syzbot

 sign-in | mailing list | source | docs
🐞 Open [459]
🐞 Fixed [21]
🐞 Invalid [131]
Missing Backports [18]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in sys_newfstatat

Status: upstream: reported on 2025/10/15 19:10
Reported-by: syzbot+a849a53c24d6bd37aea3@syzkaller.appspotmail.com
First crash: 106d, last: 5d02h
Similar bugs (8)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in sys_newfstatat (4) mm 1 C error 509 2d01h 1193d 0/29 upstream: reported C repro on 2022/10/25 00:38
linux-6.1 INFO: rcu detected stall in sys_newfstatat origin:upstream 1 C done 8 419d 956d 3/3 fixed on 2025/01/19 08:56
linux-6.1 INFO: rcu detected stall in sys_newfstatat (2) origin:lts-only 1 syz inconclusive 6 59d 337d 0/3 upstream: reported syz repro on 2025/02/26 19:28
linux-5.15 INFO: rcu detected stall in sys_newfstatat (2) origin:lts-only 1 C done 6 26d 148d 0/3 upstream: reported C repro on 2025/09/04 12:06
upstream INFO: rcu detected stall in sys_newfstatat mm cgroups 1 1 2249d 2249d 0/29 closed as invalid on 2019/12/04 14:04
linux-5.15 INFO: rcu detected stall in sys_newfstatat 1 19 269d 662d 0/3 auto-obsoleted due to no activity on 2025/08/14 00:29
upstream INFO: rcu detected stall in sys_newfstatat (2) kernfs 1 1 1448d 1448d 0/29 auto-closed as invalid on 2022/05/13 02:53
upstream INFO: rcu detected stall in sys_newfstatat (3) tomoyo 1 1 1335d 1335d 0/29 auto-closed as invalid on 2022/09/03 09:55

