syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1343]
Subsystems
🐞 Fixed [7064]
🐞 Invalid [18540]
Missing Backports [222]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

INFO: rcu detected stall in kernel_mbind (3)

Status: auto-obsoleted due to no activity on 2026/04/10 02:08
Subsystems: bpf
[Documentation on labels]
First crash: 100d, last: 100d
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
1ea80a30-4f4d-48c6-84f6-149ec7523d3a repro INFO: rcu detected stall in kernel_mbind (3) 2026/03/07 11:48 2026/03/07 11:48 2026/03/07 11:57 31e9c887f7dc24e04b3ca70d0d54fc34141844b0
Similar bugs (2)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in kernel_mbind mm kasan 1 4 394d 474d 0/29 auto-obsoleted due to no activity on 2025/06/20 18:50
upstream INFO: rcu detected stall in kernel_mbind (2) mm 1 1 201d 201d 0/29 auto-obsoleted due to no activity on 2025/12/30 06:09

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8447/1:b..l P8460/1:b..l P8409/1:b..l
rcu: 	(detected by 1, t=10502 jiffies, g=21465, q=123 ncpus=2)
task:syz.4.794       state:R  running task     stack:26664 pid:8409  tgid:8409  ppid:5811   task_flags:0x40044c flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:7047
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1884 [inline]
 zap_pmd_range mm/memory.c:1946 [inline]
 zap_pud_range mm/memory.c:1975 [inline]
 zap_p4d_range mm/memory.c:1996 [inline]
 unmap_page_range+0x1047/0x43c0 mm/memory.c:2017
 unmap_single_vma+0x153/0x240 mm/memory.c:2059
 unmap_vmas+0x218/0x470 mm/memory.c:2101
 exit_mmap+0x1b0/0xb60 mm/mmap.c:1277
 __mmput+0x12a/0x410 kernel/fork.c:1173
 mmput+0x62/0x70 kernel/fork.c:1196
 exit_mm kernel/exit.c:581 [inline]
 do_exit+0x7d7/0x2bd0 kernel/exit.c:959
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112
 get_signal+0x2671/0x26d0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x8f/0x7e0 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f54b19c2005
RSP: 002b:00007ffd325bc740 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: 0000000000000000 RBX: 00007f54b1be5fa0 RCX: 00007f54b19c2005
RDX: 00007ffd325bc780 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f54b1be7da0 R08: 0000000000000000 R09: 00007f54b2909000
R10: 0000000000000000 R11: 0000000000000293 R12: 000000000003e03f
R13: 00007f54b1be6180 R14: ffffffffffffffff R15: 00007ffd325bc8c0
 </TASK>
task:syz.3.809       state:R  running task     stack:26648 pid:8460  tgid:8455  ppid:5822   task_flags:0x400040 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7190
 irqentry_exit+0x1d8/0x8c0 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:216
Code: e9 0d 18 5e 00 be 03 00 00 00 5b e9 b2 f3 ed 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 34 24 <65> 48 8b 15 18 c7 f3 11 65 8b 05 29 c7 f3 11 a9 00 01 ff 00 74 1d
RSP: 0018:ffffc9000c276f38 EFLAGS: 00000202
RAX: ffffffff81d06905 RBX: 0000000000000001 RCX: ffffffff81d06926
RDX: ffff8880305a0000 RSI: ffffffff81d06982 RDI: 0000000000000005
RBP: 00007fdc6b98f749 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: ffff8880305a0b30 R12: ffffffff81a96130
R13: ffffc9000c277058 R14: 0000000000000000 R15: ffff8880305a0000
 rcu_read_lock include/linux/rcupdate.h:868 [inline]
 is_bpf_text_address+0xa2/0x1a0 kernel/bpf/core.c:744
 kernel_text_address kernel/extable.c:125 [inline]
 kernel_text_address+0x8d/0x100 kernel/extable.c:94
 __kernel_text_address+0xd/0x40 kernel/extable.c:79
 unwind_get_return_address+0x59/0xa0 arch/x86/kernel/unwind_orc.c:385
 arch_stack_walk+0xa6/0x100 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 save_stack+0x160/0x1f0 mm/page_owner.c:165
 __set_page_owner+0x91/0x560 mm/page_owner.c:341
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1af/0x220 mm/page_alloc.c:1857
 prep_new_page mm/page_alloc.c:1865 [inline]
 get_page_from_freelist+0xd0b/0x31a0 mm/page_alloc.c:3915
 __alloc_frozen_pages_noprof+0x25f/0x2430 mm/page_alloc.c:5210
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2486
 folio_alloc_mpol_noprof+0x36/0x2f0 mm/mempolicy.c:2505
 alloc_migration_target_by_mpol+0x246/0x500 mm/mempolicy.c:1458
 migrate_folio_unmap mm/migrate.c:1214 [inline]
 migrate_pages_batch+0x3bc/0x3bb0 mm/migrate.c:1890
 migrate_pages_sync+0x12d/0x8a0 mm/migrate.c:2007
 migrate_pages+0x1b0b/0x2350 mm/migrate.c:2116
 do_mbind+0x6e2/0xf20 mm/mempolicy.c:1609
 kernel_mbind+0x1e3/0x1f0 mm/mempolicy.c:1752
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdc6b98f749
RSP: 002b:00007fdc6c8d0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
RAX: ffffffffffffffda RBX: 00007fdc6bbe6180 RCX: 00007fdc6b98f749
RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000001000
RBP: 00007fdc6ba13f91 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fdc6bbe6218 R14: 00007fdc6bbe6180 R15: 00007ffcd409e938
 </TASK>
task:syz.2.806       state:R  running task     stack:26664 pid:8447  tgid:8447  ppid:5816   task_flags:0x40004c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:7047
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1884 [inline]
 zap_pmd_range mm/memory.c:1946 [inline]
 zap_pud_range mm/memory.c:1975 [inline]
 zap_p4d_range mm/memory.c:1996 [inline]
 unmap_page_range+0x1047/0x43c0 mm/memory.c:2017
 unmap_single_vma+0x153/0x240 mm/memory.c:2059
 unmap_vmas+0x218/0x470 mm/memory.c:2101
 exit_mmap+0x1b0/0xb60 mm/mmap.c:1277
 __mmput+0x12a/0x410 kernel/fork.c:1173
 mmput+0x62/0x70 kernel/fork.c:1196
 exit_mm kernel/exit.c:581 [inline]
 do_exit+0x7d7/0x2bd0 kernel/exit.c:959
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1121
 x64_sys_call+0x151c/0x1740 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f25c358f749
RSP: 002b:00007ffea912bb78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f25c358f749
RDX: 00007f25c27f9000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffea912bbdc R08: 000000000002deb8 R09: 00000000000927c0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000097
R13: 00000000000927c0 R14: 000000000003d25f R15: 00007ffea912bc30
 </TASK>
rcu: rcu_preempt kthread starved for 10613 jiffies! g21465 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28728 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x1139/0x6150 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6960
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xaf0 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x26d/0x380 kernel/rcu/tree.c:2285
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 96 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 19 12 00 fb f4 <e9> cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
RAX: 0000000000e571a9 RBX: 0000000000000001 RCX: ffffffff8b7846d9
RDX: 0000000000000000 RSI: ffffffff8dace97a RDI: ffffffff8bf2b400
RBP: ffffed1003b58498 R08: 0000000000000001 R09: ffffed10170a673d
R10: ffff8880b85339eb R11: ffff88801dac2ff0 R12: 0000000000000001
R13: ffff88801dac24c0 R14: ffffffff9088b8d0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9a3d47fdc1 CR3: 00000000312f3000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:767
 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x38d/0x510 kernel/sched/idle.c:332
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430
 start_secondary+0x21d/0x2d0 arch/x86/kernel/smpboot.c:312
 common_startup_64+0x13e/0x148
 </TASK>

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/01/10 01:58 upstream 372800cb95a3 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root INFO: rcu detected stall in kernel_mbind
* Struck through repros no longer work on HEAD.