syzbot

 sign-in | mailing list | source | docs
🐞 Open [868]
🐞 Fixed [141]
🐞 Invalid [1001]
Missing Backports [73]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in sys_symlink

Status: upstream: reported on 2026/01/24 22:49
Reported-by: syzbot+67513229adc33c2c5afc@syzkaller.appspotmail.com
First crash: 6d16h, last: 6d16h
Similar bugs (8)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in sys_symlink (6) mm 1 C error inconclusive 5 19d 95d 0/29 upstream: reported C repro on 2025/10/27 21:18
linux-5.15 INFO: rcu detected stall in sys_symlink 1 1 41d 41d 0/3 upstream: reported on 2025/12/21 12:04
upstream INFO: rcu detected stall in sys_symlink (3) mm 1 4 2215d 2215d 0/29 closed as invalid on 2020/01/09 08:13
upstream INFO: rcu detected stall in sys_symlink (2) cgroups mm 1 2 2215d 2215d 0/29 closed as invalid on 2020/01/08 05:23
linux-6.6 INFO: rcu detected stall in sys_symlink 1 1 216d 216d 0/2 auto-obsoleted due to no activity on 2025/10/07 08:06
upstream INFO: rcu detected stall in sys_symlink mm 1 17 2250d 2251d 0/29 closed as invalid on 2019/12/04 14:14
upstream INFO: rcu detected stall in sys_symlink (4) bpf 1 11 1478d 1582d 0/29 closed as invalid on 2022/02/08 09:50
upstream INFO: rcu detected stall in sys_symlink (5) mm fs 1 syz inconclusive done 6 427d 477d 0/29 closed as invalid on 2025/02/03 10:48

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P33/1:b..l P14563/1:b..l
	(detected by 0, t=10502 jiffies, g=116493, q=141 ncpus=2)
task:udevd           state:R  running task     stack:24848 pid:14563 ppid:3637   flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 preempt_schedule_irq+0xbb/0x160 kernel/sched/core.c:6874
 irqentry_exit+0x63/0x70 kernel/entry/common.c:439
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:unwind_get_return_address+0x49/0x80 arch/x86/kernel/unwind_orc.c:323
Code: c0 75 47 83 3b 00 74 3a 48 83 c3 48 49 89 df 49 c1 ef 03 43 80 3c 37 00 74 08 48 89 df e8 5f 45 9a 00 48 8b 3b e8 77 27 1d 00 <85> c0 74 14 43 80 3c 37 00 74 08 48 89 df e8 44 45 9a 00 48 8b 03
RSP: 0018:ffffc90004c5f4e8 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffffc90004c5f550 RCX: 0000000080000000
RDX: ffffc90004c5f501 RSI: dffffc0000000000 RDI: ffffffff81c7cc1e
RBP: ffffc90004c5f590 R08: ffffc90004c5f820 R09: ffffc90004c5f558
R10: dffffc0000000000 R11: fffff5200098bead R12: ffff888018b80000
R13: 1ffff110031700ae R14: dffffc0000000000 R15: 1ffff9200098beaa
 arch_stack_walk+0xf2/0x140 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0xa6/0xf0 kernel/stacktrace.c:122
 save_stack+0x121/0x230 mm/page_owner.c:127
 __reset_page_owner+0x51/0x1a0 mm/page_owner.c:148
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1459 [inline]
 free_pcp_prepare mm/page_alloc.c:1509 [inline]
 free_unref_page_prepare+0x8b4/0x9a0 mm/page_alloc.c:3384
 free_unref_page+0x2e/0x3f0 mm/page_alloc.c:3479
 free_slab mm/slub.c:2036 [inline]
 discard_slab mm/slub.c:2042 [inline]
 __unfreeze_partials+0x1a5/0x200 mm/slub.c:2591
 put_cpu_partial+0x17c/0x250 mm/slub.c:2667
 qlink_free mm/kasan/quarantine.c:168 [inline]
 qlist_free_all+0x76/0xe0 mm/kasan/quarantine.c:187
 kasan_quarantine_reduce+0x144/0x160 mm/kasan/quarantine.c:294
 __kasan_slab_alloc+0x1e/0x80 mm/kasan/common.c:306
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x4b/0x480 mm/slab.h:737
 slab_alloc_node mm/slub.c:3359 [inline]
 __kmem_cache_alloc_node+0x140/0x260 mm/slub.c:3398
 __do_kmalloc_node mm/slab_common.c:935 [inline]
 __kmalloc+0xa0/0x240 mm/slab_common.c:949
 kmalloc include/linux/slab.h:568 [inline]
 kzalloc include/linux/slab.h:699 [inline]
 tomoyo_encode2 security/tomoyo/realpath.c:45 [inline]
 tomoyo_encode+0x27e/0x540 security/tomoyo/realpath.c:80
 tomoyo_path_perm+0x382/0x610 security/tomoyo/file.c:831
 tomoyo_path_symlink+0xa8/0xf0 security/tomoyo/tomoyo.c:199
 security_path_symlink+0xdc/0x130 security/security.c:1198
 do_symlinkat+0x10c/0x400 fs/namei.c:4503
 __do_sys_symlink fs/namei.c:4530 [inline]
 __se_sys_symlink fs/namei.c:4528 [inline]
 __x64_sys_symlink+0x7a/0x90 fs/namei.c:4528
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f53e0115527
RSP: 002b:00007ffc03aba0d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000058
RAX: ffffffffffffffda RBX: 0000564c63fbee00 RCX: 00007f53e0115527
RDX: fffffffffffffe68 RSI: 00007ffc03aba0e0 RDI: 0000564c63fb7d00
RBP: 0000000000000b3c R08: 0000000000000064 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffc03aba0e0
R13: 0000564c63fbe410 R14: 0000000000000008 R15: 0000564c63fbee00
 </TASK>
task:kworker/u4:2    state:R  running task     stack:21744 pid:33    ppid:2      flags:0x00004000
Workqueue: bat_events batadv_nc_worker
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 preempt_schedule_irq+0xbb/0x160 kernel/sched/core.c:6874
 irqentry_exit+0x63/0x70 kernel/entry/common.c:439
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:lock_acquire+0x225/0x4a0 kernel/locking/lockdep.c:5666
Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3d 04 f8 0f 85 f0 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 43 c7 44 3d 08 00 00 00 00 65 48 8b 04
RSP: 0018:ffffc90000aa7ac0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 5bdce5505b491a00
RDX: 0000000000000000 RSI: ffffffff8a8c23a0 RDI: ffffffff8adf0c20
RBP: ffffc90000aa7bc8 R08: dffffc0000000000 R09: 1ffffffff215e648
R10: dffffc0000000000 R11: fffffbfff215e649 R12: 0000000000000000
R13: 1ffff92000154f64 R14: 0000000000000246 R15: dffffc0000000000
 rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 rcu_read_lock include/linux/rcupdate.h:791 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline]
 batadv_nc_worker+0xeb/0x600 net/batman-adv/network-coding.c:719
 process_one_work+0x8a2/0x1160 kernel/workqueue.c:2292
 worker_thread+0xaa2/0x1270 kernel/workqueue.c:2439
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
rcu: rcu_preempt kthread starved for 10470 jiffies! g116493 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26864 pid:16    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5245 [inline]
 __schedule+0x11d1/0x40e0 kernel/sched/core.c:6562
 schedule+0xb9/0x180 kernel/sched/core.c:6638
 schedule_timeout+0x184/0x2d0 kernel/time/timer.c:2168
 rcu_gp_fqs_loop+0x303/0x1340 kernel/rcu/tree.c:1706
 rcu_gp_kthread+0x99/0x3b0 kernel/rcu/tree.c:1905
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
NMI backtrace for cpu 1 skipped: idling at arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x10 arch/x86/kernel/process.c:741

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/24 22:48 linux-6.1.y cd9b81672742 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan INFO: rcu detected stall in sys_symlink
* Struck through repros no longer work on HEAD.