syzbot

 sign-in | mailing list | source | docs
🐞 Open [1592]
Subsystems
🐞 Fixed [6233]
🐞 Invalid [15780]
Missing Backports [183]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: soft lockup in sys_bpf

Status: upstream: reported on 2025/04/23 05:48
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+9431dc0c0741cff46a99@syzkaller.appspotmail.com
First crash: 41d, last: 5d02h
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] BUG: soft lockup in sys_bpf 0 (1) 2025/04/23 05:48
Similar bugs (15)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 BUG: soft lockup in sys_bpf 1 91d 91d 0/2 auto-obsoleted due to no activity on 2025/05/15 12:21
upstream INFO: rcu detected stall in sys_bpf (5) bpf C unreliable 56 1210d 1303d 0/28 closed as invalid on 2022/02/08 10:34
android-5-15 BUG: soft lockup in sys_bpf origin:upstream C error 108 246d 413d 0/2 upstream: reported C repro on 2024/03/29 12:25
upstream INFO: rcu detected stall in sys_bpf (9) bpf net C error 74 114d 353d 0/28 auto-obsoleted due to no activity on 2025/04/03 05:23
android-5-10 BUG: soft lockup in sys_bpf 2 326d 331d 0/2 auto-obsoleted due to no activity on 2024/09/22 11:37
linux-5.15 INFO: rcu detected stall in sys_bpf (2) 17 1d23h 402d 0/3 upstream: reported on 2024/04/09 19:57
linux-5.15 INFO: rcu detected stall in sys_bpf 2 526d 569d 0/3 auto-obsoleted due to no activity on 2024/03/16 17:33
upstream INFO: rcu detected stall in sys_bpf (8) bpf 1 545d 545d 0/28 auto-obsoleted due to no activity on 2024/02/17 03:10
linux-6.1 INFO: rcu detected stall in sys_bpf 20 15d 391d 0/3 upstream: reported on 2024/04/20 10:27
upstream INFO: rcu detected stall in sys_bpf (6) net 7 1022d 1172d 0/28 auto-obsoleted due to no activity on 2022/10/28 06:32
upstream INFO: rcu detected stall in sys_bpf (3) bpf 4 1955d 1955d 0/28 closed as invalid on 2020/01/09 08:13
upstream INFO: rcu detected stall in sys_bpf bpf net 3 2122d 2242d 0/28 auto-closed as invalid on 2019/11/23 00:18
upstream INFO: rcu detected stall in sys_bpf (2) bpf 12 1990d 1992d 0/28 closed as invalid on 2019/12/04 14:14
linux-4.19 INFO: rcu detected stall in sys_bpf 3 1939d 2069d 0/1 auto-closed as invalid on 2020/05/23 14:47
upstream INFO: rcu detected stall in sys_bpf (4) bpf net 3 1908d 1947d 0/28 auto-closed as invalid on 2020/05/24 13:03

Sample crash report:
watchdog: BUG: soft lockup - CPU#1 stuck for 142s! [syz.1.54:6083]
Modules linked in:
irq event stamp: 11540043
hardirqs last  enabled at (11540042): [<ffffffff8b55e3c4>] irqentry_exit+0x74/0x90 kernel/entry/common.c:357
hardirqs last disabled at (11540043): [<ffffffff8b55cdbe>] sysvec_apic_timer_interrupt+0xe/0xc0 arch/x86/kernel/apic/apic.c:1049
softirqs last  enabled at (11470168): [<ffffffff8185c3fa>] __do_softirq kernel/softirq.c:613 [inline]
softirqs last  enabled at (11470168): [<ffffffff8185c3fa>] invoke_softirq kernel/softirq.c:453 [inline]
softirqs last  enabled at (11470168): [<ffffffff8185c3fa>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
softirqs last disabled at (11470171): [<ffffffff8185c3fa>] __do_softirq kernel/softirq.c:613 [inline]
softirqs last disabled at (11470171): [<ffffffff8185c3fa>] invoke_softirq kernel/softirq.c:453 [inline]
softirqs last disabled at (11470171): [<ffffffff8185c3fa>] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
CPU: 1 UID: 0 PID: 6083 Comm: syz.1.54 Not tainted 6.15.0-rc4-syzkaller-gb4432656b36e #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:246 [inline]
RIP: 0010:__sanitizer_cov_trace_switch+0xa9/0x130 kernel/kcov.c:351
Code: c9 eb 08 49 ff c1 4c 39 c8 74 77 4e 8b 54 ce 10 65 44 8b 1d 49 7b b5 10 41 81 e3 00 01 ff 00 74 13 41 81 fb 00 01 00 00 75 d9 <41> 83 b8 3c 16 00 00 00 74 cf 45 8b 98 18 16 00 00 41 83 fb 03 75
RSP: 0018:ffffc90000a083c8 EFLAGS: 00000246
RAX: 0000000000000020 RBX: ffff88801c6fb290 RCX: 0000000000000005
