rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6535/1:b..l P2/1:b..l P6550/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=16433, q=951010 ncpus=2)
task:syz.2.130       state:R  running task     stack:26152 pid:6550  tgid:6548  ppid:5855   task_flags:0x40054c flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_common+0x84/0xd0 kernel/sched/core.c:6947
 preempt_schedule+0xe4/0xf0 kernel/sched/core.c:6971
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1761 [inline]
 zap_pmd_range mm/memory.c:1823 [inline]
 zap_pud_range mm/memory.c:1852 [inline]
 zap_p4d_range mm/memory.c:1873 [inline]
 unmap_page_range+0x39c5/0x44d0 mm/memory.c:1894
 unmap_vmas+0x3ce/0x5f0 mm/memory.c:1984
 exit_mmap+0x2bc/0xde0 mm/mmap.c:1284
 __mmput+0x115/0x420 kernel/fork.c:1379
 exit_mm+0x221/0x310 kernel/exit.c:589
 do_exit+0x994/0x27f0 kernel/exit.c:940
 do_group_exit+0x207/0x2c0 kernel/exit.c:1102
 get_signal+0x1696/0x1730 kernel/signal.c:3034
 arch_do_signal_or_restart+0x98/0x840 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xce/0x340 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa316f8d169
RSP: 002b:00007fa317e460e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 00007fa3171a5fa8 RCX: 00007fa316f8d169
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa3171a5fac
RBP: 00007fa3171a5fa0 R08: 7fffffffffffffff R09: 0000000000000000
R10: 0000000000000004 R11: 0000000000000246 R12: 00007fa3171a5fac
R13: 0000000000000000 R14: 00007fa3172cf940 R15: 00007fa3172cfa28
 </TASK>
task:kthreadd        state:R  running task     stack:25432 pid:2     tgid:2     ppid:0      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lockdep_enabled kernel/locking/lockdep.c:118 [inline]
RIP: 0010:lock_acquire+0x90/0x2f0 kernel/locking/lockdep.c:5842
Code: aa 0e 01 0f 84 9b 01 00 00 83 3d 6a 0f c1 0e 00 0f 84 e6 00 00 00 48 8b 74 24 70 48 89 df e8 57 61 8e 00 83 3d 50 0f c1 0e 00 <0f> 84 ef 00 00 00 65 8b 05 33 bd c9 11 85 c0 0f 85 e0 00 00 00 65
RSP: 0018:ffffc90000077168 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffffffff8ed3dfe0 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffffffff816dfbe5 RDI: 1ffffffff1da7bfc
RBP: ffffffff93687020 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc90000077310 R11: ffffffff81aee9b0 R12: 0000000000000000
R13: 0000000000000002 R14: ffffffff818e6214 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd5/0x23b0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2680
 discard_slab mm/slub.c:2720 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3189
 put_cpu_partial+0x17e/0x250 mm/slub.c:3264
 __slab_free+0x294/0x390 mm/slub.c:4516
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4151 [inline]
 slab_alloc_node mm/slub.c:4200 [inline]
 __do_kmalloc_node mm/slub.c:4330 [inline]
 __kmalloc_noprof+0x238/0x4d0 mm/slub.c:4343
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 lsm_blob_alloc security/security.c:684 [inline]
 lsm_cred_alloc security/security.c:701 [inline]
 security_prepare_creds+0x53/0x360 security/security.c:3241
 prepare_creds+0x4b4/0x6f0 kernel/cred.c:242
 copy_creds+0x109/0x9c0 kernel/cred.c:312
 copy_process+0x9ec/0x3d10 kernel/fork.c:2293
 kernel_clone+0x242/0x930 kernel/fork.c:2844
 kernel_thread+0x1c2/0x250 kernel/fork.c:2906
 create_kthread kernel/kthread.c:487 [inline]
 kthreadd+0x621/0x850 kernel/kthread.c:847
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
task:syz.5.126       state:R  running task     stack:22216 pid:6535  tgid:6534  ppid:6153   task_flags:0x480140 flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 preempt_schedule_irq+0xfe/0x1c0 kernel/sched/core.c:7090
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x167/0x2f0 arch/x86/include/asm/irqflags.h:-1
Code: c7 44 24 10 00 00 00 00 9c 8f 44 24 10 f7 44 24 10 00 02 00 00 0f 85 fd 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 65 48 8b 45 00 <48> 3b 44 24 38 0f 85 72 01 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc900034b6288 EFLAGS: 00000206
RAX: c28730d7f1d19600 RBX: ffffffff8ed3dfe0 RCX: c28730d7f1d19600
RDX: 0000000000000000 RSI: ffffffff8e4fc666 RDI: ffffffff8ca1b140
RBP: ffffffff93687020 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000002 R14: 0000000000000246 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd5/0x23b0 arch/x86/kernel/unwind_orc.c:479
 __unwind_start+0x59a/0x740 arch/x86/kernel/unwind_orc.c:758
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0xe7/0x150 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 save_stack+0xfc/0x1f0 mm/page_owner.c:156
 __reset_page_owner+0x76/0x1e0 mm/page_owner.c:308
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1262 [inline]
 __free_frozen_pages+0xde8/0x10a0 mm/page_alloc.c:2680
 discard_slab mm/slub.c:2720 [inline]
 __put_partials+0x160/0x1c0 mm/slub.c:3189
 put_cpu_partial+0x17e/0x250 mm/slub.c:3264
 __slab_free+0x294/0x390 mm/slub.c:4516
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4151 [inline]
 slab_alloc_node mm/slub.c:4200 [inline]
 __do_kmalloc_node mm/slub.c:4330 [inline]
 __kmalloc_noprof+0x238/0x4d0 mm/slub.c:4343
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 kobject_get_path+0xc3/0x2c0 lib/kobject.c:161
 kobject_uevent_env+0x2a5/0x8e0 lib/kobject_uevent.c:545
 device_del+0x7dd/0x9b0 drivers/base/core.c:3873
 unregister_netdevice_many_notify+0x1f37/0x2510 net/core/dev.c:12009
 unregister_netdevice_many net/core/dev.c:12037 [inline]
 unregister_netdevice_queue+0x383/0x400 net/core/dev.c:11889
 br_dev_newlink+0x115/0x140 net/bridge/br_netlink.c:1577
 rtnl_newlink_create+0x39b/0xcb0 net/core/rtnetlink.c:3833
 __rtnl_newlink net/core/rtnetlink.c:3950 [inline]
 rtnl_newlink+0x18b0/0x1fe0 net/core/rtnetlink.c:4065
 rtnetlink_rcv_msg+0x80f/0xd70 net/core/rtnetlink.c:6955
 netlink_rcv_skb+0x208/0x480 net/netlink/af_netlink.c:2534
 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
 netlink_unicast+0x7f8/0x9a0 net/netlink/af_netlink.c:1339
 netlink_sendmsg+0x8c3/0xcd0 net/netlink/af_netlink.c:1883
 sock_sendmsg_nosec net/socket.c:712 [inline]
 __sock_sendmsg+0x221/0x270 net/socket.c:727
 ____sys_sendmsg+0x523/0x860 net/socket.c:2566
 ___sys_sendmsg net/socket.c:2620 [inline]
 __sys_sendmsg+0x271/0x360 net/socket.c:2652
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fad4178d169
RSP: 002b:00007fad4267a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fad419a5fa0 RCX: 00007fad4178d169
RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
RBP: 00007fad4180e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fad419a5fa0 R15: 00007fad41acfa28
 </TASK>
rcu: rcu_preempt kthread starved for 9899 jiffies! g16433 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26376 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5382 [inline]
 __schedule+0x1b88/0x5240 kernel/sched/core.c:6767
 __schedule_loop kernel/sched/core.c:6845 [inline]
 schedule+0x163/0x360 kernel/sched/core.c:6860
 schedule_timeout+0x15b/0x2b0 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x2e1/0x1340 kernel/rcu/tree.c:2046
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2248
 kthread+0x7b7/0x940 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:__lock_acquire+0x6a1/0xd80 kernel/locking/lockdep.c:5205
Code: 00 0f 84 c2 00 00 00 48 8b 3c 24 4c 89 f6 ba 08 00 00 00 e8 a1 2a 00 00 45 31 ed 85 c0 0f 84 7d 04 00 00 83 3d ef 9d d4 18 00 <75> 13 48 63 44 24 10 48 0f a3 05 b0 0e d1 12 0f 83 90 05 00 00 31
RSP: 0018:ffffc90000a07608 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000009
RDX: 0000000000000008 RSI: ffff88801d6f6568 RDI: ffff88801d6f5a00
RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88801d6f6588
R13: 0000000000000000 R14: ffff88801d6f6568 R15: 0000000000000003
FS:  0000000000000000(0000) GS:ffff888125099000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4e95c00218 CR3: 0000000064ae0000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 lock_acquire+0x116/0x2f0 kernel/locking/lockdep.c:5866
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 unwind_next_frame+0xd5/0x23b0 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x11e/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x11a/0x1d0 kernel/stacktrace.c:122
 ref_tracker_alloc+0x19f/0x4c0 lib/ref_tracker.c:209
 __netdev_tracker_alloc include/linux/netdevice.h:4331 [inline]
 netdev_hold include/linux/netdevice.h:4360 [inline]
 dst_init+0xee/0x490 net/core/dst.c:52
 dst_alloc+0x14f/0x190 net/core/dst.c:93
 rt_dst_alloc net/ipv4/route.c:1638 [inline]
 __mkroute_output net/ipv4/route.c:2632 [inline]
 ip_route_output_key_hash_rcu+0x1378/0x2290 net/ipv4/route.c:2854
 ip_route_output_key_hash+0x195/0x2b0 net/ipv4/route.c:2683
 __ip_route_output_key include/net/route.h:169 [inline]
 ip_route_output_flow+0x29/0x140 net/ipv4/route.c:2911
 ip_route_output_key include/net/route.h:179 [inline]
 ip_route_me_harder+0x852/0x13e0 net/ipv4/netfilter.c:53
 synproxy_send_tcp+0x356/0x6c0 net/netfilter/nf_synproxy_core.c:431
 synproxy_send_client_synack+0x8ea/0xf70 net/netfilter/nf_synproxy_core.c:484
 nft_synproxy_eval_v4+0x3cc/0x610 net/netfilter/nft_synproxy.c:59
 nft_synproxy_do_eval+0x36a/0xa90 net/netfilter/nft_synproxy.c:141
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x4b2/0x1db0 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0x41f/0x6b0 net/netfilter/nft_chain_filter.c:161
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0xc8/0x220 net/netfilter/core.c:626
 nf_hook include/linux/netfilter.h:269 [inline]
 NF_HOOK+0x29b/0x450 include/linux/netfilter.h:312
 NF_HOOK+0x3a0/0x450 include/linux/netfilter.h:314
 __netif_receive_skb_one_core net/core/dev.c:5891 [inline]
 __netif_receive_skb+0x2c9/0x670 net/core/dev.c:6004
 process_backlog+0x664/0x15c0 net/core/dev.c:6356
 __napi_poll+0xcb/0x480 net/core/dev.c:7328
 napi_poll net/core/dev.c:7392 [inline]
 net_rx_action+0x89d/0x1240 net/core/dev.c:7514
 handle_softirqs+0x2d6/0x9b0 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xfb/0x220 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:81
Code: cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 01 18 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000197dc0 EFLAGS: 000002c2
RAX: 5f310d0ddcc6e100 RBX: ffffffff8197afbe RCX: ffffffff8c30393c
RDX: 0000000000000001 RSI: ffffffff8e69b738 RDI: ffffffff8ca1b140
RBP: ffffc90000197f20 R08: ffff8880b8732b5b R09: 1ffff110170e656b
R10: dffffc0000000000 R11: ffffed10170e656c R12: 1ffff92000032fd2
R13: 1ffff11003adeb40 R14: 0000000000000001 R15: dffffc0000000000
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x13/0x20 arch/x86/kernel/process.c:748
 default_idle_call+0x74/0xb0 kernel/sched/idle.c:117
 cpuidle_idle_call kernel/sched/idle.c:185 [inline]
 do_idle+0x22e/0x5d0 kernel/sched/idle.c:325
 cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:423
 start_secondary+0xfe/0x100 arch/x86/kernel/smpboot.c:315
 common_startup_64+0x13e/0x147
 </TASK>