syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1353]
Subsystems
🐞 Fixed [7074]
🐞 Invalid [18608]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

INFO: rcu detected stall in vms_clear_ptes (3)

Status: auto-obsoleted due to no activity on 2026/04/14 05:45
Subsystems: mm
[Documentation on labels]
First crash: 173d, last: 105d
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in vms_clear_ptes mm 1 3 457d 513d 0/29 auto-obsoleted due to no activity on 2025/04/26 16:36
upstream INFO: rcu detected stall in vms_clear_ptes (2) mm 1 1 265d 265d 0/29 auto-obsoleted due to no activity on 2025/11/05 10:01

Sample crash report:
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:ad:53:df:3b:9d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P31674/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=214969, q=1343 ncpus=1)
task:syz.3.5074      state:R  running task     stack:26680 pid:31674 tgid:31671 ppid:29930  task_flags:0x400140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7190
 irqentry_exit+0x1d8/0x8c0 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__sanitizer_cov_trace_pc+0x5a/0x70 kernel/kcov.c:223
Code: 35 8b 82 6c 16 00 00 85 c0 74 2b 8b 82 48 16 00 00 83 f8 02 75 20 48 8b 8a 50 16 00 00 8b 92 4c 16 00 00 48 8b 01 48 83 c0 01 <48> 39 d0 73 07 48 89 01 48 89 34 c1 c3 cc cc cc cc 0f 1f 44 00 00
RSP: 0018:ffffc9000c63f0c8 EFLAGS: 00000206
RAX: 00000000000453a6 RBX: ffff88801ec923b0 RCX: ffffc9002064a000
RDX: 0000000000080000 RSI: ffffffff8231d0ae RDI: 0000000000000007
RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000001d3f R11: ffff888028d229b0 R12: 0000000007100273
R13: 0000000000000001 R14: 0000000000071d3f R15: 0000000000001d3f
 __update_page_owner_free_handle.constprop.0+0x10e/0x4a0 mm/page_owner.c:284
 __reset_page_owner+0x93/0x1a0 mm/page_owner.c:321
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1406 [inline]
 free_unref_folios+0xa22/0x1610 mm/page_alloc.c:3000
 folios_put_refs+0x4be/0x750 mm/swap.c:1002
 free_pages_and_swap_cache+0x245/0x4a0 mm/swap_state.c:355
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:397 [inline]
 tlb_flush_mmu mm/mmu_gather.c:404 [inline]
 tlb_finish_mmu+0x168/0x7c0 mm/mmu_gather.c:497
 vms_clear_ptes+0x55a/0x790 mm/vma.c:1238
 vms_clean_up_area mm/vma.c:1250 [inline]
 __mmap_setup mm/vma.c:2403 [inline]
 __mmap_region+0x627/0x2a00 mm/vma.c:2690
 mmap_region+0x1ab/0x3f0 mm/vma.c:2786
 do_mmap+0xa3e/0x1210 mm/mmap.c:558
 vm_mmap_pgoff+0x29e/0x470 mm/util.c:581
 ksys_mmap_pgoff+0x7d/0x5c0 mm/mmap.c:604
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5a4218f7c9
RSP: 002b:00007f5a43053038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f5a423e6180 RCX: 00007f5a4218f7c9
RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000
RBP: 00007f5a42213f91 R08: ffffffffffffffff R09: 0000000000008000
R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f5a423e6218 R14: 00007f5a423e6180 R15: 00007fff6935f688
 </TASK>
rcu: rcu_preempt kthread starved for 4250 jiffies! g214969 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28216 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6960
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xaf0 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x26d/0x380 kernel/rcu/tree.c:2285
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 27922 Comm: kworker/u11:35 Tainted: G     U    I  L      syzkaller #0 PREEMPT(full) 
Tainted: [U]=USER, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: bat_events batadv_tt_purge
RIP: 0010:__kernel_text_address+0xd/0x40 kernel/extable.c:79
Code: e8 38 83 a1 00 e9 6a ff ff ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 53 48 89 fb e8 e3 fe ff ff <85> c0 75 1b 48 81 fb 00 70 06 92 72 0c 31 c0 48 81 fb ca a1 28 92
