| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6978b696.050a0220.c9109.001b.GAE@google.com>
Date: Tue, 27 Jan 2026 04:59:02 -0800
From: syzbot <syzbot+316c0070a0341d2661a2@...kaller.appspotmail.com>
To: kartikey406@...il.com, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [bpf?] INFO: rcu detected stall in vma_merge_new_range (3)
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
1] ? lock_acquire+0x17c/0x330
[ 38.431995][ C1] ? __pfx_try_to_wake_up+0x10/0x10
[ 38.432010][ C1] ? mark_held_locks+0x40/0x70
[ 38.432022][ C1] ? __pfx_call_rcu_tasks_generic_timer+0x10/0x10
[ 38.432039][ C1] rcuwait_wake_up+0xac/0x290
[ 38.432051][ C1] call_timer_fn+0x19a/0x590
[ 38.432069][ C1] ? __pfx_call_timer_fn+0x10/0x10
[ 38.432088][ C1] ? __pfx_call_rcu_tasks_generic_timer+0x10/0x10
[ 38.432104][ C1] ? mark_held_locks+0x40/0x70
[ 38.432116][ C1] ? __pfx_call_rcu_tasks_generic_timer+0x10/0x10
[ 38.432131][ C1] __run_timers+0x757/0xac0
[ 38.432144][ C1] ? __pfx___run_timers+0x10/0x10
[ 38.432163][ C1] timer_expire_remote+0x102/0x170
[ 38.432177][ C1] ? __pfx_timer_expire_remote+0x10/0x10
[ 38.432190][ C1] ? _raw_spin_unlock_irq+0x23/0x50
[ 38.432200][ C1] ? lockdep_hardirqs_on+0x78/0x100
[ 38.432213][ C1] tmigr_handle_remote_up+0x523/0xa50
[ 38.432232][ C1] ? __pfx_tmigr_handle_remote_up+0x10/0x10
[ 38.432250][ C1] ? find_held_lock+0x2b/0x80
[ 38.432267][ C1] __walk_groups_from+0x56/0x190
[ 38.432279][ C1] ? __pfx_tmigr_handle_remote_up+0x10/0x10
[ 38.432297][ C1] tmigr_handle_remote+0x2cb/0x380
[ 38.432313][ C1] ? __pfx_tmigr_handle_remote+0x10/0x10
[ 38.432331][ C1] ? run_timer_base+0x121/0x190
[ 38.432341][ C1] ? __pfx_run_timer_base+0x10/0x10
[ 38.432353][ C1] run_timer_softirq+0x3a/0x50
[ 38.432363][ C1] handle_softirqs+0x1ea/0x910
[ 38.432380][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 38.432398][ C1] __irq_exit_rcu+0xef/0x150
[ 38.432413][ C1] irq_exit_rcu+0x9/0x30
[ 38.432429][ C1] sysvec_apic_timer_interrupt+0xa3/0xc0
[ 38.432441][ C1] </IRQ>
[ 38.432445][ C1] <TASK>
[ 38.432449][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 38.432462][ C1] RIP: 0010:its_return_thunk+0x0/0x10
[ 38.432479][ C1] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 e9 ab c8 fb f5 cc
[ 38.432490][ C1] RSP: 0000:ffffc90000067870 EFLAGS: 00000293
[ 38.432500][ C1] RAX: 0000000000000000 RBX: ffffc90000067d00 RCX: ffffc90000067b78
[ 38.432508][ C1] RDX: ffff8881412a0000 RSI: ffffffff828276b4 RDI: ffffc90000067d98
[ 38.432516][ C1] RBP: 0000000000000000 R08: 0000000000000006 R09: ffffff0c297ff000
[ 38.432523][ C1] R10: ffffff0c297af000 R11: 00000000000075a9 R12: ffffff0c297b0000
[ 38.432531][ C1] R13: ffffffff81b9b0e0 R14: dffffc0000000000 R15: ffffffff8ba473c0
[ 38.432540][ C1] ? __pfx_effective_prot_pte+0x10/0x10
[ 38.432554][ C1] ? ptdump_pte_entry+0x94/0x100
[ 38.432574][ C1] ptdump_pte_entry+0x94/0x100
[ 38.432591][ C1] walk_pte_range_inner+0x258/0x360
[ 38.432608][ C1] ? __pfx_walk_pte_range_inner+0x10/0x10
[ 38.432622][ C1] ? ptdump_pmd_entry+0x286/0x430
