syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P10351/3:b..l P9608/1:b..l
rcu: 	(detected by 0, t=10504 jiffies, g=31589, q=220 ncpus=2)
task:syz-executor    state:R  running task     stack:20048 pid:9608  tgid:9608  ppid:9586   task_flags:0x400140 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x18bc/0x4c40 kernel/sched/core.c:6764
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6943
 preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6967
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 copy_pte_range mm/memory.c:1201 [inline]
 copy_pmd_range+0x6dc8/0x77a0 mm/memory.c:1262
 copy_pud_range mm/memory.c:1299 [inline]
 copy_p4d_range mm/memory.c:1323 [inline]
 copy_page_range+0x99f/0xe90 mm/memory.c:1421
 dup_mmap kernel/fork.c:748 [inline]
 dup_mm kernel/fork.c:1700 [inline]
 copy_mm+0x1269/0x2160 kernel/fork.c:1752
 copy_process+0x1845/0x3d50 kernel/fork.c:2403
 kernel_clone+0x223/0x870 kernel/fork.c:2815
 __do_sys_clone kernel/fork.c:2958 [inline]
 __se_sys_clone kernel/fork.c:2942 [inline]
 __x64_sys_clone+0x258/0x2a0 kernel/fork.c:2942
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f042b583653
RSP: 002b:00007ffe68798038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f042b583653
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: 000055558385d7d0 R11: 0000000000000246 R12: 0000000000000000
R13: 00000000000927c0 R14: 00000000000a1e93 R15: 00007ffe687981d0
 </TASK>
task:syz.6.816       state:R  running task     stack:22816 pid:10351 tgid:10351 ppid:9376   task_flags:0x400640 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x18bc/0x4c40 kernel/sched/core.c:6764
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6943
 preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6967
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 filemap_map_pages+0x13ce/0x1900 mm/filemap.c:3823
 do_fault_around mm/memory.c:5350 [inline]
 do_read_fault mm/memory.c:5383 [inline]
 do_fault mm/memory.c:5526 [inline]
 do_pte_missing mm/memory.c:4047 [inline]
 handle_pte_fault mm/memory.c:5889 [inline]
 __handle_mm_fault+0x4acb/0x70f0 mm/memory.c:6032
 handle_mm_fault+0x2c1/0x7e0 mm/memory.c:6201
 faultin_page mm/gup.c:1196 [inline]
 __get_user_pages+0x1a92/0x4140 mm/gup.c:1491
 __get_user_pages_locked mm/gup.c:1757 [inline]
 get_dump_page+0x155/0x2f0 mm/gup.c:2275
 dump_user_range+0x14d/0x970 fs/coredump.c:943
 elf_core_dump+0x3e96/0x4790 fs/binfmt_elf.c:2129
 do_coredump+0x244f/0x2f00 fs/coredump.c:758
 get_signal+0x140b/0x1750 kernel/signal.c:3021
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 irqentry_exit_to_user_mode+0x7e/0x250 kernel/entry/common.c:231
 exc_page_fault+0x590/0x8b0 arch/x86/mm/fault.c:1541
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f270a78cde9
RSP: 002b:00007f270b52ffe8 EFLAGS: 00010206
RAX: 0000000000000000 RBX: 00007f270a9a5fa0 RCX: 00007f270a78cde9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000088200
RBP: 00007f270a80e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f270a9a5fa0 R15: 00007fff365b3f08
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g31589 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=1 timer-softirq=52703
rcu: rcu_preempt kthread starved for 10502 jiffies! g31589 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:25784 pid:17    tgid:17    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5377 [inline]
 __schedule+0x18bc/0x4c40 kernel/sched/core.c:6764
 __schedule_loop kernel/sched/core.c:6841 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6856
 schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2024
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2226
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 10377 Comm: syz.4.823 Not tainted 6.14.0-rc1-syzkaller-00034-g92514ef226f5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:hlock_class kernel/locking/lockdep.c:230 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4877 [inline]
RIP: 0010:__lock_acquire+0x8aa/0x2100 kernel/locking/lockdep.c:5178
Code: 8b 5d 00 81 e3 ff 1f 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 40 38 2c 94 be 08 00 00 00 e8 1e aa 88 00 48 0f a3 1d f6 70 91 12 <73> 1a 48 69 c3 c8 00 00 00 48 8d 98 00 b7 c3 93 48 ba 00 00 00 00
RSP: 0018:ffffc90000a18930 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 000000000000006c RCX: ffffffff819ac742
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff942c3848
RBP: 0000000000000001 R08: ffffffff942c384f R09: 1ffffffff2858709
R10: dffffc0000000000 R11: fffffbfff285870a R12: 0000000000000002
R13: ffff88802fe60b60 R14: 0000000000000002 R15: ffff88802fe60b60
FS:  00007f22d0c4b6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3010cff8 CR3: 0000000033c32000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
 debug_object_deactivate+0x158/0x390 lib/debugobjects.c:873
 debug_hrtimer_deactivate kernel/time/hrtimer.c:460 [inline]
 debug_deactivate+0x1b/0x220 kernel/time/hrtimer.c:502
 __run_hrtimer kernel/time/hrtimer.c:1769 [inline]
 __hrtimer_run_queues+0x305/0xd30 kernel/time/hrtimer.c:1865
 hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1927
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 ca 31 aa f5 48 89 df e8 02 79 ab f5 e8 6d 74 d6 f5 fb bf 01 00 00 00 <e8> 12 df 9c f5 65 8b 05 03 27 13 74 85 c0 74 06 5b c3 cc cc cc cc
RSP: 0018:ffffc90003e1f110 EFLAGS: 00000282
RAX: 0f6963755003e500 RBX: ffff8880622ed890 RCX: ffffffff819b310a
RDX: dffffc0000000000 RSI: ffffffff8c0aa680 RDI: 0000000000000001
RBP: ffffc90003e1f270 R08: ffffffff942c38ff R09: 1ffffffff285871f
R10: dffffc0000000000 R11: fffffbfff2858720 R12: 0000000000000000
R13: dffffc0000000000 R14: 1ffff920007c3e3b R15: 0000000000000cc0
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 shmem_add_to_page_cache+0x979/0xcc0 mm/shmem.c:903
 shmem_alloc_and_add_folio+0x968/0x1090 mm/shmem.c:1928
 shmem_get_folio_gfp+0x621/0x1840 mm/shmem.c:2522
 shmem_get_folio mm/shmem.c:2628 [inline]
 shmem_write_begin+0x165/0x350 mm/shmem.c:3278
 generic_perform_write+0x346/0x990 mm/filemap.c:4189
 shmem_file_write_iter+0xf9/0x120 mm/shmem.c:3454
 iter_file_splice_write+0xbfa/0x1510 fs/splice.c:743
 do_splice_from fs/splice.c:941 [inline]
 direct_splice_actor+0x11b/0x220 fs/splice.c:1164
 splice_direct_to_actor+0x586/0xc80 fs/splice.c:1108
 do_splice_direct_actor fs/splice.c:1207 [inline]
 do_splice_direct+0x289/0x3e0 fs/splice.c:1233
 do_sendfile+0x564/0x8a0 fs/read_write.c:1363
 __do_sys_sendfile64 fs/read_write.c:1424 [inline]
 __se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1410
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f22cfd8cde9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f22d0c4b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f22cffa5fa0 RCX: 00007f22cfd8cde9
RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007
RBP: 00007f22cfe0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000080000001 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f22cffa5fa0 R15: 00007ffc282bbca8
 </TASK>