syzbot

ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	0-...!: (1 ticks this GP) idle=7cd4/1/0x4000000000000000 softirq=88157/88157 fqs=5
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P17849/1:b..l P14236/1:b..l
rcu: 	(detected by 1, t=10502 jiffies, g=62365, q=77 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5839 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:__preempt_count_add kernel/rcu/tree.c:741 [inline]
RIP: 0010:rcu_is_watching+0x6/0xb0 kernel/rcu/tree.c:744
Code: e8 af ee 48 03 eb cc 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 <41> 56 53 65 ff 05 80 d1 f5 10 e8 0b f3 c0 09 89 c3 83 f8 08 73 65
RSP: 0000:ffffc900000078e8 EFLAGS: 00000002
RAX: ffffffff81ae9ff7 RBX: 0000000000000001 RCX: 0000000000010100
RDX: ffff88801e3c3c00 RSI: 0000000000000001 RDI: 0000000000000002
RBP: ffffc90000007a68 R08: ffffffff8fa0bbf7 R09: 1ffffffff1f4177e
R10: dffffc0000000000 R11: fffffbfff1f4177f R12: ffff888026e12340
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8627bc0
FS:  0000555589723500(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd0f01f108 CR3: 000000007601c000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 trace_hrtimer_cancel include/trace/events/timer.h:317 [inline]
 debug_deactivate+0x80/0x200 kernel/time/hrtimer.c:491
 __run_hrtimer kernel/time/hrtimer.c:1729 [inline]
 __hrtimer_run_queues+0x2b0/0xc60 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x10b/0x410 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1050
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 4a b8 33 f6 48 89 df e8 a2 4f 34 f6 e8 0d 2b 5d f6 fb bf 01 00 00 00 <e8> 62 4c 26 f6 65 8b 05 2b 6a 32 07 85 c0 74 07 5b e9 51 4c 00 00
RSP: 0000:ffffc90000007c90 EFLAGS: 00000286
RAX: 494b61ed15cb1f00 RBX: ffff8880b8626a00 RCX: 494b61ed15cb1f00
RDX: 0000000000000002 RSI: ffffffff8d983ce5 RDI: 0000000000000001
RBP: ffffc90000007e10 R08: ffffffff8fa0bbf7 R09: 1ffffffff1f4177e
R10: dffffc0000000000 R11: fffffbfff1f4177f R12: dffffc0000000000
R13: ffff8880b8626a48 R14: 0000000000000000 R15: 0000000000000000
 __run_timer_base+0x1ad/0x860 kernel/time/timer.c:2385
 run_timer_base kernel/time/timer.c:2393 [inline]
 run_timer_softirq+0x103/0x180 kernel/time/timer.c:2404
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 __do_softirq kernel/softirq.c:613 [inline]
 invoke_softirq kernel/softirq.c:453 [inline]
 __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x175/0x360 kernel/locking/lockdep.c:5875
Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 ab c1 fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
RSP: 0000:ffffc900040af570 EFLAGS: 00000206
RAX: 494b61ed15cb1f00 RBX: 0000000000000000 RCX: 494b61ed15cb1f00
RDX: 0000000000000000 RSI: ffffffff8db707c4 RDI: ffffffff8be1c200
RBP: ffffffff822c8772 R08: 0000000000000000 R09: ffffffff822c8772
R10: dffffc0000000000 R11: fffff940001e06df R12: 0000000000000002
R13: ffffffff8e13ee60 R14: 0000000000000000 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 page_ext_get+0x3e/0x2f0 mm/page_ext.c:538
 __reset_page_owner+0x28/0x1f0 mm/page_owner.c:294
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1248 [inline]
 free_unref_folios+0xcd2/0x1570 mm/page_alloc.c:2763
 folios_put_refs+0x559/0x640 mm/swap.c:992
 folios_put include/linux/mm.h:1415 [inline]
 folio_batch_move_lru+0x319/0x3a0 mm/swap.c:175
 __folio_batch_add_and_move+0x5ad/0xd20 mm/swap.c:196
 wp_page_copy mm/memory.c:3637 [inline]
 do_wp_page+0x1c09/0x5800 mm/memory.c:4030
 handle_pte_fault mm/memory.c:6085 [inline]
 __handle_mm_fault+0x1144/0x5620 mm/memory.c:6212
 handle_mm_fault+0x2d5/0x7f0 mm/memory.c:6381
 do_user_addr_fault+0xa81/0x1390 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f92e9985016
Code: fd ff ff 90 e8 7b 01 00 00 41 89 c4 85 c0 0f 84 82 fd ff ff 49 c7 c5 a8 ff ff ff 48 83 3d b9 9c 1f 00 00 64 45 8b 75 00 74 05 <e8> b5 84 fc ff e8 c0 f5 fb ff e9 d9 fc ff ff 0f 1f 00 48 8d 7e 58
RSP: 002b:00007ffd0f01f110 EFLAGS: 00010202
RAX: 00000000000006a0 RBX: 0000000000000000 RCX: 00007f92e9985193
RDX: 00000000000006a0 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
R10: 00005555897237d0 R11: 0000000000000246 R12: 00000000000006a0
R13: ffffffffffffffa8 R14: 0000000000000006 R15: 00007ffd0f01f2a0
 </TASK>
task:kworker/u8:13   state:R  running task     stack:19608 pid:14236 tgid:14236 ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: bat_events batadv_nc_worker
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5401 [inline]
 __schedule+0x16a2/0x4cb0 kernel/sched/core.c:6790
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7113
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:307
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x175/0x360 kernel/locking/lockdep.c:5875
Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 ab c1 fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc9000217f980 EFLAGS: 00000206
RAX: 933f97fae9711000 RBX: 0000000000000000 RCX: 933f97fae9711000
