syzbot

 sign-in | mailing list | source | docs
🐞 Open [738]
🐞 Fixed [74]
🐞 Invalid [948]
Missing Backports [120]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in tc_modify_qdisc

Status: upstream: reported C repro on 2024/08/13 15:46
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+6818656ac1d4c60d28ed@syzkaller.appspotmail.com
First crash: 356d, last: 2d22h
Bug presence (2)
Date Name Commit Repro Result
2024/11/14 linux-5.15.y (ToT) d98fd109f827 C [report] BUG: soft lockup in tc_modify_qdisc
2024/11/14 upstream (ToT) 0a9b9d17f3a7 C Didn't crash
Similar bugs (10)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 INFO: rcu detected stall in tc_modify_qdisc 1 1 46d 46d 0/2 upstream: reported on 2025/06/19 23:42
linux-6.1 INFO: rcu detected stall in tc_modify_qdisc 1 3 386d 425d 0/3 auto-obsoleted due to no activity on 2024/10/23 00:42
upstream INFO: rcu detected stall in tc_modify_qdisc net 1 C done 590 3d13h 1833d 0/29 upstream: reported C repro on 2020/07/29 05:53
linux-6.1 INFO: rcu detected stall in tc_modify_qdisc (2) origin:upstream 1 C 10 2d21h 270d 0/3 upstream: reported C repro on 2024/11/08 00:04
android-6-1 BUG: soft lockup in tc_modify_qdisc 1 C done done 53 616d 648d 0/2 auto-obsoleted due to no activity on 2024/02/06 04:01
android-5-15 BUG: soft lockup in tc_modify_qdisc origin:lts 1 C done done 254 705d 760d 0/2 auto-obsoleted due to no activity on 2023/11/09 01:01
linux-5.15 BUG: soft lockup in tc_modify_qdisc origin:upstream 1 C error 1 794d 794d 0/3 auto-obsoleted due to no activity on 2023/09/11 01:53
linux-6.1 BUG: soft lockup in tc_modify_qdisc origin:upstream 1 C done 1 793d 793d 3/3 fixed on 2023/07/10 11:22
android-5-10 BUG: soft lockup in tc_modify_qdisc 1 C done done 314 707d 760d 0/2 auto-obsoleted due to no activity on 2023/11/07 07:54
android-5-10 BUG: soft lockup in tc_modify_qdisc (2) 1 1 8d22h 8d22h 0/2 premoderation: reported on 2025/07/27 15:57
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/06/15 22:31 13m retest repro linux-5.15.y report log
2025/05/28 06:55 33m retest repro linux-5.15.y report log
2025/04/05 21:40 12m retest repro linux-5.15.y report log
2025/03/17 23:02 13m retest repro linux-5.15.y report log
2025/01/23 19:42 14m retest repro linux-5.15.y report log
2025/01/06 20:18 12m retest repro linux-5.15.y report log
Fix bisection attempts (6)
Created Duration User Patch Repo Result
2025/07/20 05:34 1m fix candidate upstream error job log
2025/05/16 12:55 10m fix candidate upstream error job log
2025/04/06 19:03 1m fix candidate upstream error job log
2025/02/23 08:17 1m fix candidate upstream error job log
2024/12/13 18:21 1m fix candidate upstream error job log
2024/11/04 08:18 11m fix candidate upstream error job log

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...0: (1 GPs behind) idle=f03/1/0x4000000000000000 softirq=5921/5922 fqs=5250 
	(detected by 0, t=10502 jiffies, g=5745, q=279)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4346 Comm: syz.0.17 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:trace_lock_acquire include/trace/events/lock.h:13 [inline]
RIP: 0010:lock_acquire+0xc6/0x3f0 kernel/locking/lockdep.c:5594
Code: 08 0f 83 8c 01 00 00 44 89 f0 c1 e8 06 48 8d 3c c5 a8 6e 69 8d be 08 00 00 00 e8 b5 32 60 00 44 89 f0 48 0f a3 05 62 78 0d 0c <73> 0d e8 53 b6 07 00 84 c0 0f 84 17 02 00 00 48 c7 c0 44 a2 69 8d
RSP: 0018:ffffc90000dd0b60 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff815bf63b
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8d696ea8
RBP: ffffc90000dd0c68 R08: dffffc0000000000 R09: fffffbfff1ad2dd6
R10: fffffbfff1ad2dd6 R11: 1ffffffff1ad2dd5 R12: ffff8880b912a218
R13: 1ffff920001ba178 R14: 0000000000000001 R15: dffffc0000000000
FS:  0000555578600500(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000300 CR3: 00000000739ce000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:128 [inline]
 _raw_spin_lock_irq+0x9f/0xe0 kernel/locking/spinlock.c:170
 __run_hrtimer kernel/time/hrtimer.c:1694 [inline]
 __hrtimer_run_queues+0x5ff/0xc40 kernel/time/hrtimer.c:1754
 hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1816
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline]
 __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xa5/0x100 kernel/locking/spinlock.c:194
Code: 74 05 e8 2e 47 cc f7 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> f6 d4 9f f7 65 8b 05 97 d4 50 76 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc90002e8ee00 EFLAGS: 00000206
RAX: 2910a39a319a1500 RBX: 0000000000000a06 RCX: 2910a39a319a1500
RDX: dffffc0000000000 RSI: ffffffff8a0b15c0 RDI: 0000000000000001
RBP: ffffc90002e8ee90 R08: dffffc0000000000 R09: fffffbfff1ff6e32
R10: fffffbfff1ff6e32 R11: 1ffffffff1ff6e31 R12: dffffc0000000000
R13: 000000176ae3fa22 R14: ffff88807e24e2e8 R15: 1ffff920005d1dc0
 spin_unlock_irqrestore include/linux/spinlock.h:418 [inline]
 taprio_change+0x3ff2/0x4ed0 net/sched/sch_taprio.c:1620
 qdisc_create+0x7bd/0x1170 net/sched/sch_api.c:1265
 tc_modify_qdisc+0xaa1/0x1770 net/sched/sch_api.c:-1
 rtnetlink_rcv_msg+0x9b9/0xe60 net/core/rtnetlink.c:5650
 netlink_rcv_skb+0x1e0/0x430 net/netlink/af_netlink.c:2507
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x774/0x920 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x8ab/0xbc0 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 ____sys_sendmsg+0x5a2/0x8c0 net/socket.c:2436
 ___sys_sendmsg+0x1f0/0x260 net/socket.c:2490
 __sys_sendmsg net/socket.c:2519 [inline]
 __do_sys_sendmsg net/socket.c:2528 [inline]
 __se_sys_sendmsg+0x190/0x250 net/socket.c:2526
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fa8c027eb69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe989490f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fa8c04a5fa0 RCX: 00007fa8c027eb69
RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000004
RBP: 00007fa8c0301df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa8c04a5fa0 R14: 00007fa8c04a5fa0 R15: 0000000000000003
 </TASK>

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/02 12:40 linux-5.15.y c79648372d02 7368264b .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: rcu detected stall in tc_modify_qdisc
2024/11/10 16:34 linux-5.15.y 3c17fc483905 6b856513 .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: soft lockup in tc_modify_qdisc
2024/10/27 18:53 linux-5.15.y 74cdd62cb470 65e8686b .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: soft lockup in tc_modify_qdisc
2025/08/02 15:12 linux-5.15.y c79648372d02 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: rcu detected stall in tc_modify_qdisc
2025/08/02 08:30 linux-5.15.y c79648372d02 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: rcu detected stall in tc_modify_qdisc
2025/08/02 08:28 linux-5.15.y c79648372d02 7368264b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: rcu detected stall in tc_modify_qdisc
2025/02/26 20:07 linux-5.15.y c16c81c81336 d34966d1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: rcu detected stall in tc_modify_qdisc
2025/02/10 07:55 linux-5.15.y c16c81c81336 ef44b750 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: rcu detected stall in tc_modify_qdisc
2024/08/13 15:46 linux-5.15.y 7e89efd3ae1c f21a18ca .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan INFO: rcu detected stall in tc_modify_qdisc
2024/11/22 17:57 linux-5.15.y 0a51d2d4527b 4b25d554 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: soft lockup in tc_modify_qdisc
2024/09/17 19:58 linux-5.15.y 3a5928702e71 c673ca06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: soft lockup in tc_modify_qdisc
* Struck through repros no longer work on HEAD.