syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P33/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=62517, q=536 ncpus=2)
task:kcompactd0      state:R  running task     stack:27456 pid:33    tgid:33    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe58/0x5ad0 kernel/sched/core.c:6756
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7078
 irqentry_exit+0x36/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__update_page_owner_handle mm/page_owner.c:244 [inline]
RIP: 0010:__set_page_owner+0x18f/0x790 mm/page_owner.c:325
Code: b7 cd 93 ff 48 8b 05 e0 f3 1f 0c 48 01 e8 48 8d 78 08 48 89 fa 48 c1 ea 03 0f b6 14 1a 84 d2 74 09 80 fa 03 0f 8e e2 04 00 00 <8b> 34 24 48 89 c2 48 c1 ea 03 89 70 08 0f b6 14 1a 84 d2 74 09 80
RSP: 0018:ffffc90000a97260 EFLAGS: 00000246
RAX: ffff88801f8dc0a8 RBX: dffffc0000000000 RCX: ffffffff81fa34e1
RDX: 0000000000000000 RSI: ffffffff81fa3359 RDI: ffff88801f8dc0b0
RBP: ffff88801f8dc0a0 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000008
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1556
 compaction_alloc_noprof mm/compaction.c:1870 [inline]
 compaction_alloc+0x4cb/0x3c60 mm/compaction.c:1880
 migrate_folio_unmap mm/migrate.c:1215 [inline]
 migrate_pages_batch+0x3c0/0x3150 mm/migrate.c:1799
 migrate_pages_sync+0x109/0x8f0 mm/migrate.c:1965
 migrate_pages+0x1a57/0x2200 mm/migrate.c:2074
 compact_zone+0x1f68/0x4280 mm/compaction.c:2641
 kcompactd_do_work+0x2e2/0xa50 mm/compaction.c:3087
 kcompactd+0x8e2/0xdf0 mm/compaction.c:3186
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: rcu_preempt kthread starved for 10543 jiffies! g62517 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27568 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5369 [inline]
 __schedule+0xe58/0x5ad0 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6848
 schedule_timeout+0x124/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1eb/0xb00 kernel/rcu/tree.c:2045
 rcu_gp_kthread+0x271/0x380 kernel/rcu/tree.c:2247
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.12.0-syzkaller-10553-gb86545e02e8c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:unwind_next_frame+0x6c/0x20c0 arch/x86/kernel/unwind_orc.c:470
Code: c4 38 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 49 8d 6d 48 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 80 3c 02 00 <0f> 85 00 18 00 00 49 8b 45 48 48 89 44 24 08 49 8d 45 38 48 89 c2
RSP: 0018:ffffc900001e6998 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 1ffff9200003cd4a RSI: ffffffff88f40f36 RDI: ffffc900001e6a08
RBP: ffffc900001e6a50 R08: ffffc900001e6a3c R09: ffffffff915cd972
R10: ffffc900001e6a08 R11: 000000000007f218 R12: ffffffff8179df80
R13: ffffc900001e6a08 R14: 0000000000000000 R15: ffff88801cee8000
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000680000 CR3: 0000000048fd8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 arch_stack_walk+0x95/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x95/0xd0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2338 [inline]
 slab_free mm/slub.c:4598 [inline]
 kmem_cache_free+0x152/0x4c0 mm/slub.c:4700
 kfree_skbmem+0x1a4/0x1f0 net/core/skbuff.c:1148
 __kfree_skb net/core/skbuff.c:1205 [inline]
 sk_skb_reason_drop+0x136/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1263 [inline]
 kfree_skb include/linux/skbuff.h:1272 [inline]
 ip6_mc_input+0x7af/0xfd0 net/ipv6/ip6_input.c:587
 dst_input include/net/dst.h:460 [inline]
 dst_input include/net/dst.h:458 [inline]
 ip6_rcv_finish+0x3a2/0x5b0 net/ipv6/ip6_input.c:79
 ip_sabotage_in+0x21b/0x290 net/bridge/br_netfilter_hooks.c:1021
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626
 nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309
 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785
 netif_receive_skb_internal net/core/dev.c:5871 [inline]
 netif_receive_skb+0x13f/0x7b0 net/core/dev.c:5930
 NF_HOOK include/linux/netfilter.h:314 [inline]
 NF_HOOK include/linux/netfilter.h:308 [inline]
 br_pass_frame_up+0x346/0x490 net/bridge/br_input.c:70
 br_handle_frame_finish+0xdcf/0x1c80 net/bridge/br_input.c:221
 br_nf_hook_thresh+0x303/0x410 net/bridge/br_netfilter_hooks.c:1198
 br_nf_pre_routing_finish_ipv6+0x76a/0xfb0 net/bridge/br_netfilter_ipv6.c:154
 NF_HOOK include/linux/netfilter.h:314 [inline]
 br_nf_pre_routing_ipv6+0x3ce/0x8c0 net/bridge/br_netfilter_ipv6.c:184
 br_nf_pre_routing+0x860/0x15b0 net/bridge/br_netfilter_hooks.c:536
 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]
 nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]
 br_handle_frame+0x9eb/0x14a0 net/bridge/br_input.c:424
 __netif_receive_skb_core.constprop.0+0xa76/0x4470 net/core/dev.c:5566
 __netif_receive_skb_one_core+0xb1/0x1e0 net/core/dev.c:5670
 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785
 process_backlog+0x443/0x15f0 net/core/dev.c:6117
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6877
 napi_poll net/core/dev.c:6946 [inline]
 net_rx_action+0xa94/0x1010 net/core/dev.c:7068
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:943 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:935
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
net_ratelimit: 6326 callbacks suppressed
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:46:c7:a1:2b:7a:51, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:38:cd:80:00:4b, vlan:0)
net_ratelimit: 7066 callbacks suppressed
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:38:cd:80:00:4b, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
bridge0: received packet on veth0_to_bridge with own address as source address (addr:02:38:cd:80:00:4b, vlan:0)