[v6.1] INFO: rcu detected stall in call_usermodehelper_exec_async (3)
0 views
Skip to first unread message
syzbot
Jun 8, 2026, 9:12:32 PM (3 days ago) Jun 8
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 228da13e907e Linux 6.1.175
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1593f166580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4dd3c1715f0a309b
dashboard link: https://syzkaller.appspot.com/bug?extid=c944e60c389e8fe3616b
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/894d01ce6736/disk-228da13e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2a4cec18e217/vmlinux-228da13e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/32550387ebe8/bzImage-228da13e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c944e6...@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 2628 jiffies s: 50281 root: 0x2/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 19406 Comm: modprobe Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:hlock_class kernel/locking/lockdep.c:240 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4724 [inline]
RIP: 0010:__lock_acquire+0x5fc/0x7d10 kernel/locking/lockdep.c:4999
Code: c3 81 e3 ff 1f 00 00 c1 e8 03 25 f8 03 00 00 48 8d b8 40 f2 af 90 be 08 00 00 00 e8 3e 39 6f 00 48 0f a3 1d 96 a6 4b 0f 73 1a <48> 8d 04 5b c1 e0 06 48 8d 98 00 71 48 90 49 b8 00 00 00 00 00 fc
RSP: 0018:ffffc900001e0220 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000015 RCX: ffffffff81644ba2
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff90aff240
RBP: ffffc900001e0470 R08: ffffffff90aff247 R09: 1ffffffff215fe48
R10: dffffc0000000000 R11: fffffbfff215fe49 R12: ffff8880549d5a00
R13: 0000000000000000 R14: 0000000000000002 R15: ffff8880549d65a0
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fafc80e4b4c CR3: 0000000058d2e000 CR4: 00000000003506e0
DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<IRQ>
lock_acquire+0x1bb/0x4a0 kernel/locking/lockdep.c:5662
rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
rcu_read_lock_sched include/linux/rcupdate.h:883 [inline]
pfn_valid include/linux/mmzone.h:1857 [inline]
__virt_addr_valid+0x1a5/0x540 arch/x86/mm/physaddr.c:65
kasan_addr_to_slab+0x9/0xc0 mm/kasan/common.c:36
__kasan_record_aux_stack+0xf/0xc0 mm/kasan/generic.c:471
irq_work_queue_on+0x10f/0x260 kernel/irq_work.c:140
rcu_read_unlock_special+0x3c9/0x510 kernel/rcu/tree_plugin.h:678
__rcu_read_unlock+0x78/0xd0 kernel/rcu/tree_plugin.h:426
rcu_read_unlock include/linux/rcupdate.h:823 [inline]
trace_call_bpf+0x5bb/0x6b0 kernel/trace/bpf_trace.c:137
perf_trace_run_bpf_submit+0x79/0x1c0 kernel/events/core.c:10027
perf_trace_preemptirq_template+0x268/0x320 include/trace/events/preemptirq.h:14
trace_irq_enable_rcuidle+0xd3/0x140 include/trace/events/preemptirq.h:40
trace_hardirqs_on+0x24/0x40 kernel/trace/trace_preemptirq.c:44
asm_sysvec_irq_work+0x16/0x20 arch/x86/include/asm/idtentry.h:728
RIP: 0010:rcu_read_unlock_special+0x7f/0x510 kernel/rcu/tree_plugin.h:685
Code: eb 03 48 b8 f1 f1 f1 f1 f8 f2 f2 f2 4a 89 04 2b 42 c7 44 2b 08 f8 f3 f3 f3 65 44 8b 35 82 30 95 7e 41 f7 c6 00 00 f0 00 74 40 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 42 c7 44 2b 08
RSP: 0018:ffffc900001e0ac0 EFLAGS: 00000206
RAX: 0792a4163fc85b00 RBX: 1ffff9200003c160 RCX: 0792a4163fc85b00
RDX: dffffc0000000000 RSI: ffffffff8a8c1aa0 RDI: ffffffff8adf2060
RBP: ffffc900001e0bb0 R08: ffffffff90aff277 R09: 1ffffffff215fe4e
R10: dffffc0000000000 R11: fffffbfff215fe4f R12: 0000000000000246
R13: dffffc0000000000 R14: ffff8880b8f3b900 R15: 0000000000000002
__rcu_read_unlock+0x78/0xd0 kernel/rcu/tree_plugin.h:426
rcu_read_unlock include/linux/rcupdate.h:823 [inline]
ieee80211_iterate_active_interfaces_atomic+0x156/0x170 net/mac80211/util.c:826
mac80211_hwsim_beacon+0xb7/0x1b0 drivers/net/wireless/mac80211_hwsim.c:2147
