rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P16181 P16184/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=85081, q=286 ncpus=2)
task:syz.3.2855      state:R  running task     stack:23528 pid:16184 ppid:11462  flags:0x00004006
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 preempt_schedule_irq+0xb5/0x140 kernel/sched/core.c:7009
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:104 [inline]
RIP: 0010:__local_bh_enable_ip+0x136/0x1c0 kernel/softirq.c:413
Code: 8a e8 3e fa 15 09 65 66 8b 05 86 22 b2 7e 66 85 c0 75 54 bf 01 00 00 00 e8 67 db 09 00 e8 62 60 3a 00 fb 65 8b 05 52 22 b2 7e <85> c0 75 05 e8 31 08 af ff 48 c7 04 24 0e 36 e0 45 4b c7 04 37 00
RSP: 0018:ffffc900042c7a20 EFLAGS: 00000282
RAX: 0000000000000000 RBX: 0000000000000200 RCX: 14f3b1a48e93be00
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: ffffffff8afc6f80
RBP: ffffc900042c7ab0 R08: ffffffff8e4a212f R09: 1ffffffff1c94425
R10: dffffc0000000000 R11: fffffbfff1c94426 R12: ffffffff889de94c
R13: ffffc900042c7d00 R14: dffffc0000000000 R15: 1ffff92000858f44
 local_bh_enable include/linux/bottom_half.h:33 [inline]
 bpf_test_run+0x3c5/0x810 net/bpf/test_run.c:425
 bpf_prog_test_run_skb+0xa67/0x11c0 net/bpf/test_run.c:1050
 bpf_prog_test_run+0x321/0x390 kernel/bpf/syscall.c:4129
 __sys_bpf+0x440/0x800 kernel/bpf/syscall.c:5491
 __do_sys_bpf kernel/bpf/syscall.c:5577 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5575 [inline]
 __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5575
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7fc53378f749
RSP: 002b:00007fc534542038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc5339e5fa0 RCX: 00007fc53378f749
RDX: 0000000000000050 RSI: 00002000000000c0 RDI: 000000000000000a
RBP: 00007fc533813f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fc5339e6038 R14: 00007fc5339e5fa0 R15: 00007ffc4a20baf8
 </TASK>
task:syz.9.2854      state:R  running task     stack:24488 pid:16181 ppid:14193  flags:0x0000400e
Call Trace:
 <TASK>
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10495 jiffies! g85081 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=1 timer-softirq=49534
rcu: rcu_preempt kthread starved for 10496 jiffies! g85081 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:26456 pid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5380 [inline]
 __schedule+0x14d2/0x44d0 kernel/sched/core.c:6699
 schedule+0xbd/0x170 kernel/sched/core.c:6773
 schedule_timeout+0x160/0x280 kernel/time/timer.c:2168
 rcu_gp_fqs_loop+0x302/0x1560 kernel/rcu/tree.c:1667
 rcu_gp_kthread+0x99/0x380 kernel/rcu/tree.c:1866
 kthread+0x2fa/0x390 kernel/kthread.c:388
 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:152
 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:293
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 16181 Comm: syz.9.2854 Not tainted syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4808 [inline]
RIP: 0010:__lock_acquire+0x9d0/0x7c80 kernel/locking/lockdep.c:5087
Code: 48 c1 e8 03 42 0f b6 04 00 84 c0 0f 85 24 01 00 00 45 0f b6 24 24 45 84 e4 74 3e 0f b6 84 24 88 00 00 00 41 0f b6 cc 44 38 e0 <0f> 42 c8 89 8c 24 88 00 00 00 49 81 c6 ca 00 00 00 4c 89 f0 48 c1
RSP: 0018:ffffc900001f09a0 EFLAGS: 00000046
RAX: 0000000000000002 RBX: 0000000000000004 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff90d94500
RBP: ffffc900001f0be8 R08: dffffc0000000000 R09: 1ffffffff21b28a0
R10: dffffc0000000000 R11: fffffbfff21b28a1 R12: 0000000000000002
R13: ffff88801cfb29a0 R14: ffffffff906fde90 R15: ffff88801cfb29a0
FS:  00007f4dec5ba6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000110c294db4 CR3: 000000004c4d0000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000200000000300 DR2: 0000200000000300
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 lock_acquire+0x197/0x410 kernel/locking/lockdep.c:5754
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0xb0/0x100 kernel/locking/spinlock.c:236
 send_sigio+0x33/0x360 fs/fcntl.c:772
 kill_fasync_rcu fs/fcntl.c:997 [inline]
 kill_fasync+0x228/0x4b0 fs/fcntl.c:1011
 perf_event_wakeup+0x2ee/0x380 kernel/events/core.c:6794
 perf_pending_irq+0x165/0x5e0 kernel/events/core.c:6890
 irq_work_single+0xd5/0x230 kernel/irq_work.c:221
