syzbot

 sign-in | mailing list | source | docs
🐞 Open [376]
🐞 Fixed [17]
🐞 Invalid [70]
Missing Backports [13]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

INFO: rcu detected stall in NF_HOOK

Status: upstream: reported on 2025/11/16 12:13
Reported-by: syzbot+aee517bb6707b646b2b5@syzkaller.appspotmail.com
First crash: 5d00h, last: 7h56m
Similar bugs (7)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream INFO: rcu detected stall in NF_HOOK netfilter usb 1 C error 13 504d 518d 0/29 closed as dup on 2024/06/20 17:29
linux-5.15 INFO: rcu detected stall in NF_HOOK 1 1 623d 623d 0/3 auto-obsoleted due to no activity on 2024/06/15 14:02
linux-5.15 INFO: rcu detected stall in NF_HOOK (3) 1 2 303d 322d 0/3 auto-obsoleted due to no activity on 2025/05/01 22:51
linux-6.1 INFO: rcu detected stall in NF_HOOK origin:lts-only 1 syz unreliable 26 9d14h 534d 0/3 upstream: reported syz repro on 2024/06/04 14:31
upstream INFO: rcu detected stall in NF_HOOK (2) netfilter sctp lsm 1 C inconclusive error 114 13d 407d 0/29 upstream: reported C repro on 2024/10/10 12:45
linux-5.15 INFO: rcu detected stall in NF_HOOK (2) 1 1 506d 506d 0/3 auto-obsoleted due to no activity on 2024/10/11 06:09
android-54 BUG: soft lockup in NF_HOOK 1 1 526d 526d 0/2 auto-obsoleted due to no activity on 2024/09/10 19:37