__run_hrtimer kernel/time/hrtimer.c:1751 [inline]
__hrtimer_run_queues+0x54a/0xd50 kernel/time/hrtimer.c:1815
hrtimer_run_softirq+0x183/0x2a0 kernel/time/hrtimer.c:1832
handle_softirqs+0x2a1/0x930 kernel/softirq.c:596
__do_softirq kernel/softirq.c:630 [inline]
invoke_softirq kernel/softirq.c:470 [inline]
__irq_exit_rcu+0x13b/0x230 kernel/softirq.c:679
irq_exit_rcu+0x5/0x20 kernel/softirq.c:691
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xbc/0x120 kernel/locking/spinlock.c:194
Code: c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 41 c6 04 07 f8 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> af 7f 1f f7 65 8b 05 80 ff c8 75 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc90003a5f140 EFLAGS: 00000206
RAX: dffffc0000000004 RBX: 0000000000000246 RCX: 0792a4163fc85b00
RDX: dffffc0000000000 RSI: ffffffff8a8c1aa0 RDI: 0000000000000001
RBP: ffffc90003a5f1d8 R08: ffffffff90aff277 R09: 1ffffffff215fe4e
R10: dffffc0000000000 R11: fffffbfff215fe4f R12: dffffc0000000000
R13: ffffffff8cb333c0 R14: ffffffff8cb333c0 R15: 1ffff9200074be28
rcu_report_qs_rsp+0xad/0x1a0 kernel/rcu/tree.c:1930
rcu_report_unblock_qs_rnp kernel/rcu/tree.c:2035 [inline]
rcu_preempt_deferred_qs_irqrestore+0x9d7/0xc30 kernel/rcu/tree_plugin.h:557
rcu_read_unlock_special+0x42a/0x510 kernel/rcu/tree_plugin.h:684
__rcu_read_unlock+0x78/0xd0 kernel/rcu/tree_plugin.h:426
rcu_read_unlock include/linux/rcupdate.h:823 [inline]
mt_validate+0x493d/0x4cb0 lib/maple_tree.c:7251
validate_mm_mt+0xe2/0x440 mm/mmap.c:295
validate_mm+0xe1/0x2e0 mm/mmap.c:332
vma_link+0x254/0x2c0 mm/mmap.c:491
insert_vm_struct+0x2e3/0x3f0 mm/mmap.c:3318
__install_special_mapping+0x197/0x2f0 mm/mmap.c:3565
map_vdso+0x1aa/0x2e0 arch/x86/entry/vdso/vma.c:280
load_elf_binary+0x1cea/0x2800 fs/binfmt_elf.c:1309
search_binary_handler fs/exec.c:1764 [inline]
exec_binprm fs/exec.c:1805 [inline]
bprm_execve+0xaea/0x17e0 fs/exec.c:1874
kernel_execve+0x8b9/0x9c0 fs/exec.c:2039
call_usermodehelper_exec_async+0x207/0x350 kernel/umh.c:113
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 228da13e907e Linux 6.1.175
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1593f166580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4dd3c1715f0a309b
dashboard link: https://syzkaller.appspot.com/bug?extid=c944e60c389e8fe3616b
compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/894d01ce6736/disk-228da13e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2a4cec18e217/vmlinux-228da13e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/32550387ebe8/bzImage-228da13e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c944e6...@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 2628 jiffies s: 50281 root: 0x2/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 19406 Comm: modprobe Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:hlock_class kernel/locking/lockdep.c:240 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4724 [inline]
RIP: 0010:__lock_acquire+0x5fc/0x7d10 kernel/locking/lockdep.c:4999
Code: c3 81 e3 ff 1f 00 00 c1 e8 03 25 f8 03 00 00 48 8d b8 40 f2 af 90 be 08 00 00 00 e8 3e 39 6f 00 48 0f a3 1d 96 a6 4b 0f 73 1a <48> 8d 04 5b c1 e0 06 48 8d 98 00 71 48 90 49 b8 00 00 00 00 00 fc
RSP: 0018:ffffc900001e0220 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000015 RCX: ffffffff81644ba2
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff90aff240
RBP: ffffc900001e0470 R08: ffffffff90aff247 R09: 1ffffffff215fe48
R10: dffffc0000000000 R11: fffffbfff215fe49 R12: ffff8880549d5a00
R13: 0000000000000000 R14: 0000000000000002 R15: ffff8880549d65a0
FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fafc80e4b4c CR3: 0000000058d2e000 CR4: 00000000003506e0
DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
<IRQ>
lock_acquire+0x1bb/0x4a0 kernel/locking/lockdep.c:5662
rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
rcu_read_lock_sched include/linux/rcupdate.h:883 [inline]
pfn_valid include/linux/mmzone.h:1857 [inline]
