syzbot

 sign-in | mailing list | source | docs
🐞 Open [1434]
Subsystems
🐞 Fixed [6967]
🐞 Invalid [18157]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

INFO: rcu detected stall in file_ioctl (2)

Status: auto-obsoleted due to no activity on 2026/02/27 16:33
Subsystems: mm
[Documentation on labels]
First crash: 97d, last: 97d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in file_ioctl mm 1 1 205d 205d 0/29 auto-obsoleted due to no activity on 2025/11/12 01:08

Sample crash report:
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P9486/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=29729, q=1186 ncpus=2)
task:syz.0.960       state:R  running task     stack:27112 pid:9486  tgid:9481  ppid:5830   task_flags:0x400040 flags:0x00080003
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7256
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:211
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__kasan_check_read+0xc/0x20 mm/kasan/shadow.c:31
Code: eb cf cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 89 f6 48 8b 0c 24 31 d2 <e9> ef e4 ff ff 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90
RSP: 0018:ffffc90003d3f200 EFLAGS: 00000246
RAX: ffffffff81f84cd4 RBX: 0000000000000300 RCX: ffffffff81f84ceb
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffea000197c5c0
RBP: 1ffffd400032f8b9 R08: ffffea000197c5c7 R09: 1ffffd400032f8b8
R10: dffffc0000000000 R11: fffff9400032f8b9 R12: 0000000000000000
R13: 1ffffd400032f8b8 R14: ffffea000197c5c0 R15: ffffea000197c5c8
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 folio_test_swapcache include/linux/page-flags.h:634 [inline]
 folio_contains+0xeb/0x2b0 include/linux/pagemap.h:970
 find_lock_entries+0x7a8/0xa60 mm/filemap.c:2190
 shmem_undo_range+0x254/0x14b0 mm/shmem.c:1101
 shmem_truncate_range mm/shmem.c:1231 [inline]
 shmem_fallocate+0x41f/0xde0 mm/shmem.c:3686
 vfs_fallocate+0x669/0x7e0 fs/open.c:342
 ioctl_preallocate fs/ioctl.c:289 [inline]
 file_ioctl+0x611/0x780 fs/ioctl.c:-1
 do_vfs_ioctl+0xb33/0x1430 fs/ioctl.c:576
 __do_sys_ioctl fs/ioctl.c:595 [inline]
 __se_sys_ioctl+0x82/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f634398f749
RSP: 002b:00007f6341bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f6343be6090 RCX: 00007f634398f749
RDX: 0000200000000040 RSI: 0000000040305829 RDI: 0000000000000004
RBP: 00007f6343a13f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6343be6128 R14: 00007f6343be6090 R15: 00007ffffd0c7d78
 </TASK>
rcu: rcu_preempt kthread starved for 1695 jiffies! g29729 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27224 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7026
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6822 Comm: kworker/u8:18 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: events_unbound nsim_dev_trap_report_work
RIP: 0010:arch_atomic_read arch/x86/include/asm/atomic.h:23 [inline]
RIP: 0010:raw_atomic_read include/linux/atomic/atomic-arch-fallback.h:457 [inline]
RIP: 0010:rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
RIP: 0010:rcu_is_watching+0x5a/0xb0 kernel/rcu/tree.c:751
Code: f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 3c 78 7f 00 48 c7 c3 d8 af 6f 92 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 <84> c0 75 34 8b 03 65 ff 0d b9 30 c8 10 74 11 83 e0 04 c1 e8 02 5b
RSP: 0018:ffffc90000a07a38 EFLAGS: 00000a02
RAX: 0000000000000000 RBX: ffff8880b8932fd8 RCX: d232e240cbd5f600
RDX: ffffc90000a07b01 RSI: ffffffff8bbf08c0 RDI: ffffffff8bbf0880
RBP: dffffc0000000000 R08: ffffc90000a08c48 R09: 0000000000000000
R10: ffffc90000a07b78 R11: fffff52000140f71 R12: ffffc90000a08c58
R13: ffffc90000a01000 R14: ffffffff8d92edd8 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888126238000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000088 CR3: 000000002e462000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_read_unlock include/linux/rcupdate.h:895 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
 unwind_next_frame+0x1965/0x2390 arch/x86/kernel/unwind_orc.c:680
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:56 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
 unpoison_slab_object mm/kasan/common.c:342 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:368
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4978 [inline]
 slab_alloc_node mm/slub.c:5288 [inline]
 kmem_cache_alloc_noprof+0x367/0x6e0 mm/slub.c:5295
 skb_ext_maybe_cow net/core/skbuff.c:7000 [inline]
 skb_ext_add+0x1b6/0x8f0 net/core/skbuff.c:7075
 nf_bridge_unshare net/bridge/br_netfilter_hooks.c:169 [inline]
 br_nf_forward_ip+0xc6/0x7e0 net/bridge/br_netfilter_hooks.c:681
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK+0x215/0x3c0 include/linux/netfilter.h:316
 __br_forward+0x41e/0x600 net/bridge/br_forward.c:115
 br_handle_frame_finish+0x15a3/0x1c90 net/bridge/br_input.c:229
 br_nf_hook_thresh+0x3c6/0x4a0 net/bridge/br_netfilter_hooks.c:-1
 br_nf_pre_routing_finish_ipv6+0x999/0xd60 net/bridge/br_netfilter_ipv6.c:-1
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x37e/0x6b0 net/bridge/br_netfilter_ipv6.c:184
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0x96e/0x14f0 net/bridge/br_input.c:442
 __netif_receive_skb_core+0x10b9/0x4380 net/core/dev.c:5966
 __netif_receive_skb_one_core net/core/dev.c:6077 [inline]
 __netif_receive_skb+0x72/0x380 net/core/dev.c:6192
 process_backlog+0x60e/0x14f0 net/core/dev.c:6544
 __napi_poll+0xc7/0x360 net/core/dev.c:7594
 napi_poll net/core/dev.c:7657 [inline]
 net_rx_action+0x5f7/0xdf0 net/core/dev.c:7784
 handle_softirqs+0x286/0x870 kernel/softirq.c:622
 do_softirq+0xec/0x180 kernel/softirq.c:523
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 nsim_dev_trap_report drivers/net/netdevsim/dev.c:835 [inline]
 nsim_dev_trap_report_work+0x7c7/0xb80 drivers/net/netdevsim/dev.c:866
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
net_ratelimit: 9668 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:36:60:e4:d3:ea:15, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:36:60:e4:d3:ea:15, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/29 16:23 net a6c121a2432e d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce INFO: rcu detected stall in file_ioctl
* Struck through repros no longer work on HEAD.