net_ratelimit: 699 callbacks suppressed
GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: (detected by 1, t=10502 jiffies, g=130609, q=237 ncpus=2)
rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295125288-4295114786), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 10502 jiffies! g130609 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:27368 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7058
schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x1ea/0xb00 kernel/rcu/tree.c:2083
rcu_gp_kthread+0x270/0x380 kernel/rcu/tree.c:2285
kthread+0x3c5/0x780 kernel/kthread.c:464
ret_from_fork+0x5d7/0x6f0 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 25908 Comm: syz.5.5350 Not tainted 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:183 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x10/0x70 kernel/kcov.c:217
Code: 00 00 5b e9 82 f1 26 03 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 34 24 65 48 8b 15 88 f7 19 12 <65> 8b 05 99 f7 19 12 a9 00 01 ff 00 74 1d f6 c4 01 74 43 a9 00 00
RSP: 0018:ffffc900000072a0 EFLAGS: 00000003
RAX: 0000000000010102 RBX: ffff888076a60340 RCX: ffffffff8b8e94b0
RDX: ffff88802d898000 RSI: ffffffff8b8e94be RDI: 0000000000000006
RBP: ffff8880b8427dd0 R08: 0000000000000006 R09: 0000000000000001
R10: ffff888076a60340 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffff8880b8427c80 R15: 0000000000000000
FS: 00007f791c1966c0(0000) GS:ffff8881246c8000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001d80 CR3: 000000002c207000 CR4: 00000000003526f0
Call Trace:
timerqueue_del+0x4e/0x150 lib/timerqueue.c:57
__remove_hrtimer+0x99/0x290 kernel/time/hrtimer.c:1121
__run_hrtimer kernel/time/hrtimer.c:1741 [inline]
__hrtimer_run_queues+0x4f9/0xad0 kernel/time/hrtimer.c:1825
hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
__sysvec_apic_timer_interrupt+0x10b/0x3f0 arch/x86/kernel/apic/apic.c:1056
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1050
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:rcu_preempt_read_exit kernel/rcu/tree_plugin.h:398 [inline]
RIP: 0010:__rcu_read_unlock+0x6f/0x620 kernel/rcu/tree_plugin.h:435
Code: 65 4c 8b 25 6b 9a 33 12 49 8d bc 24 44 04 00 00 8b 9d 44 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 83 eb 01 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f3
RSP: 0018:ffffc90000007588 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000000757c
RDX: 1ffff11005b13088 RSI: ffffffff8de27535 RDI: ffff88802d898444
RBP: ffff88802d898000 R08: 39529a686290c103 R09: 0000000000000000
R10: 0000000000000006 R11: 0000000000000000 R12: ffff88802d898000
R13: ffffc900000076d8 R14: 0000000000000000 R15: ffff88802d898000
rcu_read_unlock include/linux/rcupdate.h:873 [inline]
class_rcu_destructor include/linux/rcupdate.h:1155 [inline]
is_module_text_address+0x152/0x220 kernel/module/main.c:3852
kernel_text_address kernel/extable.c:119 [inline]
kernel_text_address+0x81/0x100 kernel/extable.c:94
__kernel_text_address+0xd/0x40 kernel/extable.c:79
unwind_get_return_address+0x59/0xa0 arch/x86/kernel/unwind_orc.c:369
arch_stack_walk+0xa6/0x100 arch/x86/kernel/stacktrace.c:26
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2417 [inline]
slab_free mm/slub.c:4680 [inline]
kmem_cache_free+0x2d1/0x4d0 mm/slub.c:4782
kfree_skbmem+0x1a4/0x1f0 net/core/skbuff.c:1109
__kfree_skb net/core/skbuff.c:1166 [inline]
sk_skb_reason_drop+0x136/0x1a0 net/core/skbuff.c:1203
kfree_skb_reason include/linux/skbuff.h:1275 [inline]
kfree_skb include/linux/skbuff.h:1284 [inline]
l2tp_ip_recv+0x2fb/0x1200 net/l2tp/l2tp_ip.c:210
ip_protocol_deliver_rcu+0x444/0x4c0 net/ipv4/ip_input.c:205
ip_local_deliver_finish+0x3f2/0x720 net/ipv4/ip_input.c:239
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
ip_local_deliver+0x18e/0x1f0 net/ipv4/ip_input.c:260
dst_input include/net/dst.h:471 [inline]
ip_rcv_finish net/ipv4/ip_input.c:454 [inline]
NF_HOOK include/linux/netfilter.h:318 [inline]
NF_HOOK include/linux/netfilter.h:312 [inline]
ip_rcv+0x2e0/0x600 net/ipv4/ip_input.c:574
__netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:5979
__netif_receive_skb+0x1d/0x160 net/core/dev.c:6092
process_backlog+0x442/0x15e0 net/core/dev.c:6444
__napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:7497
napi_poll net/core/dev.c:7560 [inline]
net_rx_action+0xa9f/0xfe0 net/core/dev.c:7687
handle_softirqs+0x216/0x8e0 kernel/softirq.c:579
do_softirq kernel/softirq.c:480 [inline]
do_softirq+0xb2/0xf0 kernel/softirq.c:467
__local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407
local_bh_enable include/linux/bottom_half.h:33 [inline]
rcu_read_unlock_bh include/linux/rcupdate.h:910 [inline]
__dev_queue_xmit+0xb06/0x4490 net/core/dev.c:4740
dev_queue_xmit include/linux/netdevice.h:3358 [inline]
neigh_hh_output include/net/neighbour.h:531 [inline]
neigh_output include/net/neighbour.h:545 [inline]
ip_finish_output2+0xc38/0x21a0 net/ipv4/ip_output.c:235
__ip_finish_output.part.0+0x1b4/0x350 net/ipv4/ip_output.c:313
__ip_finish_output net/ipv4/ip_output.c:437 [inline]
ip_finish_output net/ipv4/ip_output.c:323 [inline]
NF_HOOK_COND include/linux/netfilter.h:307 [inline]
ip_output+0x247/0x900 net/ipv4/ip_output.c:433
dst_output include/net/dst.h:461 [inline]
ip_local_out net/ipv4/ip_output.c:129 [inline]
__ip_queue_xmit+0x1d30/0x2620 net/ipv4/ip_output.c:527
l2tp_ip_sendmsg+0x617/0x18c0 net/l2tp/l2tp_ip.c:518
inet_sendmsg+0x11c/0x140 net/ipv4/af_inet.c:851
sock_sendmsg_nosec net/socket.c:714 [inline]
__sock_sendmsg net/socket.c:729 [inline]
____sys_sendmsg+0x973/0xc70 net/socket.c:2614
___sys_sendmsg+0x134/0x1d0 net/socket.c:2668
__sys_sendmmsg+0x200/0x420 net/socket.c:2757
__do_sys_sendmmsg net/socket.c:2784 [inline]
__se_sys_sendmmsg net/socket.c:2781 [inline]
__x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2781
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f791b38eb69
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f791c196038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00007f791b5b6080 RCX: 00007f791b38eb69
RDX: 00000000040000cf RSI: 0000200000000900 RDI: 0000000000000006
RBP: 00007f791b411df1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f791b5b6080 R15: 00007ffccf0d2948