syzbot

 sign-in | mailing list | source | docs
🐞 Open [732]
🐞 Fixed [113]
🐞 Invalid [694]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in tcp_write_timer

Status: upstream: reported on 2024/06/21 02:50
Reported-by: syzbot+22fe46255c9b9bcfe460@syzkaller.appspotmail.com
First crash: 287d, last: 58d
Similar bugs (15)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in tcp_write_timer (2) bpf 2 1522d 1577d 0/28 auto-closed as invalid on 2021/05/03 11:59
upstream INFO: rcu detected stall in tcp_write_timer (4) net 1 263d 263d 0/28 auto-obsoleted due to no activity on 2024/10/13 08:46
linux-5.15 INFO: rcu detected stall in tcp_write_timer 4 172d 225d 0/3 auto-obsoleted due to no activity on 2025/01/22 08:13
upstream INFO: rcu detected stall in tcp_write_timer net 3 2071d 2066d 0/28 auto-closed as invalid on 2019/10/25 14:11
linux-5.15 INFO: rcu detected stall in tcp_write_timer (2) 1 41d 41d 0/3 upstream: reported on 2025/02/22 02:50
upstream INFO: rcu detected stall in tcp_write_timer (3) net 1 1389d 1389d 0/28 auto-closed as invalid on 2021/09/13 13:17
upstream BUG: soft lockup in tcp_write_timer (4) kasan mm 4 272d 297d 26/28 fixed on 2024/07/09 19:14
linux-4.14 INFO: rcu detected stall in tcp_write_timer 4 1673d 1916d 0/1 auto-closed as invalid on 2021/01/02 05:45
linux-4.19 INFO: rcu detected stall in tcp_write_timer 2 1802d 1856d 0/1 auto-closed as invalid on 2020/08/26 06:46
linux-4.19 BUG: soft lockup in tcp_write_timer (3) 2 825d 838d 0/1 upstream: reported on 2022/12/17 21:41
linux-4.19 BUG: soft lockup in tcp_write_timer (2) 2 1235d 1299d 0/1 auto-closed as invalid on 2022/03/16 10:56
linux-4.19 BUG: soft lockup in tcp_write_timer 1 1464d 1464d 0/1 auto-closed as invalid on 2021/07/30 14:52
upstream BUG: soft lockup in tcp_write_timer (2) kvm 1 1074d 1074d 0/28 auto-closed as invalid on 2022/06/24 22:31
upstream BUG: soft lockup in tcp_write_timer (3) net 6 452d 559d 0/28 closed as invalid on 2024/03/18 17:07
android-5-15 BUG: soft lockup in tcp_write_timer 11 235d 348d 0/2 auto-obsoleted due to no activity on 2024/11/10 05:27

Sample crash report:
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 2864 jiffies s: 22601 root: 0x2/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 13638 Comm: syz.3.4009 Not tainted 6.1.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:182 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:245 [inline]
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0xc/0x80 kernel/kcov.c:320
Code: 89 11 48 c7 44 0a 08 05 00 00 00 48 89 44 0a 10 48 89 74 0a 18 4c 89 44 0a 20 c3 0f 1f 00 4c 8b 04 24 65 48 8b 0d b4 ce 77 7e <65> 8b 05 b5 ce 77 7e 25 00 01 ff 00 74 10 3d 00 01 00 00 75 57 83
RSP: 0018:ffffc900001dfe68 EFLAGS: 00000046
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffff88807fb83b80
RDX: 0000000000010100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff81afdc32 R09: fffffbfff224a04d
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900001e0066
R13: 0000000000000020 R14: ffffc900001e01c0 R15: ffff8880561a7200
FS:  00007fda701196c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f032acd56c0 CR3: 0000000079575000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 __perf_event_header__init_id+0xc2/0x500 kernel/events/core.c:6993
 perf_prepare_sample+0x194/0x1fb0 kernel/events/core.c:7512
