syzbot


INFO: rcu detected stall in __unix_dgram_recvmsg (2)

Status: upstream: reported on 2026/04/17 08:34
Reported-by: syzbot+d01746b561934d3e1617@syzkaller.appspotmail.com
First crash: 76d, last: 2h27m
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in __unix_dgram_recvmsg net 1 3 1120d 1188d 0/29 auto-obsoleted due to no activity on 2023/09/05 23:13
linux-6.6 INFO: rcu detected stall in __unix_dgram_recvmsg 1 6 194d 364d 0/2 auto-obsoleted due to no activity on 2026/03/30 01:03
upstream INFO: rcu detected stall in __unix_dgram_recvmsg (3) net 1 1 914d 914d 0/29 closed as invalid on 2024/02/12 15:20
upstream INFO: rcu detected stall in __unix_dgram_recvmsg (2) net 1 2 1022d 1025d 0/29 auto-obsoleted due to no activity on 2023/12/13 22:00

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...!: (1 GPs behind) idle=ab34/1/0x4000000000000000 softirq=38926/38927 fqs=3
rcu: 	(detected by 0, t=10505 jiffies, g=63813, q=112 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 11763 Comm: syz.0.1714 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:__lock_acquire+0xe2/0x7d80 kernel/locking/lockdep.c:5002
Code: af 9b 7e 48 c7 c0 1c a3 8c 8e 48 c1 e8 03 42 0f b6 04 00 84 c0 48 89 bc 24 90 00 00 00 0f 85 0b 18 00 00 83 3d 2a 9a 24 0d 00 <0f> 84 f6 0f 00 00 83 3d 81 e6 97 0b 00 74 36 48 89 f8 48 c1 e8 03
RSP: 0018:ffffc900001f08e0 EFLAGS: 00000002
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffff9200003e140
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88802f180300
RBP: ffffc900001f0b28 R08: dffffc0000000000 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff1d18dce R12: 0000000000000001
R13: 0000000000000000 R14: ffff888028645a00 R15: 0000000000000001
FS:  00007f6ed67d56c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30c0aff8 CR3: 0000000068743000 CR4: 00000000003506e0
Call Trace:
 <IRQ>
 lock_acquire+0x19e/0x420 kernel/locking/lockdep.c:5754
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 advance_sched+0xbb/0xc70 net/sched/sch_taprio.c:940
 __run_hrtimer kernel/time/hrtimer.c:1754 [inline]
 __hrtimer_run_queues+0x525/0xc10 kernel/time/hrtimer.c:1818
 hrtimer_interrupt+0x39d/0x980 kernel/time/hrtimer.c:1880
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:kasan_check_range+0x1ba/0x290 mm/kasan/generic.c:-1
Code: 49 01 dc 4d 01 f3 49 8d 5c 24 07 4d 85 e4 49 0f 49 dc 48 83 e3 f8 49 29 dc 74 0e 41 80 3b 00 75 6b 49 ff c3 49 ff cc 75 f2 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 45 84 ff 0f 85 91 00 00 00 41 f7 c7
RSP: 0018:ffffc900100a76c8 EFLAGS: 00000256
RAX: ffffffff88792d01 RBX: ffff888060671500 RCX: ffffffff88792d89
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880606715e4
RBP: ffffc900100a7898 R08: ffff8880606715e7 R09: 1ffff1100c0ce2bc
R10: dffffc0000000000 R11: ffffed100c0ce2bd R12: 0000000000000001
R13: dffffc0000000000 R14: ffffed100c0ce2bd R15: 1ffff1100c0ce2bc
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
 refcount_read include/linux/refcount.h:147 [inline]
 skb_unref include/linux/skbuff.h:1247 [inline]
 consume_skb+0x39/0x110 net/core/skbuff.c:1280
 __unix_dgram_recvmsg+0xa05/0xd90 net/unix/af_unix.c:2492
 sock_recvmsg_nosec+0x82/0xd0 net/socket.c:1047
 ____sys_recvmsg+0x4d7/0x5d0 net/socket.c:2812
 ___sys_recvmsg+0x214/0x590 net/socket.c:2856
 do_recvmmsg+0x377/0x810 net/socket.c:2950
 __sys_recvmmsg net/socket.c:3029 [inline]
 __do_sys_recvmmsg net/socket.c:3052 [inline]
 __se_sys_recvmmsg net/socket.c:3045 [inline]
 __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3045
 do_syscall_x64 arch/x86/entry/common.c:46 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:76
