syzbot

 sign-in | mailing list | source | docs
🐞 Open [483]
🐞 Fixed [23]
🐞 Invalid [268]
Missing Backports [16]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in sys_setsockopt

Status: upstream: reported on 2026/02/13 08:47
Reported-by: syzbot+035e355f20769f1e35a0@syzkaller.appspotmail.com
First crash: 133d, last: 2d15h
Similar bugs (5)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in sys_setsockopt (2) kvm 1 2 1794d 1835d 0/29 auto-closed as invalid on 2021/10/27 00:02
upstream INFO: rcu detected stall in sys_setsockopt kvm 1 1 1956d 1956d 0/29 auto-closed as invalid on 2021/05/17 17:51
upstream INFO: rcu detected stall in sys_setsockopt (4) prio:high mm 1 C done inconclusive 90 23m 578d 0/29 upstream: reported C repro on 2024/11/25 08:53
upstream INFO: rcu detected stall in sys_setsockopt (3) net 1 4 1667d 1693d 0/29 closed as invalid on 2022/02/08 10:00
linux-4.19 BUG: soft lockup in sys_setsockopt 1 3 1889d 1916d 0/1 auto-closed as invalid on 2021/08/23 07:10

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	0-...!: (1 GPs behind) idle=bf4c/1/0x4000000000000000 softirq=78110/78111 fqs=0
rcu: 	(detected by 1, t=10502 jiffies, g=102977, q=705 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5777 Comm: syz-executor Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:advance_sched+0x206/0xc70 net/sched/sch_taprio.c:945
Code: e0 db da f8 eb 05 e8 d9 db da f8 48 8b 5c 24 30 48 8b 44 24 28 48 83 c0 f8 48 89 c1 48 c1 e9 03 48 89 4c 24 58 42 80 3c 31 00 <48> 89 44 24 18 74 0f 48 8b 7c 24 18 e8 19 50 33 f9 48 8b 44 24 18
RSP: 0018:ffffc90000007c98 EFLAGS: 00000046
RAX: ffff88805fa94338 RBX: ffff88805fa94330 RCX: 1ffff1100bf52867
RDX: 0000000000010000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90000007eb8 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff52000000f84 R12: 0000000000000000
R13: ffff88805fa94000 R14: dffffc0000000000 R15: ffff888025513400
FS:  00005555696e8500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe209deb078 CR3: 000000007a399000 CR4: 00000000003506f0
Call Trace:
 <IRQ>
 __run_hrtimer kernel/time/hrtimer.c:1754 [inline]
 __hrtimer_run_queues+0x525/0xc10 kernel/time/hrtimer.c:1818
 hrtimer_interrupt+0x39d/0x980 kernel/time/hrtimer.c:1880
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:get_current arch/x86/include/asm/current.h:41 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x60 kernel/kcov.c:215
Code: 00 00 f3 0f 1e fa 53 48 89 fb e8 13 00 00 00 48 8b 3d cc 02 04 0d 48 89 de 5b e9 b3 a3 57 00 cc cc cc f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0d e0 d2 7c 7e 65 8b 15 e1 d2 7c 7e 81 e2 00 01 ff 00 74
RSP: 0018:ffffc900043e7450 EFLAGS: 00000202
RAX: ffffffff813b2a4c RBX: ffffffff8f936bba RCX: 0000000000000003
RDX: ffffffff813b2a28 RSI: ffffffff8cfa05a0 RDI: 0000000000000002
RBP: ffffc900043e7578 R08: ffff888027fada00 R09: 0000000000000002
R10: 0000000000000001 R11: 0000000000000000 R12: ffffffff8f936bbf
R13: ffffc900043e7528 R14: 0000000000000002 R15: dffffc0000000000
 unwind_next_frame+0x67c/0x2990 arch/x86/kernel/unwind_orc.c:505
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:53
 kasan_save_free_info+0x28/0x40 mm/kasan/generic.c:522
 ____kasan_slab_free+0x126/0x1f0 mm/kasan/common.c:237
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1811 [inline]
 slab_free_freelist_hook+0x130/0x1a0 mm/slub.c:1837
 slab_free mm/slub.c:3830 [inline]
 kmem_cache_free+0xf8/0x290 mm/slub.c:3852
 __merge_or_add_vmap_area mm/vmalloc.c:1196 [inline]
 merge_or_add_vmap_area mm/vmalloc.c:1215 [inline]
 free_vmap_area_noflush+0x876/0xa50 mm/vmalloc.c:1841
 free_unmap_vmap_area mm/vmalloc.c:1862 [inline]
 remove_vm_area+0x2a4/0x2e0 mm/vmalloc.c:2730
 vfree+0x63/0x340 mm/vmalloc.c:2849
 __do_replace+0x869/0x9a0 net/ipv4/netfilter/ip_tables.c:1088
 do_replace net/ipv4/netfilter/ip_tables.c:1139 [inline]
 do_ipt_set_ctl+0xb38/0xe00 net/ipv4/netfilter/ip_tables.c:1632
 nf_setsockopt+0x263/0x280 net/netfilter/nf_sockopt.c:101
 do_sock_setsockopt+0x175/0x1a0 net/socket.c:2322
 __sys_setsockopt net/socket.c:2345 [inline]
 __do_sys_setsockopt net/socket.c:2354 [inline]
 __se_sys_setsockopt net/socket.c:2351 [inline]
 __x64_sys_setsockopt+0x182/0x200 net/socket.c:2351
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fe209b9e69a
Code: 48 83 ec 10 48 63 c9 48 63 ff 45 89 c9 6a 2c e8 6c 99 fb ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7
RSP: 002b:00007fff88b181b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007fff88b18240 RCX: 00007fe209b9e69a
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000003 R08: 00000000000002d8 R09: 0000000000000000
R10: 00007fe209deb020 R11: 0000000000000206 R12: 00007fe209deafc0
R13: 00007fff88b181dc R14: 0000000000000000 R15: 00007fe209ded180
 </TASK>
rcu: rcu_preempt kthread starved for 10502 jiffies! g102977 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26856 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x15ae/0x4660 kernel/sched/core.c:6700
 schedule+0xbd/0x170 kernel/sched/core.c:6774
 schedule_timeout+0x188/0x2d0 kernel/time/timer.c:2168
 rcu_gp_fqs_loop+0x30d/0x1590 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x9d/0x3b0 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 PID: 18837 Comm: syz.8.3567 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:csd_lock_wait kernel/smp.c:311 [inline]
RIP: 0010:smp_call_function_many_cond+0xd85/0x1190 kernel/smp.c:855
Code: 45 8b 34 24 44 89 f6 83 e6 01 31 ff e8 34 f1 0a 00 41 83 e6 01 49 be 00 00 00 00 00 fc ff df 75 07 e8 6f ed 0a 00 eb 38 f3 90 <42> 0f b6 04 33 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 53 ed
RSP: 0018:ffffc90004be7a80 EFLAGS: 00000246
RAX: ffffffff817bf7fd RBX: 1ffff110171c87a9 RCX: 0000000000080000
RDX: ffffc900108e1000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffc90004be7bf0 R08: ffffffff8e8ae5ef R09: 1ffffffff1d15cbd
R10: dffffc0000000000 R11: fffffbfff1d15cbe R12: ffff8880b8e43d48
R13: ffff8880b8f3d3c0 R14: dffffc0000000000 R15: 0000000000000000
FS:  00007fa8206216c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b35020ff8 CR3: 000000003469f000 CR4: 00000000003506e0
Call Trace:
 <TASK>
 clock_was_set+0x756/0x800 kernel/time/hrtimer.c:990
 do_settimeofday64+0x59b/0x750 kernel/time/timekeeping.c:1345
 __do_sys_clock_settime kernel/time/posix-timers.c:1130 [inline]
 __se_sys_clock_settime kernel/time/posix-timers.c:1114 [inline]
 __x64_sys_clock_settime+0x25e/0x2a0 kernel/time/posix-timers.c:1114
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fa81f79ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa820621028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3
RAX: ffffffffffffffda RBX: 00007fa81fa15fa0 RCX: 00007fa81f79ce59
RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000
RBP: 00007fa81f832e6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa81fa16038 R14: 00007fa81fa15fa0 R15: 00007fff3943a548
 </TASK>

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/06/24 15:42 linux-6.6.y d1cfde2d5d15 302586aa .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in sys_setsockopt
2026/05/21 03:26 linux-6.6.y eac8889a3a1c 41b8c833 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in sys_setsockopt
2026/02/13 08:46 linux-6.6.y 1b4ef5214f17 6a673c50 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sys_setsockopt
* Struck through repros no longer work on HEAD.