 __perf_event_output kernel/events/core.c:7706 [inline]
 perf_event_output_forward+0x1b7/0x330 kernel/events/core.c:7726
 __perf_event_overflow+0x45e/0x640 kernel/events/core.c:9472
 perf_swevent_hrtimer+0x38e/0x4f0 kernel/events/core.c:10880
 __run_hrtimer kernel/time/hrtimer.c:1689 [inline]
 __hrtimer_run_queues+0x5a7/0xe50 kernel/time/hrtimer.c:1753
 hrtimer_interrupt+0x392/0x980 kernel/time/hrtimer.c:1815
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1107 [inline]
 __sysvec_apic_timer_interrupt+0x158/0x5b0 arch/x86/kernel/apic/apic.c:1124
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0x4d/0xc0 arch/x86/kernel/apic/apic.c:1118
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 02 f0 24 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> f7 4f a1 f6 65 8b 05 98 2f 45 75 85 c0 74 3f 48 c7 04 24 0e 36
RSP: 0018:ffffc900001e0700 EFLAGS: 00000206
RAX: 987a99971ee4f900 RBX: 1ffff9200003c0e4 RCX: ffffffff816b127a
RDX: dffffc0000000000 RSI: ffffffff8b0c0340 RDI: 0000000000000001
RBP: ffffc900001e0790 R08: dffffc0000000000 R09: fffffbfff224a064
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff9200003c0e0 R14: ffffc900001e0720 R15: 0000000000000246
 __debug_check_no_obj_freed lib/debugobjects.c:988 [inline]
 debug_check_no_obj_freed+0x455/0x4e0 lib/debugobjects.c:1009
 free_pages_prepare mm/page_alloc.c:1465 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x3bc/0x15b0 mm/page_alloc.c:3384
 free_unref_page+0x33/0x3e0 mm/page_alloc.c:3479
 __skb_frag_unref include/linux/skbuff.h:3436 [inline]
 skb_release_data+0x37f/0x7a0 net/core/skbuff.c:785
 skb_release_all net/core/skbuff.c:856 [inline]
 __kfree_skb+0x4c/0x60 net/core/skbuff.c:870
 tcp_write_queue_purge+0x132/0x2f0 net/ipv4/tcp.c:3099
 tcp_done_with_error+0x3d/0xc0 net/ipv4/tcp_input.c:4393
 tcp_write_err net/ipv4/tcp_timer.c:70 [inline]
 tcp_write_timeout net/ipv4/tcp_timer.c:273 [inline]
 tcp_retransmit_timer+0x12ca/0x2800 net/ipv4/tcp_timer.c:547
 tcp_write_timer+0x12e/0x280 net/ipv4/tcp_timer.c:676
 call_timer_fn+0x1ad/0x6b0 kernel/time/timer.c:1504
 expire_timers kernel/time/timer.c:1549 [inline]
 __run_timers+0x67c/0x890 kernel/time/timer.c:1820
 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1833
 handle_softirqs+0x2ee/0xa40 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0x157/0x240 kernel/softirq.c:661
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
 sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:preempt_schedule_irq+0xf2/0x1c0 kernel/sched/core.c:6870
Code: 89 f5 49 c1 ed 03 eb 0d 48 f7 03 08 00 00 00 0f 84 97 00 00 00 bf 01 00 00 00 e8 19 0b a3 f6 e8 24 da d5 f6 fb bf 01 00 00 00 <e8> 79 b4 ff ff 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 e9 ac 26 f7 48
RSP: 0018:ffffc90003db7420 EFLAGS: 00000282
RAX: 987a99971ee4f900 RBX: 1ffff920007b6e8c RCX: ffffffff816b127a
RDX: dffffc0000000000 RSI: ffffffff8b0c0340 RDI: 0000000000000001
RBP: ffffc90003db74e0 R08: dffffc0000000000 R09: fffffbfff224a04e
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920007b6e84
R13: 1ffff920007b6e88 R14: ffffc90003db7440 R15: dffffc0000000000
 irqentry_exit+0x53/0x80 kernel/entry/common.c:439
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:103 [inline]
RIP: 0010:__local_bh_enable_ip+0x16c/0x1f0 kernel/softirq.c:410
