syzbot


INFO: rcu detected stall in sys_epoll_ctl (4)

Status: auto-obsoleted due to no activity on 2026/05/29 03:31
Subsystems: mm fs pm
[Documentation on labels]
First crash: 222d, last: 125d
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
e03bae08-38c5-4566-81dd-b728f2894855 assessment-security 💥 INFO: rcu detected stall in sys_epoll_ctl (4) 2026/05/24 21:36 2026/05/24 21:36 2026/05/24 23:15 c69befb30ac10e158cc9d1557b508ee3f0eca1de
request failed with 500 Internal Server Error: method "ai_trajectory_log" ns "" err: spanner: code = "DeadlineExceeded", desc = "context deadline exceeded, transaction outcome unknown", requestID = "1...
truncated to first 200 bytes; open job for full error
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in sys_epoll_ctl (2) fs 1 1 828d 828d 0/29 auto-obsoleted due to no activity on 2024/06/25 13:25
upstream INFO: rcu detected stall in sys_epoll_ctl fs 1 1 1780d 1780d 0/29 auto-closed as invalid on 2021/10/17 15:58
upstream INFO: rcu detected stall in sys_epoll_ctl (3) mm 1 1 609d 609d 0/29 auto-obsoleted due to no activity on 2025/01/30 04:09