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f6ed859de59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6ed67d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
RAX: ffffffffffffffda RBX: 00007f6ed8826090 RCX: 00007f6ed859de59
RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
RBP: 00007f6ed8633e6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f6ed8826128 R14: 00007f6ed8826090 R15: 00007fff2c64ffa8
 </TASK>
rcu: rcu_preempt kthread starved for 10490 jiffies! g63813 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27848 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5381 [inline]
 __schedule+0x15ae/0x4660 kernel/sched/core.c:6700
 schedule+0xbd/0x170 kernel/sched/core.c:6774
 schedule_timeout+0x188/0x2d0 kernel/time/timer.c:2168
 rcu_gp_fqs_loop+0x30d/0x1590 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x9d/0x3b0 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 PID: 11048 Comm: kworker/u4:3 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:311 [inline]
RIP: 0010:smp_call_function_many_cond+0xd85/0x1190 kernel/smp.c:855
Code: 45 8b 34 24 44 89 f6 83 e6 01 31 ff e8 34 f1 0a 00 41 83 e6 01 49 be 00 00 00 00 00 fc ff df 75 07 e8 6f ed 0a 00 eb 38 f3 90 <42> 0f b6 04 33 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 53 ed
RSP: 0018:ffffc90004257780 EFLAGS: 00000293
RAX: ffffffff817bf7fd RBX: 1ffff110171e82bd RCX: ffff888026b3da00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90004257900 R08: ffffffff911e7507 R09: 1ffffffff223cea0
R10: dffffc0000000000 R11: fffffbfff223cea1 R12: ffff8880b8f415e8
R13: ffff8880b8e3d3c0 R14: dffffc0000000000 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f69eab556b8 CR3: 000000000cf32000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1022
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:2222 [inline]
 text_poke_bp_batch+0x31e/0x980 arch/x86/kernel/alternative.c:2432
 text_poke_flush arch/x86/kernel/alternative.c:2623 [inline]
 text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2630
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_enable_cpuslocked+0x123/0x240 kernel/jump_label.c:207
 static_key_enable+0x1a/0x20 kernel/jump_label.c:220
 toggle_allocation_gate+0xa8/0x260 mm/kfence/core.c:847
 process_one_work kernel/workqueue.c:2653 [inline]
 process_scheduled_works+0xa60/0x1600 kernel/workqueue.c:2730
 worker_thread+0xa5e/0xfe0 kernel/workqueue.c:2811
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/07/02 20:10 linux-6.6.y d1cfde2d5d15 2b70b115 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/07/01 06:00 linux-6.6.y d1cfde2d5d15 00a5cf1c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/06/30 17:57 linux-6.6.y d1cfde2d5d15 00e8b0fd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/06/29 15:23 linux-6.6.y d1cfde2d5d15 6a0c72dc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/06/26 19:32 linux-6.6.y d1cfde2d5d15 fb92f11c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/06/24 18:19 linux-6.6.y d1cfde2d5d15 302586aa .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/06/18 18:54 linux-6.6.y 924b4a879cbb a776b0d0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/05/07 21:55 linux-6.6.y 258cf62a6dfd cbf9e0fc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/04/20 23:46 linux-6.6.y 9760bf04666d e65da4ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
2026/04/17 08:33 linux-6.6.y 8cee53b8eaeb de0a551d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan INFO: rcu detected stall in __unix_dgram_recvmsg
* Struck through repros no longer work on HEAD.