syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5840/1:b..l P5863/1:b..l
rcu: 	(detected by 1, t=10502 jiffies, g=9029, q=3983 ncpus=2)
task:syz-executor535 state:R  running task     stack:25928 pid:5863  tgid:5846  ppid:5836   task_flags:0x40044c flags:0x00080800
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x14bc/0x5000 kernel/sched/core.c:6863
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7190
 irqentry_exit+0x5d8/0x660 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x16c/0x340 kernel/locking/lockdep.c:5872
Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 14 85 da 10 <48> 3b 44 24 58 0f 85 e5 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc900040aef78 EFLAGS: 00000206
RAX: 77e25cafb9673a00 RBX: 0000000000000000 RCX: 77e25cafb9673a00
RDX: 0000000056ae8038 RSI: ffffffff8d96873e RDI: ffffffff8bbffbe0
RBP: ffffffff8173ef25 R08: ffffffff8173ef25 R09: ffffffff8df41cc0
R10: dffffc0000000000 R11: ffffffff81ad4ad0 R12: 0000000000000002
R13: ffffffff8df41cc0 R14: 0000000000000000 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:867 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
 unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:56 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
 unpoison_slab_object mm/kasan/common.c:342 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:368
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4948 [inline]
 slab_alloc_node mm/slub.c:5258 [inline]
 kmem_cache_alloc_noprof+0x367/0x6f0 mm/slub.c:5265
 kmem_alloc_batch lib/debugobjects.c:371 [inline]
 fill_pool+0x100/0x570 lib/debugobjects.c:403
 debug_objects_fill_pool lib/debugobjects.c:725 [inline]
 debug_object_activate+0x498/0x540 lib/debugobjects.c:814
 debug_rcu_head_queue kernel/rcu/rcu.h:236 [inline]
 __call_rcu_common kernel/rcu/tree.c:3104 [inline]
 call_rcu+0xaa/0x9c0 kernel/rcu/tree.c:3239
 slab_free_hook mm/slub.c:2504 [inline]
 slab_free mm/slub.c:6663 [inline]
 kmem_cache_free+0x488/0x620 mm/slub.c:6774
 exit_mmap+0x532/0xb20 mm/mmap.c:1305
 __mmput+0x118/0x430 kernel/fork.c:1130
 exit_mm+0x1da/0x2c0 kernel/exit.c:583
 do_exit+0x658/0x2310 kernel/exit.c:961
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1114
 get_signal+0x1285/0x1340 kernel/signal.c:3034
 arch_do_signal_or_restart+0x9a/0x7a0 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x87/0x4f0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x2e3/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f713a3021f9
RSP: 002b:00007f713a291218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f713a3853f8 RCX: 00007f713a3021f9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f713a3853f8
RBP: 00007f713a3853f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f713a3522a4
R13: 00002000000000c0 R14: 0000200000000080 R15: 0000200000000100
 </TASK>
task:udevd           state:R  running task     stack:26912 pid:5840  tgid:5840  ppid:5200   task_flags:0x40014c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x14bc/0x5000 kernel/sched/core.c:6863
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7047
 preempt_schedule+0xae/0xc0 kernel/sched/core.c:7071
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3f/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1885 [inline]
 zap_pmd_range mm/memory.c:1947 [inline]
 zap_pud_range mm/memory.c:1976 [inline]
 zap_p4d_range mm/memory.c:1997 [inline]
 unmap_page_range+0x3a7f/0x4370 mm/memory.c:2018
 unmap_single_vma mm/memory.c:2061 [inline]
 unmap_vmas+0x399/0x580 mm/memory.c:2105
 exit_mmap+0x23b/0xb20 mm/mmap.c:1280
 __mmput+0x118/0x430 kernel/fork.c:1130
 exit_mm+0x1da/0x2c0 kernel/exit.c:583
 do_exit+0x658/0x2310 kernel/exit.c:961
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1114
 __do_sys_exit_group kernel/exit.c:1125 [inline]
 __se_sys_exit_group kernel/exit.c:1123 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1123
 x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f987faf16c5
RSP: 002b:00007ffdda19c2d8 EFLAGS: 00000256 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00005630d990cf60 RCX: 00007f987faf16c5
RDX: 00000000000000e7 RSI: fffffffffffffe68 RDI: 0000000000000000
RBP: 00005630d98ec910 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000256 R12: 0000000000000000
R13: 00007ffdda19c320 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
rcu: rcu_preempt kthread starved for 10593 jiffies! g9029 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27704 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x14bc/0x5000 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6960
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x599/0xb30 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:82
Code: be 13 c4 f5 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 53 1d 1c 00 f3 0f 1e fa fb f4 <e9> 93 13 c4 f5 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
RAX: 2094699d6aab8900 RBX: ffffffff8197438a RCX: 2094699d6aab8900
RDX: 0000000000000001 RSI: ffffffff8d781d94 RDI: ffffffff8bbffbe0
RBP: ffffc90000197f10 R08: ffff8880b893359b R09: 1ffff110171266b3
R10: dffffc0000000000 R11: ffffed10171266b4 R12: ffffffff8f811170
R13: 1ffff1100395cb70 R14: 0000000000000001 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888126195000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f713a2b9a90 CR3: 00000000787c5000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:767
 default_idle_call+0x73/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x1ea/0x520 kernel/sched/idle.c:332
 cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:430
 start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:312
 common_startup_64+0x13e/0x147
 </TASK>