syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1349]
Subsystems
🐞 Fixed [7089]
🐞 Invalid [18671]
Missing Backports [221]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

INFO: rcu detected stall in percpu_ref_put

Status: auto-obsoleted due to no activity on 2026/05/02 21:29
Subsystems: cgroups mm
[Documentation on labels]
First crash: 97d, last: 97d

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P9836/1:b..l P9826/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=36153, q=545 ncpus=2)
task:syz.4.1010      state:R  running task     stack:25144 pid:9826  tgid:9826  ppid:5830   task_flags:0x40004c flags:0x00080001
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ea/0x5050 kernel/sched/core.c:6867
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7194
 irqentry_exit+0x597/0x620 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x221/0x330 kernel/locking/lockdep.c:5872
Code: ff ff ff e8 41 b0 f6 09 f7 44 24 08 00 02 00 00 0f 84 3a ff ff ff 65 48 8b 05 2b 61 52 11 48 3b 44 24 58 75 33 fb 48 83 c4 60 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 fb f1 6f ff cc 48 8d 3d 38 15 52
RSP: 0018:ffffc900173a7b10 EFLAGS: 00000282
RAX: 5b7388df8b466b00 RBX: 0000000000000000 RCX: 0000000000000046
RDX: 000000005a44979c RSI: ffffffff8df343a3 RDI: ffffffff8c073a00
RBP: ffffffff823641b9 R08: ffffffff823641b9 R09: ffffffff8e55a360
R10: dffffc0000000000 R11: ffffed1005d3c821 R12: 0000000000000002
R13: ffffffff8e55a360 R14: 0000000000000000 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:867 [inline]
 percpu_ref_put_many include/linux/percpu-refcount.h:330 [inline]
 percpu_ref_put+0x35/0x180 include/linux/percpu-refcount.h:351
 obj_cgroup_put include/linux/memcontrol.h:793 [inline]
 __memcg_slab_free_hook+0x12b/0x3b0 mm/memcontrol.c:3241
 memcg_slab_free_hook mm/slub.c:2364 [inline]
 slab_free mm/slub.c:6671 [inline]
 kmem_cache_free+0x3a9/0x610 mm/slub.c:6785
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x69b/0x2310 kernel/exit.c:971
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121
 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f376119aeb9
RSP: 002b:00007ffcff7a23b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f376119aeb9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffcff7a241c R08: 0000000000000000 R09: 00000000000927c0
R10: 00007f3761416038 R11: 0000000000000246 R12: 00000000000000a7
R13: 00000000000927c0 R14: 0000000000086228 R15: 00007ffcff7a2470
 </TASK>
task:syz.3.1011      state:R  running task     stack:26648 pid:9836  tgid:9836  ppid:5837   task_flags:0x480040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x14ea/0x5050 kernel/sched/core.c:6867
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7194
 irqentry_exit+0x597/0x620 kernel/entry/common.c:216
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:orc_ip arch/x86/kernel/unwind_orc.c:81 [inline]
RIP: 0010:__orc_find arch/x86/kernel/unwind_orc.c:103 [inline]
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:238 [inline]
RIP: 0010:unwind_next_frame+0x513/0x23c0 arch/x86/kernel/unwind_orc.c:510
Code: c1 e8 3f 48 01 c8 48 83 e0 fe 4c 8d 3c 45 00 00 00 00 49 01 ef 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 0f b6 04 08 <84> c0 75 27 49 63 07 4c 01 f8 49 8d 4f 04 4c 39 e0 48 0f 46 e9 49
RSP: 0018:ffffc90013e5f498 EFLAGS: 00000216
RAX: 0000000000000000 RBX: ffffffff90069694 RCX: dffffc0000000000
RDX: ffffffff9006968c RSI: ffffffff90818bb4 RDI: ffffffff8c0739a0
RBP: ffffffff9006968c R08: 0000000000000007 R09: ffffffff8e55a360
R10: dffffc0000000000 R11: fffff520027cbec5 R12: ffffffff816c2222
R13: ffffffff9006968c R14: ffffc90013e5f5c8 R15: ffffffff90069690
 __unwind_start+0x5b8/0x760 arch/x86/kernel/unwind_orc.c:773
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0xe3/0x150 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57
 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:556
 __call_rcu_common kernel/rcu/tree.c:3119 [inline]
 call_rcu+0xee/0x890 kernel/rcu/tree.c:3239
 kernfs_put+0x18e/0x470 fs/kernfs/dir.c:591
 kernfs_remove_by_name_ns+0xb7/0x130 fs/kernfs/dir.c:1723
 kernfs_remove_by_name include/linux/kernfs.h:633 [inline]
 remove_files fs/sysfs/group.c:28 [inline]
 sysfs_remove_group+0xfc/0x2e0 fs/sysfs/group.c:328
 sysfs_remove_groups+0x54/0xb0 fs/sysfs/group.c:352
 device_remove_groups drivers/base/core.c:2843 [inline]
 device_remove_attrs+0x1cb/0x280 drivers/base/core.c:2973
 device_del+0x51f/0x8f0 drivers/base/core.c:3877
 device_unregister+0x21/0xf0 drivers/base/core.c:3919
 wakeup_source_unregister+0x159/0x3f0 drivers/base/power/wakeup.c:239
 ep_free fs/eventpoll.c:821 [inline]
 ep_clear_and_put+0x2d4/0x380 fs/eventpoll.c:937
 ep_eventpoll_release+0x45/0x60 fs/eventpoll.c:966
 __fput+0x44f/0xa70 fs/file_table.c:468
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]
 exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x2b7/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f733079aeb9
RSP: 002b:00007ffdc3177888 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007ffdc3177970 RCX: 00007f733079aeb9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 000000000008652f R08: 0000000000000001 R09: 0000000000000000
R10: 0000001b2f620000 R11: 0000000000000246 R12: 00007ffdc31779b0
R13: 00007f7330a15fac R14: 0000000000086640 R15: 00007f7330a15fa0
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/02/01 21:19 upstream 162b42445b58 6b8752f2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root INFO: rcu detected stall in percpu_ref_put
* Struck through repros no longer work on HEAD.