Sample crash report:
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P967/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=25157, q=186 ncpus=2)
task:kworker/0:2     state:R  running task     stack:24040 pid:967   ppid:2      flags:0x00004000
Workqueue:  0x0 (wg-crypt-wg2)
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 preempt_schedule_common+0x82/0xc0 kernel/sched/core.c:6866
 preempt_schedule+0xab/0xc0 kernel/sched/core.c:6890
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk_64.S:45
 unwind_next_frame+0x200f/0x2970 arch/x86/kernel/unwind_orc.c:672
 arch_stack_walk+0x144/0x190 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 save_stack+0xf7/0x1f0 mm/page_owner.c:128
 __reset_page_owner+0x4e/0x190 mm/page_owner.c:149
 reset_page_owner include/linux/page_owner.h:24 [inline]
 free_pages_prepare mm/page_alloc.c:1154 [inline]
 free_unref_page_prepare+0x7ce/0x8e0 mm/page_alloc.c:2336
 free_unref_page+0x32/0x2e0 mm/page_alloc.c:2429
 discard_slab mm/slub.c:2127 [inline]
 __unfreeze_partials+0x1cf/0x210 mm/slub.c:2667
 put_cpu_partial+0x17c/0x250 mm/slub.c:2743
 __slab_free+0x31d/0x410 mm/slub.c:3700
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 ____kasan_kmalloc mm/kasan/common.c:340 [inline]
 __kasan_kmalloc+0x22/0xa0 mm/kasan/common.c:383
 kasan_kmalloc include/linux/kasan.h:198 [inline]
 __do_kmalloc_node mm/slab_common.c:1007 [inline]
 __kmalloc_node_track_caller+0xb2/0x230 mm/slab_common.c:1027
 kvasprintf+0xdd/0x190 lib/kasprintf.c:25
 __kthread_create_on_node+0x1c7/0x3e0 kernel/kthread.c:444
 kthread_create_on_node+0xde/0x120 kernel/kthread.c:512
 create_worker+0x36e/0x7b0 kernel/workqueue.c:2194
 maybe_create_worker kernel/workqueue.c:2463 [inline]
 manage_workers kernel/workqueue.c:2515 [inline]
 worker_thread+0x4d9/0xfc0 kernel/workqueue.c:2767
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: rcu_preempt kthread starved for 9284 jiffies! g25157 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26392 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x160/0x280 kernel/time/timer.c:2167
 rcu_gp_fqs_loop+0x302/0x1560 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x99/0x380 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8975 Comm: syz.1.1012 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
RIP: 0010:mark_lock+0xe2/0x320 kernel/locking/lockdep.c:4656
Code: 03 42 0f b6 04 28 84 c0 0f 85 06 02 00 00 83 3d 13 3f 83 15 00 74 36 45 31 ff 49 83 c7 60 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 <74> 08 4c 89 ff e8 54 35 75 00 b8 01 00 00 00 45 85 27 74 50 48 83
RSP: 0018:ffffc900001efd00 EFLAGS: 00000046
RAX: 1ffffffff20e28a4 RBX: ffff88805ce83c00 RCX: ffffffff8167b534
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff90da8508
RBP: 0000000000000001 R08: ffffffff90da850f R09: 1ffffffff21b50a1
R10: dffffc0000000000 R11: fffffbfff21b50a2 R12: 0000000000000002
R13: dffffc0000000000 R14: ffff88805ce84730 R15: ffffffff90714520
FS:  00007fe68ba836c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055557009e5c8 CR3: 000000005ac15000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 mark_usage kernel/locking/lockdep.c:4555 [inline]
 __lock_acquire+0xc56/0x7c80 kernel/locking/lockdep.c:5091
 lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
 seqcount_lockdep_reader_access+0xca/0x1c0 include/linux/seqlock.h:102
 timekeeping_get_delta kernel/time/timekeeping.c:254 [inline]
 timekeeping_get_ns kernel/time/timekeeping.c:388 [inline]
 ktime_get+0x7f/0x280 kernel/time/timekeeping.c:848
 clockevents_program_event+0xe6/0x310 kernel/time/clockevents.c:326
 hrtimer_interrupt+0x5a1/0x9c0 kernel/time/hrtimer.c:1889
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1077 [inline]
 __sysvec_apic_timer_interrupt+0xfb/0x3b0 arch/x86/kernel/apic/apic.c:1094
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0x51/0xc0 arch/x86/kernel/apic/apic.c:1088
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:stack_trace_consume_entry+0xf3/0x270 kernel/stacktrace.c:93
Code: 8b 74 24 08 48 8b 1f 45 8d 79 01 0f b6 44 15 00 84 c0 0f 85 35 01 00 00 45 89 38 4e 8d 3c cb 4c 89 f8 48 c1 e8 03 80 3c 10 00 <74> 1a 4c 89 ff 48 89 f3 49 89 d4 4c 89 c5 e8 ca 7d 68 00 49 89 e8
RSP: 0018:ffffc900001f0438 EFLAGS: 00000246