RDX: ffffffff81c38a30 RSI: ffffffff8df90d30 RDI: 0000000000000004
RBP: 00000038c3583ef7 R08: ffff888026370000 R09: 000000000000001b
R10: 000000000000001b R11: 0000000000000100 R12: ffff88801c6fb010
R13: 0000000000000004 R14: 00000000130c78a4 R15: 0000000000000280
FS:  00007f76098666c0(0000) GS:ffff8881261cc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fc18ff8 CR3: 0000000027cd4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 rb_read_data_buffer+0x110/0x580 kernel/trace/ring_buffer.c:1820
 check_buffer+0x28a/0x750 kernel/trace/ring_buffer.c:4297
 __rb_reserve_next+0x592/0xdb0 kernel/trace/ring_buffer.c:4396
 rb_reserve_next_event kernel/trace/ring_buffer.c:4533 [inline]
 ring_buffer_lock_reserve+0xbb5/0x1010 kernel/trace/ring_buffer.c:4592
 __trace_buffer_lock_reserve kernel/trace/trace.c:1028 [inline]
 trace_event_buffer_lock_reserve+0x1d0/0x6f0 kernel/trace/trace.c:2742
 trace_event_buffer_reserve+0x2a6/0x3d0 kernel/trace/trace_events.c:661
 do_trace_event_raw_event_bpf_trace_printk kernel/trace/bpf_trace.h:11 [inline]
 trace_event_raw_event_bpf_trace_printk+0x100/0x260 kernel/trace/bpf_trace.h:11
 __do_trace_bpf_trace_printk kernel/trace/bpf_trace.h:11 [inline]
 trace_bpf_trace_printk+0x170/0x1d0 kernel/trace/bpf_trace.h:11
 ____bpf_trace_printk kernel/trace/bpf_trace.c:380 [inline]
 bpf_trace_printk+0x11e/0x190 kernel/trace/bpf_trace.c:363
 bpf_prog_0605f9f479290f07+0x38/0x3c
 bpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]
 __bpf_prog_run include/linux/filter.h:718 [inline]
 bpf_prog_run include/linux/filter.h:725 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]
 bpf_trace_run1+0x27c/0x4b0 kernel/trace/bpf_trace.c:2403
 __bpf_trace_rcu_utilization+0xa1/0xf0 include/trace/events/rcu.h:27
 __do_trace_rcu_utilization include/trace/events/rcu.h:27 [inline]
 trace_rcu_utilization+0x1ad/0x1d0 include/trace/events/rcu.h:27
 rcu_core+0x12b/0x1710 kernel/rcu/tree.c:2796
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0xa3/0xc0 arch/x86/kernel/irq_work.c:17
 </IRQ>
 <TASK>
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
RIP: 0010:in_lock_functions+0x0/0x30 kernel/locking/spinlock.c:408
Code: c7 88 db 7c 95 e8 50 18 83 00 e9 61 ff ff ff cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 81 ff f0 55 58 8b 0f 93 c0 48 81 ff 84 9b 58 8b 0f
RSP: 0018:ffffc9000b6a6df8 EFLAGS: 00010246
RAX: 0000000000000001 RBX: ffffffff8b56f5de RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8d749f78 RDI: ffffffff8b56f5de
RBP: ffffc9000b6a6ea8 R08: ffffffff8f7ed377 R09: 1ffffffff1efda6e
R10: dffffc0000000000 R11: fffffbfff1efda6f R12: 00000000ffffffff
R13: ffff88802fb7e000 R14: dffffc0000000000 R15: dffffc0000000000
 get_lock_parent_ip include/linux/ftrace.h:1089 [inline]
 preempt_latency_start kernel/sched/core.c:5838 [inline]
 preempt_schedule_common+0x43/0xd0 kernel/sched/core.c:6946
 preempt_schedule+0xae/0xc0 kernel/sched/core.c:6971
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __slab_alloc mm/slub.c:3964 [inline]
 __slab_alloc_node mm/slub.c:4037 [inline]
 slab_alloc_node mm/slub.c:4198 [inline]
 __kmalloc_cache_noprof+0x2b7/0x3d0 mm/slub.c:4367
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 copy_verifier_state+0x90f/0xed0 kernel/bpf/verifier.c:1762
 is_state_visited kernel/bpf/verifier.c:19269 [inline]
 do_check+0x4d4e/0xd630 kernel/bpf/verifier.c:19431
 do_check_common+0x168d/0x20b0 kernel/bpf/verifier.c:22776
 do_check_main kernel/bpf/verifier.c:22867 [inline]
 bpf_check+0x13679/0x19a70 kernel/bpf/verifier.c:24033
 bpf_prog_load+0x1318/0x1930 kernel/bpf/syscall.c:2971
 __sys_bpf+0x5f1/0x860 kernel/bpf/syscall.c:5834
 __do_sys_bpf kernel/bpf/syscall.c:5941 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5939 [inline]
 __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5939
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f760898e969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7609866038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f7608bb5fa0 RCX: 00007f760898e969
