0x319/0x370 mm/page_alloc.c:5196
alloc_pages_mpol+0xd1/0x380 mm/mempolicy.c:2416
alloc_slab_page mm/slub.c:3055 [inline]
allocate_slab+0x96/0x350 mm/slub.c:3228
new_slab mm/slub.c:3282 [inline]
___slab_alloc+0xb12/0x13f0 mm/slub.c:4651
__slab_alloc+0xc6/0x1f0 mm/slub.c:4770
__slab_alloc_node mm/slub.c:4846 [inline]
slab_alloc_node mm/slub.c:5268 [inline]
kmem_cache_alloc_noprof+0xec/0x6b0 mm/slub.c:5287
skb_clone+0x212/0x3a0 net/core/skbuff.c:2050
____bpf_clone_redirect net/core/filter.c:2465 [inline]
bpf_clone_redirect+0xad/0x3d0 net/core/filter.c:2450
bpf_prog_3e1cbbed0c4acd81+0x5f/0x68
bpf_dispatcher_nop_func include/linux/bpf.h:1350 [inline]
__bpf_prog_run include/linux/filter.h:721 [inline]
bpf_prog_run include/linux/filter.h:728 [inline]
bpf_test_run+0x313/0x7a0 net/bpf/test_run.c:423
bpf_prog_test_run_skb+0xb4e/0x1550 net/bpf/test_run.c:1091
bpf_prog_test_run+0x2cd/0x340 kernel/bpf/syscall.c:4688
__sys_bpf+0x562/0x860 kernel/bpf/syscall.c:6167
__do_sys_bpf kernel/bpf/syscall.c:6259 [inline]
__se_sys_bpf kernel/bpf/syscall.c:6257 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6257
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0d40505cb9
Code: Unable to access opcode bytes at 0x7f0d40505c8f.
RSP: 002b:00007fff9d9b3ed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0d40505cb9
RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 000000000000000a
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
prev parent reply other threads:[~2025-10-25 15:30 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-23 5:48 [syzbot] [kernel?] BUG: soft lockup in sys_bpf syzbot
2025-10-25 15:30 ` syzbot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=68fced18.050a0220.1e563d.00cd.GAE@google.com \
--to=syzbot+9431dc0c0741cff46a99@syzkaller.appspotmail.com \
--cc=akpm@linux-foundation.org \
--cc=apopple@nvidia.com \
--cc=byungchul@sk.com \
--cc=da.gomez@samsung.com \
--cc=david@redhat.com \
--cc=gourry@gourry.net \
--cc=joshua.hahnjy@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-modules@vger.kernel.org \
--cc=matthew.brost@intel.com \
--cc=mcgrof@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=petr.pavlu@suse.com \
--cc=rakie.kim@sk.com \
--cc=samitolvanen@google.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=ying.huang@linux.alibaba.com \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).