Code: 8b e8 e8 a9 5e 09 65 66 8b 05 10 5a af 7e 66 85 c0 75 57 bf 01 00 00 00 e8 61 4a 0a 00 e8 ec 17 3d 00 fb 65 8b 05 fc 29 ae 7e <85> c0 75 05 e8 ab 4d ac ff 48 c7 44 24 20 0e 36 e0 45 49 c7 04 1c
RSP: 0018:ffffc90003db75a0 EFLAGS: 00000286
RAX: 0000000000000000 RBX: 1ffff920007b6eb8 RCX: ffffffff816b127a
RDX: dffffc0000000000 RSI: ffffffff8b0c0340 RDI: ffffffff8b5e6980
RBP: ffffc90003db7650 R08: dffffc0000000000 R09: fffffbfff224a04e
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff920007b6ebc R14: ffffc90003db75e0 R15: 0000000000000201
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 rt6_uncached_list_flush_dev net/ipv6/route.c:195 [inline]
 rt6_disable_ip+0x7a1/0x890 net/ipv6/route.c:4908
 addrconf_ifdown+0x154/0x1b90 net/ipv6/addrconf.c:3801
 addrconf_notify+0x3ec/0xf60
 notifier_call_chain kernel/notifier.c:87 [inline]
 raw_notifier_call_chain+0xd0/0x170 kernel/notifier.c:455
 __dev_notify_flags+0x304/0x610
 dev_change_flags+0xe7/0x190 net/core/dev.c:8671
 dev_ifsioc+0x177/0x1160 net/core/dev_ioctl.c:327
 dev_ioctl+0x508/0xf70 net/core/dev_ioctl.c:588
 sock_do_ioctl+0x26b/0x450 net/socket.c:1218
 sock_ioctl+0x47f/0x770 net/socket.c:1321
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fda6f38cde9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fda70119038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fda6f5a6080 RCX: 00007fda6f38cde9
RDX: 0000200000000900 RSI: 0000000000008914 RDI: 0000000000000005
RBP: 00007fda6f40e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fda6f5a6080 R15: 00007ffff375b278
 </TASK>

Crashes (16):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/05 12:06 linux-6.1.y 0cbb5f65e52f 5896748e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2025/01/21 10:09 linux-6.1.y f4f677285b38 6e87cfa2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2025/01/02 03:20 linux-6.1.y 563edd786f0a d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/11/26 15:04 linux-6.1.y e4d90d63d385 e9a9a9f2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/10/16 23:30 linux-6.1.y aa4cd140bba5 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/10/08 11:18 linux-6.1.y aa4cd140bba5 402f1df0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/10/08 08:48 linux-6.1.y aa4cd140bba5 402f1df0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/10/01 18:23 linux-6.1.y aa4cd140bba5 ea2b66a6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/09/27 11:40 linux-6.1.y e526b12bf916 9314348a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/09/25 03:38 linux-6.1.y e526b12bf916 5643e0e9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/08/28 18:29 linux-6.1.y ee5e09825b81 ef3de9e8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/08/03 17:11 linux-6.1.y 48d525b0e463 1786a2a8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/08/03 14:21 linux-6.1.y 48d525b0e463 1786a2a8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/07/26 10:37 linux-6.1.y c18e82d3ee44 3f86dfed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/07/21 13:41 linux-6.1.y 9b3f9a5b12dc b88348e9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
2024/06/21 02:49 linux-6.1.y eb44d83053d6 dac2aa43 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf INFO: rcu detected stall in tcp_write_timer
* Struck through repros no longer work on HEAD.