rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5993/1:b..l P8722/1:b..l P8017/1:b..l P8714/1:b..l
rcu: (detected by 0, t=10502 jiffies, g=31413, q=364 ncpus=2)
task:syz.9.493 state:R running task stack:25608 pid:8714 tgid:8714 ppid:7941 task_flags:0x40004c flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7113
preempt_schedule+0xae/0xc0 kernel/sched/core.c:7137
preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
__raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
_raw_spin_unlock+0x3f/0x50 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:391 [inline]
zap_pte_range mm/memory.c:1884 [inline]
zap_pmd_range mm/memory.c:1946 [inline]
zap_pud_range mm/memory.c:1975 [inline]
zap_p4d_range mm/memory.c:1996 [inline]
unmap_page_range+0x3a7f/0x4370 mm/memory.c:2017
unmap_single_vma mm/memory.c:2060 [inline]
unmap_vmas+0x399/0x580 mm/memory.c:2104
exit_mmap+0x240/0xb40 mm/mmap.c:1280
__mmput+0x118/0x430 kernel/fork.c:1133
exit_mm+0x1da/0x2c0 kernel/exit.c:582
do_exit+0x648/0x2300 kernel/exit.c:954
do_group_exit+0x21c/0x2d0 kernel/exit.c:1107
__do_sys_exit_group kernel/exit.c:1118 [inline]
__se_sys_exit_group kernel/exit.c:1116 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1116
x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd72958eec9
RSP: 002b:00007ffc408136b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd72958eec9
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffc4081371c R08: 0000000e408137af R09: 00000000000927c0
R10: 00000000000036f0 R11: 0000000000000246 R12: 000000000000000c
R13: 00000000000927c0 R14: 0000000000059c69 R15: 00007ffc40813770
task:kworker/u8:14 state:R running task stack:23176 pid:8017 tgid:8017 ppid:2 task_flags:0x24208060 flags:0x00080000
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7256
irqentry_exit+0x6f/0x90 kernel/entry/common.c:211
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:get_current arch/x86/include/asm/current.h:25 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:216
Code: 8b 3d 14 73 b3 0b 48 89 de 5b e9 63 70 5a 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 40 4b 92 65 8b 15 18 9d 8b 10 81 e2 00 01 ff 00
RSP: 0018:ffffc9000af16b60 EFLAGS: 00000246
RAX: ffffffff846c0e15 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88802ab43c80 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000000005d0 R08: 0000000000000000 R09: ffffffff846c28ce
R10: ffffc9000af16ca0 R11: fffff520015e2d96 R12: ffffc9000af16cb8
R13: dffffc0000000000 R14: ffffc9000af16cd0 R15: ffffc9000af16cc0
blk_map_iter_next+0x3d5/0xc80 block/blk-mq-dma.c:53
__blk_rq_map_sg+0x3c3/0x5b0 block/blk-mq-dma.c:292
scsi_alloc_sgtables+0x2ec/0xc40 drivers/scsi/scsi_lib.c:1151
sd_setup_read_write_cmnd drivers/scsi/sd.c:1336 [inline]
sd_init_command+0x558/0x1ff0 drivers/scsi/sd.c:1458
scsi_prepare_cmd drivers/scsi/scsi_lib.c:1708 [inline]
scsi_queue_rq+0x1771/0x2cc0 drivers/scsi/scsi_lib.c:1849
blk_mq_dispatch_rq_list+0x4c0/0x1900 block/blk-mq.c:2129
__blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline]
blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline]
__blk_mq_sched_dispatch_requests+0xda4/0x1570 block/blk-mq-sched.c:307
blk_mq_sched_dispatch_requests+0xd7/0x190 block/blk-mq-sched.c:329
blk_mq_run_hw_queue+0x404/0x4f0 block/blk-mq.c:2367
blk_mq_dispatch_list+0xd0c/0xe00 include/linux/spinlock.h:-1
blk_mq_flush_plug_list+0x469/0x550 block/blk-mq.c:2976
__blk_flush_plug+0x3d3/0x4b0 block/blk-core.c:1225
blk_finish_plug+0x5e/0x90 block/blk-core.c:1252
wb_writeback+0xa80/0xaf0 fs/fs-writeback.c:2233
wb_check_old_data_flush fs/fs-writeback.c:2301 [inline]
wb_do_writeback fs/fs-writeback.c:2354 [inline]
wb_workfn+0xaef/0xef0 fs/fs-writeback.c:2382
process_one_work kernel/workqueue.c:3263 [inline]
process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
task:rm state:R running task stack:24584 pid:8722 tgid:8722 ppid:8694 task_flags:0x40000c flags:0x00080001
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7256
irqentry_exit+0x6f/0x90 kernel/entry/common.c:211
asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x5/0x360 kernel/locking/lockdep.c:5828
Code: a9 00 ff ff 00 0f 95 c0 e9 08 93 9f 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 60 4d 89 ce 45 89 c7 41 89 cc
RSP: 0018:ffffc9000aff71a0 EFLAGS: 00000246
RAX: 0000000000000001 RBX: ffffffff81842a6c RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8dd3d2e0
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc9000aff72d8 R11: ffffffff81ac1cd0 R12: 1ffff920015fee51
R13: ffffc9000aff72c0 R14: ffffc9000aff7288 R15: ffffffff81737d25
rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
rcu_read_lock include/linux/rcupdate.h:867 [inline]
class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479
arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
save_stack+0xf5/0x1f0 mm/page_owner.c:156
__reset_page_owner+0x71/0x1f0 mm/page_owner.c:308
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1394 [inline]
free_unref_folios+0xdb3/0x14f0 mm/page_alloc.c:2963
folios_put_refs+0x584/0x670 mm/swap.c:1002
free_pages_and_swap_cache+0x4be/0x520 mm/swap_state.c:358
__tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:397 [inline]
tlb_flush_mmu+0x3a0/0x680 mm/mmu_gather.c:404
tlb_finish_mmu+0xc3/0x1d0 mm/mmu_gather.c:497
exit_mmap+0x444/0xb40 mm/mmap.c:1293
__mmput+0x118/0x430 kernel/fork.c:1133
exit_mm+0x1da/0x2c0 kernel/exit.c:582
do_exit+0x648/0x2300 kernel/exit.c:954
do_group_exit+0x21c/0x2d0 kernel/exit.c:1107
__do_sys_exit_group kernel/exit.c:1118 [inline]
__se_sys_exit_group kernel/exit.c:1116 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1116
x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f79efe196c5
RSP: 002b:00007fff32071068 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f79eff1afe8 RCX: 00007f79efe196c5
RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
RBP: 0000000000000001 R08: 00007fff32070ff8 R09: 0000000000000000
R10: 00007fff32070e90 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f79eff19680 R15: 00007f79eff1b000
task:udevd state:R running task stack:21856 pid:5993 tgid:5993 ppid:5213 task_flags:0x400140 flags:0x00080001
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7113
preempt_schedule+0xae/0xc0 kernel/sched/core.c:7137
preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xfd/0x110 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
__wake_up_common_lock+0x190/0x1f0 kernel/sched/wait.c:127
sock_def_readable+0x1fb/0x550 net/core/sock.c:3551
unix_dgram_sendmsg+0xe08/0x1850 net/unix/af_unix.c:2309
sock_sendmsg_nosec net/socket.c:727 [inline]
__sock_sendmsg+0x21c/0x270 net/socket.c:742
sock_write_iter+0x279/0x360 net/socket.c:1195
new_sync_write fs/read_write.c:593 [inline]
vfs_write+0x5c9/0xb30 fs/read_write.c:686
ksys_write+0x145/0x250 fs/read_write.c:738
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6477ca7407
RSP: 002b:00007ffcd705cfe0 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f647841a880 RCX: 00007f6477ca7407
RDX: 0000000000000000 RSI: 00007ffcd705d087 RDI: 000000000000000a
RBP: 000000000000000a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007f647841a6e8
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
rcu: rcu_preempt kthread starved for 9929 jiffies! g31413 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:27232 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5325 [inline]
__schedule+0x1798/0x4cc0 kernel/sched/core.c:6929
__schedule_loop kernel/sched/core.c:7011 [inline]
schedule+0x165/0x360 kernel/sched/core.c:7026
schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
kthread+0x711/0x8a0 kernel/kthread.c:463
ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:lockdep_enabled kernel/locking/lockdep.c:124 [inline]
RIP: 0010:lock_release+0x81/0x3e0 kernel/locking/lockdep.c:5881
Code: 84 ad 02 00 00 83 3d 4d 30 bf 0d 00 0f 84 44 02 00 00 65 8b 05 20 2d ae 10 85 c0 0f 85 35 02 00 00 65 4c 8b 3c 25 08 40 4b 92 <41> 83 bf 2c 0b 00 00 00 0f 85 1e 02 00 00 49 81 3e 40 f3 0e 93 0f
RSP: 0018:ffffc90000a07c90 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff90877c01 RCX: 54aa30db9ea16e00
RDX: ffffc90000a07e01 RSI: ffffffff8b9efcc0 RDI: ffffffff8b9efc80
RBP: dffffc0000000000 R08: ffffc90000a08ce0 R09: 0000000000000000
R10: ffffc90000a07e18 R11: fffff52000140fc5 R12: ffffc90000a08cf0
R13: ffffffff81737d25 R14: ffffffff8dd3d2e0 R15: ffff88801c6bdac0
FS: 0000000000000000(0000) GS:ffff88812626c000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8bfd250d30 CR3: 0000000075122000 CR4: 00000000003526f0
Call Trace:
rcu_lock_release include/linux/rcupdate.h:341 [inline]
rcu_read_unlock include/linux/rcupdate.h:897 [inline]
class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
unwind_next_frame+0x19a9/0x2390 arch/x86/kernel/unwind_orc.c:680
arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:56 [inline]
kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
poison_kmalloc_redzone mm/kasan/common.c:400 [inline]
__kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417
kasan_kmalloc include/linux/kasan.h:262 [inline]
__do_kmalloc_node mm/slub.c:5604 [inline]
__kmalloc_noprof+0x411/0x7f0 mm/slub.c:5616
kmalloc_noprof include/linux/slab.h:961 [inline]
kzalloc_noprof include/linux/slab.h:1094 [inline]
cfg80211_inform_single_bss_data+0x905/0x1ac0 net/wireless/scan.c:2357
cfg80211_inform_bss_data+0x203/0x3b40 net/wireless/scan.c:3240
cfg80211_inform_bss_frame_data+0x3d7/0x730 net/wireless/scan.c:3331
ieee80211_bss_info_update+0x749/0x9e0 net/mac80211/scan.c:226
ieee80211_scan_rx+0x593/0xa20 net/mac80211/scan.c:355
__ieee80211_rx_handle_packet net/mac80211/rx.c:5194 [inline]
ieee80211_rx_list+0x210c/0x2b90 net/mac80211/rx.c:5447
ieee80211_rx_napi+0x1a8/0x3d0 net/mac80211/rx.c:5470
ieee80211_rx include/net/mac80211.h:5214 [inline]
ieee80211_handle_queued_frames+0xe8/0x1f0 net/mac80211/main.c:453
tasklet_action_common+0x36c/0x580 kernel/softirq.c:925
handle_softirqs+0x286/0x870 kernel/softirq.c:622
__do_softirq kernel/softirq.c:656 [inline]
invoke_softirq kernel/softirq.c:496 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:723
irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:pv_native_safe_halt+0x13/0x20 arch/x86/kernel/paravirt.c:82
Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 41 0e 00 f3 0f 1e fa fb f4 c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
RAX: 54aa30db9ea16e00 RBX: ffffffff81966c07 RCX: 54aa30db9ea16e00
RDX: 0000000000000001 RSI: ffffffff8d51613e RDI: ffffffff8b9efce0
RBP: ffffc90000197f10 R08: ffff8880b8732fdb R09: 1ffff110170e65fb
R10: dffffc0000000000 R11: ffffed10170e65fc R12: ffffffff8f5c5370
R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110038d7b58
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:767
default_idle_call+0x73/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:190 [inline]
do_idle+0x1e7/0x510 kernel/sched/idle.c:330
cpu_startup_entry+0x44/0x60 kernel/sched/idle.c:428
start_secondary+0x101/0x110 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x147