syzbot

 sign-in | mailing list | source | docs
🐞 Open [1008] Subsystems 🐞 Fixed [5250] 🐞 Invalid [12559] Missing Backports [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: rcu detected stall in security_file_ioctl (7)

Status: auto-obsoleted due to no activity on 2024/02/17 10:34
Subsystems: mm
[Documentation on labels]
First crash: 165d, last: 165d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in security_file_ioctl kernel 7 1611d 1612d 0/26 closed as invalid on 2019/12/04 14:04
upstream INFO: rcu detected stall in security_file_ioctl (2) kernel 6 1576d 1576d 0/26 closed as invalid on 2020/01/08 05:23
upstream INFO: rcu detected stall in security_file_ioctl (4) tomoyo 1 1387d 1387d 0/26 auto-closed as invalid on 2020/10/13 12:41
upstream INFO: rcu detected stall in security_file_ioctl (6) kernel 1 738d 738d 0/26 auto-closed as invalid on 2022/06/24 22:52
linux-6.1 INFO: rcu detected stall in security_file_ioctl origin:upstream C 1 10d 72d 0/3 upstream: reported C repro on 2024/02/20 18:28
upstream INFO: rcu detected stall in security_file_ioctl (3) kernel 4 1576d 1576d 0/26 closed as invalid on 2020/01/09 08:13
upstream INFO: rcu detected stall in security_file_ioctl (5) tomoyo 9 833d 1072d 0/26 closed as invalid on 2022/02/08 10:00

Sample crash report:
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P23068/1:b..l P23070/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=84689, q=360 ncpus=2)
task:syz-executor.1  state:R  running task     stack:25216 pid:23070 tgid:23067 ppid:5101   flags:0x00000002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5376 [inline]
 __schedule+0xedb/0x5af0 kernel/sched/core.c:6688
 preempt_schedule_irq+0x52/0x90 kernel/sched/core.c:7008
 irqentry_exit+0x36/0x80 kernel/entry/common.c:432
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:lock_acquire+0x1ef/0x520 kernel/locking/lockdep.c:5721
Code: c1 05 bd 68 9a 7e 83 f8 01 0f 85 b4 02 00 00 9c 58 f6 c4 02 0f 85 9f 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffffc900031af7b8 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff92000635ef9 RCX: 000000007afa5b17
RDX: 0000000000000001 RSI: ffffffff8accbc20 RDI: ffffffff8b2f0e40
RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff23e33d0
R10: ffffffff91f19e87 R11: 0000000000000002 R12: 0000000000000000
R13: 0000000000000000 R14: ffffffff8cfabce0 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:301 [inline]
 rcu_read_lock include/linux/rcupdate.h:747 [inline]
 page_ext_get+0x3a/0x310 mm/page_ext.c:508
 __page_table_check_zero+0x139/0x5e0 mm/page_table_check.c:140
 page_table_check_free include/linux/page_table_check.h:41 [inline]
 free_pages_prepare mm/page_alloc.c:1138 [inline]
 free_unref_page_prepare+0x4ea/0xaa0 mm/page_alloc.c:2347
 free_unref_page+0x33/0x3b0 mm/page_alloc.c:2487
 __unfreeze_partials+0x226/0x240 mm/slub.c:2655
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x18e/0x1d0 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x65/0x90 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook mm/slab.h:763 [inline]
 slab_alloc_node mm/slub.c:3478 [inline]
 __kmem_cache_alloc_node+0x195/0x310 mm/slub.c:3517
 __do_kmalloc_node mm/slab_common.c:1006 [inline]
 __kmalloc+0x49/0x90 mm/slab_common.c:1020
 kmalloc include/linux/slab.h:604 [inline]
 tomoyo_realpath_from_path+0xb9/0x710 security/tomoyo/realpath.c:251
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_number_perm+0x241/0x580 security/tomoyo/file.c:723
 security_file_ioctl+0x72/0xb0 security/security.c:2647
 __do_sys_ioctl fs/ioctl.c:865 [inline]
 __se_sys_ioctl fs/ioctl.c:857 [inline]
 __x64_sys_ioctl+0xbb/0x210 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fe95787c84b
RSP: 002b:00007fe95862a0f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe95787c84b
RDX: 0000000000000000 RSI: 0000000000006364 RDI: 00000000000000da
RBP: 00007fe95799c120 R08: 0000000000000000 R09: 00007ffc022e3d97
R10: 0000000000000008 R11: 0000000000000246 R12: ffffffffffffffb0
R13: 000000000000006e R14: 00007ffc022e3cb0 R15: 00007ffc022e3d98
 </TASK>
task:syz-executor.1  state:R  running task     stack:27120 pid:23068 tgid:23067 ppid:5101   flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5376 [inline]
 __schedule+0xedb/0x5af0 kernel/sched/core.c:6688
 preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6865
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 unwind_next_frame+0x1c80/0x2390 arch/x86/kernel/unwind_orc.c:672
 arch_stack_walk+0xfa/0x170 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x96/0xd0 kernel/stacktrace.c:122
 save_stack+0x160/0x1f0 mm/page_owner.c:128
 __reset_page_owner+0x5a/0x190 mm/page_owner.c:149
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1137 [inline]
 free_unref_page_prepare+0x4fa/0xaa0 mm/page_alloc.c:2347
 free_unref_page+0x33/0x3b0 mm/page_alloc.c:2487
 __unfreeze_partials+0x226/0x240 mm/slub.c:2655
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x18e/0x1d0 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x65/0x90 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook mm/slab.h:763 [inline]
 slab_alloc_node mm/slub.c:3478 [inline]
 kmem_cache_alloc_node+0x180/0x330 mm/slub.c:3523
 __alloc_skb+0x287/0x330 net/core/skbuff.c:641
 alloc_skb include/linux/skbuff.h:1286 [inline]
 alloc_skb_with_frags+0xe4/0x710 net/core/skbuff.c:6331
 sock_alloc_send_pskb+0x7e4/0x970 net/core/sock.c:2780
 unix_dgram_sendmsg+0x464/0x1ca0 net/unix/af_unix.c:1976
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg+0xd5/0x180 net/socket.c:745
 ____sys_sendmsg+0x2ac/0x940 net/socket.c:2584
 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638
 __sys_sendmmsg+0x1a1/0x450 net/socket.c:2724
 __do_sys_sendmmsg net/socket.c:2753 [inline]
 __se_sys_sendmmsg net/socket.c:2750 [inline]
 __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2750
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fe95787cae9
RSP: 002b:00007fe95866c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007fe95799bf80 RCX: 00007fe95787cae9
RDX: 0000000000000318 RSI: 00000000200bd000 RDI: 0000000000000004
RBP: 00007fe9578c847a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fe95799bf80 R15: 00007ffc022e3d98
 </TASK>
net_ratelimit: 7829 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 9663 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/19 10:31 net 76df934c6d5f cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce INFO: rcu detected stall in security_file_ioctl
* Struck through repros no longer work on HEAD.