rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P13725/1:b..l P5882/1:b..l P13739/1:b..l
rcu: (detected by 1, t=10502 jiffies, g=67421, q=1622 ncpus=2)
task:syz.2.1743 state:R running task stack:26552 pid:13739 tgid:13738 ppid:5872 task_flags:0x400140 flags:0x00004002
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7288
irqentry_exit+0x36/0x90 kernel/entry/common.c:197
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_release+0x183/0x2f0 kernel/locking/lockdep.c:5893
Code: 0f c1 05 78 44 3f 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 8d 02 3f 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41
RSP: 0018:ffffc900044cec70 EFLAGS: 00000206
RAX: 873733d766798500 RBX: ffffffff8e5c1420 RCX: ffffc900044cec7c
RDX: 0000000000000001 RSI: ffffffff8de29cd5 RDI: ffffffff8c163600
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000010817 R12: ffffffff816ab8a4
R13: 0000000000000202 R14: ffff888026a9da00 R15: 0000000000000002
rcu_lock_release include/linux/rcupdate.h:341 [inline]
rcu_read_unlock include/linux/rcupdate.h:871 [inline]
class_rcu_destructor include/linux/rcupdate.h:1155 [inline]
unwind_next_frame+0x3f9/0x20a0 arch/x86/kernel/unwind_orc.c:479
arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
save_stack+0x160/0x1f0 mm/page_owner.c:156
__set_page_owner+0x91/0x550 mm/page_owner.c:329
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1c0/0x230 mm/page_alloc.c:1851
prep_new_page mm/page_alloc.c:1859 [inline]
get_page_from_freelist+0x132b/0x38e0 mm/page_alloc.c:3858
__alloc_frozen_pages_noprof+0x261/0x23f0 mm/page_alloc.c:5148
alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2416
folio_alloc_mpol_noprof+0x36/0x2f0 mm/mempolicy.c:2435
shmem_alloc_folio+0x135/0x160 mm/shmem.c:1908
shmem_alloc_and_add_folio+0x499/0xc20 mm/shmem.c:1947
shmem_get_folio_gfp+0x67f/0x1600 mm/shmem.c:2597
shmem_fault+0x1fe/0xa30 mm/shmem.c:2798
__do_fault+0x10d/0x490 mm/memory.c:5152
do_shared_fault mm/memory.c:5637 [inline]
do_fault mm/memory.c:5711 [inline]
do_pte_missing+0x1a6/0x3ba0 mm/memory.c:4234
handle_pte_fault mm/memory.c:6052 [inline]
__handle_mm_fault+0x152a/0x2a50 mm/memory.c:6195
handle_mm_fault+0x589/0xd10 mm/memory.c:6364
faultin_page mm/gup.c:1144 [inline]
__get_user_pages+0x551/0x34a0 mm/gup.c:1446
__get_user_pages_locked mm/gup.c:1712 [inline]
faultin_page_range+0x338/0x940 mm/gup.c:1932
madvise_populate mm/madvise.c:979 [inline]
madvise_do_behavior+0x34c/0x530 mm/madvise.c:1883
do_madvise+0x176/0x240 mm/madvise.c:1978
__do_sys_madvise mm/madvise.c:1987 [inline]
__se_sys_madvise mm/madvise.c:1985 [inline]
__x64_sys_madvise+0xa9/0x110 mm/madvise.c:1985
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f55dc98eba9
RSP: 002b:00007f55dd7ec038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00007f55dcbd5fa0 RCX: 00007f55dc98eba9
RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000
RBP: 00007f55dca11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f55dcbd6038 R14: 00007f55dcbd5fa0 R15: 00007ffe634ea798
task:udevd state:R running task stack:26376 pid:5882 tgid:5882 ppid:5235 task_flags:0x40014c flags:0x00004002
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7288
irqentry_exit+0x36/0x90 kernel/entry/common.c:197
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:217 [inline]
RIP: 0010:unwind_next_frame+0x1f6/0x20a0 arch/x86/kernel/unwind_orc.c:494
Code: 89 c3 39 d0 0f 83 fb 15 00 00 48 ba 00 00 00 00 00 fc ff df 89 c1 48 8d 3c 8d e4 3c fe 91 49 89 f8 49 c1 e8 03 45 0f b6 04 10 <48> 89 fa 83 e2 07 83 c2 03 44 38 c2 7c 2f 45 84 c0 74 2a 48 89 4c
RSP: 0018:ffffc90003f6f440 EFLAGS: 00000a03
RAX: 000000000000a67a RBX: 0000000000000001 RCX: 000000000000a67a
RDX: dffffc0000000000 RSI: 00000000000a9569 RDI: ffffffff9200d6cc
RBP: ffffc90003f6f4f8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000000a67a R12: ffffc90003f6f500
R13: ffffc90003f6f4b0 R14: ffffc90003f6f4e5 R15: ffffffff81a67a3d
arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
save_stack+0x160/0x1f0 mm/page_owner.c:156
__reset_page_owner+0x84/0x1a0 mm/page_owner.c:308
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1395 [inline]
free_unref_folios+0xa61/0x16b0 mm/page_alloc.c:2952
folios_put_refs+0x56f/0x740 mm/swap.c:997
free_pages_and_swap_cache+0x245/0x4a0 mm/swap_state.c:264
__tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:397 [inline]
tlb_flush_mmu mm/mmu_gather.c:404 [inline]
tlb_finish_mmu+0x168/0x7c0 mm/mmu_gather.c:497
exit_mmap+0x403/0xb90 mm/mmap.c:1293
__mmput+0x12a/0x410 kernel/fork.c:1129
mmput+0x62/0x70 kernel/fork.c:1152
exit_mm kernel/exit.c:582 [inline]
do_exit+0x7c7/0x2bf0 kernel/exit.c:949
do_group_exit+0xd3/0x2a0 kernel/exit.c:1102
__do_sys_exit_group kernel/exit.c:1113 [inline]
__se_sys_exit_group kernel/exit.c:1111 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1111
x64_sys_call+0x14fa/0x1720 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fda83cf16c5
