syzbot

 sign-in | mailing list | source | docs
🐞 Open [461]
🐞 Fixed [21]
🐞 Invalid [181]
Missing Backports [18]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in __tun_chr_ioctl

Status: upstream: reported on 2026/03/23 00:03
Reported-by: syzbot+c0d8dcccc8f9d0e3f0d8@syzkaller.appspotmail.com
First crash: 5d13h, last: 5d13h
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in __tun_chr_ioctl mm 1 4 434d 509d 0/29 auto-obsoleted due to no activity on 2025/04/18 05:25
linux-5.15 INFO: rcu detected stall in __tun_chr_ioctl 1 1 387d 387d 0/3 auto-obsoleted due to no activity on 2025/06/14 12:09
linux-6.1 INFO: rcu detected stall in __tun_chr_ioctl 1 3 101d 126d 0/3 auto-obsoleted due to no activity on 2026/03/26 13:49
linux-5.15 INFO: rcu detected stall in __tun_chr_ioctl (2) 1 8 24d 124d 0/3 upstream: reported on 2025/11/23 13:35

Sample crash report:
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 	1-....: (10499 ticks this GP) idle=69c4/1/0x4000000000000000 softirq=19946/19946 fqs=4174
rcu: 	         hardirqs   softirqs   csw/system
rcu: 	 number:  1277573          0            0
rcu: 	cputime:    17491      34997           66   ==> 52490(ms)
rcu: 	(t=10500 jiffies g=22585 q=487 ncpus=2)
CPU: 1 PID: 7795 Comm: syz.2.551 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:104 [inline]
RIP: 0010:__local_bh_enable_ip+0x142/0x1c0 kernel/softirq.c:413
Code: 8a e8 52 c6 32 09 65 66 8b 05 ca 51 b1 7e 66 85 c0 75 54 bf 01 00 00 00 e8 7b 22 0a 00 e8 06 28 3b 00 fb 65 8b 05 96 51 b1 7e <85> c0 75 05 e8 15 39 ae ff 48 c7 04 24 0e 36 e0 45 4b c7 04 37 00
RSP: 0018:ffffc900001f0660 EFLAGS: 00000286
RAX: 0000000000000101 RBX: 0000000000000201 RCX: f7b15573f776ee00
RDX: dffffc0000000000 RSI: ffffffff8acac960 RDI: ffffffff8b1c85a0
RBP: ffffc900001f06f0 R08: ffffffff911c15f7 R09: 1ffffffff22382be
R10: dffffc0000000000 R11: fffffbfff22382bf R12: ffffffff887d9294
R13: 000000000000dd86 R14: dffffc0000000000 R15: 1ffff9200003e0cc
FS:  00007fea2eb756c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000100000000 CR3: 000000005d9df000 CR4: 00000000003506e0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 neigh_hh_init net/core/neighbour.c:1543 [inline]
 neigh_resolve_output+0x2b4/0x730 net/core/neighbour.c:1558
 neigh_output include/net/neighbour.h:543 [inline]
 ip6_finish_output2+0xe3d/0x1630 net/ipv6/ip6_output.c:141
 dst_output include/net/dst.h:467 [inline]
 NF_HOOK include/linux/netfilter.h:304 [inline]
 ndisc_send_skb+0xc26/0x14f0 net/ipv6/ndisc.c:513
 addrconf_rs_timer+0x2d5/0x630 net/ipv6/addrconf.c:4024
 call_timer_fn+0x189/0x540 kernel/time/timer.c:1701
 expire_timers kernel/time/timer.c:1752 [inline]
 __run_timers+0x542/0x800 kernel/time/timer.c:2023
 run_timer_softirq+0x67/0xf0 kernel/time/timer.c:2036
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xd3/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:preempt_schedule_irq+0xba/0x150 kernel/sched/core.c:7010
Code: 00 00 43 c6 44 37 04 f8 74 0b 0f 0b 48 f7 03 08 00 00 00 74 6f bf 01 00 00 00 e8 51 2b cf f6 e8 7c 32 00 f7 fb bf 01 00 00 00 <e8> f1 b4 ff ff 43 c6 44 37 08 00 48 c7 44 24 40 00 00 00 00 9c 8f
RSP: 0018:ffffc900102ef540 EFLAGS: 00000286
RAX: f7b15573f776ee00 RBX: ffff888018b81e00 RCX: f7b15573f776ee00
RDX: dffffc0000000000 RSI: ffffffff8acac960 RDI: 0000000000000001
RBP: ffffc900102ef5e0 R08: ffffffff911c150f R09: 1ffffffff22382a1
R10: dffffc0000000000 R11: fffffbfff22382a2 R12: 0000000000000000
R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff9200205dea8
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:find_stack lib/stackdepot.c:351 [inline]
RIP: 0010:__stack_depot_save+0x162/0x630 lib/stackdepot.c:390
Code: 8c e6 00 13 8b 2d 82 e6 00 13 44 21 e5 4c 8b 2c ee 4d 85 ed 74 33 44 89 f0 eb 09 4d 8b 6d 00 4d 85 ed 74 25 45 39 65 08 75 f1 <45> 39 75 0c 75 eb 31 c9 48 8b 14 cb 49 3b 54 cd 18 75 de 48 ff c1
RSP: 0018:ffffc900102ef6a8 EFLAGS: 00000246
RAX: 000000000000000c RBX: ffffc900102ef700 RCX: 00000000b24ea546
RDX: 00000000f82f7d82 RSI: ffff88823b400000 RDI: 0000000000000dc0
RBP: 00000000000bcd07 R08: 00000000fa23ae79 R09: 000000007ccceed2
R10: dffffc0000000000 R11: fffffbfff1d15dde R12: 00000000cfdbcd07
R13: ffff88805f3abf70 R14: 000000000000000c R15: 0000000000000001
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_set_track+0x5f/0x70 mm/kasan/common.c:53
 ____kasan_kmalloc mm/kasan/common.c:375 [inline]
 __kasan_kmalloc+0x8f/0xa0 mm/kasan/common.c:384
 kasan_kmalloc include/linux/kasan.h:198 [inline]
 __do_kmalloc_node mm/slab_common.c:1007 [inline]
 __kmalloc_node+0xb4/0x230 mm/slab_common.c:1014
 kmalloc_node include/linux/slab.h:620 [inline]
 kvmalloc_node+0x70/0x180 mm/util.c:617
 kvmalloc include/linux/slab.h:738 [inline]
 kvmalloc_array include/linux/slab.h:756 [inline]
 __ptr_ring_init_queue_alloc include/linux/ptr_ring.h:471 [inline]
 ptr_ring_resize include/linux/ptr_ring.h:594 [inline]
 tun_attach+0x884/0x1570 drivers/net/tun.c:791
 tun_net_init+0x3f3/0x4e0 drivers/net/tun.c:1007
 register_netdevice+0x67b/0x1bb0 net/core/dev.c:10233
 tun_set_iff+0x848/0xed0 drivers/net/tun.c:2862
 __tun_chr_ioctl+0x7ee/0x2000 drivers/net/tun.c:3131
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:871 [inline]
 __se_sys_ioctl+0xfd/0x170 fs/ioctl.c:857
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fea2dd9c799
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fea2eb75028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fea2e015fa0 RCX: 00007fea2dd9c799
RDX: 0000200000000040 RSI: 00000000400454ca RDI: 0000000000000009
RBP: 00007fea2de32c99 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fea2e016038 R14: 00007fea2e015fa0 R15: 00007ffee3100448
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/23 00:02 linux-6.6.y 4fc00fe35d46 5b92003d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in __tun_chr_ioctl
* Struck through repros no longer work on HEAD.