[ 38.432641][ C1] walk_pgd_range+0xecb/0x1eb0
[ 38.432657][ C1] ? __pfx_ptdump_pte_entry+0x10/0x10
[ 38.432677][ C1] ? __pfx_walk_pgd_range+0x10/0x10
[ 38.432694][ C1] walk_page_range_debug+0x2fd/0x370
[ 38.432708][ C1] ? __pfx_walk_page_range_debug+0x10/0x10
[ 38.432726][ C1] ? __pfx_down_write+0x10/0x10
[ 38.432742][ C1] ptdump_walk_pgd+0x129/0x330
[ 38.432761][ C1] ptdump_walk_pgd_level_core+0x26c/0x300
[ 38.432776][ C1] ? __pfx_ptdump_walk_pgd_level_core+0x10/0x10
[ 38.432792][ C1] ? __pfx_note_page_pte+0x10/0x10
[ 38.432803][ C1] ? __pfx_note_page_pmd+0x10/0x10
[ 38.432815][ C1] ? __pfx_note_page_pud+0x10/0x10
[ 38.432826][ C1] ? __pfx_note_page_p4d+0x10/0x10
[ 38.432838][ C1] ? __pfx_note_page_pgd+0x10/0x10
[ 38.432849][ C1] ? __pfx_note_page_flush+0x10/0x10
[ 38.432861][ C1] ? __pfx_effective_prot_pte+0x10/0x10
[ 38.432873][ C1] ? __pfx_effective_prot_pmd+0x10/0x10
[ 38.432885][ C1] ? __pfx_effective_prot_pud+0x10/0x10
[ 38.432896][ C1] ? __pfx_effective_prot_p4d+0x10/0x10
[ 38.432908][ C1] ? __pfx_effective_prot_pgd+0x10/0x10
[ 38.432923][ C1] ? free_reserved_area.cold+0x18/0x1d
[ 38.432943][ C1] ? free_init_pages+0x9b/0xe0
[ 38.432955][ C1] ptdump_walk_pgd_level_checkwx+0x63/0x90
[ 38.432969][ C1] kernel_init+0x60/0x1e0
[ 38.432984][ C1] ? _raw_spin_unlock_irq+0x2e/0x50
[ 38.432994][ C1] ? __pfx_kernel_init+0x10/0x10
[ 38.433009][ C1] ret_from_fork+0x754/0xaf0
[ 38.433023][ C1] ? __pfx_ret_from_fork+0x10/0x10
[ 38.433037][ C1] ? __switch_to+0x7b9/0x10c0
[ 38.433053][ C1] ? __pfx_kernel_init+0x10/0x10
[ 38.433069][ C1] ret_from_fork_asm+0x1a/0x30
[ 38.433084][ C1] </TASK>
[ 39.057319][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 39.069691][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 39.079497][ T1] Run /sbin/init as init process
[ 39.304818][ C1] BUG: sleeping function called from invalid context at arch/x86/kernel/stacktrace.c:33
[ 39.314552][ C1] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/1
[ 39.323349][ C1] preempt_count: 101, expected: 0
[ 39.328407][ C1] RCU nest depth: 0, expected: 0
[ 39.333331][ C1] 1 lock held by swapper/1/0:
[ 39.338026][ C1] #0: ffffffff8e5e31c0 (rcu_callback){....}-{0:0}, at: rcu_core+0x75f/0x15c0
[ 39.347144][ C1] Preemption disabled at:
[ 39.347155][ C1] [<0000000000000000>] 0x0
[ 39.355914][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W syzkaller #0 PREEMPT(full)
[ 39.355946][ C1] Tainted: [W]=WARN
[ 39.355953][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 39.355968][ C1] Call Trace:
[ 39.355975][ C1] <IRQ>
[ 39.355984][ C1] dump_stack_lvl+0x100/0x190
[ 39.356017][ C1] __might_resched.cold+0x1ec/0x232
[ 39.356048][ C1] ? __pfx___might_resched+0x10/0x10
[ 39.356078][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 39.356113][ C1] arch_stack_walk+0xe0/0x130
[ 39.356148][ C1] ? default_idle_call+0x6c/0xb0
[ 39.356181][ C1] stack_trace_save+0x8e/0xc0
[ 39.356213][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 39.356248][ C1] ? __lock_acquire+0x4a5/0x2630
[ 39.356273][ C1] kasan_save_stack+0x30/0x50
