[v6.1] INFO: rcu detected stall in el1h_64_irq (2)
8 views
Skip to first unread message
syzbot
Jun 30, 2025, 12:21:29 AM6/30/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7e69c33e4858 Linux 6.1.142
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15c0a770580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8ab0a96d60bbe8f
dashboard link: https://syzkaller.appspot.com/bug?extid=a729dd20e9a55fe76717
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11436982580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/45e07ce672f1/disk-7e69c33e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e00cc723dfa5/vmlinux-7e69c33e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4cbcf3fe062f/Image-7e69c33e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a729dd...@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P4311/1:b..l P571/1:b..l P3912/1:b..l
(detected by 0, t=10502 jiffies, g=5809, q=239 ncpus=2)
task:udevd state:R running task stack:0 pid:3912 ppid:1 flags:0x00000004
Call trace:
__switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0xdd4/0x1b2c kernel/sched/core.c:6561
preempt_schedule_common+0xec/0x1a0 kernel/sched/core.c:6730
preempt_schedule+0x64/0x84 kernel/sched/core.c:6754
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xa8/0xac kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__wake_up_common_lock kernel/sched/wait.c:140 [inline]
__wake_up_sync_key+0x11c/0x178 kernel/sched/wait.c:208
sock_def_readable+0x150/0x278 net/core/sock.c:3308
__netlink_sendskb net/netlink/af_netlink.c:1258 [inline]
netlink_sendskb+0xa4/0x164 net/netlink/af_netlink.c:1264
netlink_unicast+0x2d0/0x818 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x6e8/0x9b0 net/netlink/af_netlink.c:1859
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5b8/0x918 net/socket.c:2519
___sys_sendmsg net/socket.c:2573 [inline]
__sys_sendmsg+0x25c/0x320 net/socket.c:2602
__do_sys_sendmsg net/socket.c:2611 [inline]
__se_sys_sendmsg net/socket.c:2609 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
task:kworker/u4:5 state:R running task stack:0 pid:571 ppid:2 flags:0x00000008
Workqueue: bat_events batadv_nc_worker
Call trace:
__switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0xdd4/0x1b2c kernel/sched/core.c:6561
preempt_schedule_irq+0x8c/0x1b8 kernel/sched/core.c:6873
arm64_preempt_schedule_irq+0x44/0x58 arch/arm64/kernel/entry-common.c:265
__el1_irq arch/arm64/kernel/entry-common.c:474 [inline]
el1_interrupt+0x3c/0x54 arch/arm64/kernel/entry-common.c:486
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:581
preempt_count arch/arm64/include/asm/preempt.h:13 [inline]
check_kcov_mode kernel/kcov.c:182 [inline]
write_comp_data kernel/kcov.c:245 [inline]
__sanitizer_cov_trace_const_cmp4+0x14/0xb0 kernel/kcov.c:313
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:849
task:udevd state:R running task stack:0 pid:4311 ppid:3912 flags:0x00000004
Call trace:
__switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0xdd4/0x1b2c kernel/sched/core.c:6561
preempt_schedule_common+0xec/0x1a0 kernel/sched/core.c:6730
preempt_schedule+0x64/0x84 kernel/sched/core.c:6754
__raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
_raw_spin_unlock+0x80/0x84 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:391 [inline]
__d_lookup+0x528/0x6a8 fs/dcache.c:2506
lookup_fast+0x78/0x43c fs/namei.c:1648
walk_component fs/namei.c:1994 [inline]
link_path_walk+0x518/0xc6c fs/namei.c:2325
path_openat+0x1c0/0x2680 fs/namei.c:3779
do_filp_open+0x174/0x344 fs/namei.c:3810
do_sys_openat2+0x128/0x3d8 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x120/0x154 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
rcu: rcu_preempt kthread starved for 10507 jiffies! g5809 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:0 pid:16 ppid:2 flags:0x00000008
Call trace:
__switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0xdd4/0x1b2c kernel/sched/core.c:6561
schedule+0xc4/0x170 kernel/sched/core.c:6637
schedule_timeout+0x180/0x2c8 kernel/time/timer.c:1965
rcu_gp_fqs_loop+0x2a8/0x134c kernel/rcu/tree.c:1706
rcu_gp_kthread+0xc0/0x2f8 kernel/rcu/tree.c:1905
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:849
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 PID: 4472 Comm: syz.0.16 Not tainted 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_notify_resume+0x118/0x2b0c arch/arm64/kernel/signal.c:1127
lr : local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline]
lr : do_notify_resume+0x10c/0x2b0c arch/arm64/kernel/signal.c:1122
sp : ffff800020f57be0
x29: ffff800020f57e10 x28: ffff0000d1858000 x27: 0000000000000000
x26: dfff800000000000 x25: 0000000000000001 x24: 1fffe0001a30b000
x23: 0000000080001000 x22: ffff800020f57d20 x21: ffff800020f57eb0
x20: ffff800020f57fc8 x19: ffff800020f57fb0 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d2400 x15: 0000ffffdae3d580
x14: 0000000000000000 x13: 1ffff00002a100b1 x12: 0000000000ff0100
x11: ff0080000a88b400 x10: 0000000000000000 x9 : ffff80000a88b400
x8 : 0000000001df931b x7 : 0000000000000000 x6 : ffff800020f57638
x5 : ffff800020f57638 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffff800020f57b20 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
local_daif_restore arch/arm64/include/asm/daifflags.h:117 [inline]
do_notify_resume+0x118/0x2b0c arch/arm64/kernel/signal.c:1122
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x98/0x138 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7e69c33e4858 Linux 6.1.142
