syzbot

 sign-in | mailing list | source | docs | 🏰
🐞 Open [1335]
Subsystems
🐞 Fixed [7113]
🐞 Invalid [18796]
Missing Backports [220]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

INFO: rcu detected stall in mas_preallocate (2)

Status: upstream: reported syz repro on 2024/12/09 09:12
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+882589c97d51a9de68eb@syzkaller.appspotmail.com
First crash: 603d, last: 24d
Cause bisection: introduced by (bisect log) :
commit 5a781ccbd19e4664babcbe4b4ead7aa2b9283d22
Author: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Date: Sat Sep 29 00:59:43 2018 +0000

  tc: Add support for configuring the taprio scheduler

Crash: BUG: unable to handle kernel NULL pointer dereference in taprio_dequeue (log)
Repro: syz .config
  
Fix bisection: failed (error log, bisect log)
  
✨ AI Jobs (1)
ID Workflow Result Correct Bug Created Started Finished Revision Error
98118c37-d587-4d05-b514-e00df90db9a1 assessment-security 💥 INFO: rcu detected stall in mas_preallocate (2) 2026/05/15 10:23 2026/05/15 10:23 2026/05/15 10:44 9cd3beaadf14b3a22d15fd97a0bf081ee41ebe01 failed to run ["make" "KERNELVERSION=syzkaller" "KERNELRELEASE=syzkaller" "LOCALVERSION=-syzkaller" "-j" "32" "ARCH=x86_64" "CC=ccache clang" "LD=ld.lld" "O=/app/workdir/cache/build/b002ba3e1a7e38bc34e35a30b71f365a2633d95a" "-s" "bzImage" "compile_commands.json"]: exit status 2 Root cause: ld.lld: error: undefined symbol: wcslen * * Restart config... * * * General architecture-dependent options * Kprobes (KPROBES) [N/y/?] n Optimize very unlikely/likely branches (JUMP_LABEL) [Y/n/?] y Static key selftest (STATIC_KEYS_SELFTEST) [N/y/?] n Static call selftest (STATIC_CALL_SELFTEST) [N/y/?] n Enable seccomp to safely execute untrusted bytecode (SECCOMP) [Y/n/?] y Show seccomp filter cache status in /proc/pid/seccomp_cache (SECCOMP_CACHE_DEBUG) [N/y/?] n Stack Protector buffer overflow detection (STACKPROTECTOR) [Y/n/?] y Strong Stack Protector (STACKPROTECTOR_STRONG) [Y/n/?] y Link Time Optimization (LTO) > 1. None (LTO_NONE) choice[1]: 1 Enable Clang's AutoFDO build (EXPERIMENTAL) (AUTOFDO_CLANG) [N/y/?] (NEW) Error in reading or end of file. Enable Clang's Propeller build (PROPELLER_CLANG) [N/y/?] (NEW) Error in reading or end of file. Use Clang's Control Flow Integrity (CFI) (CFI_CLANG) [N/y/?] (NEW) Error in reading or end of file. Number of bits to use for ASLR of mmap base address (ARCH_MMAP_RND_BITS) [28] 28 Number of bits to use for ASLR of mmap base address for compatible applications (ARCH_MMAP_RND_COMPAT_BITS) [8] 8 MMU page size > 1. 4KiB pages (PAGE_SIZE_4KB) choice[1]: 1 Provide system calls for 32-bit time_t (COMPAT_32BIT_TIME) [Y/n/?] y Use a virtually-mapped stack (VMAP_STACK) [Y/n/?] y Support for randomizing kernel stack offset on syscall entry (RANDOMIZE_KSTACK_OFFSET) [Y/n/?] y Default state of kernel stack offset randomization (RANDOMIZE_KSTACK_OFFSET_DEFAULT) [N/y/?] n Locking event counts collection (LOCK_EVENT_COUNTS) [N/y/?] n * * Memory initialization * Initialize kernel stack variables at function entry 1. no automatic stack variable initialization (weakest) (INIT_STACK_NONE) 2. pattern-init everything (strongest) (INIT_STACK_ALL_PATTERN) > 3. zero-init everything (strongest and safest) (INIT_STACK_ALL_ZERO) choice[1-3?]: 3 Enable heap memory zeroing on allocation by default (INIT_ON_ALLOC_DEFAULT_ON) [Y/n/?] y Enable heap memory zeroing on