BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 147s!
BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=-20 stuck for 142s!
Showing busy workqueues and worker pools:
workqueue events: flags=0x0
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=9 refcnt=10
    in-flight: 5966:xfrm_state_gc_task
    pending: 2*nsim_dev_hwstats_traffic_work, 3*psi_avgs_work, vmstat_shepherd, ovs_dp_masks_rebalance, delayed_vfree_work
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=15 refcnt=16
    pending: 3*nsim_dev_hwstats_traffic_work, 2*ovs_dp_masks_rebalance, 2*psi_avgs_work, 4*ovs_dp_masks_rebalance, free_obj_work, ovs_dp_masks_rebalance, psi_avgs_work, debugfs_reap_work
workqueue events_long: flags=0x0
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=4 refcnt=5
    pending: 4*defense_work_handler
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=4 refcnt=5
    pending: 4*defense_work_handler
workqueue events_unbound: flags=0x2
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=20 refcnt=21
    in-flight: 1149:cfg80211_wiphy_work
    pending: flush_memcg_stats_dwork, 3*nsim_dev_trap_report_work, toggle_allocation_gate, 2*nsim_dev_trap_report_work, 6*cfg80211_wiphy_work, 5*macvlan_process_broadcast, crng_reseed
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=15 refcnt=16
    pending: macvlan_process_broadcast, 8*cfg80211_wiphy_work, 6*macvlan_process_broadcast
workqueue events_freezable: flags=0x4
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: update_balloon_stats_func
workqueue events_power_efficient: flags=0x80
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=7 refcnt=8
    in-flight: 9:wg_ratelimiter_gc_entries
    pending: neigh_managed_work, neigh_periodic_work, 3*check_lifetime, hash_ipport4_gc
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=10 refcnt=11
    pending: gc_worker, neigh_managed_work, neigh_periodic_work, do_cache_clean, reg_check_chans_work, 5*check_lifetime
workqueue kvfree_rcu_reclaim: flags=0xa
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=2 refcnt=3
    pending: kfree_rcu_work, kfree_rcu_monitor
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: kfree_rcu_monitor
workqueue netns: flags=0x6000a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=4
    pending: cleanup_net
workqueue mm_percpu_wq: flags=0x8
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: vmstat_update
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: vmstat_update
workqueue writeback: flags=0x4a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wb_workfn
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wb_update_bandwidth_workfn
workqueue kblockd: flags=0x18
  pwq 3: cpus=0 node=0 flags=0x0 nice=-20 active=1 refcnt=2
    pending: blk_mq_timeout_work
  pwq 7: cpus=1 node=0 flags=0x0 nice=-20 active=1 refcnt=2
    pending: blk_mq_requeue_work
workqueue ipv6_addrconf: flags=0x6000a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=11
    pending: addrconf_verify_work
    inactive: 7*addrconf_verify_work
workqueue krxrpcd: flags=0x2001a
  pwq 9: cpus=0-1 node=0 flags=0x4 nice=-20 active=1 refcnt=11
    pending: rxrpc_peer_keepalive_worker
    inactive: 7*rxrpc_peer_keepalive_worker
workqueue bat_events: flags=0x6000a
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=68
    in-flight: 12:batadv_iv_send_outstanding_bat_ogm_packet
    inactive: 4*batadv_iv_send_outstanding_bat_ogm_packet, batadv_purge_orig, 7*batadv_nc_worker, 7*batadv_mcast_mla_update, 6*batadv_iv_send_outstanding_bat_ogm_packet, 2*batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, batadv_tt_purge, batadv_dat_purge, batadv_bla_periodic_work, 4*batadv_tt_purge, batadv_dat_purge, batadv_bla_periodic_work, batadv_dat_purge, batadv_bla_periodic_work, batadv_dat_purge, batadv_bla_periodic_work, batadv_dat_purge, batadv_bla_periodic_work, 8*batadv_iv_send_outstanding_bat_ogm_packet, 3*batadv_purge_orig, 2*batadv_iv_send_outstanding_bat_ogm_packet, batadv_purge_orig, batadv_iv_send_outstanding_bat_ogm_packet, 2*batadv_tt_purge, batadv_bla_periodic_work, batadv_dat_purge, batadv_bla_periodic_work, batadv_dat_purge
workqueue hci4: flags=0x20012
  pwq 9: cpus=0-1 node=0 flags=0x4 nice=-20 active=1 refcnt=4
    pending: hci_conn_timeout
workqueue wg-kex-wg0: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg0: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
workqueue wg-kex-wg1: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg1: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_tx_worker, wg_packet_encrypt_worker
workqueue wg-crypt-wg0: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=2 refcnt=3
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker
workqueue wg-kex-wg2: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg2: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=3 refcnt=4
    pending: wg_packet_decrypt_worker, wg_packet_encrypt_worker, wg_packet_tx_worker
workqueue wg-crypt-wg1: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=3 refcnt=4
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker, wg_packet_decrypt_worker
workqueue wg-crypt-wg2: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=3 refcnt=4
    pending: wg_packet_decrypt_worker, wg_packet_encrypt_worker, wg_packet_tx_worker
workqueue wg-kex-wg1: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg1: flags=0x28
  pwq 2: cpus=0 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_encrypt_worker
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=3 refcnt=4
    pending: wg_packet_encrypt_worker, wg_packet_tx_worker, wg_packet_decrypt_worker
workqueue wg-kex-wg2: flags=0x24
  pwq 6: cpus=1 node=0 flags=0x0 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_receive_worker
workqueue wg-kex-wg2: flags=0x6
  pwq 8: cpus=0-1 flags=0x4 nice=0 active=1 refcnt=2
    pending: wg_packet_handshake_send_worker
workqueue wg-crypt-wg2: flags=0x28
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P7306/1:b..l P12/2:b..l P7283/1:b..l P6745/1:b..l P6429/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=18349, q=1564 ncpus=2)
task:syz-executor    state:R  running task     stack:20904 pid:6429  tgid:6429  ppid:1      task_flags:0x40054c flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7145
 preempt_schedule+0xae/0xc0 kernel/sched/core.c:7169
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3f/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1756 [inline]
 zap_pmd_range mm/memory.c:1818 [inline]
 zap_pud_range mm/memory.c:1847 [inline]
 zap_p4d_range mm/memory.c:1868 [inline]
 unmap_page_range+0x3a79/0x4370 mm/memory.c:1889
 unmap_single_vma mm/memory.c:1932 [inline]
 unmap_vmas+0x399/0x580 mm/memory.c:1976
 exit_mmap+0x248/0xb50 mm/mmap.c:1280
 __mmput+0x118/0x430 kernel/fork.c:1129
 exit_mm+0x1da/0x2c0 kernel/exit.c:582
 do_exit+0x648/0x2300 kernel/exit.c:949
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1102
 get_signal+0x1286/0x1340 kernel/signal.c:3034
 arch_do_signal_or_restart+0x9a/0x750 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x75/0x110 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f72eed8e7ab
RSP: 002b:00007ffd1e910000 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffe7 RBX: 0000000000001b89 RCX: 00007f72eed8e7ab
RDX: 00007ffd1e910078 RSI: 0000000040086602 RDI: 0000000000000007
RBP: 00007ffd1e910110 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1e911200
R13: 00007f72eee11c05 R14: 0000555564e1d4a8 R15: 0000000000000007
 </TASK>