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15c0a770580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8ab0a96d60bbe8f
dashboard link: https://syzkaller.appspot.com/bug?extid=a729dd20e9a55fe76717
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11436982580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/45e07ce672f1/disk-7e69c33e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e00cc723dfa5/vmlinux-7e69c33e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4cbcf3fe062f/Image-7e69c33e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a729dd...@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P4311/1:b..l P571/1:b..l P3912/1:b..l
(detected by 0, t=10502 jiffies, g=5809, q=239 ncpus=2)
task:udevd state:R running task stack:0 pid:3912 ppid:1 flags:0x00000004
Call trace:
__switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0xdd4/0x1b2c kernel/sched/core.c:6561
preempt_schedule_common+0xec/0x1a0 kernel/sched/core.c:6730
preempt_schedule+0x64/0x84 kernel/sched/core.c:6754
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xa8/0xac kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__wake_up_common_lock kernel/sched/wait.c:140 [inline]
__wake_up_sync_key+0x11c/0x178 kernel/sched/wait.c:208
sock_def_readable+0x150/0x278 net/core/sock.c:3308
__netlink_sendskb net/netlink/af_netlink.c:1258 [inline]
netlink_sendskb+0xa4/0x164 net/netlink/af_netlink.c:1264
netlink_unicast+0x2d0/0x818 net/netlink/af_netlink.c:1352
netlink_sendmsg+0x6e8/0x9b0 net/netlink/af_netlink.c:1859
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5b8/0x918 net/socket.c:2519
___sys_sendmsg net/socket.c:2573 [inline]
__sys_sendmsg+0x25c/0x320 net/socket.c:2602
__do_sys_sendmsg net/socket.c:2611 [inline]
__se_sys_sendmsg net/socket.c:2609 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
task:kworker/u4:5 state:R running task stack:0 pid:571 ppid:2 flags:0x00000008
Workqueue: bat_events batadv_nc_worker
Call trace:
__switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0xdd4/0x1b2c kernel/sched/core.c:6561
preempt_schedule_irq+0x8c/0x1b8 kernel/sched/core.c:6873
arm64_preempt_schedule_irq+0x44/0x58 arch/arm64/kernel/entry-common.c:265
__el1_irq arch/arm64/kernel/entry-common.c:474 [inline]
el1_interrupt+0x3c/0x54 arch/arm64/kernel/entry-common.c:486
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:491
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:581
preempt_count arch/arm64/include/asm/preempt.h:13 [inline]
check_kcov_mode kernel/kcov.c:182 [inline]
write_comp_data kernel/kcov.c:245 [inline]
__sanitizer_cov_trace_const_cmp4+0x14/0xb0 kernel/kcov.c:313
process_one_work+0x7f4/0x13a8 kernel/workqueue.c:2292
worker_thread+0x8c8/0xfbc kernel/workqueue.c:2439
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:849
task:udevd state:R running task stack:0 pid:4311 ppid:3912 flags:0x00000004
Call trace:
__switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0xdd4/0x1b2c kernel/sched/core.c:6561
preempt_schedule_common+0xec/0x1a0 kernel/sched/core.c:6730
preempt_schedule+0x64/0x84 kernel/sched/core.c:6754
__raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
_raw_spin_unlock+0x80/0x84 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:391 [inline]
__d_lookup+0x528/0x6a8 fs/dcache.c:2506
lookup_fast+0x78/0x43c fs/namei.c:1648
walk_component fs/namei.c:1994 [inline]
link_path_walk+0x518/0xc6c fs/namei.c:2325
path_openat+0x1c0/0x2680 fs/namei.c:3779
do_filp_open+0x174/0x344 fs/namei.c:3810
do_sys_openat2+0x128/0x3d8 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x120/0x154 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
rcu: rcu_preempt kthread starved for 10507 jiffies! g5809 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:0 pid:16 ppid:2 flags:0x00000008
Call trace:
__switch_to+0x2f4/0x568 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5244 [inline]
__schedule+0xdd4/0x1b2c kernel/sched/core.c:6561
schedule+0xc4/0x170 kernel/sched/core.c:6637
schedule_timeout+0x180/0x2c8 kernel/time/timer.c:1965
rcu_gp_fqs_loop+0x2a8/0x134c kernel/rcu/tree.c:1706
rcu_gp_kthread+0xc0/0x2f8 kernel/rcu/tree.c:1905
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:849
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 PID: 4472 Comm: syz.0.16 Not tainted 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : do_notify_resume+0x118/0x2b0c arch/arm64/kernel/signal.c:1127
lr : local_daif_restore arch/arm64/include/asm/daifflags.h:75 [inline]
lr : do_notify_resume+0x10c/0x2b0c arch/arm64/kernel/signal.c:1122
sp : ffff800020f57be0
x29: ffff800020f57e10 x28: ffff0000d1858000 x27: 0000000000000000
x26: dfff800000000000 x25: 0000000000000001 x24: 1fffe0001a30b000
x23: 0000000080001000 x22: ffff800020f57d20 x21: ffff800020f57eb0
x20: ffff800020f57fc8 x19: ffff800020f57fb0 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000082d2400 x15: 0000ffffdae3d580
x14: 0000000000000000 x13: 1ffff00002a100b1 x12: 0000000000ff0100
x11: ff0080000a88b400 x10: 0000000000000000 x9 : ffff80000a88b400
x8 : 0000000001df931b x7 : 0000000000000000 x6 : ffff800020f57638
x5 : ffff800020f57638 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffff800020f57b20 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
local_daif_restore arch/arm64/include/asm/daifflags.h:117 [inline]
do_notify_resume+0x118/0x2b0c arch/arm64/kernel/signal.c:1122
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x98/0x138 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages