sched: DL replenish lagged too much
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5819/1:b..l P26165/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=128541, q=793 ncpus=1)
task:syz.0.9730      state:R  running task     stack:27320 pid:26165 tgid:26162 ppid:5826   task_flags:0x40044c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7238
 irqentry_exit+0x17b/0x670 kernel/entry/common.c:239
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:variable_test_bit arch/x86/include/asm/bitops.h:222 [inline]
RIP: 0010:arch_test_bit arch/x86/include/asm/bitops.h:233 [inline]
RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]
RIP: 0010:cpumask_test_cpu include/linux/cpumask.h:649 [inline]
RIP: 0010:cpu_online include/linux/cpumask.h:1231 [inline]
RIP: 0010:trace_lock_acquire include/trace/events/lock.h:24 [inline]
RIP: 0010:lock_acquire+0x42/0x380 kernel/locking/lockdep.c:5831
Code: fd 53 89 d3 48 83 ec 38 65 4c 8b 3d a0 92 29 12 4c 89 7c 24 30 4d 89 cf 66 90 65 8b 05 bb 92 29 12 83 f8 07 0f 87 f0 00 00 00 <48> 0f a3 05 86 94 f5 0e 0f 82 c2 02 00 00 8b 35 4e c8 f5 0e 85 f6
RSP: 0018:ffffc90003b17200 EFLAGS: 00000297
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e7e7760
RBP: ffffffff8e7e7760 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000200 R11: 000000000000c850 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 rcu_read_lock include/linux/rcupdate.h:850 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0xd1/0x1ea0 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2685 [inline]
 free_to_pcs_bulk+0x255/0x8e0 mm/slub.c:5986
 mt_free_bulk lib/maple_tree.c:179 [inline]
 mt_destroy_walk+0xa0a/0xfa0 lib/maple_tree.c:5000
 mte_destroy_walk lib/maple_tree.c:5049 [inline]
 mte_destroy_walk lib/maple_tree.c:5040 [inline]
 __mt_destroy+0x2d7/0x390 lib/maple_tree.c:6446
 exit_mmap+0x47c/0xa30 mm/mmap.c:1325
 __mmput+0x12a/0x410 kernel/fork.c:1175
 mmput+0x67/0x80 kernel/fork.c:1198
 exit_mm kernel/exit.c:581 [inline]
 do_exit+0x819/0x2b60 kernel/exit.c:964
 do_group_exit+0xd5/0x2a0 kernel/exit.c:1118
 get_signal+0x1ec7/0x21e0 kernel/signal.c:3034
 arch_do_signal_or_restart+0x91/0x770 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop+0x86/0x4a0 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
 do_syscall_64+0x668/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f94a1d9c819
RSP: 002b:00007f94a2cfe0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007f94a2015fa8 RCX: 00007f94a1d9c819
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f94a2015fa8
RBP: 00007f94a2015fa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f94a2016038 R14: 00007ffe3fffed20 R15: 00007ffe3fffee08
 </TASK>
task:udevd           state:R  running task     stack:23688 pid:5819  tgid:5819  ppid:5196   task_flags:0x400140 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7238
 irqentry_exit+0x17b/0x670 kernel/entry/common.c:239
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x5e/0x380 kernel/locking/lockdep.c:5872
Code: 05 bb 92 29 12 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 86 94 f5 0e 0f 82 c2 02 00 00 8b 35 4e c8 f5 0e 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 5d 92 29 12 0f 85 02 03 00 00 48 83 c4
RSP: 0018:ffffc90003bb6ba0 EFLAGS: 00000206
RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffffffff8de5d715 RDI: ffffffff8c1b1e20
RBP: ffffffff8e7e7760 R08: 00000000a5b9ddf6 R09: 0000000000000007
