syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1352]
≡ Subsystems
🐞 Fixed [7075]
🐞 Invalid [18609]
⬇ Missing Backports [221]
≡ Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✹ AI
💬 Send us feedback

BUG: using __this_cpu_add() in preemptible code in iptunnel_xmit

Status: closed as invalid on 2026/04/08 15:58
Subsystems: net
[Documentation on labels]
First crash: 44d, last: 44d

Sample crash report:
BUG: using __this_cpu_add() in preemptible [00000000] code: syz.2.1789/14430
caller is dev_xmit_recursion_inc include/linux/netdevice.h:3595 [inline]
caller is iptunnel_xmit+0x1cd/0xb80 net/ipv4/ip_tunnel_core.c:72
CPU: 0 UID: 0 PID: 14430 Comm: syz.2.1789 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 check_preemption_disabled+0xd8/0xe0 lib/smp_processor_id.c:47
 dev_xmit_recursion_inc include/linux/netdevice.h:3595 [inline]
 iptunnel_xmit+0x1cd/0xb80 net/ipv4/ip_tunnel_core.c:72
 sctp_v4_xmit+0x75f/0x1060 net/sctp/protocol.c:1073
 sctp_packet_transmit+0x22ec/0x3060 net/sctp/output.c:653
 sctp_packet_singleton+0x19e/0x370 net/sctp/outqueue.c:783
 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]
 sctp_outq_flush+0x315/0x3350 net/sctp/outqueue.c:1212
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1824 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1204 [inline]
 sctp_do_sm+0xce1/0x5be0 net/sctp/sm_sideeffect.c:1175
 sctp_primitive_ASSOCIATE+0x9c/0xd0 net/sctp/primitive.c:73
 __sctp_connect+0x9fc/0xc70 net/sctp/socket.c:1235
 sctp_connect net/sctp/socket.c:4818 [inline]
 sctp_inet_connect+0x15f/0x220 net/sctp/socket.c:4833
 __sys_connect_file+0x141/0x1a0 net/socket.c:2089
 __sys_connect+0x141/0x170 net/socket.c:2108
 __do_sys_connect net/socket.c:2114 [inline]
 __se_sys_connect net/socket.c:2111 [inline]
 __x64_sys_connect+0x72/0xb0 net/socket.c:2111
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1743f9c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1744ead028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 00007f1744215fa0 RCX: 00007f1743f9c799
RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003
RBP: 00007f1744032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1744216038 R14: 00007f1744215fa0 R15: 00007ffeec26b638
 </TASK>
BUG: using __this_cpu_add() in preemptible [00000000] code: syz.2.1789/14430
caller is dev_xmit_recursion_dec include/linux/netdevice.h:3600 [inline]
caller is iptunnel_xmit+0x7d8/0xb80 net/ipv4/ip_tunnel_core.c:105
CPU: 0 UID: 0 PID: 14430 Comm: syz.2.1789 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 check_preemption_disabled+0xd8/0xe0 lib/smp_processor_id.c:47
 dev_xmit_recursion_dec include/linux/netdevice.h:3600 [inline]
 iptunnel_xmit+0x7d8/0xb80 net/ipv4/ip_tunnel_core.c:105
 sctp_v4_xmit+0x75f/0x1060 net/sctp/protocol.c:1073
 sctp_packet_transmit+0x22ec/0x3060 net/sctp/output.c:653
 sctp_packet_singleton+0x19e/0x370 net/sctp/outqueue.c:783
 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]
 sctp_outq_flush+0x315/0x3350 net/sctp/outqueue.c:1212
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1824 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1204 [inline]
 sctp_do_sm+0xce1/0x5be0 net/sctp/sm_sideeffect.c:1175
 sctp_primitive_ASSOCIATE+0x9c/0xd0 net/sctp/primitive.c:73
 __sctp_connect+0x9fc/0xc70 net/sctp/socket.c:1235
 sctp_connect net/sctp/socket.c:4818 [inline]
 sctp_inet_connect+0x15f/0x220 net/sctp/socket.c:4833
 __sys_connect_file+0x141/0x1a0 net/socket.c:2089
 __sys_connect+0x141/0x170 net/socket.c:2108
 __do_sys_connect net/socket.c:2114 [inline]
 __se_sys_connect net/socket.c:2111 [inline]
 __x64_sys_connect+0x72/0xb0 net/socket.c:2111
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1743f9c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1744ead028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 00007f1744215fa0 RCX: 00007f1743f9c799
RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003
RBP: 00007f1744032c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1744216038 R14: 00007f1744215fa0 R15: 00007ffeec26b638
 </TASK>
input: jJÇž-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input45

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/16 13:20 upstream f338e7738378 64e21424 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto BUG: using __this_cpu_add() in preemptible code in iptunnel_xmit
* Struck through repros no longer work on HEAD.