rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 1-...!: (1 GPs behind) idle=b7bc/1/0x4000000000000000 softirq=250664/250665 fqs=1
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P4214/1:b..l P4223/1:b..l P4227/1:b..l
rcu: (detected by 0, t=10502 jiffies, g=245405, q=516 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 4225 Comm: syz.0.9330 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:mark_usage kernel/locking/lockdep.c:4641 [inline]
RIP: 0010:__lock_acquire+0x66e/0x2cf0 kernel/locking/lockdep.c:5191
Code: ee ba 05 00 00 00 eb 38 85 c9 74 19 31 ed 48 8b 7c 24 08 4c 89 ee 31 d2 e8 af 44 00 00 85 c0 0f 84 c3 0d 00 00 48 8b 44 24 08 <83> b8 74 0b 00 00 00 74 1a 48 8b 7c 24 08 4c 89 ee ba 04 00 00 00
RSP: 0018:ffffc90000a08b18 EFLAGS: 00000002
RAX: ffff888031b4dd00 RBX: 0000000000000000 RCX: ffffffff93ee0d50
RDX: 0000000000000000 RSI: ffff888031b4e890 RDI: ffff888031b4dd00
RBP: 0000000000000000 R08: ffffffff89b6dd94 R09: ffff88802e1ad2c0
R10: dffffc0000000000 R11: ffffffff89b6dce0 R12: ffffffffffffff03
R13: ffff888031b4e890 R14: ffff888031b4dd00 R15: ffff888031b4e890
FS: 0000555586d01500(0000) GS:ffff88812539c000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f31fff8 CR3: 000000003249a000 CR4: 0000000000350ef0
Call Trace:
lock_acquire+0x106/0x350 kernel/locking/lockdep.c:5868
__raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158
spin_lock include/linux/spinlock.h:342 [inline]
advance_sched+0xb4/0xc20 net/sched/sch_taprio.c:930
__run_hrtimer kernel/time/hrtimer.c:1930 [inline]
__hrtimer_run_queues+0x3c0/0xa20 kernel/time/hrtimer.c:1994
hrtimer_interrupt+0x44b/0x950 kernel/time/hrtimer.c:2113
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
__sysvec_apic_timer_interrupt+0x102/0x430 arch/x86/kernel/apic/apic.c:1067
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1061
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80 kernel/locking/spinlock.c:198
Code: f7 e8 1d 48 f8 f5 f7 c3 00 02 00 00 74 05 e8 50 e2 23 f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 34 c7 e9 f5 65 8b 05 2d 3e 8e 07 85 c0 74 18 5b 41 5e e9 fc 3e
RSP: 0018:ffffc90005957b20 EFLAGS: 00000206
RAX: 0000000000000002 RBX: 0000000000000206 RCX: 0000000000000002
RDX: 0000000000000000 RSI: ffffffff8dfa3c34 RDI: 0000000000000001
RBP: ffff8880964fdd00 R08: ffffffff903028f7 R09: 1ffffffff206051e
R10: dffffc0000000000 R11: fffffbfff206051f R12: dffffc0000000000
R13: 1ffff110170e77a4 R14: ffff8880964fe770 R15: ffff8880b873bd20
class_raw_spinlock_irqsave_destructor include/linux/spinlock.h:571 [inline]
try_to_wake_up+0x7b4/0x1380 kernel/sched/core.c:4190
wake_up_process kernel/sched/core.c:4434 [inline]
wake_up_q+0x85/0xd0 kernel/sched/core.c:1158
futex_wake+0x49a/0x580 kernel/futex/waitwake.c:198
do_futex+0x395/0x420 kernel/futex/syscalls.c:135
__do_sys_futex kernel/futex/syscalls.c:207 [inline]
__se_sys_futex+0x3a8/0x450 kernel/futex/syscalls.c:188
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f49cc79ce59
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc70ff2418 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f49cc79ce59
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f49cca15fa8
RBP: 0000000000001673 R08: 0000000000000000 R09: 0000000000000000
R10: 00007f49cca15fa0 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f49cca15fac R14: 00007f49cca15fa8 R15: 00007f49cca15fa0
task:syz.0.9330 state:R running task stack:20760 pid:4227 tgid:4227 ppid:24234 task_flags:0x400640 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1821/0x5740 kernel/sched/core.c:7189
preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7513
irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
irqentry_exit+0x14f/0x8b0 kernel/entry/common.c:164
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_release+0x2d7/0x3c0 kernel/locking/lockdep.c:5893
Code: ae 96 11 00 00 00 00 eb b5 e8 05 7e 05 0a f7 c3 00 02 00 00 74 b9 65 48 8b 05 75 68 96 11 48 3b 44 24 28 75 44 fb 48 83 c4 30 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 45 69 6e ff cc 48 8d 3d f2 b2 91
RSP: 0000:ffffc90005a6e7e8 EFLAGS: 00000286
RAX: 3bf3b61d6352d400 RBX: 0000000000000202 RCX: 0000000000000046
RDX: 0000000000000002 RSI: ffffffff8e216502 RDI: ffffffff8c28b760
RBP: ffff8880964f8be0 R08: ffff8880964f8000 R09: 0000000000000002
R10: 0000000000000406 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000002 R14: ffffffff8e95cca0 R15: ffff8880964f8000
rcu_lock_release include/linux/rcupdate.h:310 [inline]
rcu_read_unlock include/linux/rcupdate.h:869 [inline]
mt_find+0x405/0x630 lib/maple_tree.c:6290
find_vma+0xed/0x160 mm/mmap.c:908
gup_vma_lookup mm/gup.c:1275 [inline]
__get_user_pages+0x3be/0x2730 mm/gup.c:1396
__get_user_pages_locked mm/gup.c:1692 [inline]
get_dump_page+0x1b5/0x410 mm/gup.c:2192
dump_user_range+0x20a/0x12c0 fs/coredump.c:1372
elf_core_dump+0x34c2/0x3ad0 fs/binfmt_elf.c:2109
coredump_write+0x12b0/0x19d0 fs/coredump.c:1053
do_coredump fs/coredump.c:1132 [inline]
vfs_coredump+0x3807/0x4530 fs/coredump.c:1206
get_signal+0x1107/0x1330 kernel/signal.c:3022
arch_do_signal_or_restart+0xbc/0x840 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop kernel/entry/common.c:98 [inline]
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
irqentry_exit_to_user_mode_prepare include/linux/irq-entry-common.h:244 [inline]
irqentry_exit_to_user_mode include/linux/irq-entry-common.h:315 [inline]
irqentry_exit+0x2aa/0x8b0 kernel/entry/common.c:162
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:618
RIP: 0033:0x7f49cc79ce61
RSP: 002b:fffffffffffffe70 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 00007f49cca15fa0 RCX: 00007f49cc79ce59
RDX: 0000000000000000 RSI: fffffffffffffe70 RDI: 0000000000008000
RBP: 00007f49cc832d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 00007f49cca16038 R14: 00007f49cca15fa0 R15: 00007ffc70ff22b8
task:syz.2.9329 state:R running task stack:25064 pid:4223 tgid:4223 ppid:12499 task_flags:0x40004c flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1821/0x5740 kernel/sched/core.c:7189
preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7513
irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
irqentry_exit+0x14f/0x8b0 kernel/entry/common.c:164
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__update_page_owner_free_handle+0x1b8/0x470 mm/page_owner.c:289
Code: 2d 3d 45 71 0c 4c 01 fd 83 3c 24 00 4c 89 7c 24 38 74 37 e8 aa e8 8a ff 4c 89 ff be 08 00 00 00 e8 2d 41 f6 ff 49 0f ba 37 01 <4c> 8d 65 0c 4c 89 e0 48 c1 e8 03 0f b6 04 18 84 c0 0f 85 c3 01 00
RSP: 0018:ffffc900059074b8 EFLAGS: 00000257
RAX: ffffffff823acd01 RBX: dffffc0000000000 RCX: ffffffff823ace03
RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88801f439670
RBP: ffff88801f439678 R08: ffff88801f439677 R09: 1ffff11003e872ce
R10: dffffc0000000000 R11: ffffed1003e872cf R12: 0000000000090b7c
R13: 0000000000000001 R14: 0000000000000000 R15: ffff88801f439670
__reset_page_owner+0x85/0x1f0 mm/page_owner.c:321
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1397 [inline]
free_unref_folios+0xd9f/0x14c0 mm/page_alloc.c:2999
folios_put_refs+0x9ff/0xb40 mm/swap.c:1008
free_pages_and_swap_cache+0x41d/0x490 mm/swap_state.c:404
__tlb_batch_free_encoded_pages mm/mmu_gather.c:138 [inline]
tlb_batch_pages_flush mm/mmu_gather.c:151 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:417 [inline]
tlb_flush_mmu+0x6d3/0xa30 mm/mmu_gather.c:424
tlb_finish_mmu+0xf9/0x230 mm/mmu_gather.c:549
exit_mmap+0x498/0x9e0 mm/mmap.c:1313
__mmput+0x118/0x430 kernel/fork.c:1178
exit_mm+0x1f6/0x2d0 kernel/exit.c:582
do_exit+0x6a2/0x22c0 kernel/exit.c:964
do_group_exit+0x21b/0x2d0 kernel/exit.c:1119
__do_sys_exit_group kernel/exit.c:1130 [inline]
__se_sys_exit_group kernel/exit.c:1128 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1128
x64_sys_call+0x221a/0x2240 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f3e2559ce59
RSP: 002b:00007ffd5cfd8ae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3e2559ce59
RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007ffd5cfd8b4c R08: 0000000000000000 R09: 00000000000927c0
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000574
R13: 00000000000927c0 R14: 0000000000165639 R15: 00007ffd5cfd8ba0
task:syz.3.9324 state:R running task stack:22512 pid:4214 tgid:4213 ppid:23838 task_flags:0x40054c flags:0x00080003
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1821/0x5740 kernel/sched/core.c:7189
preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7513
irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:539 [inline]
irqentry_exit+0x14f/0x8b0 kernel/entry/common.c:164
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:rcu_read_unlock include/linux/rcupdate.h:867 [inline]
RIP: 0010:class_rcu_destructor include/linux/rcupdate.h:1181 [inline]
RIP: 0010:unwind_next_frame+0x1b78/0x2550 arch/x86/kernel/unwind_orc.c:709
Code: 6c 24 20 41 0f b6 44 2d 00 84 c0 0f 85 81 02 00 00 41 c7 06 00 00 00 00 31 db e8 f3 5d 30 0a 85 c0 74 3a e8 ca cf 33 00 84 c0 <75> 31 e8 e1 5d 30 0a 85 c0 74 28 80 3d dc 19 a3 0e 00 75 1f c6 05
RSP: 0018:ffffc900054c6c98 EFLAGS: 00000202
RAX: 0000000000000001 RBX: ffffffff90cf6b01 RCX: 0000000080000001
RDX: ffffc900054c6d01 RSI: ffffffff8c28b740 RDI: ffffffff8c28b700
RBP: dffffc0000000000 R08: ffffc900054c7590 R09: ffffc900054c6db8
R10: dffffc0000000000 R11: fffff52000a98db9 R12: ffffc900054c75a0
R13: ffffc900054c0000 R14: ffffc900054c6d68 R15: ffffffff8176e256
arch_stack_walk+0x11b/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
save_stack+0x122/0x230 mm/page_owner.c:165
__reset_page_owner+0x71/0x1f0 mm/page_owner.c:320
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1397 [inline]
free_unref_folios+0xd9f/0x14c0 mm/page_alloc.c:2999
folios_put_refs+0x9ff/0xb40 mm/swap.c:1008
folio_batch_release include/linux/folio_batch.h:101 [inline]
truncate_inode_pages_range+0x3dd/0xe30 mm/truncate.c:408
evict+0x631/0xb10 fs/inode.c:843
__dentry_kill+0x1a2/0x690 fs/dcache.c:718
shrink_kill+0xa9/0x2c0 fs/dcache.c:1195
shrink_dentry_list+0x2e0/0x5e0 fs/dcache.c:1222
shrink_dcache_tree+0xe9/0x5d0 fs/dcache.c:-1
do_one_tree fs/dcache.c:1721 [inline]
shrink_dcache_for_umount+0xa8/0x1f0 fs/dcache.c:1738
generic_shutdown_super+0x6f/0x2d0 fs/super.c:624
kill_anon_super+0x3b/0x70 fs/super.c:1292
deactivate_locked_super+0xbc/0x130 fs/super.c:476
cleanup_mnt+0x437/0x4d0 fs/namespace.c:1312
task_work_run+0x1d9/0x270 kernel/task_work.c:233
exit_task_work include/linux/task_work.h:40 [inline]
do_exit+0x70f/0x22c0 kernel/exit.c:976
do_group_exit+0x21b/0x2d0 kernel/exit.c:1119
get_signal+0x1284/0x1330 kernel/signal.c:3037