 irq_work_run_list kernel/irq_work.c:252 [inline]
 irq_work_run+0x156/0x2e0 kernel/irq_work.c:261
 __sysvec_irq_work+0x98/0x380 arch/x86/kernel/irq_work.c:22
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0x9c/0xc0 arch/x86/kernel/irq_work.c:17
 </IRQ>
 <TASK>
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:723
RIP: 0010:finish_task_switch+0x26a/0x920 kernel/sched/core.c:5254
Code: 0f 84 37 01 00 00 48 85 db 0f 85 56 01 00 00 0f 1f 44 00 00 4c 8b 75 d0 4c 89 e7 e8 80 ca 14 09 e8 4b a4 2f 00 fb 4c 8b 65 c0 <49> 8d bc 24 f8 15 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
RSP: 0018:ffffc90003ab7038 EFLAGS: 00000282
RAX: d7fbc8c30e262800 RBX: 0000000000000000 RCX: d7fbc8c30e262800
RDX: dffffc0000000000 RSI: ffffffff8aaabce0 RDI: ffffffff8afc6f80
RBP: ffffc90003ab7090 R08: ffffffff90d94537 R09: 1ffffffff21b28a6
R10: dffffc0000000000 R11: fffffbfff21b28a7 R12: ffff88801cfb1e00
R13: dffffc0000000000 R14: ffff888069c41e00 R15: ffff8880b8f3cac8
 context_switch kernel/sched/core.c:5383 [inline]
 __schedule+0x14da/0x44d0 kernel/sched/core.c:6699
 preempt_schedule_irq+0xb5/0x140 kernel/sched/core.c:7009
 irqentry_exit+0x67/0x70 kernel/entry/common.c:438
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:687
RIP: 0010:check_kcov_mode kernel/kcov.c:193 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x36/0x60 kernel/kcov.c:216
Code: f0 24 7e 7e 65 8b 15 f1 24 7e 7e 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 1c 16 00 00 00 74 2c 8b 91 f8 15 00 00 <83> fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 8d 7e 01 8b 89 fc
RSP: 0018:ffffc90003ab7410 EFLAGS: 00000246
RAX: ffffffff8a5423d6 RBX: ffffc90003ab74e0 RCX: ffff88801cfb1e00
RDX: 0000000000000002 RSI: 0000000000000300 RDI: 0000000000000300
RBP: ffff88801786a7a0 R08: dffffc0000000000 R09: 1ffffffff21b28a0
R10: dffffc0000000000 R11: fffffbfff21b28a1 R12: ffff88805ef6621e
R13: dffffc0000000000 R14: ffffc90003ab74f8 R15: 0000000000000300
 mt_locked lib/maple_tree.c:807 [inline]
 mas_root lib/maple_tree.c:858 [inline]
 mas_start+0x186/0x470 lib/maple_tree.c:1387
 mas_state_walk lib/maple_tree.c:3707 [inline]
 mt_find+0x1fb/0x5b0 lib/maple_tree.c:6548
 find_vma+0x12e/0x1b0 mm/mmap.c:1888
 lock_mm_and_find_vma+0x5f/0x300 mm/memory.c:5443
 do_user_addr_fault+0x36c/0x12e0 arch/x86/mm/fault.c:1345
 handle_page_fault arch/x86/mm/fault.c:1465 [inline]
 exc_page_fault+0x67/0x110 arch/x86/mm/fault.c:1521
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:608
RIP: 0010:rep_movs_alternative+0x4a/0x90 arch/x86/lib/copy_user_64.S:71
Code: 75 f1 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 29 f8 48 01
RSP: 0018:ffffc90003ab7818 EFLAGS: 00050206
RAX: ffffffff841d0301 RBX: 0000000000008000 RCX: 0000000000005140
RDX: 0000000000000001 RSI: 00002000005e3000 RDI: ffff88802fedaec0
RBP: ffffc90003ab7970 R08: ffff88802fedffff R09: 1ffff11005fdbfff
R10: dffffc0000000000 R11: ffffed1005fdc000 R12: ffff88802fed8000
R13: 00002000005e0140 R14: ffffc90003ab7c18 R15: 1ffff92000756f83
 copy_user_generic arch/x86/include/asm/uaccess_64.h:112 [inline]
 raw_copy_from_user arch/x86/include/asm/uaccess_64.h:127 [inline]
 copyin lib/iov_iter.c:193 [inline]
 _copy_from_iter+0x248/0x1290 lib/iov_iter.c:390
 copy_from_iter include/linux/uio.h:209 [inline]
 copy_from_iter_full include/linux/uio.h:216 [inline]
 skb_do_copy_data_nocache include/net/sock.h:2329 [inline]
 skb_copy_to_page_nocache include/net/sock.h:2355 [inline]
 kcm_sendmsg+0xd87/0x2880 net/kcm/kcmsock.c:858
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 sock_write_iter+0x2bb/0x3f0 net/socket.c:1160
 call_write_iter include/linux/fs.h:2018 [inline]
 new_sync_write fs/read_write.c:491 [inline]
 vfs_write+0x43b/0x940 fs/read_write.c:584
 ksys_write+0x147/0x250 fs/read_write.c:637
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x55/0xb0 arch/x86/entry/common.c:81
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f4deb78f749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4dec5ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f4deb9e5fa0 RCX: 00007f4deb78f749
RDX: 00000000fffffdef RSI: 0000200000000140 RDI: 0000000000000007
RBP: 00007f4deb813f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4deb9e6038 R14: 00007f4deb9e5fa0 R15: 00007ffcc5ae51b8
 </TASK>