syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...!: (0 ticks this GP) idle=536c/1/0x4000000000000000 softirq=154530/154539 fqs=0
rcu: 	(detected by 0, t=10502 jiffies, g=170093, q=555 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 26895 Comm: syz-executor Not tainted 6.14.0-rc6-syzkaller-00003-g4d872d51bc9d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:kasan_check_range+0x5/0x290 mm/kasan/generic.c:188
Code: 8e e8 4f b7 e3 ff 90 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 <41> 57 41 56 41 54 53 b0 01 48 85 f6 0f 84 a0 01 00 00 4c 8d 04 37
RSP: 0000:ffffc90000a28898 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff819d4afa
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff94514840
RBP: 0000000000000008 R08: ffffffff94514847 R09: 1ffffffff28a2908
R10: dffffc0000000000 R11: fffffbfff28a2909 R12: ffff888058a60ad4
R13: dffffc0000000000 R14: 0000000000000100 R15: ffff888058a60bb8
FS:  00005555830d1500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f86f33fbc88 CR3: 000000002c138000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 instrument_atomic_read include/linux/instrumented.h:68 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
 hlock_class kernel/locking/lockdep.c:230 [inline]
 mark_lock+0x9a/0x360 kernel/locking/lockdep.c:4729
 mark_usage kernel/locking/lockdep.c:4672 [inline]
 __lock_acquire+0xc3e/0x2100 kernel/locking/lockdep.c:5182
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
 debug_object_activate+0x17f/0x580 lib/debugobjects.c:818
 debug_hrtimer_activate kernel/time/hrtimer.c:455 [inline]
 debug_activate kernel/time/hrtimer.c:496 [inline]
 enqueue_hrtimer+0x30/0x3c0 kernel/time/hrtimer.c:1100
 __run_hrtimer kernel/time/hrtimer.c:1818 [inline]
 __hrtimer_run_queues+0x6cb/0xd30 kernel/time/hrtimer.c:1865
 hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1927
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:ip_finish_output2+0x2be/0x12e0 net/ipv4/ip_output.c:214
Code: 00 00 00 fc ff df eb 0a e8 9f 62 6c f7 48 8b 54 24 08 48 8b 5c 24 10 48 81 c3 c0 03 00 00 48 89 d8 48 c1 e8 03 42 80 3c 30 00 <74> 0d 48 89 df e8 28 21 d1 f7 48 8b 54 24 08 44 03 6c 24 18 48 8b
RSP: 0000:ffffc9000c5f6740 EFLAGS: 00000246
RAX: 1ffffffff353e6f8 RBX: ffffffff9a9f37c0 RCX: ffff888058a60000
RDX: ffff88803233a8c0 RSI: ffffffff8ff86320 RDI: 0000000000000001
RBP: ffffc9000c5f6868 R08: 0000000000000003 R09: ffffffff8a557b2c
R10: 0000000000000002 R11: ffff888058a60000 R12: ffff88804fceac00
R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8881447f0000
 ip_local_out net/ipv4/ip_output.c:130 [inline]
 __ip_queue_xmit+0x103f/0x1960 net/ipv4/ip_output.c:528
 __tcp_transmit_skb+0x23b0/0x3a60 net/ipv4/tcp_output.c:1471
 tcp_ack_snd_check net/ipv4/tcp_input.c:5833 [inline]
 tcp_rcv_established+0xf93/0x1e80 net/ipv4/tcp_input.c:6291
 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1918
 tcp_v4_rcv+0x2853/0x3280 net/ipv4/tcp_ipv4.c:2353
 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205
 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233
 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314
 ip_local_deliver net/ipv4/ip_input.c:254 [inline]
 dst_input include/net/dst.h:469 [inline]
 ip_sublist_rcv_finish+0x3be/0x4f0 net/ipv4/ip_input.c:578
 ip_list_rcv_finish net/ipv4/ip_input.c:627 [inline]
 ip_sublist_rcv+0x75d/0xab0 net/ipv4/ip_input.c:635
 ip_list_rcv+0x42b/0x480 net/ipv4/ip_input.c:669
 __netif_receive_skb_list_ptype net/core/dev.c:5936 [inline]
 __netif_receive_skb_list_core+0x94e/0x980 net/core/dev.c:5983
 __netif_receive_skb_list net/core/dev.c:6035 [inline]
 netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:6126
 gro_normal_list include/net/gro.h:518 [inline]
 napi_complete_done+0x2b5/0x870 net/core/dev.c:6493
 virtqueue_napi_complete drivers/net/virtio_net.c:759 [inline]
 virtnet_poll+0x2df7/0x39c0 drivers/net/virtio_net.c:3014
 __napi_poll+0xcb/0x490 net/core/dev.c:7188
 napi_poll net/core/dev.c:7257 [inline]
 net_rx_action+0x89b/0x1240 net/core/dev.c:7379
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 common_interrupt+0x63/0xd0 arch/x86/kernel/irq.c:280
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0033:0x7f600fd8bdca
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 43 91 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 a3 91 02 00 8b 44 24
RSP: 002b:00007fff0466b2a0 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f600fd8bdca
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fff0466b2fc R08: 00007fff0466ac1c R09: 00007fff0466b007
R10: 00007fff0466ac70 R11: 0000000000000293 R12: 000000000000041d
R13: 00000000000927c0 R14: 00000000000e657b R15: 00007fff0466b350
 </TASK>
rcu: rcu_preempt kthread starved for 10502 jiffies! g170093 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:25624 pid:18    tgid:18    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5378 [inline]
 __schedule+0x18bc/0x4c40 kernel/sched/core.c:6765
 __schedule_loop kernel/sched/core.c:6842 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6857
 schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2024
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2226
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 19652 Comm: kworker/u8:5 Not tainted 6.14.0-rc6-syzkaller-00003-g4d872d51bc9d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:340 [inline]
RIP: 0010:smp_call_function_many_cond+0x1ba4/0x2d30 kernel/smp.c:885
Code: 03 84 c0 75 7e 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 c0 f4 0b 00 41 83 e4 01 4c 8b 64 24 68 75 07 e8 70 f0 0b 00 eb 41 f3 90 <48> b8 00 00 00 00 00 fc ff df 0f b6 04 03 84 c0 75 11 41 f7 45 00
RSP: 0018:ffffc9000cac7640 EFLAGS: 00000293
RAX: ffffffff81b5ee65 RBX: 1ffff110170e88c9 RCX: ffff888026853c00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000cac7840 R08: ffffffff81b5ee30 R09: 1ffffffff28a2908
R10: dffffc0000000000 R11: fffffbfff28a2909 R12: ffff8880b863f9c8
R13: ffff8880b8744648 R14: ffff8880b863f9c0 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2fc1eff8 CR3: 000000000e938000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 </IRQ>
 <TASK>
 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1052
 on_each_cpu include/linux/smp.h:71 [inline]
 text_poke_sync arch/x86/kernel/alternative.c:2118 [inline]
 text_poke_bp_batch+0x352/0xb30 arch/x86/kernel/alternative.c:2328
 text_poke_flush arch/x86/kernel/alternative.c:2519 [inline]
 text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2526
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_enable_cpuslocked+0x136/0x260 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate+0xbc/0x260 mm/kfence/core.c:850
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3319
 worker_thread+0x870/0xd30 kernel/workqueue.c:3400
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>