WARNING: suspicious RCU usage in usb_tx

Title	Replies (including bot)	Last reply
[syzbot] [mm?] WARNING: suspicious RCU usage in usb_tx_block	0 (1)	2026/03/08 22:54

============================= WARNING: suspicious RCU usage syzkaller #0 Not tainted ----------------------------- kernel/sched/core.c:8850 Illegal context switch in RCU-sched read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 8 locks held by syz-executor/5848: #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1530 [inline] #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm kernel/fork.c:1583 [inline] #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_process+0x4240/0x7820 kernel/fork.c:2223 #1: ffff888100096340 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline] #1: ffff888100096340 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x11f/0x1f30 mm/mmap.c:1740 #2: ffff88813cd78f40 (&mm->mmap_lock/1){+.+.}-{4:4}, at: mmap_write_lock_nested include/linux/mmap_lock.h:544 [inline] #2: ffff88813cd78f40 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x1ba/0x1f30 mm/mmap.c:1747 #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x2f/0x300 mm/pgtable-generic.c:288 #4: ffff88811e7a8558 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline] #4: ffff88811e7a8558 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x10f/0x320 mm/pgtable-generic.c:402 #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x2f/0x300 mm/pgtable-generic.c:288 #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pte_range mm/memory.c:1269 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pmd_range mm/memory.c:1405 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pud_range mm/memory.c:1442 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_p4d_range mm/memory.c:1466 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_page_range+0xca0/0x2760 mm/memory.c:1552 #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: rcu_read_lock_sched include/linux/rcupdate.h:948 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: pfn_valid include/linux/mmzone.h:2197 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: page_table_check_set+0x4f/0xa10 mm/page_table_check.c:105 stack backtrace: CPU: 0 UID: 0 PID: 5848 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120 lockdep_rcu_suspicious.cold+0x4f/0xb1 kernel/locking/lockdep.c:6876 __might_resched+0x2e0/0x330 kernel/sched/core.c:8850 usb_kill_urb+0x8e/0x320 drivers/usb/core/urb.c:705 usb_tx_block+0x91/0x320 drivers/net/wireless/marvell/libertas/if_usb.c:429 if_usb_send_fw_pkt.isra.0+0x2e4/0x550 drivers/net/wireless/marvell/libertas/if_usb.c:366 if_usb_receive_fwload+0x5d3/0x780 drivers/net/wireless/marvell/libertas/if_usb.c:592 __usb_hcd_giveback_urb+0x38d/0x610 drivers/usb/core/hcd.c:1657 usb_hcd_giveback_urb+0x3ca/0x4a0 drivers/usb/core/hcd.c:1741 dummy_timer+0xda1/0x36c0 drivers/usb/gadget/udc/dummy_hcd.c:2005 __run_hrtimer kernel/time/hrtimer.c:1785 [inline] __hrtimer_run_queues+0x50e/0xa70 kernel/time/hrtimer.c:1849 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1866 handle_softirqs+0x1de/0x9d0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0x8f/0xb0 arch/x86/kernel/apic/apic.c:1056 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:__sanitizer_cov_trace_const_cmp8+0xb/0x20 kernel/kcov.c:321 Code: e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 48 89 f2 <48> 89 fe bf 07 00 00 00 e9 f8 fd ff ff 0f 1f 84 00 00 00 00 00 90 RSP: 0018:ffffc90002bdf3b0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 000000000014581a RCX: ffffffff821af18b RDX: 0000000000000008 RSI: 0000000000000008 RDI: 0000000000000000 RBP: ffff88823ff70500 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000008 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 early_section include/linux/mmzone.h:2051 [inline] pfn_valid include/linux/mmzone.h:2206 [inline] page_table_check_set+0xeb/0xa10 mm/page_table_check.c:105 __page_table_check_ptes_set+0x1db/0x230 mm/page_table_check.c:215 page_table_check_ptes_set include/linux/page_table_check.h:83 [inline] set_ptes