rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6916/1:b..l
rcu: 	(detected by 0, t=10503 jiffies, g=18941, q=1077976 ncpus=2)
task:syz.0.281       state:R  running task     stack:27960 pid:6916  tgid:6908  ppid:5614   task_flags:0x400140 flags:0x00080001
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5387 [inline]
 __schedule+0x10e9/0x6820 kernel/sched/core.c:7188
 preempt_schedule_irq+0x50/0x90 kernel/sched/core.c:7512
 irqentry_exit_to_kernel_mode_preempt include/linux/irq-entry-common.h:476 [inline]
 irqentry_exit_to_kernel_mode include/linux/irq-entry-common.h:547 [inline]
 irqentry_exit+0x1fe/0x790 kernel/entry/common.c:164
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210
Code: 56 5b 5c 00 48 89 df 5b e9 7d e6 61 00 be 03 00 00 00 5b e9 42 b4 f0 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 65 8b 05 05 e1 01 12 48 8b 34 24 65 48 8b 15 e1 e0 01
RSP: 0018:ffffc90003437800 EFLAGS: 00000287
RAX: 0000000000005db2 RBX: 0000000000000000 RCX: ffffc90010081000
RDX: 0000000000080000 RSI: ffffffff81cf10bb RDI: ffff888029ee8000
RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000008
R13: ffff88813fe5b000 R14: ffff88806bae4a30 R15: ffff888055a50840
 queue_work_on+0x141/0x1e0 kernel/workqueue.c:2437
 queue_work include/linux/workqueue.h:696 [inline]
 schedule_work include/linux/workqueue.h:757 [inline]
 __rhashtable_remove_fast_one include/linux/rhashtable.h:1118 [inline]
 __rhashtable_remove_fast include/linux/rhashtable.h:1142 [inline]
 rhashtable_remove_fast include/linux/rhashtable.h:1171 [inline]
 simple_xattr_set+0x221a/0x36a0 fs/xattr.c:1399
 shmem_xattr_handler_set+0x11c/0x400 mm/shmem.c:4337
 __vfs_removexattr+0x155/0x1c0 fs/xattr.c:536
 __vfs_removexattr_locked+0x107/0x4d0 fs/xattr.c:571
 vfs_removexattr+0xe9/0x2b0 fs/xattr.c:593
 ovl_do_removexattr fs/overlayfs/overlayfs.h:341 [inline]
 ovl_removexattr fs/overlayfs/overlayfs.h:349 [inline]
 ovl_make_workdir fs/overlayfs/super.c:756 [inline]
 ovl_get_workdir fs/overlayfs/super.c:836 [inline]
 ovl_fill_super_creds fs/overlayfs/super.c:1449 [inline]
 ovl_fill_super+0x1429/0x5e30 fs/overlayfs/super.c:1560
 vfs_get_super fs/super.c:1327 [inline]
 get_tree_nodev+0xdd/0x190 fs/super.c:1346
 vfs_get_tree+0x92/0x320 fs/super.c:1754
 fc_mount fs/namespace.c:1193 [inline]
 do_new_mount_fc fs/namespace.c:3758 [inline]
 do_new_mount fs/namespace.c:3834 [inline]
 path_mount+0x7d0/0x23d0 fs/namespace.c:4154
 do_mount fs/namespace.c:4167 [inline]
 __do_sys_mount fs/namespace.c:4383 [inline]
 __se_sys_mount fs/namespace.c:4360 [inline]
 __x64_sys_mount+0x293/0x310 fs/namespace.c:4360
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2e8939cdd9
RSP: 002b:00007f2e8a2f3028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f2e89616090 RCX: 00007f2e8939cdd9
RDX: 0000200000000000 RSI: 0000200000000100 RDI: 0000000000000000
RBP: 00007f2e89432d69 R08: 00002000000000c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2e89616128 R14: 00007f2e89616090 R15: 00007fff6b26fc38
 </TASK>
rcu: rcu_preempt kthread starved for 427 jiffies! g18941 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27224 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5387 [inline]
 __schedule+0x10e9/0x6820 kernel/sched/core.c:7188
 __schedule_loop kernel/sched/core.c:7267 [inline]
 schedule+0xdd/0x390 kernel/sched/core.c:7282
 schedule_timeout+0x127/0x280 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x1a9/0x900 kernel/rcu/tree.c:2095
 rcu_gp_kthread+0x179/0x230 kernel/rcu/tree.c:2297
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 421 Comm: kworker/u8:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events_unbound cfg80211_wiphy_work
RIP: 0010:__raw_spin_trylock include/linux/spinlock_api_smp.h:91 [inline]
RIP: 0010:_raw_spin_trylock+0x3f/0x80 kernel/locking/spinlock.c:142
Code: ef e8 c5 36 58 f6 85 c0 75 20 89 c3 bf 01 00 00 00 e8 c5 0b 48 f6 65 8b 05 1e e1 7d 08 85 c0 74 37 89 d8 5b 5d e9 01 4c 00 00 <ff> 74 24 10 48 8d 7d 18 ba 01 00 00 00 45 31 c9 bb 01 00 00 00 41