[ 39.356299][ C1] ? kasan_save_stack+0x30/0x50
[ 39.356323][ C1] ? kasan_save_track+0x14/0x30
[ 39.356352][ C1] ? kasan_save_free_info+0x3b/0x70
[ 39.356372][ C1] ? __kasan_slab_free+0x5f/0x80
[ 39.356398][ C1] ? kfree+0x1c7/0x690
[ 39.356418][ C1] ? slab_free_after_rcu_debug+0x55/0x1c0
[ 39.356441][ C1] ? rcu_core+0x7c0/0x15c0
[ 39.356466][ C1] ? handle_softirqs+0x1ea/0x910
[ 39.356497][ C1] ? __irq_exit_rcu+0xef/0x150
[ 39.356527][ C1] ? irq_exit_rcu+0x9/0x30
[ 39.356556][ C1] ? sysvec_apic_timer_interrupt+0xa3/0xc0
[ 39.356578][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 39.356603][ C1] ? pv_native_safe_halt+0xf/0x20
[ 39.356623][ C1] ? default_idle+0x9/0x10
[ 39.356646][ C1] ? default_idle_call+0x6c/0xb0
[ 39.356697][ C1] kasan_save_track+0x14/0x30
[ 39.356723][ C1] kasan_save_free_info+0x3b/0x70
[ 39.356744][ C1] __kasan_slab_free+0x5f/0x80
[ 39.356773][ C1] kfree+0x1c7/0x690
[ 39.356793][ C1] ? lock_acquire+0x17c/0x330
[ 39.356813][ C1] ? slab_free_after_rcu_debug+0x55/0x1c0
[ 39.356841][ C1] ? rcu_core+0x7bb/0x15c0
[ 39.356867][ C1] ? slab_free_after_rcu_debug+0x55/0x1c0
[ 39.356891][ C1] slab_free_after_rcu_debug+0x55/0x1c0
[ 39.356919][ C1] rcu_core+0x7c0/0x15c0
[ 39.356952][ C1] ? __pfx_rcu_core+0x10/0x10
[ 39.356990][ C1] handle_softirqs+0x1ea/0x910
[ 39.357026][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 39.357063][ C1] __irq_exit_rcu+0xef/0x150
[ 39.357092][ C1] irq_exit_rcu+0x9/0x30
[ 39.357121][ C1] sysvec_apic_timer_interrupt+0xa3/0xc0
[ 39.357145][ C1] </IRQ>
[ 39.357152][ C1] <TASK>
[ 39.357160][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 39.357186][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 39.357209][ C1] Code: 66 78 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 bc 14 00 fb f4 <e9> fc 31 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 39.357232][ C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000242
[ 39.357250][ C1] RAX: 000000000001ac97 RBX: ffff88801e2ba4c0 RCX: ffffffff8b76c4b5
[ 39.357266][ C1] RDX: 0000000000000000 RSI: ffffffff8dc4550c RDI: ffffffff8bfa35a0
[ 39.357281][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: ffffed10170a673d
[ 39.357295][ C1] R10: ffff8880b85339eb R11: 0000000000000000 R12: ffffed1003c57498
[ 39.357309][ C1] R13: 0000000000000001 R14: ffffffff90b74bd0 R15: 0000000000000000
[ 39.357331][ C1] ? ct_kernel_exit+0x125/0x180
[ 39.357366][ C1] default_idle+0x9/0x10
[ 39.357391][ C1] default_idle_call+0x6c/0xb0
[ 39.357419][ C1] do_idle+0x35b/0x4b0
[ 39.357450][ C1] ? __pfx_do_idle+0x10/0x10
[ 39.357488][ C1] cpu_startup_entry+0x4f/0x60
[ 39.357519][ C1] start_secondary+0x21d/0x2d0
[ 39.357543][ C1] ? __pfx_start_secondary+0x10/0x10
[ 39.357573][ C1] common_startup_64+0x13e/0x148
[ 39.357617][ C1] </TASK>
[ 39.453068][ T1] SELinux: Permission firmware_load in class system not defined in policy.
[ 39.734776][ T1] SELinux: Permission kexec_image_load in class system not defined in policy.
[ 39.743703][ T1] SELinux: Permission kexec_initramfs_load in class system not defined in policy.
[ 39.753063][ T1] SELinux: Permission policy_load in class system not defined in policy.
[ 39.761564][ T1] SELinux: Permission x509_certificate_load in class system not defined in policy.
[ 39.770953][ T1] SELinux: Permission watch_mountns in class file not defined in policy.
[ 39.779447][ T1] SELinux: Permission watch_mountns in class dir not defined in policy.
[ 39.787870][ T1] SELinux: Permission watch_mountns in class lnk_file not defined in policy.
[ 39.796726][ T1] SELinux: Permission watch_mountns in class chr_file not defined in policy.
[ 39.805623][ T1] SELinux: Permission watch_mountns in class blk_file not defined in policy.
[ 39.814465][ T1] SELinux: Permission watch_mountns in class sock_file not defined in policy.
[ 39.823407][ T1] SELinux: Permission watch_mountns in class fifo_file not defined in policy.
[ 39.832407][ T1] SELinux: Permission nlmsg in class netlink_route_socket not defined in policy.
[ 39.841597][ T1] SELinux: Permission nlmsg in class netlink_tcpdiag_socket not defined in policy.
[ 39.851179][ T1] SELinux: Permission nlmsg in class netlink_xfrm_socket not defined in policy.
[ 39.860301][ T1] SELinux: Permission nlmsg in class netlink_audit_socket not defined in policy.
[ 39.869677][ T1] SELinux: Permission watch_mountns in class anon_inode not defined in policy.
[ 39.878686][ T1] SELinux: Permission allowed in class io_uring not defined in policy.
[ 39.887020][ T1] SELinux: Class memfd_file not defined in policy.
[ 39.893573][ T1] SELinux: the above unknown classes and permissions will be denied
[ 39.971428][ T1] SELinux: policy capability network_peer_controls=1
[ 39.978336][ T1] SELinux: policy capability open_perms=1
[ 39.984137][ T1] SELinux: policy capability extended_socket_class=1
[ 39.990945][ T1] SELinux: policy capability always_check_network=0
[ 39.997659][ T1] SELinux: policy capability cgroup_seclabel=1
[ 40.003875][ T1] SELinux: policy capability nnp_nosuid_transition=1
[ 40.010651][ T1] SELinux: policy capability genfs_seclabel_symlinks=0
[ 40.017589][ T1] SELinux: policy capability ioctl_skip_cloexec=0
[ 40.024073][ T1] SELinux: policy capability userspace_initial_context=0
[ 40.031201][ T1] SELinux: policy capability netlink_xperm=0
[ 40.037354][ T1] SELinux: policy capability netif_wildcard=0
[ 40.043494][ T1] SELinux: policy capability genfs_seclabel_wildcard=0
[ 40.050466][ T1] SELinux: policy capability functionfs_seclabel=0
[ 40.057184][ T1] SELinux: policy capability memfd_class=0
[ 40.141477][ T30] audit: type=1403 audit(1769518249.136:2): auid=4294967295 ses=4294967295 lsm=selinux res=1
[ 40.200895][ T5153] mount (5153) used greatest stack depth: 25576 bytes left
[ 40.255346][ T5154] EXT4-fs (sda1): re-mounted 4f91c6db-4997-4bb4-91b8-7e83a20c1bf1 r/w.
syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build956639603=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'
git status (err=<nil>)
HEAD detached at 40acda8acc
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=40acda8acc843b8f5cc068eaad3b6b217e5a9de6 -X github.com/google/syzkaller/prog.gitRevisionDate=20260124-070254" ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=40acda8acc843b8f5cc068eaad3b6b217e5a9de6 -X github.com/google/syzkaller/prog.gitRevisionDate=20260124-070254" ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=40acda8acc843b8f5cc068eaad3b6b217e5a9de6 -X github.com/google/syzkaller/prog.gitRevisionDate=20260124-070254" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"40acda8acc843b8f5cc068eaad3b6b217e5a9de6\"
/usr/bin/ld: /tmp/ccUB8XYQ.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=17cd9a94580000
Tested on:
commit: fcb70a56 Merge tag 'vfs-6.19-rc8.fixes' of git://git.k..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=f1fac0919970b671
dashboard link: https://syzkaller.appspot.com/bug?extid=316c0070a0341d2661a2
compiler: gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
patch: https://syzkaller.appspot.com/x/patch.diff?x=10548802580000
Powered by blists - more mailing lists