include/linux/pgtable.h:413 [inline] __copy_present_ptes mm/memory.c:1115 [inline] copy_present_ptes+0xcc4/0x44f0 mm/memory.c:1194 copy_pte_range mm/memory.c:1317 [inline] copy_pmd_range mm/memory.c:1405 [inline] copy_pud_range mm/memory.c:1442 [inline] copy_p4d_range mm/memory.c:1466 [inline] copy_page_range+0xe88/0x2760 mm/memory.c:1552 dup_mmap+0xcb9/0x1f30 mm/mmap.c:1841 dup_mm kernel/fork.c:1531 [inline] copy_mm kernel/fork.c:1583 [inline] copy_process+0x424b/0x7820 kernel/fork.c:2223 kernel_clone+0xfc/0x9a0 kernel/fork.c:2653 __do_sys_clone+0xd9/0x120 kernel/fork.c:2794 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fadb8ad5292 Code: 89 e7 e8 71 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00 RSP: 002b:00007ffce5503260 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffce5503260 RCX: 00007fadb8ad5292 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffce55033ec R08: 0000000000000000 R09: 0000000000000001 R10: 0000555581cb17d0 R11: 0000000000000246 R12: 0000000000000000 R13: 00000000000927c0 R14: 0000000000076ca2 R15: 00007ffce5503440 </TASK> BUG: sleeping function called from invalid context at drivers/usb/core/urb.c:705 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5848, name: syz-executor preempt_count: 103, expected: 0 RCU nest depth: 2, expected: 0 8 locks held by syz-executor/5848: #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1530 [inline] #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm kernel/fork.c:1583 [inline] #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_process+0x4240/0x7820 kernel/fork.c:2223 #1: ffff888100096340 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline] #1: ffff888100096340 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x11f/0x1f30 mm/mmap.c:1740 #2: ffff88813cd78f40 (&mm->mmap_lock/1){+.+.}-{4:4}, at: mmap_write_lock_nested include/linux/mmap_lock.h:544 [inline] #2: ffff88813cd78f40 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x1ba/0x1f30 mm/mmap.c:1747 #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x2f/0x300 mm/pgtable-generic.c:288 #4: ffff88811e7a8558 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline] #4: ffff88811e7a8558 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x10f/0x320 mm/pgtable-generic.c:402 #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x2f/0x300 mm/pgtable-generic.c:288 #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pte_range mm/memory.c:1269 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pmd_range mm/memory.c:1405 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pud_range mm/memory.c:1442 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_p4d_range mm/memory.c:1466 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_page_range+0xca0/0x2760 mm/memory.c:1552 #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: rcu_read_lock_sched include/linux/rcupdate.h:948 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: pfn_valid include/linux/mmzone.h:2197 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: page_table_check_set+0x4f/0xa10 mm/page_table_check.c:105 irq event stamp: 936087 hardirqs last enabled at (936086): [<ffffffff876c80e2>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (936086): [<ffffffff876c80e2>] _raw_spin_unlock_irqrestore+0x52/0x80 kernel/locking/spinlock.c:194 hardirqs last disabled at (936087): [<ffffffff876c7df2>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (936087): [<ffffffff876c7df2>] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:162 softirqs last enabled at (936080): [<ffffffff8177002d>] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (936080): [<ffffffff8177002d>] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (936080): [<ffffffff8177002d>] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 softirqs last disabled at (936083): [<ffffffff8177002d>] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (936083): [<ffffffff8177002d>] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (936083): [<ffffffff8177002d>] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 Preemption disabled at: [<0000000000000000>] 0x0 CPU: 0 UID: 0 PID: 5848 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120 __might_resched.cold+0x1ec/0x232 kernel/sched/core.c:8888 usb_kill_urb+0x8e/0x320 drivers/usb/core/urb.c:705 usb_tx_block+0x91/0x320 drivers/net/wireless/marvell/libertas/if_usb.c:429 if_usb_send_fw_pkt.isra.0+0x2e4/0x550 drivers/net/wireless/marvell/libertas/if_usb.c:366 if_usb_receive_fwload+0x5d3/0x780 drivers/net/wireless/marvell/libertas/if_usb.c:592 __usb_hcd_giveback_urb+0x38d/0x610 drivers/usb/core/hcd.c:1657 usb_hcd_giveback_urb+0x3ca/0x4a0 drivers/usb/core/hcd.c:1741 dummy_timer+0xda1/0x36c0 drivers/usb/gadget/udc/dummy_hcd.c:2005 __run_hrtimer kernel/time/hrtimer.c:1785 [inline] __hrtimer_run_queues+0x50e/0xa70 kernel/time/hrtimer.c:1849 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1866 handle_softirqs+0x1de/0x9d0 kernel/softirq.c:622 __do_softirq kernel/softirq.c:656 [inline] invoke_softirq kernel/softirq.c:496 [inline] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline] sysvec_apic_timer_interrupt+0x8f/0xb0 arch/x86/kernel/apic/apic.c:1056 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697 RIP: 0010:__sanitizer_cov_trace_const_cmp8+0xb/0x20 kernel/kcov.c:321 Code: e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 48 89 f2 <48> 89 fe bf 07 00 00 00 e9 f8 fd ff ff 0f 1f 84 00 00 00 00 00 90 RSP: 0018:ffffc90002bdf3b0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 000000000014581a RCX: ffffffff821af18b RDX: 0000000000000008 RSI: 0000000000000008 RDI: 0000000000000000 RBP: ffff88823ff70500 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000008 R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 early_section include/linux/mmzone.h:2051 [inline] pfn_valid include/linux/mmzone.h:2206 [inline] page_table_check_set+0xeb/0xa10 mm/page_table_check.c:105 __page_table_check_ptes_set+0x1db/0x230 mm/page_table_check.c:215 page_table_check_ptes_set include/linux/page_table_check.h:83 [inline] set_ptes include/linux/pgtable.h:413 [inline] __copy_present_ptes mm/memory.c:1115 [inline] copy_present_ptes+0xcc4/0x44f0 mm/memory.c:1194 copy_pte_range mm/memory.c:1317 [inline] copy_pmd_range mm/memory.c:1405 [inline] copy_pud_range mm/memory.c:1442 [inline] copy_p4d_range mm/memory.c:1466 [inline] copy_page_range+0xe88/0x2760 mm/memory.c:1552 dup_mmap+0xcb9/0x1f30 mm/mmap.c:1841 dup_mm kernel/fork.c:1531 [inline] copy_mm kernel/fork.c:1583 [inline] copy_process+0x424b/0x7820 kernel/fork.c:2223 kernel_clone+0xfc/0x9a0 kernel/fork.c:2653 __do_sys_clone+0xd9/0x120 kernel/fork.c:2794 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x106/0x7b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fadb8ad5292 Code: 89 e7 e8 71 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00 RSP: 002b:00007ffce5503260 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 RAX: ffffffffffffffda RBX: 00007ffce5503260 RCX: 00007fadb8ad5292 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 RBP: 00007ffce55033ec R08: 0000000000000000 R09: 0000000000000001 R10: 0000555581cb17d0 R11: 0000000000000246 R12: 0000000000000000 R13: 00000000000927c0 R14: 0000000000076ca2 R15: 00007ffce5503440 </TASK> BUG: scheduling while atomic: syz-executor/5848/0x00000104 8 locks held by syz-executor/5848: #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: dup_mm kernel/fork.c:1530 [inline] #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm kernel/fork.c:1583 [inline] #0: ffffffff89812cb0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_process+0x4240/0x7820 kernel/fork.c:2223 #1: ffff888100096340 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:554 [inline] #1: ffff888100096340 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x11f/0x1f30 mm/mmap.c:1740 #2: ffff88813cd78f40 (&mm->mmap_lock/1){+.+.