syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...!: (2 ticks this GP) idle=47fc/1/0x4000000000000000 softirq=17967/17967 fqs=7
rcu: 	(detected by 0, t=10502 jiffies, g=11821, q=855 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6136 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:lockdep_recursion_finish kernel/locking/lockdep.c:470 [inline]
RIP: 0010:lock_release+0x287/0x3e0 kernel/locking/lockdep.c:5891
Code: 89 f6 48 8b 54 24 18 e8 57 30 00 00 48 8b 5c 24 08 48 c7 c7 be 91 ba 8d e8 a6 d1 dc 09 b8 ff ff ff ff 65 0f c1 05 49 6f 03 11 <83> f8 01 75 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24
RSP: 0018:ffffc90000a08bf8 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000006 RCX: 3df71e697a021200
RDX: 0000000000000002 RSI: ffffffff8dba91be RDI: ffffffff8be33c00
RBP: ffff88802fb88b40 R08: ffff888058c31c87 R09: 1ffff1100b186390
R10: dffffc0000000000 R11: ffffed100b186391 R12: 0000000000000002
R13: 0000000000000002 R14: ffff888033a57300 R15: ffff88802fb88000
FS:  0000000000000000(0000) GS:ffff888125d15000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffebcca7298 CR3: 000000000df36000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __raw_spin_unlock include/linux/spinlock_api_smp.h:141 [inline]
 _raw_spin_unlock+0x16/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 advance_sched+0x99f/0xc90 net/sched/sch_taprio.c:986
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x52c/0xc60 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x410 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:89 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0xa5/0x2c0 mm/kasan/generic.c:189
Code: 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 0f 85 de 01 00 00 <49> ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd 83 e5 07 0f 84 b5
RSP: 0018:ffffc900034c73e0 EFLAGS: 00000246
RAX: 1ffff92000698e01 RBX: fffffffffffffffe RCX: ffffffff8172dd88
RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc900034c7558
RBP: 0000000000000000 R08: ffffc900034c7567 R09: 1ffff92000698eac
R10: dffffc0000000000 R11: fffff52000698eab R12: 0000000000000002
R13: ffffc900034c7558 R14: fffff52000698ead R15: 1ffff92000698eab
 __asan_memset+0x22/0x50 mm/kasan/shadow.c:84
 unwind_next_frame+0xc98/0x2390 arch/x86/kernel/unwind_orc.c:592
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:47
 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:548
 __call_rcu_common kernel/rcu/tree.c:3123 [inline]
 call_rcu+0x157/0x9c0 kernel/rcu/tree.c:3243
 slab_free_hook mm/slub.c:2386 [inline]
 slab_free mm/slub.c:4695 [inline]
 kmem_cache_free+0x309/0x400 mm/slub.c:4797
 exit_mmap+0x53f/0xb50 mm/mmap.c:1305
 __mmput+0x118/0x430 kernel/fork.c:1129
 exit_mm+0x1da/0x2c0 kernel/exit.c:582
 do_exit+0x648/0x2300 kernel/exit.c:949
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1102
 __do_sys_exit_group kernel/exit.c:1113 [inline]
 __se_sys_exit_group kernel/exit.c:1111 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1111
 x64_sys_call+0x21f7/0x2200 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb4519086c5
Code: Unable to access opcode bytes at 0x7fb45190869b.
RSP: 002b:00007ffebcca71a8 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffebcca7404 RCX: 00007fb4519086c5
RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
RBP: 0000000000000003 R08: 00007ffebcca72a0 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffebcca74e0 R14: 00007fb451b18000 R15: 0000564a61bc3d98
 </TASK>
rcu: rcu_preempt kthread starved for 10396 jiffies! g11821 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27224 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7058
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x436/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 1117 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:check_kcov_mode kernel/kcov.c:194 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 kernel/kcov.c:217
Code: 08 b0 a0 92 65 8b 15 18 f1 e0 10 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 <83> fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 48 8d 7e 01 8b 89 1c
RSP: 0018:ffffc90003f0f658 EFLAGS: 00000246
RAX: ffffffff81b4601b RBX: 1ffff110170e7f61 RCX: ffff888026e19e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90003f0f7e0 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: ffff8880b873fb08
R13: dffffc0000000000 R14: ffff8880b863b1c0 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff888125c15000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb4519c3286 CR3: 000000000df36000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 csd_lock_wait kernel/smp.c:342 [inline]
 smp_call_function_many_cond+0xd4b/0x12d0 kernel/smp.c:877
 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1044
 on_each_cpu include/linux/smp.h:71 [inline]
 smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2653 [inline]
 smp_text_poke_batch_finish+0x5f9/0x1130 arch/x86/kernel/alternative.c:2863
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_enable_cpuslocked+0x128/0x250 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate+0xad/0x240 mm/kfence/core.c:850
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x436/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>