syzbot

 sign-in | mailing list | source | docs
🐞 Open [142]
🐞 Fixed [16]
🐞 Invalid [163]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in __xfrm_decode_session

Status: public: reported syz repro on 2019/04/14 08:51
Reported-by: syzbot+02718e292ac1af537bf9@syzkaller.appspotmail.com
First crash: 2648d, last: 2608d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in __xfrm_decode_session net 1 2 2685d 2738d 0/29 auto-closed as invalid on 2019/02/22 10:26
android-49 INFO: rcu detected stall in __xfrm_decode_session 1 1 2644d 2644d 0/3 auto-closed as invalid on 2019/02/22 13:29

Sample crash report:
IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
INFO: rcu_preempt self-detected stall on CPU
	0-...: (1 GPs behind) idle=c37/140000000000001/0 softirq=7357/7358 fqs=12499 
	 (t=12500 jiffies g=1208 c=1207 q=83)
Task dump for CPU 0:
syz-executor0   R  running task    28096  4312   3955 0x2002000c
 0000000000000f73 f9a9a8cb61184120 ffff8801db206ff0 ffffffff8140c8fc
 ffff8801db21f4c0 0000000000000000 dffffc0000000000 ffffffff844bef00
 ffffffff844bef84 ffff8801db207010 ffffffff8140cb87 ffffffff844bef48
Call Trace:
 <IRQ>  [<ffffffff8140c8fc>] sched_show_task+0x2cb/0x2d6 kernel/sched/core.c:5089
 [<ffffffff8140cb87>] dump_cpu_task+0x79/0x7e kernel/sched/core.c:9046
 [<ffffffff8141704d>] rcu_dump_cpu_stacks+0x150/0x164 kernel/rcu/tree.c:1233
 [<ffffffff81417c4a>] print_cpu_stall kernel/rcu/tree.c:1340 [inline]
 [<ffffffff81417c4a>] check_cpu_stall kernel/rcu/tree.c:1404 [inline]
 [<ffffffff81417c4a>] __rcu_pending kernel/rcu/tree.c:3892 [inline]
 [<ffffffff81417c4a>] rcu_pending kernel/rcu/tree.c:3956 [inline]
 [<ffffffff81417c4a>] rcu_check_callbacks.cold.75+0x5c3/0xd20 kernel/rcu/tree.c:2796
 [<ffffffff8129a7da>] update_process_times+0x3a/0x70 kernel/time/timer.c:1427
 [<ffffffff812c5195>] tick_sched_handle.isra.15+0x55/0xf0 kernel/time/tick-sched.c:151
 [<ffffffff812c5822>] tick_sched_timer+0x72/0x120 kernel/time/tick-sched.c:1097
 [<ffffffff8129dd4d>] __run_hrtimer kernel/time/hrtimer.c:1261 [inline]
 [<ffffffff8129dd4d>] __hrtimer_run_queues+0x3ad/0x1000 kernel/time/hrtimer.c:1325
 [<ffffffff8129f4c1>] hrtimer_interrupt+0x1b1/0x430 kernel/time/hrtimer.c:1359
 [<ffffffff810ad284>] local_apic_timer_interrupt+0x74/0xa0 arch/x86/kernel/apic/apic.c:901
 [<ffffffff838c534c>] smp_apic_timer_interrupt+0x7c/0xa0 arch/x86/kernel/apic/apic.c:925
 [<ffffffff838c4290>] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:741
 [<ffffffff833c9b39>] __xfrm_decode_session+0x69/0x100 net/xfrm/xfrm_policy.c:2403
 [<ffffffff834a3d9e>] xfrm_decode_session_reverse include/net/xfrm.h:1114 [inline]
 [<ffffffff834a3d9e>] icmpv6_route_lookup+0x2ce/0x440 net/ipv6/icmp.c:362
 [<ffffffff834a5b99>] icmp6_send+0xee9/0x1b80 net/ipv6/icmp.c:507
 [<ffffffff8355b491>] icmpv6_send+0xb1/0x1b0 net/ipv6/ip6_icmp.c:42
 [<ffffffff8346309d>] ip6_pkt_drop+0x16d/0x430 net/ipv6/route.c:2472
 [<ffffffff8346337c>] ip6_pkt_discard+0x1c/0x20 net/ipv6/route.c:2479
 [<ffffffff834360bd>] dst_input include/net/dst.h:504 [inline]
 [<ffffffff834360bd>] ip6_rcv_finish+0x13d/0x640 net/ipv6/ip6_input.c:62
 [<ffffffff83438bdb>] NF_HOOK_THRESH include/linux/netfilter.h:226 [inline]
 [<ffffffff83438bdb>] NF_HOOK include/linux/netfilter.h:249 [inline]
 [<ffffffff83438bdb>] ipv6_rcv+0x10cb/0x1cd0 net/ipv6/ip6_input.c:186
 [<ffffffff82f7eb06>] __netif_receive_skb_core+0x12d6/0x2940 net/core/dev.c:4019
 [<ffffffff82f801cb>] __netif_receive_skb+0x5b/0x1b0 net/core/dev.c:4054
 [<ffffffff82f84756>] process_backlog+0x216/0x6a0 net/core/dev.c:4647
 [<ffffffff82f81592>] napi_poll net/core/dev.c:4885 [inline]
 [<ffffffff82f81592>] net_rx_action+0x3a2/0xdb0 net/core/dev.c:4950
 [<ffffffff838c5bec>] __do_softirq+0x22c/0xa1a kernel/softirq.c:273
 [<ffffffff838c399c>] do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:929
 <EOI>  [<ffffffff8113d9d4>] do_softirq.part.16+0x54/0x60 kernel/softirq.c:317
 [<ffffffff8113f6c9>] do_softirq+0x19/0x20 kernel/softirq.c:320
 [<ffffffff82f7caac>] netif_rx_ni+0xec/0x3a0 net/core/dev.c:3653
 [<ffffffff82753187>] tun_get_user+0xbe7/0x2410 drivers/net/tun.c:1264
 [<ffffffff82754bc5>] tun_chr_write_iter+0xd5/0x190 drivers/net/tun.c:1283
 [<ffffffff8151ce0d>] new_sync_write fs/read_write.c:478 [inline]
 [<ffffffff8151ce0d>] __vfs_write+0x30d/0x3f0 fs/read_write.c:491
 [<ffffffff8151e9f1>] vfs_write+0x191/0x4e0 fs/read_write.c:538
 [<ffffffff81520ff9>] SYSC_write fs/read_write.c:585 [inline]
 [<ffffffff81520ff9>] SyS_write+0xd9/0x1c0 fs/read_write.c:577
 [<ffffffff81006d96>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
 [<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0 arch/x86/entry/common.c:459
 [<ffffffff838c406a>] sysenter_flags_fixed+0xd/0x17

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/22 13:51 https://android.googlesource.com/kernel/common android-4.4 226f96b03dc2 095ef806 .config console log report syz ci-android-44-kasan-gce-386
2018/06/04 16:48 https://android.googlesource.com/kernel/common android-4.4 e75204cc0ad5 6cbe7c26 .config console log report ci-android-44-kasan-gce
2018/05/14 05:51 https://android.googlesource.com/kernel/common android-4.4 aa3863d27614 481f030c .config console log report ci-android-44-kasan-gce
* Struck through repros no longer work on HEAD.