rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5796/5:b..l P40/2:b..l P9036/1:b..l P9051/1:b..l
rcu: 	(detected by 1, t=10502 jiffies, g=24681, q=47 ncpus=2)
task:syz.2.1124      state:R  running task     stack:24680 pid:9051  tgid:9049  ppid:5804   task_flags:0x400040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x1553/0x5240 kernel/sched/core.c:6911
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7238
 irqentry_exit+0x599/0x620 kernel/entry/common.c:239
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:xas_create+0xf91/0x1ba0 lib/xarray.c:-1
Code: f6 e9 ae 0a 00 00 e8 6e 6e a2 f6 48 8b 5c 24 10 48 8b 84 24 88 00 00 00 42 80 3c 38 00 74 08 48 89 df e8 82 92 08 f7 4c 8b 33 <48> 8b 5c 24 18 89 ef 41 89 ed 8b 6c 24 54 89 ee e8 2a 70 a2 f6 41
RSP: 0018:ffffc9000624f340 EFLAGS: 00000246
RAX: 1ffff110080fac92 RBX: ffff8880407d6490 RCX: 0000000000080000
RDX: ffffc90006ea3000 RSI: 0000000000005e52 RDI: 0000000000005e53
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: dffffc0000000000 R11: fffffbfff1ed4ef7 R12: ffffc9000624f560
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
 xas_store+0x9a/0x1880 lib/xarray.c:795
 shmem_add_to_page_cache+0x877/0xbf0 mm/shmem.c:922
 shmem_alloc_and_add_folio mm/shmem.c:1998 [inline]
 shmem_get_folio_gfp+0x7e9/0x1a80 mm/shmem.c:2567
 shmem_fault+0x170/0x380 mm/shmem.c:2768
 __do_fault+0x138/0x390 mm/memory.c:5364
 do_read_fault mm/memory.c:5799 [inline]
 do_fault mm/memory.c:5933 [inline]
 do_pte_missing+0x1825/0x29e0 mm/memory.c:4477
 handle_pte_fault mm/memory.c:6317 [inline]
 __handle_mm_fault mm/memory.c:6455 [inline]
 handle_mm_fault+0xd0a/0x13c0 mm/memory.c:6624
 faultin_page mm/gup.c:1126 [inline]
 __get_user_pages+0x1679/0x2800 mm/gup.c:1428
 populate_vma_page_range+0x2be/0x3c0 mm/gup.c:1860
 __mm_populate+0x25f/0x390 mm/gup.c:1963
 mm_populate include/linux/mm.h:3894 [inline]
 vm_mmap_pgoff+0x3ad/0x4f0 mm/util.c:586
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1dba7fc819
RSP: 002b:00007f1db8a4e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007f1dbaa75fa0 RCX: 00007f1dba7fc819
RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
RBP: 00007f1dba892c91 R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1dbaa76038 R14: 00007f1dbaa75fa0 R15: 00007fff922b4388
 </TASK>
task:syz.0.1120      state:R  running task     stack:25896 pid:9036  tgid:9035  ppid:5812   task_flags:0x40054c flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x1553/0x5240 kernel/sched/core.c:6911
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7238
 irqentry_exit+0x599/0x620 kernel/entry/common.c:239
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:on_stack arch/x86/include/asm/stacktrace.h:55 [inline]
RIP: 0010:stack_access_ok arch/x86/kernel/unwind_orc.c:409 [inline]
RIP: 0010:deref_stack_reg+0x33/0x230 arch/x86/kernel/unwind_orc.c:419
Code: 53 48 83 ec 20 48 89 54 24 18 49 89 f0 49 89 ff 48 be 00 00 00 00 00 fc ff df 48 8d 5f 08 49 89 dc 49 c1 ec 03 41 80 3c 34 00 <4c> 89 04 24 74 16 48 89 df e8 1f 05 b4 00 4c 8b 04 24 48 be 00 00
RSP: 0018:ffffc90003ff70a0 EFLAGS: 00000246
RAX: fffffffffffffff0 RBX: ffffc90003ff7230 RCX: 0000000000000000
RDX: ffffc90003ff7268 RSI: dffffc0000000000 RDI: ffffc90003ff7228
RBP: dffffc0000000000 R08: ffffc90003ff7218 R09: 0000000000000000
R10: ffffc90003ff7278 R11: fffff520007fee51 R12: 1ffff920007fee46
R13: 1ffff920007fee47 R14: ffffc90003ff7228 R15: ffffc90003ff7228
 unwind_next_frame+0x18c6/0x23c0 arch/x86/kernel/unwind_orc.c:-1
 __unwind_start+0x5b8/0x760 arch/x86/kernel/unwind_orc.c:773
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0xe3/0x150 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0xa9/0x100 kernel/stacktrace.c:122
 kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57
 kasan_record_aux_stack+0xbd/0xd0 mm/kasan/generic.c:556
