CVE-2026-43385
Received Received - Intake
RCU Stall in Linux Kernel Threaded Busypoll

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: Fix rcu_tasks stall in threaded busypoll I was debugging a NIC driver when I noticed that when I enable threaded busypoll, bpftrace hangs when starting up. dmesg showed: rcu_tasks_wait_gp: rcu_tasks grace period number 85 (since boot) is 10658 jiffies old. rcu_tasks_wait_gp: rcu_tasks grace period number 85 (since boot) is 40793 jiffies old. rcu_tasks_wait_gp: rcu_tasks grace period number 85 (since boot) is 131273 jiffies old. rcu_tasks_wait_gp: rcu_tasks grace period number 85 (since boot) is 402058 jiffies old. INFO: rcu_tasks detected stalls on tasks: 00000000769f52cd: .N nvcsw: 2/2 holdout: 1 idle_cpu: -1/64 task:napi/eth2-8265 state:R running task stack:0 pid:48300 tgid:48300 ppid:2 task_flags:0x208040 flags:0x00004000 Call Trace: <TASK> ? napi_threaded_poll_loop+0x27c/0x2c0 ? __pfx_napi_threaded_poll+0x10/0x10 ? napi_threaded_poll+0x26/0x80 ? kthread+0xfa/0x240 ? __pfx_kthread+0x10/0x10 ? ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ? ret_from_fork_asm+0x1a/0x30 </TASK> The cause is that in threaded busypoll, the main loop is in napi_threaded_poll rather than napi_threaded_poll_loop, where the latter rarely iterates more than once within its loop. For rcu_softirq_qs_periodic inside napi_threaded_poll_loop to report its qs state, the last_qs must be 100ms behind, and this can't happen because napi_threaded_poll_loop rarely iterates in threaded busypoll, and each time napi_threaded_poll_loop is called last_qs is reset to latest jiffies. This patch changes so that in threaded busypoll, last_qs is saved in the outer napi_threaded_poll, and whether busy_poll_last_qs is NULL indicates whether napi_threaded_poll_loop is called for busypoll. This way last_qs would not reset to latest jiffies on each invocation of napi_threaded_poll_loop.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43385
EUVD
EUVD-2026-28691
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is related to the Linux kernel's network subsystem, specifically involving the threaded busypoll feature. When threaded busypoll is enabled, a component called bpftrace hangs during startup due to a stall in the rcu_tasks mechanism. The issue arises because the main loop runs in napi_threaded_poll instead of napi_threaded_poll_loop, which rarely iterates more than once. This causes the last_qs timestamp to reset incorrectly, preventing the system from properly reporting quiescent states and leading to a stall.

The fix involves changing how last_qs is saved in the outer napi_threaded_poll function, ensuring it is not reset on each invocation of napi_threaded_poll_loop during busypoll. This prevents the rcu_tasks stall and the associated hangs.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel's network polling mechanism to stall, which may lead to system hangs or degraded performance when using threaded busypoll. Specifically, tools like bpftrace that rely on this mechanism may hang during startup, potentially impacting network driver debugging or monitoring tasks.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing system logs for specific RCU (Read-Copy-Update) task stall messages related to threaded busypoll in the Linux kernel.

  • Check the kernel log (dmesg) for messages like 'rcu_tasks_wait_gp: rcu_tasks grace period number ... is ... jiffies old.'
  • Look for INFO messages indicating 'rcu_tasks detected stalls on tasks' with task names such as 'napi/eth2-8265' or similar.
  • Example command to check kernel logs: `dmesg | grep rcu_tasks_wait_gp`
  • Monitor for hangs or stalls in tools like bpftrace when threaded busypoll is enabled.

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is related to the threaded busypoll feature in the Linux kernel causing RCU task stalls. Immediate mitigation steps include:

  • Disable threaded busypoll if it is enabled, to avoid the conditions causing the RCU task stall.
  • Apply the patch or update the Linux kernel to a version where this issue is fixed, as described in the CVE.
  • Monitor system logs for RCU stall messages and avoid running workloads that trigger the issue until patched.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart