rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	0-...!: (1 GPs behind) idle=2194/1/0x4000000000000000 softirq=28919/28920 fqs=1
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8481/1:b..l
rcu: 	(detected by 1, t=10502 jiffies, g=39753, q=317 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8488 Comm: syz-executor.1 Not tainted 6.9.0-rc7-syzkaller-00056-g45db3ab70092 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:rcu_is_watching+0x0/0xb0 kernel/rcu/tree.c:696
Code: 4c 89 f6 e8 02 ed 6c 03 e9 2b ff ff ff e8 68 e1 03 0a 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 41 57 41 56 53 65 ff 05 68 78 87 7e e8 9b ff 03 0a 89
RSP: 0018:ffffc90000007d20 EFLAGS: 00000002
RAX: 0000000000010002 RBX: 0000000000000001 RCX: ffffffff8183b7e6
RDX: ffff888068283c00 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffffff8183b80c R09: 1ffffffff1f51f15
R10: dffffc0000000000 R11: fffffbfff1f51f16 R12: dffffc0000000000
R13: ffff8880b942c980 R14: ffff88807adfc340 R15: ffff8880b942c880
FS:  0000555575409480(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ca27000 CR3: 0000000022d14000 CR4: 0000000000350ef0
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 trace_hrtimer_start include/trace/events/timer.h:222 [inline]
 debug_activate kernel/time/hrtimer.c:479 [inline]
 enqueue_hrtimer+0xa5/0x3c0 kernel/time/hrtimer.c:1090
 __run_hrtimer kernel/time/hrtimer.c:1709 [inline]
 __hrtimer_run_queues+0x6d5/0xd50 kernel/time/hrtimer.c:1756
 hrtimer_interrupt+0x396/0x990 kernel/time/hrtimer.c:1818
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1032 [inline]
 __sysvec_apic_timer_interrupt+0x112/0x3f0 arch/x86/kernel/apic/apic.c:1049
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758
Code: 2b 00 74 08 4c 89 f7 e8 5a 2d 88 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc90009567a40 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff920012acf54 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffffffff8bcaca20 RDI: ffffffff8c1f8260
RBP: ffffc90009567b90 R08: ffffffff92f3550f R09: 1ffffffff25e6aa1
R10: dffffc0000000000 R11: fffffbfff25e6aa2 R12: 1ffff920012acf50
R13: dffffc0000000000 R14: ffffc90009567aa0 R15: 0000000000000246
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 find_unlink_vmap_area+0x70/0x2d0 mm/vmalloc.c:2403
 remove_vm_area+0x58/0x300 mm/vmalloc.c:3193
 vfree+0x7c/0x2e0 mm/vmalloc.c:3322
 n_tty_close+0x168/0x1e0 drivers/tty/n_tty.c:1889
 tty_ldisc_kill+0xa3/0x1a0 drivers/tty/tty_ldisc.c:607
 tty_ldisc_release+0x174/0x200 drivers/tty/tty_ldisc.c:775
 tty_release_struct+0x2b/0xe0 drivers/tty/tty_io.c:1696
 tty_release+0xd0c/0x12c0 drivers/tty/tty_io.c:1867
 __fput+0x42b/0x8a0 fs/file_table.c:422
 __do_sys_close fs/open.c:1556 [inline]
 __se_sys_close fs/open.c:1541 [inline]
 __x64_sys_close+0x7f/0x110 fs/open.c:1541
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc59ea7cc5a
Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
RSP: 002b:00007fffc4a7b500 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007fc59ea7cc5a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 00007fffc4a7b5d8 R08: 00007fc59ea00000 R09: 0000000000000001
R10: 0000000000000001 R11: 0000000000000293 R12: 000000000004c319
R13: 00007fc59ebabf8c R14: 00007fc59ebabf80 R15: 0000000000000032
 </TASK>
task:syz-executor.0  state:R  running task     stack:23280 pid:8481  tgid:8480  ppid:7832   flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5409 [inline]
 __schedule+0x17e8/0x4a50 kernel/sched/core.c:6746
 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7068
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:lock_acquire+0x264/0x550 kernel/locking/lockdep.c:5758
Code: 2b 00 74 08 4c 89 f7 e8 5a 2d 88 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:ffffc900097473c0 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 1ffff920012e8e84 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: ffffffff8bcaca20 RDI: ffffffff8c1f8260
RBP: ffffc90009747520 R08: ffffffff92f35507 R09: 1ffffffff25e6aa0
R10: dffffc0000000000 R11: fffffbfff25e6aa1 R12: 1ffff920012e8e80
R13: dffffc0000000000 R14: ffffc90009747420 R15: 0000000000000246
 rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 rcu_read_lock include/linux/rcupdate.h:781 [inline]
 percpu_ref_get_many+0x36/0x140 include/linux/percpu-refcount.h:202
 percpu_ref_get include/linux/percpu-refcount.h:222 [inline]
 css_get include/linux/cgroup_refcnt.h:11 [inline]
 mem_cgroup_commit_charge+0x9f/0x380 mm/memcontrol.c:2971
 charge_memcg+0xb1/0x160 mm/memcontrol.c:7288
 __mem_cgroup_charge+0x27/0x80 mm/memcontrol.c:7299
 mem_cgroup_charge include/linux/memcontrol.h:691 [inline]
 folio_prealloc+0x52/0x170 mm/memory.c:1054
 alloc_anon_folio mm/memory.c:4375 [inline]
 do_anonymous_page mm/memory.c:4433 [inline]
 do_pte_missing mm/memory.c:3878 [inline]
 handle_pte_fault mm/memory.c:5300 [inline]
 __handle_mm_fault+0x3a03/0x7250 mm/memory.c:5441
 handle_mm_fault+0x3c2/0x8a0 mm/memory.c:5606
 faultin_page mm/gup.c:958 [inline]
 __get_user_pages+0x727/0x1630 mm/gup.c:1257
 populate_vma_page_range+0x2ae/0x390 mm/gup.c:1697
 __mm_populate+0x27a/0x460 mm/gup.c:1800
 mm_populate include/linux/mm.h:3413 [inline]
 __do_sys_mlockall mm/mlock.c:777 [inline]
 __se_sys_mlockall+0x3f8/0x500 mm/mlock.c:753
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f665367dd69
RSP: 002b:00007f66544500c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000097
RAX: ffffffffffffffda RBX: 00007f66537abf80 RCX: 00007f665367dd69
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 00007f66536ca49e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f66537abf80 R15: 00007ffe78713798
 </TASK>
rcu: rcu_preempt kthread starved for 10500 jiffies! g39753 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:26104 pid:16    tgid:16    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5409 [inline]
 __schedule+0x17e8/0x4a50 kernel/sched/core.c:6746
 __schedule_loop kernel/sched/core.c:6823 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6838
 schedule_timeout+0x1be/0x310 kernel/time/timer.c:2582
 rcu_gp_fqs_loop+0x2df/0x1370 kernel/rcu/tree.c:1663
 rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:1862
 kthread+0x2f2/0x390 kernel/kthread.c:388
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 PID: 5183 Comm: kworker/1:7 Not tainted 6.9.0-rc7-syzkaller-00056-g45db3ab70092 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: events fqdir_free_fn
RIP: 0010:srso_alias_safe_ret+0x0/0x7 arch/x86/lib/retpoline.S:171
Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <48> 8d 64 24 08 c3 cc e8 f4 ff ff ff 0f 0b cc cc cc cc cc cc cc cc
RSP: 0018:ffffc90002d6f970 EFLAGS: 00000293
RAX: ffffffff8189f820 RBX: 1ffff920005adf49 RCX: ffff88802688da00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90002d6faf8 R08: ffffffff8189f7e3 R09: 1ffff920005adefc
R10: dffffc0000000000 R11: fffff520005adefd R12: 1ffff920005adf44
R13: dffffc0000000000 R14: ffffc90002d6fa48 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1b49aff000 CR3: 000000005f720000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 </IRQ>
 <TASK>
 srso_alias_return_thunk+0x5/0xfbef5 arch/x86/lib/retpoline.S:181
 csd_lock_wait kernel/smp.c:311 [inline]
 smp_call_function_single+0x470/0x16a0 kernel/smp.c:650
 rcu_barrier+0x334/0x550 kernel/rcu/tree.c:4125
 fqdir_free_fn+0x32/0x130 net/ipv4/inet_fragment.c:167
 process_one_work kernel/workqueue.c:3267 [inline]
 process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3348
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3429
 kthread+0x2f2/0x390 kernel/kthread.c:388
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>