 slab_free_hook mm/slub.c:2646 [inline]
 slab_free mm/slub.c:6165 [inline]
 kmem_cache_free+0x4fb/0x6b0 mm/slub.c:6295
 anon_vma_free mm/rmap.c:137 [inline]
 __put_anon_vma+0x12a/0x310 mm/rmap.c:2909
 put_anon_vma mm/internal.h:215 [inline]
 unlink_anon_vmas+0x58b/0x730 mm/rmap.c:536
 free_pgtables+0x836/0xb70 mm/memory.c:427
 exit_mmap+0x490/0xa10 mm/mmap.c:1314
 __mmput+0xcb/0x3d0 kernel/fork.c:1175
 exit_mm+0x168/0x220 kernel/exit.c:581
 do_exit+0x6a2/0x23c0 kernel/exit.c:964
 do_group_exit+0x21b/0x2d0 kernel/exit.c:1118
 get_signal+0x125c/0x1310 kernel/signal.c:3034
 arch_do_signal_or_restart+0xbc/0x830 arch/x86/kernel/signal.c:337
 __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
 exit_to_user_mode_loop+0x86/0x480 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:325 [inline]
 do_syscall_64+0x32d/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbc67ccc819
RSP: 002b:00007fbc65f26028 EFLAGS: 00000246 ORIG_RAX: 000000000000013e
RAX: 0000000000487000 RBX: 00007fbc67f45fa0 RCX: 00007fbc67ccc819
RDX: 0000000000000000 RSI: 00000000ffffff9a RDI: 0000200000000240
RBP: 00007fbc67d62c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fbc67f46038 R14: 00007fbc67f45fa0 R15: 00007ffe600ec2b8
 </TASK>
task:kworker/u8:2    state:R  running task     stack:21328 pid:40    tgid:40    ppid:2      task_flags:0x4208160 flags:0x00080000
Workqueue: tipc_send tipc_conn_send_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x1553/0x5240 kernel/sched/core.c:6911
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7238
 irqentry_exit+0x599/0x620 kernel/entry/common.c:239
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_is_held_type+0x106/0x150 kernel/locking/lockdep.c:5945
Code: 18 00 00 b8 ff ff ff ff 65 0f c1 05 f4 d0 2a 07 83 f8 01 75 25 9c 58 a9 00 02 00 00 75 39 41 f7 c4 00 02 00 00 74 01 fb 89 d8 <5b> 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 0f 0b 90 48 c7
RSP: 0018:ffffc90000b173b0 EFLAGS: 00000206
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000046
RDX: 0000000000000200 RSI: ffffffff8d7c20cd RDI: ffffffff8ba67a80
RBP: 00000000ffffffff R08: ffffffff819d83b4 R09: ffff8880290e9fa0
R10: dffffc0000000000 R11: fffffbfff1ed4ef7 R12: 0000000000000246
R13: ffff88801f6d5b80 R14: ffffffff8ddcba40 R15: 0000000000000008
 lock_is_held include/linux/lockdep.h:249 [inline]
 __might_resched+0x37/0x480 kernel/sched/core.c:8850
 __rt_spin_lock kernel/locking/spinlock_rt.c:48 [inline]
 rt_spin_lock+0xc2/0x400 kernel/locking/spinlock_rt.c:57
 spin_lock include/linux/spinlock_rt.h:45 [inline]
 prepare_to_wait_exclusive+0x44/0x220 kernel/sched/wait.c:269
 __lock_sock+0x154/0x2e0 net/core/sock.c:3185
 lock_sock_nested+0xb3/0x130 net/core/sock.c:3785
 lock_sock include/net/sock.h:1709 [inline]
 tipc_sendstream net/tipc/socket.c:1545 [inline]
 tipc_send_packet+0x6e/0xa0 net/tipc/socket.c:1652
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 sock_sendmsg+0x3fb/0x450 net/socket.c:765
 tipc_conn_send_to_sock net/tipc/topsrv.c:277 [inline]
 tipc_conn_send_work+0x330/0xaa0 net/tipc/topsrv.c:306
 process_one_work kernel/workqueue.c:3276 [inline]
 process_scheduled_works+0xb6e/0x18c0 kernel/workqueue.c:3359
 worker_thread+0xa53/0xfc0 kernel/workqueue.c:3440
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
task:syz-executor    state:R  running task     stack:22400 pid:5796  tgid:5796  ppid:5794   task_flags:0x400140 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x1553/0x5240 kernel/sched/core.c:6911
 preempt_schedule_irq+0x4d/0xa0 kernel/sched/core.c:7238
 irqentry_exit+0x599/0x620 kernel/entry/common.c:239
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:lock_acquire+0x20b/0x2e0 kernel/locking/lockdep.c:5872