RSP: 0018:ffffc90000006cc0 EFLAGS: 00000292
RAX: 0000000000000001 RBX: ffffffff8184026a RCX: ffffc90000006c3c
RDX: 1ffff92000000da6 RSI: ffffffff8daa50c6 RDI: ffffffff8184026a
RBP: ffffc90000006d30 R08: 0000000000000001 R09: 00000000f501fefe
R10: 0000000000000002 R11: 00000000000a44a2 R12: ffffffff81a8eb00
R13: ffffc90000006da8 R14: 0000000000000000 R15: ffff88807a439e80
FS:  0000000000000000(0000) GS:ffff8881248f9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f900d3ffffc CR3: 000000000e184000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 unwind_get_return_address+0x59/0xa0 arch/x86/kernel/unwind_orc.c:385
 arch_stack_walk+0xa6/0x100 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x25e/0x770 mm/slub.c:5270
 skb_ext_maybe_cow net/core/skbuff.c:7043 [inline]
 skb_ext_add+0xf8/0x7b0 net/core/skbuff.c:7118
 nf_bridge_unshare net/bridge/br_netfilter_hooks.c:169 [inline]
 br_nf_forward_ip.part.0+0x28/0x810 net/bridge/br_netfilter_hooks.c:681
 br_nf_forward_ip net/bridge/br_netfilter_hooks.c:676 [inline]
 br_nf_forward+0xf0f/0x1be0 net/bridge/br_netfilter_hooks.c:773
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xbe/0x200 net/netfilter/core.c:623
 nf_hook+0x45e/0x780 include/linux/netfilter.h:273
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x1be/0x5b0 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 maybe_deliver+0xf1/0x180 net/bridge/br_forward.c:191
 br_flood+0x17c/0x650 net/bridge/br_forward.c:238
 br_handle_frame_finish+0x1117/0x1f00 net/bridge/br_input.c:229
 br_nf_hook_thresh+0x307/0x410 net/bridge/br_netfilter_hooks.c:1167
 br_nf_pre_routing_finish_ipv6+0x76a/0xfc0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x3cd/0x8c0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xb28/0x14e0 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0x6b3/0x35b0 net/core/dev.c:6026
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6137
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:6252
 process_backlog+0x4a2/0x1650 net/core/dev.c:6604
 __napi_poll.constprop.0+0xb3/0x540 net/core/dev.c:7668
 napi_poll net/core/dev.c:7731 [inline]
 net_rx_action+0x9f9/0xfa0 net/core/dev.c:7883
 handle_softirqs+0x219/0x950 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_tt_local_purge+0x21c/0x3c0 net/batman-adv/translation-table.c:1315
 batadv_tt_purge+0x8b/0xb80 net/batman-adv/translation-table.c:3509
 process_one_work+0x9ba/0x1b20 kernel/workqueue.c:3257
 process_scheduled_works kernel/workqueue.c:3340 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3421
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
net_ratelimit: 9230 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:ad:53:df:3b:9d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:ad:53:df:3b:9d, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:ad:53:df:3b:9d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 12976 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:ad:53:df:3b:9d, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:ad:53:df:3b:9d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:ee:ad:53:df:3b:9d, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/14 05:40 upstream b54345928fa1 d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto INFO: rcu detected stall in vms_clear_ptes
2025/12/02 09:57 upstream 1d18101a644e d1b870e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto INFO: rcu detected stall in vms_clear_ptes
2025/11/07 10:23 upstream 4a0c9b339199 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto INFO: rcu detected stall in vms_clear_ptes
2025/11/26 09:12 linux-next 663d0d1af3fa 64219f15 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root INFO: rcu detected stall in vms_clear_ptes
* Struck through repros no longer work on HEAD.