RDX: 0000000000000000 RSI: ffffffff8db707c4 RDI: ffffffff8be1c200
RBP: ffffffff8b35bfc2 R08: 0000000000000000 R09: ffffffff8b35bfc2
R10: dffffc0000000000 R11: ffffffff8b35bef0 R12: 0000000000000002
R13: ffffffff8e13ee60 R14: 0000000000000000 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline]
 batadv_nc_worker+0xef/0x610 net/batman-adv/network-coding.c:719
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
task:kworker/0:2     state:R  running task     stack:22632 pid:17849 tgid:17849 ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: usb_hub_wq hub_event
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5401 [inline]
 __schedule+0x16a2/0x4cb0 kernel/sched/core.c:6790
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7113
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:307
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x9b/0x2c0 mm/kasan/generic.c:189
Code: 01 00 00 00 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb <41> 80 3b 00 0f 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00
RSP: 0018:ffffc9000c6768a0 EFLAGS: 00000282
RAX: 1ffff920018ced01 RBX: fffffffffffffffe RCX: ffffffff8172a6e8
RDX: 0000000000000001 RSI: 0000000000000010 RDI: ffffc9000c676a18
RBP: 0000000000000000 R08: ffffc9000c676a27 R09: 1ffff920018ced44
R10: dffffc0000000000 R11: fffff520018ced43 R12: 0000000000000002
R13: ffffc9000c676a18 R14: fffff520018ced45 R15: 1ffff920018ced43
 __asan_memset+0x22/0x50 mm/kasan/shadow.c:84
 unwind_next_frame+0xc98/0x2390 arch/x86/kernel/unwind_orc.c:592
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4148 [inline]
 slab_alloc_node mm/slub.c:4197 [inline]
 kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4204
 __kernfs_new_node+0xd7/0x7e0 fs/kernfs/dir.c:637
 kernfs_new_node+0x102/0x210 fs/kernfs/dir.c:713
 __kernfs_create_file+0x4b/0x2e0 fs/kernfs/file.c:1039
 sysfs_add_file_mode_ns+0x238/0x300 fs/sysfs/file.c:319
 sysfs_merge_group+0x177/0x310 fs/sysfs/group.c:376
 dpm_sysfs_add+0xd2/0x270 drivers/base/power/sysfs.c:704
 device_add+0x4d8/0xb50 drivers/base/core.c:3652
 usb_create_ep_devs+0x12c/0x230 drivers/usb/core/endpoint.c:170
 create_intf_ep_devs drivers/usb/core/message.c:1252 [inline]
 usb_set_configuration+0x1bc7/0x20e0 drivers/usb/core/message.c:2216
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c4/0x390 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x26a/0x9a0 drivers/base/dd.c:657
 __driver_probe_device+0x18c/0x2f0 drivers/base/dd.c:799
 driver_probe_device+0x4f/0x430 drivers/base/dd.c:829
 __device_attach_driver+0x2ce/0x530 drivers/base/dd.c:957
 bus_for_each_drv+0x251/0x2e0 drivers/base/bus.c:462
 __device_attach+0x2b8/0x400 drivers/base/dd.c:1029
 bus_probe_device+0x185/0x260 drivers/base/bus.c:537
 device_add+0x7b6/0xb50 drivers/base/core.c:3692
 usb_new_device+0xa39/0x16c0 drivers/usb/core/hub.c:2694
 hub_port_connect drivers/usb/core/hub.c:5566 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5706 [inline]
 port_event drivers/usb/core/hub.c:5866 [inline]
 hub_event+0x2941/0x4a00 drivers/usb/core/hub.c:5948
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: rcu_preempt kthread starved for 10480 jiffies! g62365 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27128 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5401 [inline]
 __schedule+0x16a2/0x4cb0 kernel/sched/core.c:6790
 __schedule_loop kernel/sched/core.c:6868 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6883
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2054
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2256
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 3515 Comm: kworker/u8:10 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:csd_lock_wait kernel/smp.c:340 [inline]
RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 kernel/smp.c:885
Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 c0 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 6b 74 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 50 74 0b
RSP: 0018:ffffc9000c8d76a0 EFLAGS: 00000293
RAX: ffffffff81b4b090 RBX: ffff8880b873b040 RCX: ffff8880313fbc00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc9000c8d7800 R08: ffffffff8fa0bbf7 R09: 1ffffffff1f4177e
R10: dffffc0000000000 R11: fffffbfff1f4177f R12: 1ffff110170c835d
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8641ae8
FS:  0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000002000 CR3: 000000000df38000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1052
 on_each_cpu include/linux/smp.h:71 [inline]
 smp_text_poke_sync_each_cpu arch/x86/kernel/alternative.c:2691 [inline]
 smp_text_poke_batch_finish+0x5e0/0x1100 arch/x86/kernel/alternative.c:2901
 arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
 static_key_enable_cpuslocked+0x128/0x250 kernel/jump_label.c:210
 static_key_enable+0x1a/0x20 kernel/jump_label.c:223
 toggle_allocation_gate+0xad/0x240 mm/kfence/core.c:850
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!