task:syz-executor    state:R  running task     stack:24104 pid:6745  tgid:6745  ppid:5850   task_flags:0x40050c flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7145
 preempt_schedule+0xae/0xc0 kernel/sched/core.c:7169
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3f/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1756 [inline]
 zap_pmd_range mm/memory.c:1818 [inline]
 zap_pud_range mm/memory.c:1847 [inline]
 zap_p4d_range mm/memory.c:1868 [inline]
 unmap_page_range+0x3a79/0x4370 mm/memory.c:1889
 unmap_single_vma mm/memory.c:1932 [inline]
 unmap_vmas+0x399/0x580 mm/memory.c:1976
 exit_mmap+0x248/0xb50 mm/mmap.c:1280
 __mmput+0x118/0x430 kernel/fork.c:1129
 exit_mm+0x1da/0x2c0 kernel/exit.c:582
 do_exit+0x648/0x2300 kernel/exit.c:949
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1102
 get_signal+0x1286/0x1340 kernel/signal.c:3034
 arch_do_signal_or_restart+0x9a/0x750 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x75/0x110 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f928fd84dd3
RSP: 002b:00007ffdef01a9d8 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
RAX: fffffffffffffe00 RBX: 0000000000001a67 RCX: 00007f928fd84dd3
RDX: 0000000040000000 RSI: 00007ffdef01a9ec RDI: 00000000ffffffff
RBP: 00007ffdef01a9ec R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
 </TASK>
task:syz.0.245       state:R  running task     stack:24104 pid:7283  tgid:7283  ppid:6759   task_flags:0x40044c flags:0x00004004
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
 preempt_schedule_common+0x83/0xd0 kernel/sched/core.c:7145
 preempt_schedule+0xae/0xc0 kernel/sched/core.c:7169
 preempt_schedule_thunk+0x16/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_unlock+0x3f/0x50 kernel/locking/spinlock.c:186
 spin_unlock include/linux/spinlock.h:391 [inline]
 zap_pte_range mm/memory.c:1756 [inline]
 zap_pmd_range mm/memory.c:1818 [inline]
 zap_pud_range mm/memory.c:1847 [inline]
 zap_p4d_range mm/memory.c:1868 [inline]
 unmap_page_range+0x3a79/0x4370 mm/memory.c:1889
 unmap_single_vma mm/memory.c:1932 [inline]
 unmap_vmas+0x399/0x580 mm/memory.c:1976
 exit_mmap+0x248/0xb50 mm/mmap.c:1280
 __mmput+0x118/0x430 kernel/fork.c:1129
 exit_mm+0x1da/0x2c0 kernel/exit.c:582
 do_exit+0x648/0x2300 kernel/exit.c:949
 do_group_exit+0x21c/0x2d0 kernel/exit.c:1102
 get_signal+0x1286/0x1340 kernel/signal.c:3034
 arch_do_signal_or_restart+0x9a/0x750 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop+0x75/0x110 kernel/entry/common.c:40
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f928fd8eba9
RSP: 002b:00007ffdef01a5e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f928ffd7da0 RCX: 00007f928fd8eba9
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f928ffd7da0 R08: 000000000000021c R09: 0000001def01a8df
R10: 00007f928ffd7cb0 R11: 0000000000000246 R12: 0000000000024230
R13: 00007f928ffd6360 R14: ffffffffffffffff R15: 00007ffdef01a700
 </TASK>
task:kworker/u8:0    state:R  running task     stack:23464 pid:12    tgid:12    ppid:2      task_flags:0x4208060 flags:0x00004000
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7288
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:197
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x175/0x360 kernel/locking/lockdep.c:5872
Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 7b 5f 03 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
RSP: 0018:ffffc90000117158 EFLAGS: 00000206
RAX: 484bb95fc1e62000 RBX: 0000000000000000 RCX: 484bb95fc1e62000
RDX: 0000000000000000 RSI: ffffffff8dba9858 RDI: ffffffff8be33e00
RBP: ffffffff8172d195 R08: 0000000000000000 R09: ffffffff8172d195
R10: ffffc90000117318 R11: ffffffff81ac4d00 R12: 0000000000000002
R13: ffffffff8e13a120 R14: 0000000000000000 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1169 [inline]
 unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:330 [inline]
 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:356
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4191 [inline]
 slab_alloc_node mm/slub.c:4240 [inline]
 kmem_cache_alloc_noprof+0x1c1/0x3c0 mm/slub.c:4247
 __build_skb net/core/skbuff.c:466 [inline]
 __netdev_alloc_skb+0x226/0x970 net/core/skbuff.c:763
 __netdev_alloc_skb_ip_align include/linux/skbuff.h:3457 [inline]
 netdev_alloc_skb_ip_align include/linux/skbuff.h:3467 [inline]
 batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:567 [inline]
 batadv_iv_ogm_queue_add+0x825/0xd30 net/batman-adv/bat_iv_ogm.c:678
 batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:855 [inline]
 batadv_iv_ogm_schedule+0xb48/0xf00 net/batman-adv/bat_iv_ogm.c:874
 batadv_iv_send_outstanding_bat_ogm_packet+0x6c6/0x7e0 net/batman-adv/bat_iv_ogm.c:1714
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x436/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
task:syz-executor    state:R  running task     stack:25680 pid:7306  tgid:7306  ppid:5850   task_flags:0x400000 flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7288
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:197
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__kasan_check_byte+0x12/0x40 mm/kasan/common.c:567
Code: cf fe ff ff 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 41 56 53 48 89 f3 49 89 fe e8 5e 14 00 00 <84> c0 75 16 be 01 00 00 00 4c 89 f7 31 d2 48 89 d9 89 c3 e8 c6 03
RSP: 0000:ffffc9000ba7f220 EFLAGS: 00000293
RAX: 0000000000000001 RBX: ffffffff8172d1b2 RCX: b3318b39aa333a00
RDX: 0000000000000000 RSI: ffffffff8172d1b2 RDI: 1ffffffff1c27424
RBP: ffffffff8172d195 R08: 0000000000000000 R09: 0000000000000000
R10: ffffc9000ba7f3f8 R11: ffffffff81ac4d00 R12: 0000000000000002
R13: ffffffff8e13a120 R14: ffffffff8e13a120 R15: 0000000000000000
 kasan_check_byte include/linux/kasan.h:399 [inline]
 lock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842
 rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 rcu_read_lock include/linux/rcupdate.h:841 [inline]
 class_rcu_constructor include/linux/rcupdate.h:1169 [inline]
 unwind_next_frame+0xc2/0x2390 arch/x86/kernel/unwind_orc.c:479
 arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122
 save_stack+0xf5/0x1f0 mm/page_owner.c:156
 __set_page_owner+0x8d/0x4a0 mm/page_owner.c:329
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851
 prep_new_page mm/page_alloc.c:1859 [inline]
 get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148
 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416
 folio_alloc_mpol_noprof mm/mempolicy.c:2435 [inline]
 vma_alloc_folio_noprof+0xe4/0x200 mm/mempolicy.c:2470
 folio_prealloc+0x30/0x180 mm/memory.c:-1
 do_cow_fault mm/memory.c:5597 [inline]
 do_fault mm/memory.c:5709 [inline]
 do_pte_missing mm/memory.c:4234 [inline]
 handle_pte_fault mm/memory.c:6052 [inline]
 __handle_mm_fault+0x16fd/0x5440 mm/memory.c:6195
 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364
 do_user_addr_fault+0xa81/0x1390 arch/x86/mm/fault.c:1336
 handle_page_fault arch/x86/mm/fault.c:1476 [inline]
 exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7fec633a6dc4
RSP: 002b:00007ffe227e5e30 EFLAGS: 00010202
RAX: 00007fec63219d40 RBX: 00007fec63248a38 RCX: 00007fec635a8720
RDX: 00007fec63423be0 RSI: 00007fec632003c0 RDI: 00007fec63522060
RBP: 00007fec635a8720 R08: 0000000000048a68 R09: 00007fec63248e28
R10: 0000000070000025 R11: 00007fec632003a0 R12: 00007ffe227e5e70
R13: 00007ffe227e5ff8 R14: 00007ffe227e5f90 R15: 00007fec63200000
 </TASK>
rcu: rcu_preempt kthread starved for 3285 jiffies! g18349 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26552 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5357 [inline]