R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 rcu_read_lock include/linux/rcupdate.h:850 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0xd1/0x1ea0 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 save_stack+0x162/0x1e0 mm/page_owner.c:165
 __set_page_owner+0x8c/0x540 mm/page_owner.c:341
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x153/0x170 mm/page_alloc.c:1889
 prep_new_page mm/page_alloc.c:1897 [inline]
 get_page_from_freelist+0x111d/0x3140 mm/page_alloc.c:3962
 __alloc_frozen_pages_noprof+0x27c/0x2ba0 mm/page_alloc.c:5250
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2490
 folio_alloc_mpol_noprof+0x36/0x340 mm/mempolicy.c:2509
 vma_alloc_folio_noprof+0xed/0x1d0 mm/mempolicy.c:2544
 folio_prealloc mm/memory.c:1204 [inline]
 alloc_anon_folio mm/memory.c:5209 [inline]
 do_anonymous_page+0xb3a/0x1fb0 mm/memory.c:5266
 do_pte_missing mm/memory.c:4475 [inline]
 handle_pte_fault mm/memory.c:6317 [inline]
 __handle_mm_fault+0x1d48/0x2b60 mm/memory.c:6455
 handle_mm_fault+0x36d/0xa20 mm/memory.c:6624
 do_user_addr_fault+0x74c/0x12f0 arch/x86/mm/fault.c:1385
 handle_page_fault arch/x86/mm/fault.c:1474 [inline]
 exc_page_fault+0x6f/0xd0 arch/x86/mm/fault.c:1527
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0010:rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:74
Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
RSP: 0018:ffffc90003bb78e8 EFLAGS: 00050206
RAX: 0000000000000001 RBX: 00007fdcc7da1000 RCX: 0000000000001000
RDX: 0000000000000001 RSI: ffff88802959a000 RDI: 00007fdcc7da1000
RBP: ffffc90003bb7d80 R08: 0000000000000000 R09: ffffed10052b35ff
R10: ffff88802959afff R11: 0000000000000000 R12: 00007fdcc7da2000
R13: 00007ffffffff000 R14: ffff88802959a000 R15: 0000000000001000
 copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline]
 copy_to_user_iter lib/iov_iter.c:25 [inline]
 iterate_ubuf include/linux/iov_iter.h:30 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:302 [inline]
 iterate_and_advance include/linux/iov_iter.h:330 [inline]
 _copy_to_iter+0x391/0x1720 lib/iov_iter.c:197
 copy_page_to_iter lib/iov_iter.c:374 [inline]
 copy_page_to_iter+0x12a/0x1e0 lib/iov_iter.c:361
 copy_folio_to_iter include/linux/uio.h:204 [inline]
 filemap_read+0x7a9/0x10a0 mm/filemap.c:2856
 blkdev_read_iter+0x2c4/0x4f0 block/fops.c:855
 new_sync_read fs/read_write.c:493 [inline]
 vfs_read+0x825/0xb30 fs/read_write.c:574
 ksys_read+0x12a/0x250 fs/read_write.c:717
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fdcc7ea7407
RSP: 002b:00007fff423065f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007fdcc85cc880 RCX: 00007fdcc7ea7407
RDX: 0000000000040000 RSI: 00007fdcc7da0000 RDI: 0000000000000009
RBP: 000055b8c2a33050 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 000000003ff80000 R14: 000055b8c2a4a5c8 R15: 00007fdcc86f339c
 </TASK>
rcu: rcu_preempt kthread starved for 1618 jiffies! g128541 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27832 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0xfee/0x6120 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7008
 schedule_timeout+0x127/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1a9/0x900 kernel/rcu/tree.c:2095
 rcu_gp_kthread+0x179/0x230 kernel/rcu/tree.c:2297
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 3410 Comm: kworker/R-bat_e Tainted: G     U  W I  L XTNJ syzkaller #0 PREEMPT(full) 
Tainted: [U]=USER, [W]=WARN, [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Workqueue: bat_events batadv_dat_purge
RIP: 0010:check_preemption_disabled+0x4/0xe0 lib/smp_processor_id.c:13