Sample crash report:
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5125/1:b..l P5509/1:b..l P5136/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=15425, q=856 ncpus=2)
task:udevd           state:R  running task     stack:25000 pid:5136  ppid:1      flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867
 preempt_schedule+0xc0/0xd0 kernel/sched/core.c:6891
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 unwind_next_frame+0x200f/0x2970 arch/x86/kernel/unwind_orc.c:672
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122
 save_stack+0x125/0x230 mm/page_owner.c:128
 __reset_page_owner+0x4e/0x190 mm/page_owner.c:149
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7b2/0x8c0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 discard_slab mm/slub.c:2127 [inline]
 __unfreeze_partials+0x1cf/0x210 mm/slub.c:2667
 put_cpu_partial+0x17c/0x250 mm/slub.c:2743
 __slab_free+0x319/0x400 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xd0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:306
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4b0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 __kmem_cache_alloc_node+0x13a/0x250 mm/slub.c:3534
 __do_kmalloc_node mm/slab_common.c:1006 [inline]
 __kmalloc+0xa4/0x230 mm/slab_common.c:1020
 kmalloc include/linux/slab.h:604 [inline]
 kzalloc include/linux/slab.h:721 [inline]
 tomoyo_encode2 security/tomoyo/realpath.c:45 [inline]
 tomoyo_encode+0x28b/0x540 security/tomoyo/realpath.c:80
 tomoyo_realpath_from_path+0x592/0x5d0 security/tomoyo/realpath.c:283
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x282/0x560 security/tomoyo/file.c:822
 security_inode_getattr+0xd3/0x120 security/security.c:2153
 vfs_getattr fs/stat.c:173 [inline]
 vfs_statx+0x172/0x680 fs/stat.c:248
 vfs_fstatat+0x12a/0x1b0 fs/stat.c:299
 __do_sys_newfstatat fs/stat.c:463 [inline]
 __se_sys_newfstatat fs/stat.c:457 [inline]
 __x64_sys_newfstatat+0x149/0x1f0 fs/stat.c:457
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f5a5a111b0a
RSP: 002b:00007fffdbf43e28 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
RAX: ffffffffffffffda RBX: 0000555d5311c400 RCX: 00007f5a5a111b0a
RDX: 00007fffdbf43e30 RSI: 0000555d5310a296 RDI: 00000000ffffff9c
RBP: 0000555d7146f148 R08: 0000000009b11cd9 R09: 0000000000745d1e
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fffdbf43e30 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
task:crond           state:R  running task     stack:24232 pid:5509  ppid:1      flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_irq+0xbf/0x150 kernel/sched/core.c:7010
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:unwind_next_frame+0xaf/0x2970 arch/x86/kernel/unwind_orc.c:-1
Code: 42 0f b6 04 2b 84 c0 0f 85 df 21 00 00 41 8b 2c 24 31 ff 89 ee e8 11 e0 4b 00 89 ac 24 8c 00 00 00 85 ed 74 77 4c 89 74 24 60 <48> 89 5c 24 18 bf 01 00 00 00 e8 52 47 21 00 49 8d 6c 24 50 48 89
RSP: 0018:ffffc900038d7318 EFLAGS: 00000202
RAX: ffffffff813b36bf RBX: 1ffff9200071ae7d RCX: 0000000000000000
RDX: ffff888029fbbc00 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffc900038d74b0 R09: 0000000000000001
R10: 0000000000000004 R11: 0000000000000000 R12: ffffc900038d73e8
R13: dffffc0000000000 R14: ffffc900038d7420 R15: ffffffff81d2efb2
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0xaa/0x100 kernel/stacktrace.c:122
 save_stack+0x125/0x230 mm/page_owner.c:128
 __reset_page_owner+0x4e/0x190 mm/page_owner.c:149
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7b2/0x8c0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 discard_slab mm/slub.c:2127 [inline]
 __unfreeze_partials+0x1cf/0x210 mm/slub.c:2667
 put_cpu_partial+0x17c/0x250 mm/slub.c:2743
 __slab_free+0x319/0x400 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xd0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 ____kasan_kmalloc mm/kasan/common.c:341 [inline]
 __kasan_kmalloc+0x22/0xa0 mm/kasan/common.c:384
 kasan_kmalloc include/linux/kasan.h:198 [inline]
 __do_kmalloc_node mm/slab_common.c:1007 [inline]
 __kmalloc+0xb4/0x230 mm/slab_common.c:1020
 kmalloc include/linux/slab.h:604 [inline]
 tomoyo_realpath_from_path+0xe3/0x5d0 security/tomoyo/realpath.c:251
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x282/0x560 security/tomoyo/file.c:822
 security_inode_getattr+0xd3/0x120 security/security.c:2153
 vfs_getattr fs/stat.c:173 [inline]
 vfs_statx+0x172/0x680 fs/stat.c:248
 vfs_fstatat+0x12a/0x1b0 fs/stat.c:299
 __do_sys_newfstatat fs/stat.c:463 [inline]
 __se_sys_newfstatat fs/stat.c:457 [inline]
 __x64_sys_newfstatat+0x149/0x1f0 fs/stat.c:457
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f2ccadacb0a
RSP: 002b:00007ffc04fd70a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000106
RAX: ffffffffffffffda RBX: 00007f2ccaf5c490 RCX: 00007f2ccadacb0a
RDX: 00007ffc04fd70c8 RSI: 00007f2ccaf357e8 RDI: 00000000ffffff9c
RBP: 0000000069761178 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000003c R14: 0000000000000000 R15: 000000000000003c
 </TASK>
task:klogd           state:R  running task     stack:24232 pid:5125  ppid:1      flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x1553/0x45a0 kernel/sched/core.c:6700
 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6867
 preempt_schedule+0xc0/0xd0 kernel/sched/core.c:6891
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x111/0x120 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 __wake_up_common_lock kernel/sched/wait.c:140 [inline]
 __wake_up_sync_key+0x12c/0x1a0 kernel/sched/wait.c:213
 sock_def_readable+0x1e1/0x420 net/core/sock.c:3354
 unix_dgram_sendmsg+0x106c/0x16d0 net/unix/af_unix.c:2141
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 __sys_sendto+0x4a9/0x6b0 net/socket.c:2200
 __do_sys_sendto net/socket.c:2212 [inline]
 __se_sys_sendto net/socket.c:2208 [inline]
 __x64_sys_sendto+0xde/0xf0 net/socket.c:2208
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xa0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f7398dea407
RSP: 002b:00007ffca9f21500 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f7398c9ac80 RCX: 00007f7398dea407
RDX: 000000000000005a RSI: 00007ffca9f21640 RDI: 0000000000000003
RBP: 00007ffca9f21a70 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000004000 R11: 0000000000000202 R12: 00007ffca9f21a88
R13: 00007ffca9f21640 R14: 000000000000003f R15: 00007ffca9f21640
 </TASK>
net_ratelimit: 8540 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c0:61:b8:9e:88, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c0:61:b8:9e:88, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c0:61:b8:9e:88, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
net_ratelimit: 10946 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c0:61:b8:9e:88, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:8e:c0:61:b8:9e:88, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/25 12:53 linux-6.6.y cbb31f77b879 40acda8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sys_newfstatat
2026/01/08 06:54 linux-6.6.y 5fa4793a2d2d d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sys_newfstatat
2025/12/04 02:10 linux-6.6.y 4791134e4aeb d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in sys_newfstatat
2025/11/19 16:42 linux-6.6.y 0a805b6ea8cd 26ee5237 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in sys_newfstatat
2025/11/09 05:16 linux-6.6.y 0a805b6ea8cd 4e1406b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in sys_newfstatat
2025/11/05 16:21 linux-6.6.y 0a805b6ea8cd a6c9c731 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in sys_newfstatat
2025/10/15 19:09 linux-6.6.y 0bbbd97a442d 19568248 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in sys_newfstatat
* Struck through repros no longer work on HEAD.