[syzbot] [mm?] INFO: rcu detected stall in sys_clone (8)

[syzbot <syzbot+c4c6c3dc10cc96bcf723@syzkaller.appspotmail.com>]

Hello,

syzbot found the following issue on:

HEAD commit:    f99c5f563c17 Merge tag 'nf-24-03-21' of git://git.kernel.o..
git tree:       net
console+strace: https://syzkaller.appspot.com/x/log.txt?x=12163769180000
kernel config:  https://syzkaller.appspot.com/x/.config?x=6fb1be60a193d440
dashboard link: https://syzkaller.appspot.com/bug?extid=c4c6c3dc10cc96bcf723
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=125d023a180000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14a54006180000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/65d3f3eb786e/disk-f99c5f56.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/799cf7f28ff8/vmlinux-f99c5f56.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ab26c60c3845/bzImage-f99c5f56.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c4c6c3dc10cc96bcf723@syzkaller.appspotmail.com

rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	1-...!: (1 ticks this GP) idle=f744/1/0x4000000000000000 softirq=6822/6822 fqs=0
rcu: 	(detected by 0, t=10503 jiffies, g=8373, q=658 ncpus=2)
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 4736 Comm: dhcpcd Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
RIP: 0010:lockdep_enabled kernel/locking/lockdep.c:122 [inline]
RIP: 0010:lock_release+0x124/0x9d0 kernel/locking/lockdep.c:5767
Code: 00 65 48 8b 04 25 80 ce 03 00 48 89 44 24 18 48 8d 98 d4 0a 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 c3 05 00 00 <83> 3b 00 0f 85 f1 04 00 00 4c 8d b4 24 b0 00 00 00 4c 89 f3 48 c1
RSP: 0018:ffffc90000a08a60 EFLAGS: 00000046
RAX: 0000000000000000 RBX: ffff888018308ad4 RCX: ffffffff8171c080
RDX: 0000000000000000 RSI: ffffffff8bfec640 RDI: ffffffff8bfec600
RBP: ffffc90000a08b90 R08: ffffffff8f86ae6f R09: 1ffffffff1f0d5cd
R10: dffffc0000000000 R11: fffffbfff1f0d5ce R12: 1ffff92000141158
R13: ffffffff84ac5555 R14: ffffc90000a08bc0 R15: dffffc0000000000
FS:  00007f8e49f9b740(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8e4a140b10 CR3: 0000000028508000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:149 [inline]
 _raw_spin_unlock_irqrestore+0x79/0x140 kernel/locking/spinlock.c:194
 debug_object_deactivate+0x2d5/0x390 lib/debugobjects.c:778
 debug_hrtimer_deactivate kernel/time/hrtimer.c:428 [inline]
 debug_deactivate+0x1b/0x200 kernel/time/hrtimer.c:484
 __run_hrtimer kernel/time/hrtimer.c:1660 [inline]
 __hrtimer_run_queues+0x30f/0xd00 kernel/time/hrtimer.c:1756
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1818
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x107/0x3a0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:check_kcov_mode kernel/kcov.c:184 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:236 [inline]
RIP: 0010:__sanitizer_cov_trace_cmp8+0x35/0x90 kernel/kcov.c:284
Code: 0c 25 80 ce 03 00 65 8b 05 a0 db 6e 7e a9 00 01 ff 00 74 10 a9 00 01 00 00 74 57 83 b9 14 16 00 00 00 74 4e 8b 81 f0 15 00 00 <83> f8 03 75 43 48 8b 91 f8 15 00 00 44 8b 89 f4 15 00 00 49 c1 e1
RSP: 0018:ffffc900035ff500 EFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff81000000 RCX: ffff888018308000
RDX: ffffc900035ff615 RSI: ffffffff81000000 RDI: ffffffff81ecc4e1
RBP: ffffffff81ecc4e1 R08: ffffffff81409149 R09: ffffc900035ff6d0
R10: 0000000000000003 R11: ffffffff8180dbc0 R12: ffffc900035ff5e0
R13: ffffc900035ff630 R14: dffffc0000000000 R15: ffffffff81ecc4e2
 orc_find arch/x86/kernel/unwind_orc.c:206 [inline]
 unwind_next_frame+0x1d9/0x2a00 arch/x86/kernel/unwind_orc.c:494
 arch_stack_walk+0x151/0x1b0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:312 [inline]
 __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:338
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3813 [inline]
 slab_alloc_node mm/slub.c:3860 [inline]
 kmem_cache_alloc_node+0x192/0x380 mm/slub.c:3903
 alloc_task_struct_node kernel/fork.c:176 [inline]
 dup_task_struct+0x57/0x7d0 kernel/fork.c:1106
 copy_process+0x5d1/0x3df0 kernel/fork.c:2219
 kernel_clone+0x21e/0x8d0 kernel/fork.c:2796
 __do_sys_clone kernel/fork.c:2939 [inline]
 __se_sys_clone kernel/fork.c:2923 [inline]
 __x64_sys_clone+0x258/0x2a0 kernel/fork.c:2923
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f8e4a04ba12
Code: 41 5d 41 5e 41 5f c3 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 10 48 8b 15 e7 43 0f 00 f7 d8 64 89 02 48 83
RSP: 002b:00007fff3d31e228 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00005624b41b1601 RCX: 00007f8e4a04ba12
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007fff3d33e798 R08: 0000000000000000 R09: 00005624b41b15d0
R10: 00007f8e49f9ba10 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 00005624b41b1604
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10502 jiffies! g8373 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=1 timer-softirq=4283
rcu: rcu_preempt kthread starved for 10503 jiffies! g8373 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:24656 pid:16    tgid:16    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5409 [inline]
 __schedule+0x17d3/0x4a20 kernel/sched/core.c:6736
 __schedule_loop kernel/sched/core.c:6813 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6828
 schedule_timeout+0x1be/0x310 kernel/time/timer.c:2572
 rcu_gp_fqs_loop+0x2df/0x1370 kernel/rcu/tree.c:1663
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:1862
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup