syzbot

 sign-in | mailing list | source | docs
🐞 Open [1511]
Subsystems
🐞 Fixed [6530]
🐞 Invalid [16653]
Missing Backports [203]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: rcu detected stall in request_firmware_work_func (4)

Status: auto-obsoleted due to no activity on 2025/06/14 13:58
Subsystems: mm
[Documentation on labels]
First crash: 165d, last: 165d
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in request_firmware_work_func (3) kernel 1 3 303d 410d 0/29 auto-obsoleted due to no activity on 2025/01/27 12:44
upstream INFO: rcu detected stall in request_firmware_work_func kernel 1 1 1048d 1048d 0/29 auto-obsoleted due to no activity on 2023/01/16 13:12
upstream INFO: rcu detected stall in request_firmware_work_func (2) wireless 1 C done error 5 560d 729d 0/29 auto-obsoleted due to no activity on 2024/05/26 00:14

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5815/1:b..l P26/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=7137, q=856 ncpus=2)
task:kworker/1:0     state:R  running task     stack:26112 pid:26    tgid:26    ppid:2      task_flags:0x4288060 flags:0x00004000
Workqueue: events request_firmware_work_func
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0xf43/0x5890 kernel/sched/core.c:6765
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7087
 irqentry_exit+0x36/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_release+0x3e5/0x6f0 kernel/locking/lockdep.c:5859
Code: 7e 83 f8 01 0f 85 fe 01 00 00 9c 58 f6 c4 02 0f 85 e9 01 00 00 48 f7 04 24 00 02 00 00 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 c7 43 08 00 00 00 00 48 8b 84 24 88
RSP: 0018:ffffc90000a0f518 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff92000141ea5 RCX: ffffc90000a0f568
RDX: 1ffff11003adfa6c RSI: ffffffff8b6cff80 RDI: ffffffff8bd36b60
RBP: 556536a41e1d3972 R08: 0000000000000000 R09: fffffbfff20c4d02
R10: ffffffff90626817 R11: ffffffff820ff1db R12: 0000000000000005
R13: 0000000000000006 R14: ffff88801d6fd368 R15: ffff88801d6fc880
 rcu_lock_release include/linux/rcupdate.h:347 [inline]
 rcu_read_unlock include/linux/rcupdate.h:880 [inline]
 page_ext_put+0x43/0xd0 mm/page_ext.c:550
 __reset_page_owner+0x28d/0x400 mm/page_owner.c:300
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_frozen_pages+0x6db/0xfb0 mm/page_alloc.c:2660
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4115 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 kmem_cache_alloc_node_noprof+0x223/0x3c0 mm/slub.c:4216
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:596
 alloc_skb include/linux/skbuff.h:1331 [inline]
 alloc_uevent_skb+0x7d/0x210 lib/kobject_uevent.c:289
 uevent_net_broadcast_untagged lib/kobject_uevent.c:326 [inline]
 kobject_uevent_net_broadcast lib/kobject_uevent.c:410 [inline]
 kobject_uevent_env+0xca3/0x1870 lib/kobject_uevent.c:608
 device_del+0x623/0x9f0 drivers/base/core.c:3873
 fw_load_sysfs_fallback drivers/base/firmware_loader/fallback.c:124 [inline]
 fw_load_from_user_helper drivers/base/firmware_loader/fallback.c:162 [inline]
 firmware_fallback_sysfs+0xa3a/0xbd0 drivers/base/firmware_loader/fallback.c:238
 _request_firmware+0xfeb/0x1480 drivers/base/firmware_loader/main.c:941
 request_firmware_work_func+0xeb/0x250 drivers/base/firmware_loader/main.c:1194
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3319 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3400
 kthread+0x3af/0x750 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
task:syz-executor    state:R  running task     stack:23072 pid:5815  tgid:5815  ppid:5814   task_flags:0x400140 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0xf43/0x5890 kernel/sched/core.c:6765
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7087
 irqentry_exit+0x36/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:kasan_check_range+0x158/0x1a0 mm/kasan/generic.c:190
Code: 74 11 80 38 00 74 ef 4d 8d 1c 2c 48 85 c0 48 89 c2 75 93 48 89 da 4c 89 d8 4c 29 da e9 2c ff ff ff 5b b8 01 00 00 00 5d 41 5c <c3> cc cc cc cc b8 01 00 00 00 c3 cc cc cc cc 48 29 c3 48 89 da 49
RSP: 0018:ffffc90002ef7820 EFLAGS: 00000246
RAX: 0000000000000001 RBX: ffff88801d5a88c8 RCX: ffffffff8228c173
RDX: ffffed1003ab511a RSI: 0000000000000004 RDI: ffff88801d5a88c8
RBP: ffff88801d5a8880 R08: 0000000000000000 R09: ffffed1003ab5119
R10: ffff88801d5a88cb R11: 0000000000000004 R12: 0000000000000000
R13: 0000000000000003 R14: 0000000000000008 R15: dffffc0000000000
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 __page_table_check_zero+0x163/0x360 mm/page_table_check.c:156
 page_table_check_free include/linux/page_table_check.h:41 [inline]
 free_pages_prepare mm/page_alloc.c:1128 [inline]
 free_frozen_pages+0x6c2/0xfb0 mm/page_alloc.c:2660
 __put_partials+0x14c/0x170 mm/slub.c:3153
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4115 [inline]
 slab_alloc_node mm/slub.c:4164 [inline]
 kmem_cache_alloc_noprof+0x226/0x3d0 mm/slub.c:4171
 anon_vma_chain_alloc mm/rmap.c:142 [inline]
 anon_vma_fork+0x200/0x620 mm/rmap.c:364
 dup_mmap kernel/fork.c:711 [inline]
 dup_mm kernel/fork.c:1700 [inline]
 copy_mm kernel/fork.c:1752 [inline]
 copy_process+0x82c8/0x8c50 kernel/fork.c:2403
 kernel_clone+0xfd/0x960 kernel/fork.c:2815
 __do_sys_clone+0xcf/0x120 kernel/fork.c:2958
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0c2e3839d3
RSP: 002b:00007ffcaa289da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0c2e3839d3
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: 00005555684b77d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000000927c0 R14: 0000000000010e1d R15: 00007ffcaa289f40
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/03/16 13:54 upstream 31d7109a19f6 e2826670 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root INFO: rcu detected stall in request_firmware_work_func
* Struck through repros no longer work on HEAD.