Sample crash report:
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P1915/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=201701, q=1072 ncpus=1)
task:udevd           state:R  running task     stack:28824 pid:1915  tgid:1915  ppid:5197   task_flags:0x400040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0xfee/0x60e0 kernel/sched/core.c:6907
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7234
 irqentry_exit+0x17b/0x670 kernel/entry/common.c:239
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__update_page_owner_free_handle.isra.0+0x153/0x4d0 mm/page_owner.c:284
Code: 00 0f 85 69 03 00 00 48 03 1d 89 50 a1 18 48 83 c5 01 e8 c0 6e 89 ff 48 85 db 0f 84 ca 01 00 00 e8 b2 6e 89 ff 0f b7 74 24 0e <bf> 1f 00 00 00 e8 23 69 89 ff e8 9e 6e 89 ff 4c 8b 34 24 48 89 ef
RSP: 0018:ffffc900074efae0 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff88801e550fe0 RCX: ffffffff827e8d88
RDX: ffff88805bb71e40 RSI: 0000000000000003 RDI: ffff88805bb71e40
RBP: 0000000000000006 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000004366 R11: 0000000000000000 R12: ffff88805bb71e40
R13: 0000000006120471 R14: 0000000000004366 R15: 000000000005c366
 __reset_page_owner+0x93/0x190 mm/page_owner.c:321
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1433 [inline]
 __free_frozen_pages+0x7e1/0x10d0 mm/page_alloc.c:2978
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x47/0xe0 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x1a0/0x1f0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:350
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4515 [inline]
 slab_alloc_node mm/slub.c:4844 [inline]
 kmem_cache_alloc_noprof+0x241/0x6e0 mm/slub.c:4851
 ep_insert fs/eventpoll.c:1583 [inline]
 do_epoll_ctl+0xc6c/0x36a0 fs/eventpoll.c:2341
 __do_sys_epoll_ctl fs/eventpoll.c:2392 [inline]
 __se_sys_epoll_ctl fs/eventpoll.c:2383 [inline]
 __x64_sys_epoll_ctl+0x15c/0x1e0 fs/eventpoll.c:2383
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f08d552185a
RSP: 002b:00007ffe98706858 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
RAX: ffffffffffffffda RBX: 000055cb9df84b20 RCX: 00007f08d552185a
RDX: 000000000000000c RSI: 0000000000000001 RDI: 0000000000000004
RBP: 000055cb9df72910 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffe98706894 R11: 0000000000000246 R12: 000055cb9df8ae00
R13: 00007ffe98706894 R14: 00007ffe98706888 R15: 0000000000000004
 </TASK>
rcu: rcu_preempt kthread starved for 1092 jiffies! g201701 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28680 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5295 [inline]
 __schedule+0xfee/0x60e0 kernel/sched/core.c:6907
 __schedule_loop kernel/sched/core.c:6989 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7004
 schedule_timeout+0x127/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1a9/0x900 kernel/rcu/tree.c:2095
 rcu_gp_kthread+0x179/0x230 kernel/rcu/tree.c:2297
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 3412 Comm: kworker/R-bat_e Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: bat_events batadv_tt_purge
RIP: 0010:unwind_next_frame+0xaf1/0x1ea0 arch/x86/kernel/unwind_orc.c:598
Code: 00 0f b6 41 05 4c 89 44 24 18 83 e0 07 3c 03 0f 84 8d 03 00 00 3c 04 0f 84 47 04 00 00 48 89 4c 24 20 3c 02 0f 85 4a f8 ff ff <49> 8d 76 f8 ba 08 00 00 00 4d 8d 7d 34 4c 89 ef 48 89 74 24 28 e8
RSP: 0018:ffffc90000006ab8 EFLAGS: 00000246
RAX: 0000000000000002 RBX: 0000000000000002 RCX: ffffffff91790a4e
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
RBP: ffffc90000006b70 R08: ffffffff91790a52 R09: 0000000000000007
R10: 0000000000000200 R11: 000000000000c8a2 R12: ffffc90000006b78
R13: ffffc90000006b28 R14: ffffc90000007ff8 R15: ffffc90000007f48
FS:  0000000000000000(0000) GS:ffff88812434e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f535f5456b8 CR3: 0000000036f34000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2692 [inline]
 slab_free mm/slub.c:6143 [inline]
 kmem_cache_free+0x124/0x6a0 mm/slub.c:6273
 __skb_ext_put+0x102/0x2f0 net/core/skbuff.c:7252
 skb_ext_reset include/linux/skbuff.h:5090 [inline]
 skb_ext_reset include/linux/skbuff.h:5087 [inline]
 skb_release_head_state+0x2c8/0x400 net/core/skbuff.c:1195
 skb_release_all net/core/skbuff.c:1201 [inline]
 __kfree_skb net/core/skbuff.c:1217 [inline]
 sk_skb_reason_drop+0xc4/0x1b0 net/core/skbuff.c:1255
 kfree_skb_reason include/linux/skbuff.h:1322 [inline]
 kfree_skb include/linux/skbuff.h:1331 [inline]
 ip6_mc_input+0x832/0xf50 net/ipv6/ip6_input.c:593
 dst_input include/net/dst.h:480 [inline]
 dst_input include/net/dst.h:478 [inline]
 ip6_rcv_finish+0x3b1/0x550 net/ipv6/ip6_input.c:79
 ip_sabotage_in+0x21e/0x290 net/bridge/br_netfilter_hooks.c:990
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xbf/0x220 net/netfilter/core.c:623
 nf_hook.constprop.0+0x2a6/0x750 include/linux/netfilter.h:273
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ipv6_rcv+0xa4/0x610 net/ipv6/ip6_input.c:311
 __netif_receive_skb_one_core+0x12d/0x1e0 net/core/dev.c:6167
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6280
 netif_receive_skb_internal net/core/dev.c:6366 [inline]
 netif_receive_skb+0x139/0x820 net/core/dev.c:6425
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 br_pass_frame_up+0x346/0x490 net/bridge/br_input.c:70
 br_handle_frame_finish+0x84f/0x1f00 net/bridge/br_input.c:235
 br_nf_hook_thresh+0x30d/0x420 net/bridge/br_netfilter_hooks.c:1167
 br_nf_pre_routing_finish_ipv6+0x769/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x39c/0x8b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x93b/0x1510 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xcdd/0x1520 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0x6c5/0x3550 net/core/dev.c:6054
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6165
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6280
 process_backlog+0x37a/0x1580 net/core/dev.c:6631
 __napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7695
 napi_poll net/core/dev.c:7758 [inline]
 net_rx_action+0xa40/0xf20 net/core/dev.c:7910
 handle_softirqs+0x1eb/0x9e0 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xac/0xe0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:395 [inline]
 batadv_tt_local_purge+0x21c/0x3d0 net/batman-adv/translation-table.c:1315
 batadv_tt_purge+0x8b/0xbd0 net/batman-adv/translation-table.c:3509
 process_one_work+0x9d7/0x1920 kernel/workqueue.c:3275
 process_scheduled_works kernel/workqueue.c:3358 [inline]
 rescuer_thread+0x902/0x1490 kernel/workqueue.c:3582
 kthread+0x370/0x450 kernel/kthread.c:467
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
net_ratelimit: 1510 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
net_ratelimit: 2164 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:5a:b1:b4:f3:74:6d, vlan:0)

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/28 03:30 upstream 4d349ee5c778 43249bac .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto INFO: rcu detected stall in sys_epoll_ctl
2025/11/23 04:02 upstream 89edd36fd801 4fb8ef37 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root INFO: rcu detected stall in sys_epoll_ctl
2025/12/29 14:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: soft lockup in sys_epoll_ctl
* Struck through repros no longer work on HEAD.