syzbot

 sign-in | mailing list | source | docs
🐞 Open [96]
🐞 Fixed [6]
🐞 Invalid [2]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap
💬 Send us feedback

INFO: rcu detected stall in mas_preallocate

Status: premoderation: reported on 2025/07/23 00:35
Reported-by: syzbot+2832d86a34914315b36d@syzkaller.appspotmail.com
First crash: 38d, last: 22d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in mas_preallocate (2) mm 1 syz done 7 54d 264d 0/29 upstream: reported syz repro on 2024/12/09 09:12

Sample crash report:
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P3013/1:b..l
rcu: 	(detected by 0, t=10003 jiffies, g=3829, q=679 ncpus=2)
task:syz-executor    state:R  running task     stack:0     pid:3013  tgid:3013  ppid:281    flags:0x00000004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5945 [inline]
 __schedule+0x1322/0x1df0 kernel/sched/core.c:7791
 preempt_schedule_irq+0x9c/0x100 kernel/sched/core.c:8117
 raw_irqentry_exit_cond_resched+0x33/0x40 kernel/entry/common.c:311
 irqentry_exit+0x4a/0x60 kernel/entry/common.c:354
 sysvec_apic_timer_interrupt+0x50/0x90 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1f/0x30 arch/x86/include/asm/idtentry.h:702
RIP: 0010:unwind_get_return_address+0x5/0x90 arch/x86/kernel/unwind_frame.c:15
Code: 98 2e 87 e8 2d e9 97 00 e9 79 ff ff ff cc cc cc cc cc cc cc cc b8 88 57 d8 06 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <48> 89 e5 41 57 41 56 53 48 89 fb 49 be 00 00 00 00 00 fc ff df 48
RSP: 0018:ffffc90010f77098 EFLAGS: 00000202
RAX: 0000000010f77001 RBX: ffffc90010f77160 RCX: 0000000010f77001
RDX: ffffc90010f775f0 RSI: 1ffff920021eee16 RDI: ffffc90010f770a8
RBP: ffffc90010f77130 R08: ffffc90010f77170 R09: ffffc90010f77168
R10: 0000000000000006 R11: ffffffff81742a80 R12: ffff88810bbf3900
R13: 1ffff920021eee40 R14: ffffffff81742a80 R15: ffffc90010f770a8
 stack_trace_save+0x9d/0xe0 kernel/stacktrace.c:122
 save_stack+0xf8/0x1f0 mm/page_owner.c:174
 __reset_page_owner+0x79/0x450 mm/page_owner.c:315
 reset_page_owner include/linux/page_owner.h:28 [inline]
 free_pages_prepare mm/page_alloc.c:1349 [inline]
 free_unref_page+0xb4d/0xee0 mm/page_alloc.c:2839
 __free_pages+0x6b/0x3b0 mm/page_alloc.c:5342
 __free_slab+0xb6/0x110 mm/slub.c:2730
 free_slab+0x18/0xf0 mm/slub.c:2753
 discard_slab+0x23/0x40 mm/slub.c:2759
 __slab_free+0x201/0x2b0 mm/slub.c:4577
 do_slab_free mm/slub.c:4618 [inline]
 ___cache_free+0xc9/0xe0 mm/slub.c:4729
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0xb5/0x130 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x180 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x28/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4168 [inline]
 slab_alloc_node mm/slub.c:4217 [inline]
 kmem_cache_alloc_noprof+0x131/0x3a0 mm/slub.c:4226
 mt_alloc_one lib/maple_tree.c:162 [inline]
 mas_alloc_nodes+0x254/0x9e0 lib/maple_tree.c:1241
 mas_node_count_gfp lib/maple_tree.c:1321 [inline]
 mas_preallocate+0x762/0xc60 lib/maple_tree.c:5548
 vma_iter_prealloc mm/vma.h:446 [inline]
 __mmap_region mm/mmap.c:1464 [inline]
 mmap_region+0x122a/0x1bc0 mm/mmap.c:1634
 do_mmap+0xb6d/0x13c0 mm/mmap.c:508
 vm_mmap_pgoff+0x38f/0x4e0 mm/util.c:594
 ksys_mmap_pgoff+0xfb/0x1e0 mm/mmap.c:557
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:79 [inline]
 __x64_sys_mmap+0x121/0x140 arch/x86/kernel/sys_x86_64.c:79
 x64_sys_call+0x13bf/0x2ee0 arch/x86/include/generated/asm/syscalls_64.h:10
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x58/0xf0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f727ff8ec23
RSP: 002b:00007ffd7f28c9a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f727ff8ec23
RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200001000000
RBP: 0000000000000002 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000100022 R11: 0000000000000246 R12: 0000200001000000
R13: 00007ffd7f28cc98 R14: 0000000000000009 R15: 0000000000000009
 </TASK>
net_ratelimit: 104463 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/08/07 15:42 android16-6.12 e5a17398e40d 04cffc22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust INFO: rcu detected stall in mas_preallocate
2025/07/23 00:34 android16-6.12 88813c11dc64 8e9d1dc1 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-12-rust INFO: rcu detected stall in mas_preallocate
* Struck through repros no longer work on HEAD.