arch_do_signal_or_restart+0xbc/0x840 arch/x86/kernel/signal.c:337
__exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
exit_to_user_mode_loop+0xa9/0x680 kernel/entry/common.c:98
__exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:230 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
do_syscall_64+0x353/0x580 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff53b19ce59
RSP: 002b:00007ff53c067028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: 0000000000000006 RBX: 00007ff53b415fa0 RCX: 00007ff53b19ce59
RDX: 0000000000088882 RSI: 0000200000000180 RDI: ffffffffffffff9c
RBP: 00007ff53b232d6f R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ff53b416038 R14: 00007ff53b415fa0 R15: 00007ffdebd4e6d8
rcu: rcu_preempt kthread starved for 10500 jiffies! g245405 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:27544 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000
Call Trace:
context_switch kernel/sched/core.c:5388 [inline]
__schedule+0x1821/0x5740 kernel/sched/core.c:7189
__schedule_loop kernel/sched/core.c:7268 [inline]
schedule+0x164/0x360 kernel/sched/core.c:7283
schedule_timeout+0x158/0x2c0 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x312/0x11d0 kernel/rcu/tree.c:2095
rcu_gp_kthread+0x9e/0x2b0 kernel/rcu/tree.c:2297
kthread+0x389/0x470 kernel/kthread.c:436
ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
rcu: Stack dump where RCU GP kthread last ran:
CPU: 0 UID: 0 PID: 24664 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:csd_lock_wait kernel/smp.c:342 [inline]
RIP: 0010:smp_call_function_many_cond+0xfd4/0x13d0 kernel/smp.c:892
Code: 89 ee 83 e6 01 31 ff e8 9a 07 0c 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 45 03 0c 00 eb 37 f3 90 43 0f b6 04 2c <84> c0 75 10 41 f7 06 01 00 00 00 74 1e e8 2a 03 0c 00 eb e5 44 89
RSP: 0018:ffffc90006927560 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffff8880b863c188 RCX: ffff888030acdd00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90006927688 R08: ffffffff903028f7 R09: 1ffffffff206051e
R10: dffffc0000000000 R11: fffffbfff206051f R12: 1ffff110170e8171
R13: dffffc0000000000 R14: ffff8880b8740b88 R15: 0000000000000001
FS: 00005555791ad500(0000) GS:ffff88812529c000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fef54d456b8 CR3: 0000000026471000 CR4: 0000000000350ef0
Call Trace:
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1057
__flush_tlb_multi arch/x86/include/asm/paravirt.h:46 [inline]
flush_tlb_multi arch/x86/mm/tlb.c:1361 [inline]
flush_tlb_mm_range+0x5c3/0x10b0 arch/x86/mm/tlb.c:1451
dup_mmap+0x17b0/0x1da0 mm/mmap.c:1905
dup_mm kernel/fork.c:1534 [inline]
copy_mm+0x13b/0x4a0 kernel/fork.c:1586
copy_process+0x1f1c/0x4440 kernel/fork.c:2264
kernel_clone+0x2d7/0x940 kernel/fork.c:2722
__do_sys_clone kernel/fork.c:2863 [inline]
__se_sys_clone kernel/fork.c:2847 [inline]
__x64_sys_clone+0x1b6/0x230 kernel/fork.c:2847
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x174/0x580 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fef53fc58d2
Code: 89 e7 e8 71 8b f7 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 89 c5 85 c0 75 3b 64 48 8b 04 25 10 00 00
RSP: 002b:00007fff9f492f60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007fff9f492f60 RCX: 00007fef53fc58d2
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007fff9f4930ec R08: 0000000000000000 R09: 0000000000000001
R10: 00005555791ad7d0 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000000927c0 R14: 000000000016578a R15: 00007fff9f493140