}-{4:4}, at: mmap_write_lock_nested include/linux/mmap_lock.h:544 [inline] #2: ffff88813cd78f40 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x1ba/0x1f30 mm/mmap.c:1747 #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #3: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x2f/0x300 mm/pgtable-generic.c:288 #4: ffff88811e7a8558 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: spin_lock include/linux/spinlock.h:341 [inline] #4: ffff88811e7a8558 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: pte_offset_map_lock+0x10f/0x320 mm/pgtable-generic.c:402 #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:850 [inline] #5: ffffffff896de760 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x2f/0x300 mm/pgtable-generic.c:288 #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pte_range mm/memory.c:1269 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pmd_range mm/memory.c:1405 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_pud_range mm/memory.c:1442 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_p4d_range mm/memory.c:1466 [inline] #6: ffff88811d98beb8 (ptlock_ptr(ptdesc)#2/1){+.+.}-{3:3}, at: copy_page_range+0xca0/0x2760 mm/memory.c:1552 #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:312 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: rcu_read_lock_sched include/linux/rcupdate.h:948 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: pfn_valid include/linux/mmzone.h:2197 [inline] #7: ffffffff896de6a0 (rcu_read_lock_sched){....}-{1:2}, at: page_table_check_set+0x4f/0xa10 mm/page_table_check.c:105 Modules linked in: irq event stamp: 936087 hardirqs last enabled at (936086): [<ffffffff876c80e2>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:178 [inline] hardirqs last enabled at (936086): [<ffffffff876c80e2>] _raw_spin_unlock_irqrestore+0x52/0x80 kernel/locking/spinlock.c:194 hardirqs last disabled at (936087): [<ffffffff876c7df2>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:130 [inline] hardirqs last disabled at (936087): [<ffffffff876c7df2>] _raw_spin_lock_irqsave+0x52/0x60 kernel/locking/spinlock.c:162 softirqs last enabled at (936080): [<ffffffff8177002d>] __do_softirq kernel/softirq.c:656 [inline] softirqs last enabled at (936080): [<ffffffff8177002d>] invoke_softirq kernel/softirq.c:496 [inline] softirqs last enabled at (936080): [<ffffffff8177002d>] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 softirqs last disabled at (936083): [<ffffffff8177002d>] __do_softirq kernel/softirq.c:656 [inline] softirqs last disabled at (936083): [<ffffffff8177002d>] invoke_softirq kernel/softirq.c:496 [inline] softirqs last disabled at (936083): [<ffffffff8177002d>] __irq_exit_rcu+0xed/0x150 kernel/softirq.c:723 Preemption disabled at: [<0000000000000000>] 0x0 ---------------- Code disassembly (best guess): 0: e9 2a fe ff ff jmp 0xfffffe2f 5: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) c: 00 00 00 f: 90 nop 10: 90 nop 11: 90 nop 12: 90 nop 13: 90 nop 14: 90 nop 15: 90 nop 16: 90 nop 17: 90 nop 18: 90 nop 19: 90 nop 1a: 90 nop 1b: 90 nop 1c: 90 nop 1d: 90 nop 1e: 90 nop 1f: f3 0f 1e fa endbr64 23: 48 8b 0c 24 mov (%rsp),%rcx 27: 48 89 f2 mov %rsi,%rdx * 2a: 48 89 fe mov %rdi,%rsi <-- trapping instruction 2d: bf 07 00 00 00 mov $0x7,%edi 32: e9 f8 fd ff ff jmp 0xfffffe2f 37: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1) 3e: 00 3f: 90 nop

Crashes (4):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Assets (help?)	Manager	Title
2026/04/11 07:24	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	cd1be4b2c639	38c8e246	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	WARNING: suspicious RCU usage in usb_tx_block
2026/03/30 13:58	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	84db3719d273	dcaebc52	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	WARNING: suspicious RCU usage in usb_tx_block
2026/03/07 05:39	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bb375c251ab4	5cb44a80	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	WARNING: suspicious RCU usage in usb_tx_block
2026/03/04 22:41	https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing	bb375c251ab4	e6b6b96b	.config	console log	report	info	[disk image] [vmlinux] [kernel image]	ci2-upstream-usb	WARNING: suspicious RCU usage in usb_tx_block

Crashes (4):

Assets (help?)