rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
	(detected by 1, t=10502 jiffies, g=535369, q=2139)
rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295245394-4295234892), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 10502 jiffies! g535369 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28720 pid:   14 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:4986 [inline]
 __schedule+0xab2/0x4e90 kernel/sched/core.c:6296
 schedule+0xd2/0x260 kernel/sched/core.c:6369
 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881
 rcu_gp_fqs_loop+0x186/0x810 kernel/rcu/tree.c:1972
 rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2145
 kthread+0x2e9/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
NMI backtrace for cpu 1
CPU: 1 PID: 4030 Comm: syz-executor.5 Not tainted 5.16.0-rc8-next-20220107-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 nmi_cpu_backtrace.cold+0x47/0x144 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
 rcu_check_gp_kthread_starvation.cold+0x1fb/0x200 kernel/rcu/tree_stall.h:458
 print_other_cpu_stall kernel/rcu/tree_stall.h:563 [inline]
 check_cpu_stall kernel/rcu/tree_stall.h:706 [inline]
 rcu_pending kernel/rcu/tree.c:3921 [inline]
 rcu_sched_clock_irq+0x1f7c/0x2150 kernel/rcu/tree.c:2626
 update_process_times+0x16d/0x200 kernel/time/timer.c:1785
 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:226
 tick_sched_timer+0x1b0/0x2d0 kernel/time/tick-sched.c:1428
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
 __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103
 sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1097
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:194
Code: 74 24 10 e8 5a 39 02 f8 48 89 ef e8 12 af 02 f8 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 <e8> 13 69 f5 f7 65 8b 05 dc cb a7 76 85 c0 74 0a 5b 5d c3 e8 f0 ab
RSP: 0018:ffffc90000dc0c08 EFLAGS: 00000206
RAX: 0000000000000012 RBX: 0000000000000200 RCX: 1ffffffff20045b6
RDX: 0000000000000000 RSI: 0000000000000103 RDI: 0000000000000001
RBP: ffff8880b9d28480 R08: 0000000000000001 R09: ffffffff8ffcba2f
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000100043e4d
R13: ffff8880b9d28480 R14: 0000000000000000 R15: 00000000ffffffff
 __mod_timer+0x837/0xe30 kernel/time/timer.c:1065
 call_timer_fn+0x1a5/0x6b0 kernel/time/timer.c:1421
 expire_timers kernel/time/timer.c:1466 [inline]
 __run_timers.part.0+0x67c/0xa30 kernel/time/timer.c:1734
 __run_timers kernel/time/timer.c:1715 [inline]
 run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1747
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x38/0x70 kernel/locking/spinlock.c:194
Code: 74 24 10 e8 5a 39 02 f8 48 89 ef e8 12 af 02 f8 81 e3 00 02 00 00 75 25 9c 58 f6 c4 02 75 2d 48 85 db 74 01 fb bf 01 00 00 00 <e8> 13 69 f5 f7 65 8b 05 dc cb a7 76 85 c0 74 0a 5b 5d c3 e8 f0 ab
RSP: 0018:ffffc900122475d0 EFLAGS: 00000206
RAX: 0000000000000002 RBX: 0000000000000200 RCX: 1ffffffff1ffa54e
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
RBP: ffffffff906a9360 R08: 0000000000000001 R09: ffffffff8ffcb957
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000007
R13: 0000000000000007 R14: dead000000000100 R15: dffffc0000000000
 __debug_check_no_obj_freed lib/debugobjects.c:1002 [inline]
 debug_check_no_obj_freed+0x20c/0x420 lib/debugobjects.c:1023
 slab_free_hook mm/slub.c:1703 [inline]
 slab_free_freelist_hook+0xeb/0x1c0 mm/slub.c:1754
 slab_free mm/slub.c:3509 [inline]
 kmem_cache_free+0xdb/0x3b0 mm/slub.c:3526
 pgtable_pte_page_dtor include/linux/mm.h:2309 [inline]
 pte_free include/asm-generic/pgalloc.h:101 [inline]
 zap_deposited_table mm/huge_memory.c:1576 [inline]
 zap_huge_pmd+0x7d6/0x1060 mm/huge_memory.c:1627
 zap_pmd_range mm/memory.c:1444 [inline]
 zap_pud_range mm/memory.c:1497 [inline]
 zap_p4d_range mm/memory.c:1518 [inline]
 unmap_page_range+0x21e5/0x35d0 mm/memory.c:1539
 unmap_single_vma+0x198/0x310 mm/memory.c:1584
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1616
 exit_mmap+0x201/0x670 mm/mmap.c:3179
 __mmput+0x122/0x4b0 kernel/fork.c:1116
 mmput+0x56/0x60 kernel/fork.c:1137
 exit_mm kernel/exit.c:507 [inline]
 do_exit+0xa44/0x2b10 kernel/exit.c:780
 do_group_exit+0x128/0x330 kernel/exit.c:932
 get_signal+0x4b0/0x28c0 kernel/signal.c:2868
 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868
 handle_signal_work kernel/entry/common.c:148 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
 exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fd14314bdb4
Code: Unable to access opcode bytes at RIP 0x7fd14314bd8a.
RSP: 002b:00007fd141b0dca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: 0000000000000005 RBX: 00007fd1432abf60 RCX: 00007fd14314bdb4
RDX: 0000000000000002 RSI: 00007fd141b0dd40 RDI: 00000000ffffff9c
RBP: 00007fd141b0dd40 R08: 0000000000000000 R09: 000000000000000d
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
R13: 00007ffc8acea00f R14: 00007fd141b0e300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	74 24                	je     0x26
   2:	10 e8                	adc    %ch,%al
   4:	5a                   	pop    %rdx
   5:	39 02                	cmp    %eax,(%rdx)
   7:	f8                   	clc
   8:	48 89 ef             	mov    %rbp,%rdi
   b:	e8 12 af 02 f8       	callq  0xf802af22
  10:	81 e3 00 02 00 00    	and    $0x200,%ebx
  16:	75 25                	jne    0x3d
  18:	9c                   	pushfq
  19:	58                   	pop    %rax
  1a:	f6 c4 02             	test   $0x2,%ah
  1d:	75 2d                	jne    0x4c
  1f:	48 85 db             	test   %rbx,%rbx
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 13 69 f5 f7       	callq  0xf7f56942 <-- trapping instruction
  2f:	65 8b 05 dc cb a7 76 	mov    %gs:0x76a7cbdc(%rip),%eax        # 0x76a7cc12
  36:	85 c0                	test   %eax,%eax
  38:	74 0a                	je     0x44
  3a:	5b                   	pop    %rbx
  3b:	5d                   	pop    %rbp
  3c:	c3                   	retq
  3d:	e8                   	.byte 0xe8
  3e:	f0 ab                	lock stos %eax,%es:(%rdi)