rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	0-...!: (0 ticks this GP) idle=86b/1/0x4000000000000000 softirq=174200/174200 fqs=0 
	(detected by 1, t=10506 jiffies, g=268325, q=156 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5786 Comm: syz-executor.0 Not tainted 5.18.0-syzkaller-01850-gaa051d36ce4a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:rcu_rdp_cpu_online kernel/rcu/tree.c:232 [inline]
RIP: 0010:rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1193 [inline]
RIP: 0010:rcu_lockdep_current_cpu_online+0x83/0x140 kernel/rcu/tree.c:1177
Code: 3c 02 00 0f 85 a4 00 00 00 48 03 1c ed e0 68 7d 8b 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 20 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 87 00 00 00 48 8d 7b 18 48 8b 6b 20 48 b8 00 00 00 00 00 fc
RSP: 0018:ffffc90000007c28 EFLAGS: 00000046
RAX: dffffc0000000000 RBX: ffff8880b9c3aec0 RCX: ffffffff815ddbc8
RDX: 1ffff110173875dc RSI: 0000000000010005 RDI: ffff8880b9c3aee0
RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8db9c557
R10: fffffbfff1b738aa R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: ffffffff9080c618 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb216ab0718 CR3: 000000004850c000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 rcu_read_lock_held_common kernel/rcu/update.c:112 [inline]
 rcu_read_lock_held_common kernel/rcu/update.c:102 [inline]
 rcu_read_lock_sched_held+0x25/0x70 kernel/rcu/update.c:123
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x480/0x570 kernel/locking/lockdep.c:5605
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
 debug_object_deactivate lib/debugobjects.c:732 [inline]
 debug_object_deactivate+0x101/0x300 lib/debugobjects.c:720
 debug_hrtimer_deactivate kernel/time/hrtimer.c:425 [inline]
 debug_deactivate kernel/time/hrtimer.c:481 [inline]
 __run_hrtimer kernel/time/hrtimer.c:1653 [inline]
 __hrtimer_run_queues+0x3f8/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
 __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1112
 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1106
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:101 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x5c/0x180 mm/kasan/generic.c:189
Code: e9 01 48 89 fd 48 b8 00 00 00 00 00 fc ff df 4d 89 ca 48 c1 ed 03 49 c1 ea 03 48 01 c5 49 01 c2 48 89 e8 49 8d 5a 01 48 89 da <48> 29 ea 48 83 fa 10 7e 63 41 89 eb 41 83 e3 07 75 74 4c 8d 5a 07
RSP: 0018:ffffc900038176b0 EFLAGS: 00000282
RAX: fffff940000783d0 RBX: fffff940000783d1 RCX: ffffffff81cc436f
RDX: fffff940000783d1 RSI: 0000000000000008 RDI: ffffea00003c1e80
RBP: fffff940000783d0 R08: 0000000000000000 R09: ffffea00003c1e87
R10: fffff940000783d0 R11: 0000000000000001 R12: dffffc0000000000
R13: ffffea00003c1e80 R14: ffffea00003c1eb8 R15: ffffea00003c1e88
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 folio_test_slab include/linux/page-flags.h:497 [inline]
 __folio_memcg include/linux/memcontrol.h:397 [inline]
 folio_memcg include/linux/memcontrol.h:449 [inline]
 folio_memcg_lock+0xef/0x6c0 mm/memcontrol.c:2039
 page_remove_rmap+0x27/0x1510 mm/rmap.c:1377
 zap_pte_range mm/memory.c:1389 [inline]
 zap_pmd_range mm/memory.c:1497 [inline]
 zap_pud_range mm/memory.c:1526 [inline]
 zap_p4d_range mm/memory.c:1547 [inline]
 unmap_page_range+0xffa/0x3fa0 mm/memory.c:1568
 unmap_single_vma+0x198/0x310 mm/memory.c:1613
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1645
 exit_mmap+0x1c4/0x4a0 mm/mmap.c:3140
 __mmput+0x122/0x4b0 kernel/fork.c:1189
 mmput+0x56/0x60 kernel/fork.c:1210
 exit_mm kernel/exit.c:510 [inline]
 do_exit+0xa12/0x2a00 kernel/exit.c:782
 do_group_exit+0xd2/0x2f0 kernel/exit.c:925
 get_signal+0x22df/0x24c0 kernel/signal.c:2875
 arch_do_signal_or_restart+0x82/0x20f0 arch/x86/kernel/signal.c:869
 exit_to_user_mode_loop kernel/entry/common.c:166 [inline]
 exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fb1cdc89109
Code: Unable to access opcode bytes at RIP 0x7fb1cdc890df.
