syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...!: (1 ticks this GP) idle=1b1c/1/0x4000000000000000 softirq=17934/17934 fqs=0
rcu: 	(detected by 0, t=10502 jiffies, g=8529, q=936 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6110 Comm: syz.2.21 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:lock_release+0x19a/0x2f0 kernel/locking/lockdep.c:5896
Code: 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 65 48 2b 05 8d 26 38 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41 5d <41> 5e 41 5f e9 cd 99 f2 09 65 8b 05 9a 26 38 12 83 f8 07 0f 87 12
RSP: 0018:ffffc90000a08d68 EFLAGS: 00000096
RAX: 0000000000000000 RBX: ffff8880788682e8 RCX: ffffc90000a08d44
RDX: 0000000000000002 RSI: ffffffff8de0d4e5 RDI: ffffffff8c158f60
RBP: ffff88805b302c00 R08: 0000000000000004 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000000001 R12: 1a3b94a1e8000000
R13: 1a3b94a1e8000000 R14: ffff88802610c880 R15: 0000000000000003
FS:  0000000000000000(0000) GS:ffff888124815000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd82c38510 CR3: 00000000768a6000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __raw_spin_unlock include/linux/spinlock_api_smp.h:141 [inline]
 _raw_spin_unlock+0x16/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 advance_sched+0x62b/0xc80 net/sched/sch_taprio.c:981
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x10b/0x3f0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:unwind_next_frame+0xe66/0x20a0 arch/x86/kernel/unwind_orc.c:664
Code: 85 0f 0d 00 00 49 89 6d 40 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e c6 0c 00 00 <41> 39 5d 00 0f 84 91 07 00 00 bd 01 00 00 00 e9 5f f5 ff ff ba 28
RSP: 0018:ffffc900033c75e8 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffc900033c8000
RDX: 1ffff92000678ecb RSI: ffffc900033c7a80 RDI: ffffc900033c7698
RBP: ffff88806e6fa780 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 000000000001103e R12: ffffc900033c76a8
R13: ffffc900033c7658 R14: ffffc900033c7ab0 R15: ffffc900033c768c
 arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_record_aux_stack+0xa7/0xc0 mm/kasan/generic.c:548
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4643 [inline]
 kmem_cache_free+0x15a/0x4d0 mm/slub.c:4745
 anon_vma_free mm/rmap.c:137 [inline]
 __put_anon_vma+0x114/0x3a0 mm/rmap.c:2756
 put_anon_vma include/linux/rmap.h:117 [inline]
 unlink_anon_vmas+0x58a/0x820 mm/rmap.c:444
 free_pgtables+0x373/0xcb0 mm/memory.c:402
 exit_mmap+0x3fb/0xb90 mm/mmap.c:1295
 __mmput+0x12a/0x410 kernel/fork.c:1121
 mmput+0x62/0x70 kernel/fork.c:1144
 exit_mm kernel/exit.c:581 [inline]
 do_exit+0x7c4/0x2bd0 kernel/exit.c:952
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1105
 __do_sys_exit_group kernel/exit.c:1116 [inline]
 __se_sys_exit_group kernel/exit.c:1114 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1114
 x64_sys_call+0x1530/0x1730 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f31dff8e929
Code: Unable to access opcode bytes at 0x7f31dff8e8ff.
RSP: 002b:00007ffc3dd612b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f31dff8e929
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffc3dd6131c R08: 000000053dd613af R09: 00000000000927c0
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000000927c0 R14: 0000000000015b0f R15: 00007ffc3dd61370
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g8529 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=1 timer-softirq=2960
rcu: rcu_preempt kthread starved for 10502 jiffies! g8529 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:27784 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5401 [inline]
 __schedule+0x116a/0x5de0 kernel/sched/core.c:6790
 __schedule_loop kernel/sched/core.c:6868 [inline]
 schedule+0xe7/0x3a0 kernel/sched/core.c:6883
 schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1ea/0xb00 kernel/rcu/tree.c:2054
 rcu_gp_kthread+0x270/0x380 kernel/rcu/tree.c:2256
 kthread+0x3c5/0x780 kernel/kthread.c:464
 ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>