RAX: 1ffff9200003e0cf RBX: ffffc900001f05c0 RCX: ffff88805ce83c00
RDX: dffffc0000000000 RSI: ffffffff81fa88a1 RDI: ffffc900001f0540
RBP: 1ffff9200003e0aa R08: ffffc900001f0550 R09: 0000000000000017
R10: 0000000000000004 R11: 0000000000000100 R12: 0000000000000000
R13: 1ffff9200003e0a9 R14: ffffc900001f0548 R15: ffffc900001f0678
 arch_stack_walk+0x138/0x190 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:45 [inline]
 kasan_set_track+0x4e/0x70 mm/kasan/common.c:52
 kasan_save_free_info+0x2e/0x50 mm/kasan/generic.c:522
 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:236
 kasan_slab_free include/linux/kasan.h:164 [inline]
 slab_free_hook mm/slub.c:1811 [inline]
 slab_free_freelist_hook+0x130/0x1b0 mm/slub.c:1837
 slab_free mm/slub.c:3830 [inline]
 kmem_cache_free+0xf8/0x280 mm/slub.c:3852
 kfree_skb include/linux/skbuff.h:1232 [inline]
 ip6_mc_input+0xa7e/0xc70 net/ipv6/ip6_input.c:589
 NF_HOOK+0x303/0x390 include/linux/netfilter.h:304
 __netif_receive_skb_one_core net/core/dev.c:5608 [inline]
 __netif_receive_skb+0xcc/0x290 net/core/dev.c:5722
 process_backlog+0x380/0x6e0 net/core/dev.c:6050
 __napi_poll+0xc0/0x460 net/core/dev.c:6612
 napi_poll net/core/dev.c:6679 [inline]
 net_rx_action+0x5ea/0xbf0 net/core/dev.c:6815
 handle_softirqs+0x280/0x820 kernel/softirq.c:578
 __do_softirq kernel/softirq.c:612 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xc7/0x190 kernel/softirq.c:661
 irq_exit_rcu+0x9/0x20 kernel/softirq.c:673
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1088 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1088
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:__slab_free+0x31d/0x410 mm/slub.c:3702
Code: 8b 47 40 48 3b 45 10 73 23 0f 1f 44 00 00 4c 89 ce e8 37 e8 9b 08 eb be 45 85 f6 79 b9 48 89 ef ba 01 00 00 00 e8 23 f0 ff ff <eb> aa 49 89 ff 4d 89 ce 48 89 f3 4d 85 d2 74 0d 4c 89 ff 48 89 de
RSP: 0018:ffffc90003e074c8 EFLAGS: 00000286
RAX: e92ae57c1f8c9800 RBX: ffff8880527ba200 RCX: e92ae57c1f8c9800
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: ffffffff8afc6b00
RBP: ffff88801e664a00 R08: ffffffff90da852f R09: 1ffffffff21b50a5
R10: dffffc0000000000 R11: fffffbfff21b50a6 R12: ffff88801e664a00
R13: 0000000000100010 R14: 000000008010000f R15: 000000008010000f
 qlink_free mm/kasan/quarantine.c:166 [inline]
 qlist_free_all+0x75/0xe0 mm/kasan/quarantine.c:185
 kasan_quarantine_reduce+0x143/0x160 mm/kasan/quarantine.c:292
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:305
 kasan_slab_alloc include/linux/kasan.h:188 [inline]
 slab_post_alloc_hook+0x6e/0x4d0 mm/slab.h:767
 slab_alloc_node mm/slub.c:3495 [inline]
 slab_alloc mm/slub.c:3503 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3510 [inline]
 kmem_cache_alloc_lru+0x115/0x2e0 mm/slub.c:3526
 __d_alloc+0x31/0x730 fs/dcache.c:1773
 __ns_get_path+0x3d1/0x640 fs/nsfs.c:93
 ns_get_path_cb fs/nsfs.c:119 [inline]
 ns_get_path+0x54/0x90 fs/nsfs.c:145
 proc_ns_get_link+0xf0/0x230 fs/proc/namespaces.c:61
 pick_link+0x666/0xdd0 fs/namei.c:-1
 step_into+0xc3d/0xf10 fs/namei.c:1880
 open_last_lookups fs/namei.c:3587 [inline]
 path_openat+0x16bb/0x3190 fs/namei.c:3794
 do_filp_open+0x1c5/0x3d0 fs/namei.c:3824
 do_sys_openat2+0x12c/0x1c0 fs/open.c:1419
 do_sys_open fs/open.c:1434 [inline]
 __do_sys_openat fs/open.c:1450 [inline]
 __se_sys_openat fs/open.c:1445 [inline]
 __x64_sys_openat+0x139/0x160 fs/open.c:1445
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fe68ab8df90
Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44
RSP: 002b:00007fe68ba82f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe68ab8df90
RDX: 0000000000000000 RSI: 00007fe68ba82fa0 RDI: 00000000ffffff9c
RBP: 00007fe68ba82fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007fe68ade6128 R14: 00007fe68ade6090 R15: 00007ffd1f5c8238
 </TASK>

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/11/21 04:48 linux-6.6.y 0a805b6ea8cd 2cc4c24a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in NF_HOOK
2025/11/20 20:50 linux-6.6.y 0a805b6ea8cd 2cc4c24a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in NF_HOOK
2025/11/16 12:12 linux-6.6.y 0a805b6ea8cd f7988ea4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-6-kasan-perf INFO: rcu detected stall in NF_HOOK
* Struck through repros no longer work on HEAD.