RSP: 002b:00007fb1ccbfe218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fb1cdd9bf68 RCX: 00007fb1cdc89109
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb1cdd9bf68
RBP: 00007fb1cdd9bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb1cdd9bf6c
R13: 00007ffc4c7fe82f R14: 00007fb1ccbfe300 R15: 0000000000022000
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 10505 jiffies! g268325 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=0 timer-softirq=184614
rcu: rcu_preempt kthread starved for 10506 jiffies! g268325 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:28360 pid:   16 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5076 [inline]
 __schedule+0xa00/0x4b30 kernel/sched/core.c:6391
 schedule+0xd2/0x1f0 kernel/sched/core.c:6463
 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1935
 rcu_gp_fqs_loop+0x186/0x810 kernel/rcu/tree.c:1999
 rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2187
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 5786 Comm: syz-executor.0 Not tainted 5.18.0-syzkaller-01850-gaa051d36ce4a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:27 [inline]
RIP: 0010:check_preemption_disabled+0x1b/0x170 lib/smp_processor_id.c:16
Code: 0f 1f 44 00 00 0f 0b e9 23 ff ff ff cc cc cc 41 56 41 55 49 89 f5 41 54 55 48 89 fd 53 0f 1f 44 00 00 65 44 8b 25 a5 38 93 76 <65> 8b 1d 8e 8e 93 76 81 e3 ff ff ff 7f 31 ff 89 de 0f 1f 44 00 00
RSP: 0018:ffffc90000007c78 EFLAGS: 00000082
RAX: 0000000000000001 RBX: 1ffff92000000f9c RCX: ffffffff815ddbc8
RDX: 0000000000000001 RSI: ffffffff8a27a6a0 RDI: ffffffff8a27a6e0
RBP: ffffffff8a27a6e0 R08: 0000000000000000 R09: ffffffff8db9c557
R10: fffffbfff1b738aa R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff8a27a6a0 R14: ffff88804c70d300 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb216ab0718 CR3: 000000004850c000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1185 [inline]
 rcu_lockdep_current_cpu_online+0x2d/0x140 kernel/rcu/tree.c:1177
 rcu_read_lock_held_common kernel/rcu/update.c:112 [inline]
 rcu_read_lock_held_common kernel/rcu/update.c:102 [inline]
 rcu_read_lock_sched_held+0x25/0x70 kernel/rcu/update.c:123
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x480/0x570 kernel/locking/lockdep.c:5605
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:349 [inline]
 advance_sched+0x53/0x9a0 net/sched/sch_taprio.c:715
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1095 [inline]
 __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1112
 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1106
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:101 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x5c/0x180 mm/kasan/generic.c:189
Code: e9 01 48 89 fd 48 b8 00 00 00 00 00 fc ff df 4d 89 ca 48 c1 ed 03 49 c1 ea 03 48 01 c5 49 01 c2 48 89 e8 49 8d 5a 01 48 89 da <48> 29 ea 48 83 fa 10 7e 63 41 89 eb 41 83 e3 07 75 74 4c 8d 5a 07
RSP: 0018:ffffc900038176b0 EFLAGS: 00000282
RAX: fffff940000783d0 RBX: fffff940000783d1 RCX: ffffffff81cc436f
RDX: fffff940000783d1 RSI: 0000000000000008 RDI: ffffea00003c1e80
RBP: fffff940000783d0 R08: 0000000000000000 R09: ffffea00003c1e87
R10: fffff940000783d0 R11: 0000000000000001 R12: dffffc0000000000
R13: ffffea00003c1e80 R14: ffffea00003c1eb8 R15: ffffea00003c1e88
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 folio_test_slab include/linux/page-flags.h:497 [inline]
 __folio_memcg include/linux/memcontrol.h:397 [inline]
 folio_memcg include/linux/memcontrol.h:449 [inline]
 folio_memcg_lock+0xef/0x6c0 mm/memcontrol.c:2039
 page_remove_rmap+0x27/0x1510 mm/rmap.c:1377
 zap_pte_range mm/memory.c:1389 [inline]
 zap_pmd_range mm/memory.c:1497 [inline]
 zap_pud_range mm/memory.c:1526 [inline]
 zap_p4d_range mm/memory.c:1547 [inline]
 unmap_page_range+0xffa/0x3fa0 mm/memory.c:1568
 unmap_single_vma+0x198/0x310 mm/memory.c:1613
 unmap_vmas+0x16b/0x2f0 mm/memory.c:1645
 exit_mmap+0x1c4/0x4a0 mm/mmap.c:3140
 __mmput+0x122/0x4b0 kernel/fork.c:1189
 mmput+0x56/0x60 kernel/fork.c:1210
 exit_mm kernel/exit.c:510 [inline]
 do_exit+0xa12/0x2a00 kernel/exit.c:782
 do_group_exit+0xd2/0x2f0 kernel/exit.c:925
 get_signal+0x22df/0x24c0 kernel/signal.c:2875
 arch_do_signal_or_restart+0x82/0x20f0 arch/x86/kernel/signal.c:869
 exit_to_user_mode_loop kernel/entry/common.c:166 [inline]
 exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7fb1cdc89109
Code: Unable to access opcode bytes at RIP 0x7fb1cdc890df.
RSP: 002b:00007fb1ccbfe218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fb1cdd9bf68 RCX: 00007fb1cdc89109
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb1cdd9bf68
RBP: 00007fb1cdd9bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb1cdd9bf6c
R13: 00007ffc4c7fe82f R14: 00007fb1ccbfe300 R15: 0000000000022000
 </TASK>
----------------
Code disassembly (best guess):
   0:	3c 02                	cmp    $0x2,%al
   2:	00 0f                	add    %cl,(%rdi)
   4:	85 a4 00 00 00 48 03 	test   %esp,0x3480000(%rax,%rax,1)
   b:	1c ed                	sbb    $0xed,%al
   d:	e0 68                	loopne 0x77
   f:	7d 8b                	jge    0xffffff9c
  11:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  18:	fc ff df
  1b:	48 8d 7b 20          	lea    0x20(%rbx),%rdi
  1f:	48 89 fa             	mov    %rdi,%rdx
  22:	48 c1 ea 03          	shr    $0x3,%rdx
  26:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
* 2a:	0f 85 87 00 00 00    	jne    0xb7 <-- trapping instruction
  30:	48 8d 7b 18          	lea    0x18(%rbx),%rdi
  34:	48 8b 6b 20          	mov    0x20(%rbx),%rbp
  38:	48                   	rex.W
  39:	b8 00 00 00 00       	mov    $0x0,%eax
  3e:	00 fc                	add    %bh,%ah