RSP: 002b:00007ffdac74e468 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 000055b779899e20 RCX: 00007fda83cf16c5
RDX: 00000000000000e7 RSI: fffffffffffffe68 RDI: 0000000000000000
RBP: 000055b77985d910 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdac74e4b0 R14: 0000000000000000 R15: 0000000000000000
task:syz.1.1742 state:R running task stack:26264 pid:13725 tgid:13725 ppid:5877 task_flags:0x400040 flags:0x00004006
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7288
irqentry_exit+0x36/0x90 kernel/entry/common.c:197
asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:lock_release+0x183/0x2f0 kernel/locking/lockdep.c:5893
Code: 0f c1 05 78 44 3f 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 8d 02 3f 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41
RSP: 0018:ffffc900045ff890 EFLAGS: 00000206
RAX: d76617dc49fd8a00 RBX: ffffffff8e5c1420 RCX: ffffc900045ff89c
RDX: 0000000000000001 RSI: ffffffff8de29cd5 RDI: ffffffff8c163600
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000001203f R12: ffffffff816ab8a4
R13: 0000000000000202 R14: ffff888031a45a00 R15: 0000000000000002
rcu_lock_release include/linux/rcupdate.h:341 [inline]
rcu_read_unlock include/linux/rcupdate.h:871 [inline]
class_rcu_destructor include/linux/rcupdate.h:1155 [inline]
unwind_next_frame+0x3f9/0x20a0 arch/x86/kernel/unwind_orc.c:479
arch_stack_walk+0x94/0x100 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
poison_slab_object mm/kasan/common.c:243 [inline]
__kasan_slab_free+0x60/0x70 mm/kasan/common.c:275
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2422 [inline]
slab_free mm/slub.c:4695 [inline]
kfree+0x2b4/0x4d0 mm/slub.c:4894
snd_pcm_plugin_free+0xb2/0xe0 sound/core/oss/pcm_plugin.c:199
snd_pcm_oss_plugin_clear sound/core/oss/pcm_oss.c:539 [inline]
snd_pcm_oss_release_buffers sound/core/oss/pcm_oss.c:841 [inline]
snd_pcm_oss_release_substream+0x11a/0x1f0 sound/core/oss/pcm_oss.c:2350
snd_pcm_release_substream.part.0+0x199/0x340 sound/core/pcm_native.c:2737
snd_pcm_release_substream+0x5b/0x70 sound/core/pcm_native.c:2724
snd_pcm_oss_release_file sound/core/oss/pcm_oss.c:2397 [inline]
snd_pcm_oss_release_file sound/core/oss/pcm_oss.c:2389 [inline]
snd_pcm_oss_release+0x16f/0x310 sound/core/oss/pcm_oss.c:2576
__fput+0x402/0xb70 fs/file_table.c:468
task_work_run+0x14d/0x240 kernel/task_work.c:227
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop+0xeb/0x110 kernel/entry/common.c:43
exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
do_syscall_64+0x41c/0x4c0 arch/x86/entry/syscall_64.c:100
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbc0018eba9
RSP: 002b:00007ffcea5ef4b8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007fbc003d7da0 RCX: 00007fbc0018eba9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007fbc003d7da0 R08: 0000000000037874 R09: 0000001eea5ef7af
R10: 00007fbc003d7cb0 R11: 0000000000000246 R12: 00000000000948ec
R13: 00007fbc003d6180 R14: ffffffffffffffff R15: 00007ffcea5ef5d0
rcu: rcu_preempt kthread starved for 10278 jiffies! g67421 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:27368 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000
Call Trace:
context_switch kernel/sched/core.c:5357 [inline]
__schedule+0x1190/0x5de0 kernel/sched/core.c:6961
__schedule_loop kernel/sched/core.c:7043 [inline]
schedule+0xe7/0x3a0 kernel/sched/core.c:7058
schedule_timeout+0x123/0x290 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x1ea/0xb00 kernel/rcu/tree.c:2083
rcu_gp_kthread+0x270/0x380 kernel/rcu/tree.c:2285
kthread+0x3c5/0x780 kernel/kthread.c:463
ret_from_fork+0x56d/0x730 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:82
Code: 3d 64 02 e9 13 0a 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 53 85 18 00 fb f4 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
RSP: 0018:ffffc90000197df8 EFLAGS: 000002c6
RAX: 000000000055d2b1 RBX: 0000000000000001 RCX: ffffffff8b918b29
RDX: 0000000000000000 RSI: ffffffff8de4f1c9 RDI: ffffffff8c163600
RBP: ffffed1003c55b40 R08: 0000000000000001 R09: ffffed10170a6655
R10: ffff8880b85332ab R11: 0000000000000000 R12: 0000000000000001
R13: ffff88801e2ada00 R14: ffffffff90aba890 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8881247ba000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555826105c8 CR3: 0000000031e38000 CR4: 00000000003526f0
Call Trace:
arch_safe_halt arch/x86/include/asm/paravirt.h:107 [inline]
default_idle+0x13/0x20 arch/x86/kernel/process.c:757
default_idle_call+0x6d/0xb0 kernel/sched/idle.c:122
cpuidle_idle_call kernel/sched/idle.c:190 [inline]
do_idle+0x391/0x510 kernel/sched/idle.c:330
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:428
start_secondary+0x21d/0x2b0 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x148