syzbot

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P13958/1:b..l P14879/1:b..l
rcu: 	(detected by 1, t=10503 jiffies, g=73185, q=457 ncpus=2)
task:syz.8.2135      state:R  running task     stack:26944 pid:14879 tgid:14877 ppid:14496  task_flags:0x480140 flags:0x00080002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x149b/0x4fd0 kernel/sched/core.c:6863
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7190
 irqentry_exit+0x5d8/0x660 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_is_held_type+0x107/0x150 kernel/locking/lockdep.c:5945
Code: 18 00 00 b8 ff ff ff ff 65 0f c1 05 93 c1 26 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 c5 ac b6 f5 cc 90 0f 0b 90 48 c7
RSP: 0018:ffffc9000453f890 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 0000000000000001 RCX: 0000000000000046
RDX: ffff88802704db80 RSI: ffffffff8d975eae RDI: ffffffff8bc083e0
RBP: 00000000ffffffff R08: ffffffff8263475c R09: ffffffff8df41aa0
R10: dffffc0000000000 R11: ffffed100761aa1f R12: 0000000000000246
R13: ffff88802704db80 R14: ffffffff8df41aa0 R15: 0000000000000004
 kernfs_root+0xf6/0x230 fs/kernfs/kernfs-internal.h:76
 kernfs_root_is_locked fs/kernfs/kernfs-internal.h:109 [inline]
 kernfs_parent+0x51/0x190 fs/kernfs/kernfs-internal.h:133
 __kernfs_remove+0x93/0x650 fs/kernfs/dir.c:1486
 kernfs_remove_by_name_ns+0xaf/0x130 fs/kernfs/dir.c:1720
 kernfs_remove_by_name include/linux/kernfs.h:633 [inline]
 remove_files fs/sysfs/group.c:28 [inline]
 sysfs_remove_group+0xfc/0x2f0 fs/sysfs/group.c:328
 sysfs_remove_groups+0x54/0xb0 fs/sysfs/group.c:352
 device_remove_groups drivers/base/core.c:2843 [inline]
 device_remove_attrs+0x208/0x260 drivers/base/core.c:2979
 device_del+0x509/0x8e0 drivers/base/core.c:3877
 unregister_netdevice_many_notify+0x1ddd/0x2340 net/core/dev.c:12416
 unregister_netdevice_many net/core/dev.c:12444 [inline]
 unregister_netdevice_queue net/core/dev.c:12258 [inline]
 unregister_netdevice include/linux/netdevice.h:3405 [inline]
 unregister_netdev+0x157/0x1f0 net/core/dev.c:12462
 slcan_close+0x78/0x140 drivers/net/can/slcan/slcan-core.c:879
 tty_set_ldisc+0x33f/0x560 drivers/tty/tty_ldisc.c:557
 tty_ioctl+0xc38/0xde0 drivers/tty/tty_io.c:2728
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:597 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:583
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb388f8f749
RSP: 002b:00007fb389e5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fb3891e6090 RCX: 00007fb388f8f749
RDX: 0000200000000080 RSI: 0000000000005423 RDI: 0000000000000003
RBP: 00007fb389013f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fb3891e6128 R14: 00007fb3891e6090 R15: 00007ffe33b65418
 </TASK>
task:syz-executor    state:R  running task     stack:21248 pid:13958 tgid:13958 ppid:13951  task_flags:0x400140 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x149b/0x4fd0 kernel/sched/core.c:6863
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7190
 irqentry_exit+0x5d8/0x660 kernel/entry/common.c:216
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x2d8/0x3b0 kernel/locking/lockdep.c:5893
Code: 34 e2 10 00 00 00 00 eb b5 e8 94 6f bb 09 f7 c3 00 02 00 00 74 b9 65 48 8b 05 a4 ee e1 10 48 3b 44 24 28 75 44 fb 48 83 c4 30 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 74 1f 72 ff cc 48 8d 3d 31 49 e7
RSP: 0018:ffffc9000514f200 EFLAGS: 00000286
RAX: 6711f3e23d83f100 RBX: 0000000000000202 RCX: 0000000000000046
RDX: 0000000000000001 RSI: ffffffff8d975eae RDI: ffffffff8bc083e0
RBP: ffff888025604858 R08: ffffc9000514fdd0 R09: ffffc9000514f358
R10: dffffc0000000000 R11: fffff52000a29e6d R12: 0000000000000001
R13: 0000000000000001 R14: ffffffff8df41aa0 R15: ffff888025603d00
 rcu_lock_release include/linux/rcupdate.h:341 [inline]
 rcu_read_unlock include/linux/rcupdate.h:897 [inline]
 class_rcu_destructor include/linux/rcupdate.h:1195 [inline]
 unwind_next_frame+0x1ab1/0x23d0 arch/x86/kernel/unwind_orc.c:695
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 save_stack+0xf5/0x1f0 mm/page_owner.c:165
 __reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1395 [inline]
 free_unref_folios+0xdb3/0x14f0 mm/page_alloc.c:3000
 folios_put_refs+0x584/0x670 mm/swap.c:1002
 folio_batch_release include/linux/pagevec.h:101 [inline]
 shmem_undo_range+0x49e/0x1490 mm/shmem.c:1137
 shmem_truncate_range mm/shmem.c:1249 [inline]
 shmem_evict_inode+0x26e/0xa70 mm/shmem.c:1379
 evict+0x5f4/0xae0 fs/inode.c:837
 do_unlinkat+0x340/0x560 fs/namei.c:5443
 __do_sys_unlink fs/namei.c:5474 [inline]
 __se_sys_unlink fs/namei.c:5472 [inline]
 __x64_sys_unlink+0x47/0x50 fs/namei.c:5472
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f27d2f8ecf7
RSP: 002b:00007ffc87aaa498 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f27d2f8ecf7
RDX: 00007ffc87aaa4c0 RSI: 00007ffc87aaa550 RDI: 00007ffc87aaa550
RBP: 00007ffc87aaa550 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffc87aab5e0
R13: 00007f27d3013d7d R14: 00000000000fd7ab R15: 00007ffc87aab620
 </TASK>
rcu: rcu_preempt kthread starved for 10595 jiffies! g73185 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27648 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5256 [inline]
 __schedule+0x149b/0x4fd0 kernel/sched/core.c:6863
 __schedule_loop kernel/sched/core.c:6945 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:6960
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 14887 Comm: syz.6.2138 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:setup_signal_shadow_stack+0x30/0x210 arch/x86/kernel/shstk.c:389
Code: 57 41 56 41 55 41 54 53 48 89 fb 49 be 00 00 00 00 00 fc ff df e8 70 a5 4c 00 48 83 c3 10 48 89 d8 48 c1 e8 03 42 80 3c 30 00 <74> 08 48 89 df e8 c6 c5 b2 00 4c 8b 23 e9 4c 01 00 00 e8 49 a5 4c
RSP: 0018:ffffc90003e9fbc8 EFLAGS: 00000246
RAX: 1ffff920007d3fba RBX: ffffc90003e9fdd0 RCX: 0000000000080000
RDX: ffffc9001645f000 RSI: 000000000007ffff RDI: 0000000000080000
RBP: ffffc90003e9fd70 R08: ffffffff820e7fb0 R09: ffff888030b64080
R10: dffffc0000000000 R11: fffff520007d3fc2 R12: 0000000000000000
R13: ffffc90003e9fdc0 R14: dffffc0000000000 R15: 00007f4610dcaa78
FS:  00007f4610dcb6c0(0000) GS:ffff888125e1f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2757a20000 CR3: 00000000511e5000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 x64_setup_rt_frame+0x7a0/0xd40 arch/x86/kernel/signal_64.c:198
 setup_rt_frame arch/x86/kernel/signal.c:250 [inline]
 handle_signal arch/x86/kernel/signal.c:294 [inline]
 arch_do_signal_or_restart+0x3d1/0x7a0 arch/x86/kernel/signal.c:339
 __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]
 exit_to_user_mode_loop+0x87/0x4e0 kernel/entry/common.c:75
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]
 do_syscall_64+0x2b7/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f460ff8f747
Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
RSP: 002b:00007f4610dcb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: 0000000000000001 RBX: 00007f46101e5fa0 RCX: 00007f460ff8f749
RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000003
RBP: 00007f4610013f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f46101e6038 R14: 00007f46101e5fa0 R15: 00007ffeebaf6188
 </TASK>