RSP: 0018:ffffc90000a081d8 EFLAGS: 00000002
RAX: 0000000000000001 RBX: ffffc90000a082b0 RCX: ffffffff81e4c66e
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff88813fe479d0
RBP: ffff88813fe479c0 R08: 0000000000000001 R09: fffff5200014102f
R10: 0000000000000003 R11: 0000000000000000 R12: ffff88813fe479c0
R13: ffff88813fe4c8c0 R14: ffff888026832500 R15: 0000000000000028
FS:  0000000000000000(0000) GS:ffff888124479000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00002000003c6030 CR3: 000000005f8c2000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 _raw_spin_trylock_irqsave include/linux/spinlock_api_smp.h:112 [inline]
 _spin_trylock_irqsave include/linux/spinlock.h:426 [inline]
 get_from_partial_node+0x271/0x5a0 mm/slub.c:3797
 get_from_partial mm/slub.c:3924 [inline]
 ___slab_alloc+0x88/0x8b0 mm/slub.c:4440
 __slab_alloc_node mm/slub.c:4510 [inline]
 slab_alloc_node mm/slub.c:4886 [inline]
 kmem_cache_alloc_noprof+0x360/0x6e0 mm/slub.c:4905
 kmem_alloc_batch+0x49/0x170 lib/debugobjects.c:371
 fill_pool lib/debugobjects.c:420 [inline]
 debug_objects_fill_pool lib/debugobjects.c:742 [inline]
 debug_objects_fill_pool+0x24d/0x5a0 lib/debugobjects.c:714
 debug_object_activate+0x103/0x490 lib/debugobjects.c:831
 debug_rcu_head_queue kernel/rcu/rcu.h:236 [inline]
 __call_rcu_common.constprop.0+0x35/0x9b0 kernel/rcu/tree.c:3116
 call_rcu_hurry include/linux/rcupdate.h:125 [inline]
 dst_release net/core/dst.c:178 [inline]
 dst_release+0x259/0x330 net/core/dst.c:166
 refdst_drop include/net/dst.h:272 [inline]
 skb_dst_drop include/net/dst.h:284 [inline]
 skb_release_head_state+0x293/0x400 net/core/skbuff.c:1163
 skb_release_all net/core/skbuff.c:1187 [inline]
 __kfree_skb net/core/skbuff.c:1203 [inline]
 consume_skb net/core/skbuff.c:1436 [inline]
 consume_skb+0x8a/0x110 net/core/skbuff.c:1430
 nft_synproxy_eval_v4 net/netfilter/nft_synproxy.c:61 [inline]
 nft_synproxy_do_eval+0xa72/0xd50 net/netfilter/nft_synproxy.c:142
 expr_call_ops_eval net/netfilter/nf_tables_core.c:237 [inline]
 nft_do_chain+0x2e5/0x1950 net/netfilter/nf_tables_core.c:285
 nft_do_chain_inet+0xf3/0x400 net/netfilter/nft_chain_filter.c:162
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xbf/0x220 net/netfilter/core.c:619
 nf_hook.constprop.0+0x2a6/0x750 include/linux/netfilter.h:273
 NF_HOOK include/linux/netfilter.h:316 [inline]
 ip_local_deliver+0x163/0x1f0 net/ipv4/ip_input.c:262
 dst_input include/net/dst.h:480 [inline]
 ip_rcv_finish net/ipv4/ip_input.c:492 [inline]
 NF_HOOK include/linux/netfilter.h:318 [inline]
 NF_HOOK include/linux/netfilter.h:312 [inline]
 ip_rcv+0x33a/0x3c0 net/ipv4/ip_input.c:612
 __netif_receive_skb_one_core+0x197/0x1e0 net/core/dev.c:6202
 __netif_receive_skb+0x1f/0x120 net/core/dev.c:6315
 process_backlog+0x37a/0x1580 net/core/dev.c:6666
 __napi_poll.constprop.0+0xaf/0x450 net/core/dev.c:7730
 napi_poll net/core/dev.c:7793 [inline]
 net_rx_action+0xa40/0xf20 net/core/dev.c:7950
 handle_softirqs+0x1ea/0xa00 kernel/softirq.c:622
 do_softirq kernel/softirq.c:523 [inline]
 do_softirq+0xac/0xe0 kernel/softirq.c:510
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0xf8/0x120 kernel/softirq.c:450
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 cfg80211_put_bss+0x1b4/0x280 net/wireless/scan.c:3346
 ieee80211_rx_bss_put net/mac80211/scan.c:37 [inline]
 ieee80211_rx_bss_put+0x43/0x60 net/mac80211/scan.c:32
 ieee80211_rx_bss_info net/mac80211/ibss.c:1160 [inline]
 ieee80211_rx_mgmt_probe_beacon net/mac80211/ibss.c:1569 [inline]
 ieee80211_ibss_rx_queued_mgmt+0x1a3b/0x2f80 net/mac80211/ibss.c:1596
 ieee80211_iface_process_skb net/mac80211/iface.c:1795 [inline]
 ieee80211_iface_work+0xbff/0x13e0 net/mac80211/iface.c:1849
 cfg80211_wiphy_work+0x410/0x570 net/wireless/core.c:513
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3302
 process_scheduled_works kernel/workqueue.c:3385 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3466
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>