__virt_addr_valid+0x1a5/0x540 arch/x86/mm/physaddr.c:65
kasan_addr_to_slab+0x9/0xc0 mm/kasan/common.c:36
__kasan_record_aux_stack+0xf/0xc0 mm/kasan/generic.c:471
irq_work_queue_on+0x10f/0x260 kernel/irq_work.c:140
rcu_read_unlock_special+0x3c9/0x510 kernel/rcu/tree_plugin.h:678
__rcu_read_unlock+0x78/0xd0 kernel/rcu/tree_plugin.h:426
rcu_read_unlock include/linux/rcupdate.h:823 [inline]
trace_call_bpf+0x5bb/0x6b0 kernel/trace/bpf_trace.c:137
perf_trace_run_bpf_submit+0x79/0x1c0 kernel/events/core.c:10027
perf_trace_preemptirq_template+0x268/0x320 include/trace/events/preemptirq.h:14
trace_irq_enable_rcuidle+0xd3/0x140 include/trace/events/preemptirq.h:40
trace_hardirqs_on+0x24/0x40 kernel/trace/trace_preemptirq.c:44
asm_sysvec_irq_work+0x16/0x20 arch/x86/include/asm/idtentry.h:728
RIP: 0010:rcu_read_unlock_special+0x7f/0x510 kernel/rcu/tree_plugin.h:685
Code: eb 03 48 b8 f1 f1 f1 f1 f8 f2 f2 f2 4a 89 04 2b 42 c7 44 2b 08 f8 f3 f3 f3 65 44 8b 35 82 30 95 7e 41 f7 c6 00 00 f0 00 74 40 <48> c7 44 24 40 0e 36 e0 45 4a c7 04 2b 00 00 00 00 42 c7 44 2b 08
RSP: 0018:ffffc900001e0ac0 EFLAGS: 00000206
RAX: 0792a4163fc85b00 RBX: 1ffff9200003c160 RCX: 0792a4163fc85b00
RDX: dffffc0000000000 RSI: ffffffff8a8c1aa0 RDI: ffffffff8adf2060
RBP: ffffc900001e0bb0 R08: ffffffff90aff277 R09: 1ffffffff215fe4e
R10: dffffc0000000000 R11: fffffbfff215fe4f R12: 0000000000000246
R13: dffffc0000000000 R14: ffff8880b8f3b900 R15: 0000000000000002
__rcu_read_unlock+0x78/0xd0 kernel/rcu/tree_plugin.h:426
rcu_read_unlock include/linux/rcupdate.h:823 [inline]
ieee80211_iterate_active_interfaces_atomic+0x156/0x170 net/mac80211/util.c:826
mac80211_hwsim_beacon+0xb7/0x1b0 drivers/net/wireless/mac80211_hwsim.c:2147
__run_hrtimer kernel/time/hrtimer.c:1751 [inline]
__hrtimer_run_queues+0x54a/0xd50 kernel/time/hrtimer.c:1815
hrtimer_run_softirq+0x183/0x2a0 kernel/time/hrtimer.c:1832
handle_softirqs+0x2a1/0x930 kernel/softirq.c:596
__do_softirq kernel/softirq.c:630 [inline]
invoke_softirq kernel/softirq.c:470 [inline]
__irq_exit_rcu+0x13b/0x230 kernel/softirq.c:679
irq_exit_rcu+0x5/0x20 kernel/softirq.c:691
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1118 [inline]
sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1118
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xbc/0x120 kernel/locking/spinlock.c:194
Code: c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 41 c6 04 07 f8 75 4b f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> af 7f 1f f7 65 8b 05 80 ff c8 75 85 c0 74 3c 48 c7 04 24 0e 36
RSP: 0018:ffffc90003a5f140 EFLAGS: 00000206
RAX: dffffc0000000004 RBX: 0000000000000246 RCX: 0792a4163fc85b00
RDX: dffffc0000000000 RSI: ffffffff8a8c1aa0 RDI: 0000000000000001
RBP: ffffc90003a5f1d8 R08: ffffffff90aff277 R09: 1ffffffff215fe4e
R10: dffffc0000000000 R11: fffffbfff215fe4f R12: dffffc0000000000
R13: ffffffff8cb333c0 R14: ffffffff8cb333c0 R15: 1ffff9200074be28
rcu_report_qs_rsp+0xad/0x1a0 kernel/rcu/tree.c:1930
rcu_report_unblock_qs_rnp kernel/rcu/tree.c:2035 [inline]
rcu_preempt_deferred_qs_irqrestore+0x9d7/0xc30 kernel/rcu/tree_plugin.h:557
rcu_read_unlock_special+0x42a/0x510 kernel/rcu/tree_plugin.h:684
__rcu_read_unlock+0x78/0xd0 kernel/rcu/tree_plugin.h:426
rcu_read_unlock include/linux/rcupdate.h:823 [inline]
mt_validate+0x493d/0x4cb0 lib/maple_tree.c:7251
validate_mm_mt+0xe2/0x440 mm/mmap.c:295
validate_mm+0xe1/0x2e0 mm/mmap.c:332
vma_link+0x254/0x2c0 mm/mmap.c:491
insert_vm_struct+0x2e3/0x3f0 mm/mmap.c:3318
__install_special_mapping+0x197/0x2f0 mm/mmap.c:3565
map_vdso+0x1aa/0x2e0 arch/x86/entry/vdso/vma.c:280
load_elf_binary+0x1cea/0x2800 fs/binfmt_elf.c:1309
search_binary_handler fs/exec.c:1764 [inline]
exec_binprm fs/exec.c:1805 [inline]
bprm_execve+0xaea/0x17e0 fs/exec.c:1874
kernel_execve+0x8b9/0x9c0 fs/exec.c:2039
call_usermodehelper_exec_async+0x207/0x350 kernel/umh.c:113
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages