syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	0-...!: (2 ticks this GP) idle=c6fc/1/0x4000000000000000 softirq=46120/46122 fqs=106
rcu: 	(detected by 1, t=10502 jiffies, g=32041, q=70 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 9785 Comm: syz.0.1109 Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:debug_spin_unlock kernel/locking/spinlock_debug.c:100 [inline]
RIP: 0010:do_raw_spin_unlock+0x40/0x230 kernel/locking/spinlock_debug.c:141
Code: 83 c7 04 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 bd 01 00 00 81 7b 04 ad 4e ad de <0f> 85 75 01 00 00 be 04 00 00 00 48 89 df e8 1d 3a 8a 00 48 89 da
RSP: 0018:ffffc90000007d18 EFLAGS: 00000046
RAX: 0000000000000007 RBX: ffffffff9afdfe78 RCX: ffffc90000007cfc
RDX: 0000000000000000 RSI: ffffffff8ddf4c03 RDI: ffffffff9afdfe7c
RBP: 0000000000000006 R08: 0000000000000001 R09: fffff52000000f98
R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000001
R13: dffffc0000000000 R14: ffff88802e81d340 R15: 1ffff92000000fac
FS:  00007feb730016c0(0000) GS:ffff888124752000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000000b000 CR3: 000000003390d000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:150 [inline]
 _raw_spin_unlock_irqrestore+0x22/0x80 kernel/locking/spinlock.c:194
 debug_object_deactivate+0x1ec/0x3a0 lib/debugobjects.c:888
 debug_hrtimer_deactivate kernel/time/hrtimer.c:450 [inline]
 debug_deactivate kernel/time/hrtimer.c:490 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1729 [inline]
 __hrtimer_run_queues+0x46f/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x3f0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:finish_task_switch.isra.0+0x22a/0xc10 kernel/sched/core.c:5264
Code: fb 09 00 00 44 8b 05 a9 60 1e 0f 45 85 c0 0f 85 be 01 00 00 4c 89 e7 e8 a4 f6 ff ff e8 6f 13 3a 00 fb 65 48 8b 1d 5e 02 43 12 <48> 8d bb 18 16 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffffc9001c56f880 EFLAGS: 00000202
RAX: 00000000000326ad RBX: ffff888037b0c880 RCX: 0000000000000006
RDX: 0000000000000000 RSI: ffffffff8de1a0c6 RDI: ffffffff8c157ca0
RBP: ffffc9001c56f8c8 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90a80c57 R11: 0000000000000001 R12: ffff8880b843a2c0
R13: ffffffff8e297780 R14: 0000000000000001 R15: ffff8880b843b130
 context_switch kernel/sched/core.c:5399 [inline]
 __schedule+0x1172/0x5de0 kernel/sched/core.c:6785
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7108
 irqentry_exit+0x36/0x90 kernel/entry/common.c:307
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x0/0x20 kernel/kcov.c:320
Code: 0c 24 89 f2 89 fe bf 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 0c 24 48 89 f2 48 89 fe bf 07 00 00 00 e9 f8 fd
RSP: 0018:ffffc9001c56fb60 EFLAGS: 00000282
RAX: 0000000000080000 RBX: 2617397d06a171ee RCX: ffffc90004da3000
RDX: 0000000000080000 RSI: 2617397d06a171ee RDI: 000000003b9ac9ff
RBP: fd596d419970d7e3 R08: 0000000000000007 R09: 000000003b9ac9ff
R10: 2617397d423c3bee R11: 0000000000000001 R12: ffffc9001c56fbb0
R13: 1ffff920038adf72 R14: ffffc9001c56fbb8 R15: dffffc0000000000
 set_normalized_timespec64+0x35/0xc0 kernel/time/time.c:497
 inode_set_ctime_to_ts+0xca/0x1f0 fs/inode.c:2666
 inode_set_ctime include/linux/fs.h:1775 [inline]
 v9fs_stat2inode_dotl+0x6e1/0xd30 fs/9p/vfs_inode_dotl.c:656
 v9fs_qid_iget_dotl fs/9p/vfs_inode_dotl.c:128 [inline]
 v9fs_inode_from_fid_dotl+0x249/0x2f0 fs/9p/vfs_inode_dotl.c:154
 v9fs_get_new_inode_from_fid fs/9p/v9fs.h:251 [inline]
 v9fs_mount+0x4fd/0xa30 fs/9p/vfs_super.c:142
 legacy_get_tree+0x109/0x220 fs/fs_context.c:666
 vfs_get_tree+0x8b/0x340 fs/super.c:1804
 do_new_mount fs/namespace.c:3902 [inline]
 path_mount+0x1414/0x2020 fs/namespace.c:4226
 do_mount fs/namespace.c:4239 [inline]
 __do_sys_mount fs/namespace.c:4450 [inline]
 __se_sys_mount fs/namespace.c:4427 [inline]
 __x64_sys_mount+0x28d/0x310 fs/namespace.c:4427
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feb7218e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007feb73001038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007feb723b5fa0 RCX: 00007feb7218e929
RDX: 0000200000000b80 RSI: 0000200000000280 RDI: 0000000000000000
RBP: 00007feb72210b39 R08: 00002000000001c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007feb723b5fa0 R15: 00007ffc2469a018
 </TASK>
rcu: rcu_preempt kthread starved for 10290 jiffies! g32041 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27784 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5396 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6785
 __schedule_loop kernel/sched/core.c:6863 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6878
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xb00 kernel/rcu/tree.c:2054
 rcu_gp_kthread+0x270/0x380 kernel/rcu/tree.c:2256
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 5810 Comm: udevd Not tainted 6.16.0-rc3-syzkaller-00306-gaaf724ed6926 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x20 kernel/kcov.c:314
Code: bf 03 00 00 00 e9 58 fe ff ff 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 2a fe ff ff 66 2e 0f 1f 84 00 00 00
RSP: 0000:ffffc90003bcf8c0 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffff8880b84421e0 RCX: ffffffff81b001cd
RDX: ffff88802f504880 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: 0000000000000003 R14: ffffed101708843d R15: ffff8880b853b580
FS:  00007f03e6b95880(0000) GS:ffff888124852000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056381d867fe8 CR3: 000000005bfcd000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 csd_lock_wait kernel/smp.c:340 [inline]
 smp_call_function_many_cond+0xd9d/0x1510 kernel/smp.c:885
 on_each_cpu_cond_mask+0x40/0x90 kernel/smp.c:1052
 __flush_tlb_multi arch/x86/include/asm/paravirt.h:91 [inline]
 flush_tlb_multi arch/x86/mm/tlb.c:1361 [inline]
 flush_tlb_mm_range+0x4a0/0x1790 arch/x86/mm/tlb.c:1451
 flush_tlb_page arch/x86/include/asm/tlbflush.h:324 [inline]
 ptep_clear_flush+0x136/0x180 mm/pgtable-generic.c:101
 wp_page_copy mm/memory.c:3635 [inline]
 do_wp_page+0x1683/0x4f20 mm/memory.c:4030
 handle_pte_fault mm/memory.c:6085 [inline]
 __handle_mm_fault+0x2223/0x5490 mm/memory.c:6212
 handle_mm_fault+0x589/0xd10 mm/memory.c:6381
 do_user_addr_fault+0x60c/0x1370 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x5c/0xb0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f03e64b5db7
Code: 00 00 00 41 55 48 89 d0 49 89 fd 41 54 49 89 f4 53 4c 89 c3 48 83 ec 10 48 39 4f 60 0f 84 c1 00 00 00 42 f6 44 01 08 01 74 59 <48> 83 61 08 fe 48 3d ff 03 00 00 76 69 49 8b 55 70 49 8d 75 60 48
RSP: 002b:00007ffff988e820 EFLAGS: 00010202
RAX: 0000000000006010 RBX: 00000000000001f0 RCX: 000056381d867fe0
RDX: 0000000000006010 RSI: 000056381d861fd0 RDI: 00007f03e65f1ac0
RBP: 00007f03e65f1ac0 R08: 00000000000001f0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000056381d861fd0
R13: 00007f03e65f1ac0 R14: 00000000000001f0 R15: 00007f03e65f1ac0
 </TASK>