free by default (INIT_ON_FREE_DEFAULT_ON) [N/y/?] n Enable register zeroing on function exit (ZERO_CALL_USED_REGS) [N/y/?] (NEW) Error in reading or end of file. * * Kernel hardening options * Randomize layout of sensitive kernel structures > 1. Disable structure layout randomization (RANDSTRUCT_NONE) 2. Fully randomize structure layout (RANDSTRUCT_FULL) (NEW) choice[1-2?]: Error in reading or end of file. * * Compile-time checks and compiler options * Debug information 1. Disable debug information (DEBUG_INFO_NONE) 2. Rely on the toolchain's implicit default DWARF version (DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT) > 3. Generate DWARF Version 4 debuginfo (DEBUG_INFO_DWARF4) 4. Generate DWARF Version 5 debuginfo (DEBUG_INFO_DWARF5) choice[1-4?]: 3 Reduce debugging information (DEBUG_INFO_REDUCED) [N/y/?] n Compressed Debug information > 1. Don't compress debug information (DEBUG_INFO_COMPRESSED_NONE) 2. Compress debugging information with zlib (DEBUG_INFO_COMPRESSED_ZLIB) 3. Compress debugging information with zstd (DEBUG_INFO_COMPRESSED_ZSTD) (NEW) choice[1-3?]: Error in reading or end of file. Produce split debuginfo in .dwo files (DEBUG_INFO_SPLIT) [N/y/?] n Generate BTF type information (DEBUG_INFO_BTF) [N/y/?] n Provide GDB scripts for kernel debugging (GDB_SCRIPTS) [N/y/?] n Warn for stack frames larger than (FRAME_WARN) [2048] 2048 Strip assembler-generated symbols during link (STRIP_ASM_SYMS) [N/y/?] n Install uapi headers to usr/include (HEADERS_INSTALL) [N/y/?] n Make section mismatch errors non-fatal (SECTION_MISMATCH_WARN_ONLY) [Y/n/?] y Force all function address 64B aligned (DEBUG_FORCE_FUNCTION_ALIGN_64B) [N/y/?] n Generate vmlinux.map file when linking (VMLINUX_MAP) [N/y/?] n Force weak per-cpu definitions (DEBUG_FOR
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [mm?] INFO: rcu detected stall in mas_preallocate (2) 6 (11) 2025/03/10 03:20
Similar bugs (3)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.6 INFO: rcu detected stall in mas_preallocate origin:lts-only 1 syz error 1 145d 145d 0/2 upstream: reported syz repro on 2025/12/30 16:49
android-6-12 INFO: rcu detected stall in mas_preallocate 1 2 290d 306d 0/1 auto-obsoleted due to no activity on 2025/11/05 15:42
linux-6.1 INFO: rcu detected stall in mas_preallocate 1 1 255d 255d 0/3 auto-obsoleted due to no activity on 2025/12/20 06:13
Last patch testing requests (6)
Created Duration User Patch Repo Result
2026/04/05 09:43 21m retest repro upstream report log
2025/08/31 22:12 21m retest repro upstream report log
2025/03/10 02:13 59m luyun@kylinos.cn patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2025/02/07 09:10 15m luyun@kylinos.cn patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master error
2024/12/21 20:21 1h05m retest repro upstream report log
2024/12/09 20:37 41m liam.howlett@oracle.com git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm mm-unstable report log
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2026/01/25 08:46 41m bisect fix upstream error job log
2025/12/26 05:38 3h07m bisect fix upstream OK (0) job log log
2025/10/18 11:42 3h59m bisect fix upstream OK (0) job log log
2025/06/22 14:36 2h31m bisect fix upstream OK (0) job log log
2025/05/21 09:43 5h21m bisect fix upstream OK (0) job log log
2025/03/15 20:42 2h19m bisect fix upstream OK (0) job log log
2025/02/13 16:18 3h45m bisect fix upstream OK (0) job log log

Sample crash report:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	(detected by 0, t=17825 jiffies, g=10505, q=929 ncpus=2)
rcu: All QSes seen, last rcu_preempt kthread activity 11791 (4294964533-4294952742), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 11791 jiffies! g10505 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:25784 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0x1850/0x4c30 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6848
 schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6002 Comm: syz-executor Not tainted 6.13.0-rc1-syzkaller-00025-gfeffde684ac2 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__sanitizer_cov_trace_cmp8+0x0/0x90 kernel/kcov.c:293
Code: 10 48 89 74 0a 18 4c 89 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 4c 8b 04 24 65 48 8b 0c 25 00 d6 03 00 65 8b 05 70 61
RSP: 0018:ffffc90000a18c98 EFLAGS: 00000046
RAX: ffffffff8bcbfbf7 RBX: ffff88805d8d6340 RCX: ffff88803141bc00
RDX: 0000000000010000 RSI: ffff88805d8d6340 RDI: ffff88805d8d6340
RBP: 1ffff1100bb1ac68 R08: ffffffff818d04c0 R09: 1ffffffff20328be
R10: dffffc0000000000 R11: fffffbfff20328bf R12: ffff8880b872c9d0
R13: ffff8880b872c9d0 R14: ffff88805d8d6340 R15: ffff88805d8d6340
FS:  000055557e00b500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f29e4db6bd0 CR3: 00000000622f2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 timerqueue_add+0x4b/0x290 lib/timerqueue.c:38
 enqueue_hrtimer+0x1b2/0x3c0 kernel/time/hrtimer.c:1084
 __run_hrtimer kernel/time/hrtimer.c:1756 [inline]
 __hrtimer_run_queues+0x6cb/0xd30 kernel/time/hrtimer.c:1803
 hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1865
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:mas_wr_store_type+0x2a/0x16c0 lib/maple_tree.c:4212
Code: 55 41 57 41 56 41 55 41 54 53 48 81 ec c8 00 00 00 49 89 fe 49 bc 00 00 00 00 00 fc ff df e8 ad 78 d8 f5 4c 89 f0 48 c1 e8 03 <48> 89 84 24 80 00 00 00 42 80 3c 20 00 74 08 4c 89 f7 e8 5f 60 43
RSP: 0018:ffffc900031174c0 EFLAGS: 00000a02
RAX: 1ffff92000622ec4 RBX: 0000000000000000 RCX: ffff88803141bc00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003117620
RBP: ffffc900031176f0 R08: ffffffff8bc6b87c R09: ffffffff8bc761f0
R10: 0000000000000005 R11: ffff88803141bc00 R12: dffffc0000000000
R13: ffffc90003117620 R14: ffffc90003117620 R15: dffffc0000000000
 mas_preallocate+0x27d/0x8d0 lib/maple_tree.c:5540
 vma_iter_prealloc mm/vma.h:349 [inline]
 __mmap_new_vma mm/vma.c:2349 [inline]
 __mmap_region+0x1b89/0x2cd0 mm/vma.c:2456
 mmap_region+0x1d0/0x2c0 mm/mmap.c:1347
 do_mmap+0x8f0/0x1000 mm/mmap.c:496
 vm_mmap_pgoff+0x1dd/0x3d0 mm/util.c:580
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa71757ff53
Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
RSP: 002b:00007ffedb7e9bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: fffffffffffff000 RCX: 00007fa71757ff53
RDX: 0000000000000000 RSI: 0000000000801000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffedb7e9c30
R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
 </TASK>

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/05 08:56 upstream feffde684ac2 29f61fce .config console log report syz / log [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce INFO: rcu detected stall in mas_preallocate
2025/11/24 17:32 upstream ac3fd01e4c1e bf6fe8fe .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto INFO: rcu detected stall in mas_preallocate
2025/11/03 04:23 upstream 6146a0f1dfae 2c50b6a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root INFO: rcu detected stall in mas_preallocate
2025/07/06 20:22 upstream 772b78c2abd8 4f67c4ae .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto INFO: rcu detected stall in mas_preallocate
2025/04/11 00:23 upstream ab59a8605604 1bc60a19 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce INFO: rcu detected stall in mas_preallocate
2024/12/07 20:13 upstream 7503345ac5f5 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root INFO: rcu detected stall in mas_preallocate
2026/04/30 08:46 net e73cafaf4ace 005438fc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce INFO: rcu detected stall in mas_preallocate
2024/10/30 22:51 net c05c62850a8f fb888278 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce INFO: rcu detected stall in mas_preallocate
2024/10/14 12:08 net-next 6aac56631831 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce INFO: rcu detected stall in mas_preallocate
2024/09/28 15:10 net-next c824deb1a897 440b26ec .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce INFO: rcu detected stall in mas_preallocate
* Struck through repros no longer work on HEAD.