syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...!: (1 GPs behind) idle=092c/1/0x4000000000000000 softirq=66356/66357 fqs=4
rcu: 	(detected by 0, t=10505 jiffies, g=56417, q=224 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 5812 Comm: syz-executor Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__rcu_read_unlock+0x108/0x580 kernel/rcu/tree_plugin.h:441
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 75 01 00 00 <8b> 83 44 04 00 00 3d ff ff ff 3f 0f 87 49 01 00 00 5b 5d 41 5c 41
RSP: 0018:ffffc90000a08d60 EFLAGS: 00000046
RAX: 0000000000000007 RBX: ffff8880260ac880 RCX: ffffc90000a08d54
RDX: 0000000000000000 RSI: ffffffff8ddf4c2b RDI: ffff8880260accc4
RBP: ffff8880260ac880 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880260ac880
R13: 185b44f1d6d13af0 R14: 0000000000000002 R15: ffff888057dc7010
FS:  0000555577764500(0000) GS:ffff888124852000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000000b000 CR3: 000000005c9f5000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_read_unlock include/linux/rcupdate.h:873 [inline]
 advance_sched+0x6f6/0xc80 net/sched/sch_taprio.c:987
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x1ff/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x3f0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:in_gate_area_no_mm+0x19/0x70 arch/x86/entry/vsyscall/vsyscall_64.c:321
Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 54 45 31 e4 55 53 48 89 fb e8 ed bb 8f 00 8b 2d 47 7c c5 0c <bf> 02 00 00 00 89 ee e8 1b b7 8f 00 83 fd 02 74 29 e8 d1 bb 8f 00
RSP: 0018:ffffc900031b6e48 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 00007fdc3cb85193 RCX: ffffc900031b6dfc
RDX: ffff8880260ac880 RSI: ffffffff812c64b3 RDI: 00007fdc3cb85193
RBP: 0000000000000001 R08: ffffffff91367906 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffffc900031b6f68 R14: 0000000000000000 R15: ffff8880260ac880
 is_kernel_text include/linux/kallsyms.h:31 [inline]
 core_kernel_text kernel/extable.c:68 [inline]
 kernel_text_address+0x35/0x100 kernel/extable.c:99
 __kernel_text_address+0xd/0x40 kernel/extable.c:79
 unwind_get_return_address+0x59/0xa0 arch/x86/kernel/unwind_orc.c:369
 arch_stack_walk+0xa6/0x100 arch/x86/kernel/stacktrace.c:26
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 save_stack+0x160/0x1f0 mm/page_owner.c:156
 __set_page_owner+0x91/0x550 mm/page_owner.c:329
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1c0/0x230 mm/page_alloc.c:1704
 prep_new_page mm/page_alloc.c:1712 [inline]
 get_page_from_freelist+0x1321/0x3890 mm/page_alloc.c:3669
 __alloc_frozen_pages_noprof+0x261/0x23f0 mm/page_alloc.c:4959
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2419
 alloc_frozen_pages_noprof mm/mempolicy.c:2490 [inline]
 alloc_pages_noprof+0x131/0x390 mm/mempolicy.c:2510
 pagetable_alloc_noprof include/linux/mm.h:2862 [inline]
 __pte_alloc_one_noprof include/asm-generic/pgalloc.h:75 [inline]
 pte_alloc_one+0x1c/0x3a0 arch/x86/mm/pgtable.c:18
 __pte_alloc+0x6d/0x3c0 mm/memory.c:441
 copy_pte_range mm/memory.c:1112 [inline]
 copy_pmd_range mm/memory.c:1267 [inline]
 copy_pud_range mm/memory.c:1304 [inline]
 copy_p4d_range mm/memory.c:1328 [inline]
 copy_page_range+0x1aed/0x5740 mm/memory.c:1416
 dup_mmap+0xe88/0x21d0 mm/mmap.c:1838
 dup_mm kernel/fork.c:1477 [inline]
 copy_mm kernel/fork.c:1529 [inline]
 copy_process+0x4081/0x76a0 kernel/fork.c:2169
 kernel_clone+0xfc/0x960 kernel/fork.c:2599
 __do_sys_clone+0xce/0x120 kernel/fork.c:2742
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdc3cb85193
Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
RSP: 002b:00007ffc56c73178 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdc3cb85193
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: 00005555777647d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000000927c0 R14: 00000000000a01ab R15: 00007ffc56c73310
 </TASK>
rcu: rcu_preempt kthread starved for 10485 jiffies! g56417 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28264 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6878
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xb00 kernel/rcu/tree.c:2054
 rcu_gp_kthread+0x270/0x380 kernel/rcu/tree.c:2256
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 5807 Comm: syz-executor Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:write_comp_data+0x8b/0x90 kernel/kcov.c:272
Code: 00 00 4a 8d 34 dd 28 00 00 00 48 39 f2 72 1b 48 83 c7 01 48 89 38 4c 89 44 30 e0 4c 89 4c 30 e8 4c 89 54 30 f0 4a 89 4c d8 20 <c3> cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3
RSP: 0000:ffffc900041ef8c0 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff8880b853fe20 RCX: ffffffff81b001fd
RDX: ffff888030838000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: 0000000000000003 R14: ffffed10170a7fc5 R15: ffff8880b843b580
FS:  000055555c2c4500(0000) GS:ffff888124752000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055555c2df5c8 CR3: 000000006091c000 CR4: 00000000003526f0
DR0: 0000000061812e20 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 csd_lock_wait kernel/smp.c:340 [inline]
 smp_call_function_many_cond+0xd9d/0x1510 kernel/smp.c:885
 on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1052
 __flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]
 flush_tlb_multi arch/x86/mm/tlb.c:1361 [inline]
 flush_tlb_mm_range+0x4a0/0x1790 arch/x86/mm/tlb.c:1451
 flush_tlb_page arch/x86/include/asm/tlbflush.h:324 [inline]
 ptep_clear_flush+0x136/0x180 mm/pgtable-generic.c:101
 wp_page_copy mm/memory.c:3635 [inline]
 do_wp_page+0x1683/0x4f20 mm/memory.c:4030
 handle_pte_fault mm/memory.c:6085 [inline]
 __handle_mm_fault+0x2223/0x5490 mm/memory.c:6212
 handle_mm_fault+0x589/0xd10 mm/memory.c:6381
 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x5c/0xb0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f07fdd4cd9f
Code: 8d 34 19 48 39 d5 48 89 75 60 0f 95 c2 48 29 d8 48 83 c1 10 0f b6 d2 48 83 c8 01 48 c1 e2 02 48 09 da 48 83 ca 01 48 89 51 f8 <48> 89 46 08 eb 80 48 8d 0d 61 d3 0e 00 48 8d 15 65 e5 0e 00 bf 01
RSP: 002b:00007ffc7f9acd40 EFLAGS: 00010206
RAX: 0000000000018a41 RBX: 0000000000008040 RCX: 000055555c2d7590
RDX: 0000000000008041 RSI: 000055555c2df5c0 RDI: 0000000000000004
RBP: 00007f07fdf84ca0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000001000 R11: 0000000000000802 R12: 0000000000008030
R13: 0000000000000076 R14: 00007f07fdf84d00 R15: 0000000000000000
 </TASK>
vkms_vblank_simulate: vblank timer overrun