syzbot

 sign-in | mailing list | source | docs
🐞 Open [1470]
Subsystems
🐞 Fixed [5846]
🐞 Invalid [14267]
Missing Backports [93]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: rcu detected stall in sys_setsockopt (4)

Status: upstream: reported syz repro on 2024/11/25 08:53
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+6e61d59e9d2150c8492b@syzkaller.appspotmail.com
First crash: 3d23h, last: 3d22h
Cause bisection: introduced by (bisect log) :
commit d15121be7485655129101f3960ae6add40204463
Author: Paolo Abeni <pabeni@redhat.com>
Date: Mon May 8 06:17:44 2023 +0000

  Revert "softirq: Let ksoftirqd do its job"

Crash: INFO: task hung in del_device_store (log)
Repro: syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [mm?] INFO: rcu detected stall in sys_setsockopt (4) 0 (1) 2024/11/25 08:53
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in sys_setsockopt (2) kvm 2 1217d 1258d 0/28 auto-closed as invalid on 2021/10/27 00:02
upstream INFO: rcu detected stall in sys_setsockopt kvm 1 1379d 1379d 0/28 auto-closed as invalid on 2021/05/17 17:51
upstream INFO: rcu detected stall in sys_setsockopt (3) net 4 1089d 1116d 0/28 closed as invalid on 2022/02/08 10:00
linux-4.19 BUG: soft lockup in sys_setsockopt 3 1311d 1339d 0/1 auto-closed as invalid on 2021/08/23 07:10

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6057/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=12753, q=1720979 ncpus=2)
task:syz-executor    state:R  running task     stack:20544 pid:6057  tgid:6057  ppid:1      flags:0x00000006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x1850/0x4c30 kernel/sched/core.c:6756
 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7078
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5853
Code: 2b 00 74 08 4c 89 f7 e8 ba be 8f 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc9000322f2a0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff92000645e60 RCX: ffff88802d22c6d8
RDX: dffffc0000000000 RSI: ffffffff8c0aa840 RDI: ffffffff8c5e88a0
RBP: ffffc9000322f3f8 R08: ffffffff9428a887 R09: 1ffffffff2851510
R10: dffffc0000000000 R11: fffffbfff2851511 R12: 1ffff92000645e5c
R13: dffffc0000000000 R14: ffffc9000322f300 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_read_lock include/linux/rcupdate.h:849 [inline]
 page_ext_get+0x3d/0x2a0 mm/page_ext.c:525
 __page_table_check_zero+0xb1/0x350 mm/page_table_check.c:148
 page_table_check_free include/linux/page_table_check.h:41 [inline]
 free_pages_prepare mm/page_alloc.c:1128 [inline]
 free_unref_page+0xe0e/0x1140 mm/page_alloc.c:2693
 discard_slab mm/slub.c:2673 [inline]
 __put_partials+0xeb/0x130 mm/slub.c:3142
 put_cpu_partial+0x17c/0x250 mm/slub.c:3217
 __slab_free+0x2ea/0x3d0 mm/slub.c:4468
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_kmalloc+0x23/0xb0 mm/kasan/common.c:385
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __kmalloc_cache_node_noprof+0x25d/0x3a0 mm/slub.c:4326
 kmalloc_node_noprof include/linux/slab.h:924 [inline]
 __get_vm_area_node+0x132/0x2d0 mm/vmalloc.c:3127
 __vmalloc_node_range_noprof+0x344/0x1380 mm/vmalloc.c:3804
 __vmalloc_node_noprof mm/vmalloc.c:3909 [inline]
 vzalloc_noprof+0x79/0x90 mm/vmalloc.c:3982
 __do_replace+0xc8/0xa40 net/ipv4/netfilter/ip_tables.c:1046
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0xf02/0x1250 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x295/0x2c0 net/netfilter/nf_sockopt.c:101
 do_sock_setsockopt+0x3af/0x720 net/socket.c:2313
 __sys_setsockopt net/socket.c:2338 [inline]
 __do_sys_setsockopt net/socket.c:2344 [inline]
 __se_sys_setsockopt net/socket.c:2341 [inline]
 __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2341
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1f1638070a
RSP: 002b:00007ffec3066f38 EFLAGS: 00000202 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007ffec3066fc0 RCX: 00007f1f1638070a
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000003 R08: 00000000000002d8 R09: 00007ffec3067377
R10: 00007f1f16509ea0 R11: 0000000000000202 R12: 00007f1f16509e40
R13: 00007ffec3066f5c R14: 0000000000000000 R15: 00007f1f1650c000
 </TASK>
rcu: rcu_preempt kthread starved for 9031 jiffies! g12753 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:25720 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x1850/0x4c30 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6848
 schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.12.0-next-20241122-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Workqueue: wg-crypt-wg2 wg_packet_tx_worker
RIP: 0010:__trace_hardirqs_on_caller kernel/locking/lockdep.c:4346 [inline]
RIP: 0010:lockdep_hardirqs_on_prepare+0x317/0x780 kernel/locking/lockdep.c:4406
Code: 00 00 fc ff df eb ac 48 c7 c7 20 48 80 8e 4c 89 ee e8 fd 56 80 03 48 ba 00 00 00 00 00 fc ff df e9 3d ff ff ff 48 8b 44 24 10 <48> 8d 98 c0 0a 00 00 48 89 d8 48 c1 e8 03 0f b6 04 10 84 c0 0f 85
RSP: 0018:ffffc90000007a00 EFLAGS: 00000046
RAX: ffff88801d2bda00 RBX: ffff88801d2be530 RCX: ffffffff817b230a
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffffff9428a988
RBP: ffffc90000007ab8 R08: ffffffff9428a98f R09: 1ffffffff2851531
R10: dffffc0000000000 R11: fffffbfff2851532 R12: ffff88801d2be550
R13: 0000000000000002 R14: ffff88801d2be4d8 R15: 1ffff11003a57c9b
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b1b8f2b008 CR3: 000000000e736000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 trace_hardirqs_on+0x28/0x40 kernel/trace/trace_preemptirq.c:47
 __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
 _raw_spin_unlock_irq+0x23/0x50 kernel/locking/spinlock.c:202
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 backlog_unlock_irq_enable net/core/dev.c:258 [inline]
 process_backlog+0x101e/0x15b0 net/core/dev.c:6146
 __napi_poll+0xcb/0x490 net/core/dev.c:6877
 napi_poll net/core/dev.c:6946 [inline]
 net_rx_action+0x89b/0x1240 net/core/dev.c:7068
 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554
 do_softirq+0x11b/0x1e0 kernel/softirq.c:455
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382
 wg_packet_create_data_done drivers/net/wireguard/send.c:247 [inline]
 wg_packet_tx_worker+0x160/0x810 drivers/net/wireguard/send.c:276
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
 worker_thread+0x870/0xd30 kernel/workqueue.c:3391
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/11/23 01:22 linux-next cfba9f07a1d6 68da6d95 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root INFO: rcu detected stall in sys_setsockopt
2024/11/23 00:07 net-next fcc79e1714e8 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce INFO: rcu detected stall in sys_setsockopt
* Struck through repros no longer work on HEAD.