Code: e9 30 ff ff ff e8 35 1e 84 09 f7 c3 00 02 00 00 0f 84 38 ff ff ff 65 48 8b 05 a1 ab ae 10 48 3b 44 24 30 75 33 fb 48 83 c4 38 <5b> 41 5c 41 5d 41 5e 41 5f 5d e9 06 de 87 09 cc 48 8d 3d be 64 cd
RSP: 0018:ffffc900046e72c8 EFLAGS: 00000282
RAX: 2705f52a4500e200 RBX: 0000000000000246 RCX: 0000000000000046
RDX: 000000007e674c74 RSI: ffffffff8d7c20cd RDI: ffffffff8ba67a80
RBP: 0000000000000000 R08: ffffffff82320f08 R09: ffffffff8ddcb980
R10: dffffc0000000000 R11: fffff9400028df09 R12: 0000000000000002
R13: ffffffff8ddcb980 R14: 0000000000000000 R15: 0000000000000000
 rcu_lock_acquire include/linux/rcupdate.h:312 [inline]
 rcu_read_lock include/linux/rcupdate.h:850 [inline]
 page_table_check_set+0x165/0x610 mm/page_table_check.c:112
 page_table_check_ptes_set include/linux/page_table_check.h:83 [inline]
 set_ptes include/linux/pgtable.h:413 [inline]
 __copy_present_ptes mm/memory.c:1115 [inline]
 copy_present_ptes mm/memory.c:1194 [inline]
 copy_pte_range mm/memory.c:1317 [inline]
 copy_pmd_range+0x3ad6/0x7c00 mm/memory.c:1405
 copy_pud_range mm/memory.c:1442 [inline]
 copy_p4d_range mm/memory.c:1466 [inline]
 copy_page_range+0xaf4/0x1120 mm/memory.c:1552
 dup_mmap+0xf4c/0x1d50 mm/mmap.c:1841
 dup_mm kernel/fork.c:1531 [inline]
 copy_mm+0x13b/0x4a0 kernel/fork.c:1583
 copy_process+0x18be/0x3cd0 kernel/fork.c:2223
 kernel_clone+0x249/0x840 kernel/fork.c:2653
 __do_sys_clone kernel/fork.c:2794 [inline]
 __se_sys_clone kernel/fork.c:2778 [inline]
 __x64_sys_clone+0x1b6/0x230 kernel/fork.c:2778
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f00981e5292
RSP: 002b:00007fff23958580 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007fff23958580 RCX: 00007f00981e5292
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007fff2395870c R08: 0000000000000000 R09: 0000000000000001
R10: 000055558095b7d0 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000000927c0 R14: 000000000005820a R15: 00007fff23958760
 </TASK>
rcu: rcu_preempt kthread starved for 10502 jiffies! g24681 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27680 pid:18    tgid:18    ppid:2      task_flags:0x208040 flags:0x00080000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5298 [inline]
 __schedule+0x1553/0x5240 kernel/sched/core.c:6911
 __schedule_loop kernel/sched/core.c:6993 [inline]
 schedule+0x164/0x360 kernel/sched/core.c:7008
 schedule_timeout+0x158/0x2c0 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x312/0x11d0 kernel/rcu/tree.c:2095
 rcu_gp_kthread+0x9e/0x2b0 kernel/rcu/tree.c:2297
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:pv_native_safe_halt+0xf/0x20 arch/x86/kernel/paravirt.c:63
Code: 3e 5c 02 e9 13 c4 03 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 1c 25 00 fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
RSP: 0018:ffffffff8da07dc0 EFLAGS: 00000246
RAX: 0000000001183239 RBX: ffffffff81996bfa RCX: 0000000080000001
RDX: 0000000000000001 RSI: ffffffff8d56604f RDI: ffffffff8ba67a80
RBP: ffffffff8da07eb0 R08: ffff8880b8833e1b R09: 1ffff110171067c3
R10: dffffc0000000000 R11: ffffed10171067c4 R12: 0000000000000000
R13: 1ffffffff1b605d8 R14: 0000000000000000 R15: 1ffffffff1b605d8
FS:  0000000000000000(0000) GS:ffff888126332000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0098f656b8 CR3: 00000000330f4000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 arch_safe_halt arch/x86/kernel/process.c:766 [inline]
 default_idle+0x9/0x20 arch/x86/kernel/process.c:767
 default_idle_call+0x72/0xb0 kernel/sched/idle.c:122
 cpuidle_idle_call kernel/sched/idle.c:199 [inline]
 do_idle+0x36a/0x5f0 kernel/sched/idle.c:352
 cpu_startup_entry+0x43/0x60 kernel/sched/idle.c:451
 rest_init+0x2de/0x300 init/main.c:760
 start_kernel+0x385/0x3d0 init/main.c:1210
 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310
 x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291
 common_startup_64+0x13e/0x147
 </TASK>