RDX: 0000000000000094 RSI: 0000200000000700 RDI: 0000000000000005
RBP: 00007f7608a10ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f7608bb5fa0 R15: 00007fff2aa66ac8
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5841 Comm: kworker/u9:8 Not tainted 6.15.0-rc4-syzkaller-gb4432656b36e #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
Workqueue: hci0 hci_cmd_timeout
RIP: 0010:check_wait_context kernel/locking/lockdep.c:-1 [inline]
RIP: 0010:__lock_acquire+0x565/0xd20 kernel/locking/lockdep.c:5185
Code: 24 0f b6 81 c4 00 00 00 84 c0 0f 84 68 ff ff ff 41 0f b6 f4 0f b6 d0 40 38 c6 0f 42 d6 80 b9 c6 00 00 00 02 0f 84 51 ff ff ff <89> d0 e9 4a ff ff ff 48 c7 c7 d0 ca e0 8d 48 89 de e8 f5 75 4f 03
RSP: 0018:ffffc900042cf1a0 EFLAGS: 00000093
RAX: 0000000000000002 RBX: 0000000000000004 RCX: ffffffff931de108
RDX: 0000000000000002 RSI: 0000000000000005 RDI: ffff888033955a00
RBP: ffff8880339564f0 R08: 0000000000000000 R09: 0000000000080000
R10: 0000000000000000 R11: ffffffff81cad457 R12: 00000000ffffff05
R13: 0000000000000000 R14: ffff8880339565b0 R15: ffff8880339565b8
FS:  0000000000000000(0000) GS:ffff8881260cc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd061fb078 CR3: 0000000031116000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <TASK>
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5866
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 trace_call_bpf+0xd4/0x850 kernel/trace/bpf_trace.c:-1
 perf_trace_run_bpf_submit+0x78/0x170 kernel/events/core.c:10788
 do_perf_trace_lock include/trace/events/lock.h:50 [inline]
 perf_trace_lock+0x2f8/0x3b0 include/trace/events/lock.h:50
 __do_trace_lock_release include/trace/events/lock.h:69 [inline]
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0x3b2/0x3e0 kernel/locking/lockdep.c:5877
 __raw_spin_unlock include/linux/spinlock_api_smp.h:141 [inline]
 _raw_spin_unlock+0x16/0x50 kernel/locking/spinlock.c:186
 console_lock_spinning_enable kernel/printk/printk.c:1920 [inline]
 console_emit_next_record kernel/printk/printk.c:3132 [inline]
 console_flush_all+0x6ac/0xc40 kernel/printk/printk.c:3226
 __console_flush_and_unlock kernel/printk/printk.c:3285 [inline]
 console_unlock+0xc4/0x270 kernel/printk/printk.c:3325
 vprintk_emit+0x5b7/0x7a0 kernel/printk/printk.c:2450
 _printk+0xcf/0x120 kernel/printk/printk.c:2475
 bt_err+0x10b/0x160 net/bluetooth/lib.c:296
 hci_cmd_timeout+0xd8/0x1e0 net/bluetooth/hci_core.c:1453
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xadb/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Crashes (8):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/08 08:04 bpf b4432656b36e dbf35fa1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce BUG: soft lockup in sys_bpf
2025/04/20 15:22 bpf 82303a059aab 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce BUG: soft lockup in sys_bpf
2025/05/11 05:18 bpf-next 7220eabff8cb 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce BUG: soft lockup in sys_bpf
2025/04/23 05:48 bpf-next be2fea9c07d4 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce BUG: soft lockup in sys_bpf
2025/04/05 10:31 bpf-next c9661394850d 1c4febdb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce BUG: soft lockup in sys_bpf
2025/04/21 00:33 upstream ac71fabf1567 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root INFO: rcu detected stall in sys_bpf
2025/04/21 13:55 net 750d0ac001e8 2a20f901 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce INFO: rcu detected stall in sys_bpf
2025/05/12 05:26 net-next 0b28182c73a3 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce INFO: rcu detected stall in sys_bpf
* Struck through repros no longer work on HEAD.