syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P7097/1:b..l P10084/1:b..l
rcu: 	(detected by 1, t=10502 jiffies, g=40349, q=176 ncpus=2)
task:udevd           state:R  running task     stack:24888 pid:10084 tgid:10084 ppid:5179   task_flags:0x400140 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0xfe4/0x5e10 kernel/sched/core.c:6867
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7194
 irqentry_exit+0x17b/0x670 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:rcu_read_unlock include/linux/rcupdate.h:899 [inline]
RIP: 0010:class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
RIP: 0010:unwind_next_frame+0x3c3/0x1ea0 arch/x86/kernel/unwind_orc.c:495
Code: 41 c7 45 00 00 00 00 00 31 ed e8 38 04 c0 09 85 c0 0f 85 90 03 00 00 48 c7 c7 e0 32 5e 8e 48 8d 35 00 00 00 00 e8 dd 7e 2c 00 <e8> d8 f8 35 00 e9 73 fc ff ff 49 81 ff 00 f0 38 92 72 0d 49 81 ff
RSP: 0018:ffffc9000417f480 EFLAGS: 00000296
RAX: 0000000000000000 RBX: ffffc9000417f5e0 RCX: ffffc9000417f444
RDX: 0000000000000003 RSI: ffffffff8dc1f48b RDI: ffffffff8bfa35a0
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000007
R10: 0000000000000200 R11: 000000000000adb1 R12: ffffc9000417f590
R13: ffffc9000417f540 R14: ffffc9000417f5e0 R15: ffffc9000417f574
 __unwind_start+0x3d1/0x7f0 arch/x86/kernel/unwind_orc.c:773
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0x73/0xf0 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2540 [inline]
 slab_free mm/slub.c:6674 [inline]
 kfree+0x1c7/0x690 mm/slub.c:6882
 tomoyo_realpath_from_path+0x19c/0x690 security/tomoyo/realpath.c:286
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path2_perm+0x366/0x700 security/tomoyo/file.c:923
 tomoyo_path_rename+0xfc/0x1a0 security/tomoyo/tomoyo.c:300
 security_path_rename+0x18e/0x3c0 security/security.c:1518
 do_renameat2+0x741/0xa10 fs/namei.c:6051
 __do_sys_rename fs/namei.c:6099 [inline]
 __se_sys_rename fs/namei.c:6097 [inline]
 __x64_sys_rename+0x17f/0x210 fs/namei.c:6097
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7dc767acc7
RSP: 002b:00007ffecaf3c708 EFLAGS: 00000206 ORIG_RAX: 0000000000000052
RAX: ffffffffffffffda RBX: 000055cc71c4f1e0 RCX: 00007f7dc767acc7
RDX: 000055cc719fd010 RSI: 00007ffecaf3c720 RDI: 00007ffecaf3cb20
RBP: 000055cc71c3f0c0 R08: 00000000000001e0 R09: 0000000000000000
R10: 00000000000001b6 R11: 0000000000000206 R12: 00007ffecaf3c720
R13: 00007ffecaf3cb20 R14: 000055cc4e886100 R15: 000055cc4e886140
 </TASK>
task:syz-executor    state:R  running task     stack:23352 pid:7097  tgid:7097  ppid:7092   task_flags:0x400140 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0xfe4/0x5e10 kernel/sched/core.c:6867
 preempt_schedule_common+0x42/0xc0 kernel/sched/core.c:7051
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3e/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 copy_pte_range mm/memory.c:1331 [inline]
 copy_pmd_range mm/memory.c:1392 [inline]
 copy_pud_range mm/memory.c:1429 [inline]
 copy_p4d_range mm/memory.c:1453 [inline]
 copy_page_range+0x1ddc/0x6ba0 mm/memory.c:1539
 dup_mmap+0xbea/0x1e20 mm/mmap.c:1827
 dup_mm kernel/fork.c:1529 [inline]
 copy_mm kernel/fork.c:1581 [inline]
 copy_process+0x7451/0x7890 kernel/fork.c:2221
 kernel_clone+0xfc/0x930 kernel/fork.c:2651
 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fce317c3752
RSP: 002b:00007ffedd13aee0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffedd13aee0 RCX: 00007fce317c3752
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffedd13b06c R08: 0000000000000000 R09: 0000000000000001
R10: 00005555754c67d0 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000000927c0 R14: 000000000006a90e R15: 00007ffedd13b0c0
 </TASK>
rcu: rcu_preempt kthread starved for 10558 jiffies! g40349 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28264 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0xfe4/0x5e10 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:6964
 schedule_timeout+0x127/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1a9/0xb00 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x21e/0x320 kernel/rcu/tree.c:2285
 kthread+0x3b3/0x730 kernel/kthread.c:463
 ret_from_fork+0x754/0xaf0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 76 78 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 cc 14 00 fb f4 <e9> fc 31 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197df0 EFLAGS: 00000242
RAX: 000000000249dd73 RBX: ffff88801e2aa4c0 RCX: ffffffff8b76b4b5
RDX: 0000000000000000 RSI: ffffffff8dc45476 RDI: ffffffff8bfa35a0
RBP: 0000000000000001 R08: 0000000000000001 R09: ffffed10170a673d
R10: ffff8880b85339eb R11: 0000000000000000 R12: ffffed1003c55498
R13: 0000000000000001 R14: ffffffff90b736d0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881246dc000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd97a384380 CR3: 00000000791b0000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
 default_idle+0x9/0x10 arch/x86/kernel/process.c:767
 default_idle_call+0x6c/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:191 [inline]
 do_idle+0x35b/0x4b0 kernel/sched/idle.c:332
 cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:430
 start_secondary+0x21d/0x2d0 arch/x86/kernel/smpboot.c:312
 common_startup_64+0x13e/0x148
 </TASK>