syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P7918/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=26465, q=15 ncpus=2)
task:syz-executor281 state:R  running task     stack:27656 pid:7918  tgid:7918  ppid:5850   task_flags:0x40004c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7194
 irqentry_exit+0x1d8/0x8c0 kernel/entry/common.c:216
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:228 [inline]
RIP: 0010:unwind_next_frame+0x1f6/0x20b0 arch/x86/kernel/unwind_orc.c:510
Code: 89 c3 39 d0 0f 83 17 16 00 00 48 ba 00 00 00 00 00 fc ff df 89 c1 48 8d 3c 8d a4 c5 dc 91 49 89 f8 49 c1 e8 03 45 0f b6 04 10 <48> 89 fa 83 e2 07 83 c2 03 44 38 c2 7c 2f 45 84 c0 74 2a 48 89 4c
RSP: 0018:ffffc900045bf788 EFLAGS: 00000a02
RAX: 0000000000007d8f RBX: 0000000000000001 RCX: 0000000000007d8f
RDX: dffffc0000000000 RSI: 00000000000a7cd3 RDI: ffffffff91debbe0
RBP: ffffc900045bf840 R08: 0000000000000000 R09: 000000002d64dbdc
R10: 0000000000000002 R11: 0000000000007d8f R12: ffffc900045bf848
R13: ffffc900045bf7f8 R14: ffffc900045bf82d R15: ffffffff817d8f72
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:57
 kasan_record_aux_stack+0xa7/0xc0 mm/kasan/generic.c:556
 slab_free_hook mm/slub.c:2501 [inline]
 slab_free mm/slub.c:6670 [inline]
 kmem_cache_free+0x15e/0x770 mm/slub.c:6781
 exit_mmap+0x507/0xb60 mm/mmap.c:1302
 __mmput+0x12a/0x410 kernel/fork.c:1173
 mmput+0x62/0x70 kernel/fork.c:1196
 exit_mm kernel/exit.c:581 [inline]
 do_exit+0x7d7/0x2bd0 kernel/exit.c:959
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1112
 __do_sys_exit_group kernel/exit.c:1123 [inline]
 __se_sys_exit_group kernel/exit.c:1121 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1121
 x64_sys_call+0x151c/0x1740 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9f7ff553a9
RSP: 002b:00007ffd38833d38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9f7ff553a9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f9f7ffda2b0 R08: ffffffffffffffb0 R09: 00007ffd38833dc8
R10: 00007ffd38833dd0 R11: 0000000000000246 R12: 00007f9f7ffda2b0
R13: 0000000000000000 R14: 00007f9f7ffdbea0 R15: 00007f9f7ff1b7e0
 </TASK>
rcu: rcu_preempt kthread starved for 10501 jiffies! g26465 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28552 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5260 [inline]
 __schedule+0x1138/0x5ee0 kernel/sched/core.c:6867
 __schedule_loop kernel/sched/core.c:6949 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6964
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xaf0 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x26d/0x380 kernel/rcu/tree.c:2285
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x983/0xb10 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7912 Comm: syz-executor281 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:97 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:115 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:140 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:172 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:191 [inline]
RIP: 0010:kasan_check_range+0x146/0x1b0 mm/kasan/generic.c:200
Code: 83 c0 01 49 89 d3 48 39 d0 74 11 80 38 00 74 ef 4d 8d 1c 2c 48 89 c2 48 85 c0 75 ad 48 89 da 4c 89 d8 4c 29 da e9 46 ff ff ff <48> 85 d2 74 18 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 0a 80 38 00
RSP: 0018:ffffc90000a08d88 EFLAGS: 00000083
RAX: fffff520001411ba RBX: fffff520001411bb RCX: ffffffff819a58ac
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000a08dd0
RBP: fffff520001411ba R08: 0000000000000001 R09: fffff520001411ba
R10: ffffc90000a08dd3 R11: ffff888073ca8b30 R12: ffff8880b8528448
R13: ffff8880b8528450 R14: ffff88807291ef18 R15: 0000000000000000
FS:  00007f9f7ff086c0(0000) GS:ffff8881249f1000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd38833c98 CR3: 000000002ac22000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 instrument_read_write include/linux/instrumented.h:54 [inline]
 atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:1301 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:111 [inline]
 do_raw_spin_lock+0x12c/0x2b0 kernel/locking/spinlock_debug.c:116
 __run_hrtimer kernel/time/hrtimer.c:1781 [inline]
 __hrtimer_run_queues+0x2bc/0xc40 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x10b/0x3c0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 0a 65 1e f6 48 89 df e8 c2 b7 1e f6 e8 bd 7f 4b f6 fb bf 01 00 00 00 <e8> 42 b7 0e f6 65 8b 05 0b 4c 37 08 85 c0 74 06 5b c3 cc cc cc cc
RSP: 0018:ffffc9000431fca0 EFLAGS: 00000206
RAX: 00000000043e7155 RBX: ffff8880796d0940 RCX: ffffffff81c722df
RDX: 0000000000000000 RSI: ffffffff8dacf385 RDI: 0000000000000001
RBP: ffff8880796d0d40 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff9088cbd7 R11: ffff888073ca8b30 R12: 0000000000000000
R13: 0000000000000021 R14: 0000000000000400 R15: ffff8880796d0940
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 get_signal+0x1e6a/0x26d0 kernel/signal.c:3037
 arch_do_signal_or_restart+0x8f/0x7e0 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9f7ff57347
Code: 14 25 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89
RSP: 002b:00007f9f7ff08218 EFLAGS: 00000246
RAX: 00000000000000ca RBX: 00007f9f7ffda308 RCX: 00007f9f7ff57349
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9f7ffda308
RBP: 00007f9f7ffda300 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9f7ffa71bc
R13: 0000200000000000 R14: 0000200000000680 R15: 000020000006b000
 </TASK>