syzbot

 sign-in | mailing list | source | docs
🐞 Open [1453]
Subsystems
🐞 Fixed [6871]
🐞 Invalid [17836]
Missing Backports [225]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

INFO: rcu detected stall in vma_merge_new_range (2)

Status: auto-obsoleted due to no activity on 2026/01/06 06:35
Subsystems: mm
[Documentation on labels]
First crash: 104d, last: 104d
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in vma_merge_new_range mm 1 2 230d 260d 0/29 auto-obsoleted due to no activity on 2025/09/01 11:32

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5802/3:b..l P10193/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=32145, q=827439 ncpus=2)
task:dhcpcd-run-hook state:R  running task     stack:25912 pid:10193 tgid:10193 ppid:5478   task_flags:0x400000 flags:0x00080001
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7256
 irqentry_exit+0x36/0x90 kernel/entry/common.c:211
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:check_kcov_mode kernel/kcov.c:185 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x3b/0x70 kernel/kcov.c:217
Code: 8b 05 89 9b e7 11 a9 00 01 ff 00 74 1d f6 c4 01 74 43 a9 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 7c 16 00 00 85 c0 74 2b <8b> 82 58 16 00 00 83 f8 02 75 20 48 8b 8a 60 16 00 00 8b 92 5c 16
RSP: 0018:ffffc9000e1e71f0 EFLAGS: 00000246
RAX: 0000000080000000 RBX: 0000000000000001 RCX: ffffffff8230a7c1
RDX: ffff888028268000 RSI: ffffffff8230a982 RDI: 0000000000000005
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801c908650
R13: ffff88801c90864c R14: 0000000000000000 R15: dffffc0000000000
 rcu_read_unlock include/linux/rcupdate.h:895 [inline]
 __page_table_check_zero+0x4e2/0x5d0 mm/page_table_check.c:145
 page_table_check_free include/linux/page_table_check.h:43 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 __free_frozen_pages+0x7d0/0x1160 mm/page_alloc.c:2906
 discard_slab mm/slub.c:3301 [inline]
 __put_partials+0x130/0x170 mm/slub.c:3848
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4d/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:352
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4946 [inline]
 slab_alloc_node mm/slub.c:5245 [inline]
 kmem_cache_alloc_noprof+0x250/0x6e0 mm/slub.c:5252
 mt_alloc_one lib/maple_tree.c:172 [inline]
 mas_alloc_nodes lib/maple_tree.c:1108 [inline]
 mas_preallocate+0xe6a/0x11f0 lib/maple_tree.c:5192
 vma_iter_prealloc mm/vma.h:442 [inline]
 commit_merge+0x29d/0xfc0 mm/vma.c:753
 vma_expand+0x3ac/0x910 mm/vma.c:1158
 vma_merge_new_range+0x2ef/0xa50 mm/vma.c:1095
 __mmap_region+0x873/0x27a0 mm/vma.c:2665
 mmap_region+0x1ab/0x3f0 mm/vma.c:2740
 do_mmap+0xa3e/0x1210 mm/mmap.c:558
 vm_mmap_pgoff+0x29e/0x470 mm/util.c:580
 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:604
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f03cc24c242
RSP: 002b:00007fff747f9e88 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f03cbf49000 RCX: 00007f03cc24c242
RDX: 0000000000000001 RSI: 0000000000008000 RDI: 00007f03cbf49000
RBP: 0000000000000812 R08: 0000000000000003 R09: 0000000000024000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007fff747f9f10
R13: 00007f03cc221ab0 R14: 00007fff747fa300 R15: 00000fffee8ff3d4
 </TASK>
task:syz-executor    state:R  running task     stack:23112 pid:5802  tgid:5802  ppid:5801   task_flags:0x400100 flags:0x00080001
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:7113
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __local_bh_enable_ip+0x107/0x120 kernel/softirq.c:457
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:936 [inline]
 __dev_queue_xmit+0xb06/0x4490 net/core/dev.c:4790
 dev_queue_xmit include/linux/netdevice.h:3365 [inline]
 neigh_hh_output include/net/neighbour.h:531 [inline]
 neigh_output include/net/neighbour.h:545 [inline]
 ip_finish_output2+0xc38/0x21a0 net/ipv4/ip_output.c:237
 __ip_finish_output.part.0+0x1b4/0x350 net/ipv4/ip_output.c:315
 __ip_finish_output net/ipv4/ip_output.c:303 [inline]
 ip_finish_output net/ipv4/ip_output.c:325 [inline]
 NF_HOOK_COND include/linux/netfilter.h:307 [inline]
 ip_output+0x35f/0xa90 net/ipv4/ip_output.c:438
 dst_output include/net/dst.h:464 [inline]
 ip_local_out net/ipv4/ip_output.c:131 [inline]
 __ip_queue_xmit+0x1bee/0x2330 net/ipv4/ip_output.c:534
 __tcp_transmit_skb+0x2caf/0x44d0 net/ipv4/tcp_output.c:1628
 tcp_transmit_skb net/ipv4/tcp_output.c:1646 [inline]
 tcp_write_xmit+0x12a9/0x86b0 net/ipv4/tcp_output.c:2988
 tcp_sendmsg_locked+0x3706/0x42e0 net/ipv4/tcp.c:1356
 tcp_sendmsg+0x2e/0x50 net/ipv4/tcp.c:1413
 inet_sendmsg+0xb9/0x140 net/ipv4/af_inet.c:853
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 sock_write_iter+0x509/0x610 net/socket.c:1195
 new_sync_write fs/read_write.c:593 [inline]
 vfs_write+0x7d3/0x11d0 fs/read_write.c:686
 ksys_write+0x1f8/0x250 fs/read_write.c:738
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5e17d8d940
RSP: 002b:00007ffc3c3dadd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000001685ea380 RCX: 00007f5e17d8d940
RDX: 000000000001a560 RSI: 00007f5e107e5aa0 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000007 R09: 00000000005ffde8
R10: 373e82f6f9cf1e13 R11: 0000000000000202 R12: 000000000001a560
R13: 0000555592c6f070 R14: 00007ffc3c3db2a0 R15: 00007f5e107e5aa0
 </TASK>
rcu: rcu_preempt kthread starved for 4887 jiffies! g32145 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28104 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5325 [inline]
 __schedule+0x1190/0x5de0 kernel/sched/core.c:6929
 __schedule_loop kernel/sched/core.c:7011 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:7026
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xaf0 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x26d/0x380 kernel/rcu/tree.c:2285
 kthread+0x3c2/0x780 kernel/kthread.c:463
 ret_from_fork+0x672/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: e7 75 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 f6 24 00 fb f4 <e9> 0c 0a 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffffff8e007df8 EFLAGS: 000002c2
RAX: 0000000002e88fb3 RBX: 0000000000000000 RCX: ffffffff8b6522d9
RDX: 0000000000000000 RSI: ffffffff8db02646 RDI: ffffffff8bf1cfc0
RBP: fffffbfff1c12f40 R08: 0000000000000001 R09: ffffed1017086655
R10: ffff8880b84332ab R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff8e097a00 R14: ffffffff908323d0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881249df000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffec2c37d00 CR3: 00000000226e9000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:767
 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:190 [inline]
 do_idle+0x38d/0x500 kernel/sched/idle.c:330
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:428
 rest_init+0x16b/0x2b0 init/main.c:757
 start_kernel+0x3f3/0x4e0 init/main.c:1111
 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0x130/0x190 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x148
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/10/08 06:35 upstream 971199ad2a0f 7e2882b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root INFO: rcu detected stall in vma_merge_new_range
* Struck through repros no longer work on HEAD.