 __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961
 __schedule_loop kernel/sched/core.c:7043 [inline]
 schedule+0x165/0x360 kernel/sched/core.c:7058
 schedule_timeout+0x12b/0x270 kernel/time/sleep_timeout.c:99
 rcu_gp_fqs_loop+0x301/0x1540 kernel/rcu/tree.c:2083
 rcu_gp_kthread+0x99/0x390 kernel/rcu/tree.c:2285
 kthread+0x70e/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x436/0x7d0 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 7238 Comm: syz.2.237 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:26 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:109 [inline]
RIP: 0010:lockdep_hardirqs_on_prepare+0x6b/0x2a0 kernel/locking/lockdep.c:4391
Code: 11 85 c0 0f 85 7c 01 00 00 65 8b 05 97 b4 03 11 85 c0 0f 85 6d 01 00 00 83 3d b0 ca 0e 18 00 75 3e 48 c7 04 24 00 00 00 00 9c <8f> 04 24 f7 04 24 00 02 00 00 0f 85 8c 01 00 00 83 3d 8e ca 0e 18
RSP: 0018:ffffc90000a080a8 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: b4f664d338f04600
RDX: 0000000000000000 RSI: ffffffff8be33de0 RDI: ffffffff8be33da0
RBP: 0000000000000000 R08: ffffffff8fa3a937 R09: 1ffffffff1f47526
R10: dffffc0000000000 R11: fffffbfff1f47527 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f812ea2b6c0(0000) GS:ffff888125d13000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f812ea0ad58 CR3: 0000000074d2c000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 trace_hardirqs_on+0x28/0x40 kernel/trace/trace_preemptirq.c:78
 irqentry_exit+0x74/0x90 kernel/entry/common.c:200
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__do_kmalloc_node mm/slub.c:4377 [inline]
RIP: 0010:__kmalloc_noprof+0x27d/0x4f0 mm/slub.c:4388
Code: 00 0f 85 d1 00 00 00 41 f6 44 24 09 80 0f 85 c5 00 00 00 f3 0f 1e fa 4c 89 e7 48 89 de 4c 89 fa 89 e9 e8 06 b0 0a 00 48 89 c3 <41> 8b 4c 24 18 48 8b 7c 24 08 48 89 c6 4c 89 fa 41 89 e8 41 b9 ff
RSP: 0018:ffffc90000a081a8 EFLAGS: 00000282
RAX: ffff888076f3b380 RBX: ffff888076f3b380 RCX: 0000000000001c46
RDX: 0000000027f2392c RSI: 0000000000000001 RDI: 00000000339373ff
RBP: 0000000000000920 R08: 00000000462b62f1 R09: 00000000bb4cb220
R10: 0000000000000011 R11: ffffffff81ac4d00 R12: ffff88801a441280
R13: ffff888076f3b380 R14: 0000000000031100 R15: 0000000000000048
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kzalloc_noprof include/linux/slab.h:1039 [inline]
 cfg80211_inform_single_bss_data+0x905/0x1ac0 net/wireless/scan.c:2352
 cfg80211_inform_bss_data+0x1fb/0x3b30 net/wireless/scan.c:3235
 cfg80211_inform_bss_frame_data+0x3d7/0x730 net/wireless/scan.c:3326
 ieee80211_bss_info_update+0x746/0x9e0 net/mac80211/scan.c:226
 ieee80211_scan_rx+0x593/0xa20 net/mac80211/scan.c:355
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5186 [inline]
 ieee80211_rx_list+0x201c/0x2a90 net/mac80211/rx.c:5423
 ieee80211_rx_napi+0x1a8/0x3d0 net/mac80211/rx.c:5446
 ieee80211_rx include/net/mac80211.h:5210 [inline]
 ieee80211_handle_queued_frames+0xe8/0x1f0 net/mac80211/main.c:453
 tasklet_action_common+0x36c/0x580 kernel/softirq.c:829
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	9c                   	pushf
   5:	8f 44 24 30          	pop    0x30(%rsp)
   9:	f7 44 24 30 00 02 00 	testl  $0x200,0x30(%rsp)
  10:	00
  11:	0f 85 cd 00 00 00    	jne    0xe4
  17:	f7 44 24 08 00 02 00 	testl  $0x200,0x8(%rsp)
  1e:	00
  1f:	74 01                	je     0x22
  21:	fb                   	sti
  22:	65 48 8b 05 7b 5f 03 	mov    %gs:0x11035f7b(%rip),%rax        # 0x11035fa5
  29:	11
* 2a:	48 3b 44 24 58       	cmp    0x58(%rsp),%rax <-- trapping instruction
  2f:	0f 85 f2 00 00 00    	jne    0x127
  35:	48 83 c4 60          	add    $0x60,%rsp
  39:	5b                   	pop    %rbx
  3a:	41 5c                	pop    %r12
  3c:	41 5d                	pop    %r13
  3e:	41 5e                	pop    %r14