syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14806]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: rcu detected stall in aead_recvmsg_nokey

Status: auto-obsoleted due to no activity on 2024/10/03 16:25
Subsystems: crypto
[Documentation on labels]
First crash: 270d, last: 207d

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...!: (1 GPs behind) idle=5694/1/0x4000000000000000 softirq=6943/6972 fqs=9
rcu: 	(detected by 0, t=10503 jiffies, g=8561, q=824 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 5199 Comm: syz.0.1 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:__lock_release kernel/locking/lockdep.c:5415 [inline]
RIP: 0010:lock_release+0x206/0x9f0 kernel/locking/lockdep.c:5774
Code: ec 3a 0e 00 0f 84 c7 03 00 00 4d 8d b5 d8 0a 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 48 42 0f b6 04 38 84 c0 0f 85 76 05 00 00 <41> 8b 06 85 c0 0f 84 40 02 00 00 4c 89 34 24 48 89 54 24 10 48 89
RSP: 0018:ffffc90000a18b40 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000046 RCX: ffffc90000a18b03
RDX: 1ffff92000143178 RSI: ffffffff8bcac820 RDI: ffffffff8c1fe9c0
RBP: ffffc90000a18c80 R08: ffffffff8fad4a2f R09: 1ffffffff1f5a945
R10: dffffc0000000000 R11: fffffbfff1f5a946 R12: 1ffff92000143174
R13: ffff888027481e00 R14: ffff8880274828d8 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9500000(0063) knlGS:00000000f5cb0b40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000020113018 CR3: 000000007be90000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 rcu_lock_release include/linux/rcupdate.h:339 [inline]
 rcu_read_unlock include/linux/rcupdate.h:812 [inline]
 advance_sched+0xb32/0xca0 net/sched/sch_taprio.c:987
 __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
 __hrtimer_run_queues+0x59b/0xd50 kernel/time/hrtimer.c:1753
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1815
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x3f0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:103 [inline]
RIP: 0010:__local_bh_enable_ip+0x170/0x200 kernel/softirq.c:389
Code: 8b e8 24 07 2c 0a 65 66 8b 05 d4 d6 a9 7e 66 85 c0 75 5d bf 01 00 00 00 e8 8d 9f 0b 00 e8 68 8d 43 00 fb 65 8b 05 98 d6 a9 7e <85> c0 75 05 e8 17 b8 a6 ff 48 c7 44 24 20 0e 36 e0 45 49 c7 04 1c
RSP: 0018:ffffc900049a7740 EFLAGS: 00000286
RAX: 0000000080000000 RBX: 1ffff92000934eec RCX: ffffffff8172da6a
RDX: dffffc0000000000 RSI: ffffffff8bcabb40 RDI: ffffffff8c1fe9c0
RBP: ffffc900049a77f0 R08: ffffffff92fa7687 R09: 1ffffffff25f4ed0
R10: dffffc0000000000 R11: fffffbfff25f4ed1 R12: dffffc0000000000
R13: 1ffff92000934ef0 R14: ffffc900049a7780 R15: 0000000000000201
 lock_sock include/net/sock.h:1602 [inline]
 aead_check_key+0x43/0x1e0 crypto/algif_aead.c:386
 aead_recvmsg_nokey+0x20/0x60 crypto/algif_aead.c:429
 sock_recvmsg_nosec+0x18e/0x1d0 net/socket.c:1046
 ____sys_recvmsg+0x3c0/0x470 net/socket.c:2802
 ___sys_recvmsg net/socket.c:2846 [inline]
 do_recvmmsg+0x58f/0xae0 net/socket.c:2932
 __sys_recvmmsg+0x1a8/0x270 net/socket.c:3019
 __do_compat_sys_recvmmsg_time32 net/compat.c:418 [inline]
 __se_compat_sys_recvmmsg_time32 net/compat.c:414 [inline]
 __ia32_compat_sys_recvmmsg_time32+0xbf/0xd0 net/compat.c:414
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0xb4/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf73b8579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f5cb057c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002440
RDX: 00000000ffffff67 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
rcu: rcu_preempt kthread starved for 10383 jiffies! g8561 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:24912 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0x17e8/0x4a20 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6837
 schedule_timeout+0x1be/0x310 kernel/time/timer.c:2581
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2000
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2202
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 PID: 5218 Comm: syz.4.24 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:csd_lock_wait kernel/smp.c:311 [inline]
RIP: 0010:smp_call_function_many_cond+0x1860/0x29d0 kernel/smp.c:855
Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 c9 0c 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 74 08 0c 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 58 08
RSP: 0018:ffffc9000461f8c0 EFLAGS: 00000293
RAX: ffffffff818a1f58 RBX: 1ffff110172a8899 RCX: ffff888079b81e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000461faa0 R08: ffffffff818a1f27 R09: 1ffffffff25f4eb0
R10: dffffc0000000000 R11: fffffbfff25f4eb1 R12: dffffc0000000000
R13: ffff8880b95444c8 R14: ffff8880b943f8c0 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b9400000(0063) knlGS:000000005705a440
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00000000f6585da4 CR3: 000000002c2ec000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 </IRQ>
 <TASK>
 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1023
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:2069 [inline]
 text_poke_bp_batch+0x352/0xb30 arch/x86/kernel/alternative.c:2279
 text_poke_flush arch/x86/kernel/alternative.c:2470 [inline]
 text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2477
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 __static_key_slow_dec_cpuslocked+0x10b/0x170 kernel/jump_label.c:276
 __static_key_slow_dec kernel/jump_label.c:283 [inline]
 static_key_slow_dec+0x51/0xa0 kernel/jump_label.c:298
 kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:1357 [inline]
 kvm_put_kvm+0xf3b/0x1300 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1381
 kvm_vm_release+0x46/0x50 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1404
 __fput+0x24a/0x8a0 fs/file_table.c:422
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x168/0x360 kernel/entry/common.c:218
 __do_fast_syscall_32+0xc4/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7422579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f7574a9c EFLAGS: 00000206 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/05 16:17 upstream 661e504db04c 2a40360c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 INFO: rcu detected stall in aead_recvmsg_nokey
2024/05/03 23:11 net f2db7230f73a 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce INFO: rcu detected stall in aead_recvmsg_nokey
* Struck through repros no longer work on HEAD.