syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in bcm_tx_timeout_tsklet

Status: auto-obsoleted due to no activity on 2023/02/27 06:39
Reported-by: syzbot+8b3dc2d4cd95c0d0e892@syzkaller.appspotmail.com
First crash: 773d, last: 773d

Sample crash report:
Bluetooth: hci1: command 0x0419 tx timeout
Bluetooth: hci3: command 0x0419 tx timeout
Bluetooth: hci7: command 0x0419 tx timeout
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	(detected by 1, t=10502 jiffies, g=375525, q=23791)
rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295158519-4295148017), jiffies_till_next_fqs=1, root ->qsmask 0x0
syz-executor.1  R  running task    26312 17802   8125 0x80000002
Call Trace:
 <IRQ>
 sched_show_task.cold+0x332/0x396 kernel/sched/core.c:5337
 print_other_cpu_stall kernel/rcu/tree.c:1430 [inline]
 check_cpu_stall kernel/rcu/tree.c:1557 [inline]
 __rcu_pending kernel/rcu/tree.c:3293 [inline]
 rcu_pending kernel/rcu/tree.c:3336 [inline]
 rcu_check_callbacks.cold+0xb37/0xe19 kernel/rcu/tree.c:2682
 update_process_times+0x2a/0x70 kernel/time/timer.c:1650
 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:168
 tick_sched_timer+0xfc/0x290 kernel/time/tick-sched.c:1278
 __run_hrtimer kernel/time/hrtimer.c:1465 [inline]
 __hrtimer_run_queues+0x3f6/0xe60 kernel/time/hrtimer.c:1527
 hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1585
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline]
 smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:slab_alloc_node mm/slab.c:3334 [inline]
RIP: 0010:kmem_cache_alloc_node_trace+0x2ee/0x3b0 mm/slab.c:3666
Code: fe ff ff 48 f7 04 24 00 02 00 00 0f 84 28 fe ff ff e8 26 89 cf ff 48 83 3d 66 62 59 08 00 0f 84 aa 00 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 e9 23 fe ff ff 65 ff 05 11 bf 69 7e 48 8b 05 c2 db
RSP: 0018:ffff8880ba107c80 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000007 RBX: 0000000000490220 RCX: 1ffff11009507135
RDX: 0000000000000000 RSI: ffff88804a838988 RDI: 0000000000000286
RBP: 0000000000490220 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881ef7d3d00
R13: ffff88813bff0940 R14: 00000000000001c0 R15: ffff88813bff0940
 __do_kmalloc_node mm/slab.c:3688 [inline]
 __kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703
 __kmalloc_reserve net/core/skbuff.c:137 [inline]
 __alloc_skb+0xae/0x560 net/core/skbuff.c:205
 alloc_skb include/linux/skbuff.h:995 [inline]
 bcm_can_tx+0x259/0x800 net/can/bcm.c:287
 bcm_tx_timeout_tsklet+0x1f0/0x3a0 net/can/bcm.c:414
 tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522
 __do_softirq+0x265/0x980 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:372 [inline]
 irq_exit+0x215/0x260 kernel/softirq.c:412
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
 </IRQ>
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:99 [inline]
RIP: 0010:__local_bh_enable_ip+0x18d/0x270 kernel/softirq.c:196
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 dd 00 00 00 48 83 3d c8 5f b8 08 00 0f 84 8d 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 6c bc c8 7e 85 c0 74 7d 5b 5d 41 5c c3 80 3d f3 87 d5 09
RSP: 0018:ffff8880464ef4d8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3053 RBX: 0000000000000200 RCX: 1ffff11009507135
RDX: dffffc0000000000 RSI: ffff88804a838988 RDI: ffff88804a838984
RBP: ffffffff86a43e12 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804a838100
R13: 000000000000d5fa R14: 0000000000000000 R15: 0000000000000001
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 get_next_corpse net/netfilter/nf_conntrack_core.c:1907 [inline]
 nf_ct_iterate_cleanup+0x239/0x520 net/netfilter/nf_conntrack_core.c:1930
 nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2015 [inline]
 nf_ct_iterate_cleanup_net+0x113/0x170 net/netfilter/nf_conntrack_core.c:2000
 masq_device_event+0xae/0xe0 net/ipv6/netfilter/nf_nat_masquerade_ipv6.c:77
 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
 call_netdevice_notifiers net/core/dev.c:1762 [inline]
 dev_close_many+0x323/0x670 net/core/dev.c:1514
 rollback_registered_many+0x2f7/0xe70 net/core/dev.c:8173
 rollback_registered+0xe9/0x1b0 net/core/dev.c:8238
 unregister_netdevice_queue+0x1de/0x3e0 net/core/dev.c:9305
 unregister_netdevice include/linux/netdevice.h:2615 [inline]
 __tun_detach+0x100d/0x1320 drivers/net/tun.c:745
 tun_detach drivers/net/tun.c:762 [inline]
 tun_chr_close+0xd9/0x180 drivers/net/tun.c:3323
 __fput+0x2ce/0x890 fs/file_table.c:278
 task_work_run+0x148/0x1c0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xbf3/0x2be0 kernel/exit.c:870
 do_group_exit+0x125/0x310 kernel/exit.c:967
 get_signal+0x3f2/0x1f70 kernel/signal.c:2589
 do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
 exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
 do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f5713e172d1
Code: Bad RIP value.
RSP: 002b:00007f57123230b0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007f5713f13120 RCX: 00007f5713e172d1
RDX: 00007f57123230f0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f5713e4d7b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007ffedaf70bdf R14: 00007f5712323300 R15: 0000000000022000
rcu: rcu_preempt kthread starved for 10502 jiffies! g375525 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: RCU grace-period kthread stack dump:
rcu_preempt     R  running task    29208    10      2 0x80000000
Call Trace:
 context_switch kernel/sched/core.c:2828 [inline]
 __schedule+0x887/0x2040 kernel/sched/core.c:3517
 schedule+0x8d/0x1b0 kernel/sched/core.c:3561
 schedule_timeout+0x4cf/0xfe0 kernel/time/timer.c:1818
 rcu_gp_kthread+0xdad/0x21c0 kernel/rcu/tree.c:2202
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/30 06:38 linux-4.19.y 3f8a27f9e27b 2a71366b .config console log report info [disk image] [vmlinux] ci2-linux-4-19 INFO: rcu detected stall in bcm_tx_timeout_tsklet
* Struck through repros no longer work on HEAD.