Code: 8b 05 3c a0 7f 08 85 c0 74 04 90 0f 0b 90 e9 53 fc ff ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 53 <48> 83 ec 08 65 8b 1d 35 5c 7f 08 65 f7 05 26 5c 7f 08 ff ff ff 7f
RSP: 0018:ffffc90000006c90 EFLAGS: 00000283
RAX: 0000000000000000 RBX: ffffffff8e7e7760 RCX: ffffffff91797c01
RDX: 0000000000000000 RSI: ffffffff8c1b1da0 RDI: ffffffff8c1b1de0
RBP: ffffffff81b7c03e R08: 0000000000000001 R09: 0000000000000007
R10: 0000000000000200 R11: 000000000000c8b1 R12: ffffc90000006dd0
R13: ffffc90000006d80 R14: ffffc90000007ff8 R15: ffffc90000006db4
FS:  0000000000000000(0000) GS:ffff888124340000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f760e630707 CR3: 0000000065d46000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline]
 rcu_is_watching+0x12/0xc0 kernel/rcu/tree.c:752
 trace_lock_release include/trace/events/lock.h:69 [inline]
 lock_release+0x263/0x320 kernel/locking/lockdep.c:5879
 rcu_lock_release include/linux/rcupdate.h:322 [inline]
 rcu_read_unlock include/linux/rcupdate.h:881 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1193 [inline]
 unwind_next_frame+0x3c3/0x1ea0 arch/x86/kernel/unwind_orc.c:495
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4538 [inline]
 slab_alloc_node mm/slub.c:4866 [inline]
 kmem_cache_alloc_noprof+0x241/0x6e0 mm/slub.c:4873
 skb_ext_maybe_cow net/core/skbuff.c:7092 [inline]
 skb_ext_add+0xfa/0x810 net/core/skbuff.c:7167
 nf_bridge_unshare net/bridge/br_netfilter_hooks.c:169 [inline]
 br_nf_forward_ip.part.0+0x28/0x820 net/bridge/br_netfilter_hooks.c:681
 br_nf_forward_ip net/bridge/br_netfilter_hooks.c:676 [inline]
 br_nf_forward+0xfe5/0x19f0 net/bridge/br_netfilter_hooks.c:773
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xbf/0x220 net/netfilter/core.c:623
 nf_hook include/linux/netfilter.h:273 [inline]
 NF_HOOK include/linux/netfilter.h:316 [inline]
 __br_forward+0x2f6/0x970 net/bridge/br_forward.c:115
 deliver_clone net/bridge/br_forward.c:131 [inline]
 br_flood+0x37f/0x650 net/bridge/br_forward.c:250
 br_handle_frame_finish+0xff4/0x1f60 net/bridge/br_input.c:229
 br_nf_hook_thresh+0x30d/0x420 net/bridge/br_netfilter_hooks.c:1167
 br_nf_pre_routing_finish_ipv6+0x769/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:318 [inline]
 br_nf_pre_routing_ipv6+0x39c/0x8b0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x90d/0x1550 net/bridge/br_netfilter_hooks.c:508
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:291 [inline]
 br_handle_frame+0xcdd/0x1520 net/bridge/br_input.c:442
 __netif_receive_skb_core.constprop.0+0x6c5/0x3550 net/core/dev.c:6068
 __netif_receive_skb_one_core+0xb0/0x1e0 net/core/dev.c:6179
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6294
 process_backlog+0x37a/0x1580 net/core/dev.c:6645
 __napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7709
 napi_poll net/core/dev.c:7772 [inline]
 net_rx_action+0xa40/0xf20 net/core/dev.c:7929
 handle_softirqs+0x1eb/0x9e0 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xac/0xe0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:395 [inline]
 __batadv_dat_purge.part.0+0x294/0x3c0 net/batman-adv/distributed-arp-table.c:185
 __batadv_dat_purge net/batman-adv/distributed-arp-table.c:166 [inline]
 batadv_dat_purge+0x4b/0xa0 net/batman-adv/distributed-arp-table.c:204
 process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
 process_scheduled_works kernel/workqueue.c:3359 [inline]
 rescuer_thread+0x905/0x14a0 kernel/workqueue.c:3583
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>