rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
	(detected by 1, t=10502 jiffies, g=31041, q=263)
rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4294981929-4294971427), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 10502 jiffies! g31041 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28736 pid:   14 ppid:     2 flags:0x00004000
Call Trace:
 context_switch kernel/sched/core.c:4940 [inline]
 __schedule+0x940/0x26f0 kernel/sched/core.c:6287
 schedule+0xd3/0x270 kernel/sched/core.c:6366
 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1881
 rcu_gp_fqs_loop+0x186/0x800 kernel/rcu/tree.c:1957
 rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2130
 kthread+0x3e5/0x4d0 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 16815 Comm: syz-executor.3 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kasan_check_range+0xe/0x180 mm/kasan/generic.c:188
Code: f5 00 00 00 e9 a3 07 3b 02 0f 1f 00 48 89 f2 be f8 00 00 00 e9 93 07 3b 02 0f 1f 00 48 85 f6 0f 84 70 01 00 00 49 89 f9 41 54 <44> 0f b6 c2 49 01 f1 55 53 0f 82 18 01 00 00 48 b8 ff ff ff ff ff
RSP: 0018:ffffc900000075b0 EFLAGS: 00000002
RAX: 0000000000000000 RBX: 1ffff92000000eba RCX: ffffffff815b7298
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8d6e53d0
RBP: 0000000000000001 R08: 0000000000000001 R09: ffffffff8d6e53d0
R10: ffffffff81665977 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000000 R14: ffffffff8b99ecc8 R15: 0000000000000000
FS:  00007fc09a5a0700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe319ab6000 CR3: 0000000077ef5000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 cpumask_test_cpu include/linux/cpumask.h:344 [inline]
 cpu_online include/linux/cpumask.h:895 [inline]
 trace_lock_acquire include/trace/events/lock.h:13 [inline]
 lock_acquire+0xb8/0x510 kernel/locking/lockdep.c:5596
 seqcount_lockdep_reader_access include/linux/seqlock.h:103 [inline]
 timekeeping_get_delta kernel/time/timekeeping.c:252 [inline]
 timekeeping_get_ns kernel/time/timekeeping.c:386 [inline]
 ktime_get+0x147/0x470 kernel/time/timekeeping.c:829
 hrtimer_forward_now include/linux/hrtimer.h:506 [inline]
 perf_swevent_hrtimer+0x246/0x3f0 kernel/events/core.c:10548
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x1c0/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
 __sysvec_apic_timer_interrupt+0x146/0x530 arch/x86/kernel/apic/apic.c:1103
 sysvec_apic_timer_interrupt+0x40/0xc0 arch/x86/kernel/apic/apic.c:1097
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:slab_free_hook mm/slub.c:1602 [inline]
RIP: 0010:slab_free_freelist_hook+0x90/0x250 mm/slub.c:1653
Code: 00 00 00 e9 9d 00 00 00 41 8b 75 1c 48 89 df e8 f6 d0 9e ff 9c 58 f6 c4 02 0f 85 29 01 00 00 48 85 ed 74 01 fb 41 f6 45 0a 40 <0f> 84 d3 00 00 00 45 84 ff 74 35 41 8b 55 1c 31 f6 48 89 df e8 27
RSP: 0018:ffffc90000007b98 EFLAGS: 00000246
RAX: 0000000000000046 RBX: ffff888089c99800 RCX: 1ffffffff1add0dd
RDX: 0000000000000000 RSI: ffffffff817c4071 RDI: ffffffff81bc0733
RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff817c4058 R11: 000000000000003f R12: 0000000000000000
R13: ffff888010c41c80 R14: 0000000000000000 R15: 0000000000000000
 slab_free mm/slub.c:3213 [inline]
 kfree+0xe4/0x540 mm/slub.c:4267
 skb_free_head net/core/skbuff.c:654 [inline]
 skb_release_data+0x65a/0x790 net/core/skbuff.c:676
 skb_release_all net/core/skbuff.c:741 [inline]
 __kfree_skb net/core/skbuff.c:755 [inline]
 consume_skb net/core/skbuff.c:911 [inline]
 consume_skb+0xc2/0x160 net/core/skbuff.c:905
 mac80211_hwsim_tx_frame+0x1f6/0x2a0 drivers/net/wireless/mac80211_hwsim.c:1785
 mac80211_hwsim_beacon_tx+0x49b/0x930 drivers/net/wireless/mac80211_hwsim.c:1838
 __iterate_interfaces+0x1e5/0x520 net/mac80211/util.c:793
 ieee80211_iterate_active_interfaces_atomic+0x70/0x180 net/mac80211/util.c:829
 mac80211_hwsim_beacon+0xd5/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1861
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1766
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:636
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:434 [inline]
RIP: 0010:__pv_queued_spin_lock_slowpath+0x3ba/0xb40 kernel/locking/qspinlock.c:508
Code: eb c6 45 01 01 41 bc 00 80 00 00 48 c1 e9 03 83 e3 07 41 be 01 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8d 2c 01 eb 0c f3 90 <41> 83 ec 01 0f 84 72 04 00 00 41 0f b6 45 00 38 d8 7f 08 84 c0 0f
RSP: 0018:ffffc900023bf568 EFLAGS: 00000202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffffffff17697b0
RDX: 0000000000000001 RSI: dffffc0000000000 RDI: ffffffff8bb4bd82
RBP: ffffffff8bb4bd80 R08: 0000000000000001 R09: ffffffff8bb4bd83
R10: fffffbfff17697b0 R11: 0000000000000000 R12: 0000000000007b24
R13: fffffbfff17697b0 R14: 0000000000000001 R15: ffff8880b9c327c0
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:585 [inline]
 queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
 do_raw_spin_lock+0x200/0x2b0 kernel/locking/spinlock_debug.c:115
 spin_lock include/linux/spinlock.h:363 [inline]
 sysctl_head_grab+0x20/0xb0 fs/proc/proc_sysctl.c:306
 grab_header fs/proc/proc_sysctl.c:492 [inline]
 proc_sys_poll+0x7c/0x440 fs/proc/proc_sysctl.c:635
 vfs_poll include/linux/poll.h:90 [inline]
 do_select+0x8cb/0x16a0 fs/select.c:534
 core_sys_select+0x3c2/0x9c0 fs/select.c:677
 do_pselect.constprop.0+0x17b/0x1c0 fs/select.c:759
 __do_sys_pselect6 fs/select.c:800 [inline]
 __se_sys_pselect6 fs/select.c:791 [inline]
 __x64_sys_pselect6+0x1c5/0x2b0 fs/select.c:791
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc09a5a0188 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040
RBP: 00000000004bfcc4 R08: 0000000020000200 R09: 0000000000000000
R10: 0000000020000140 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffc26def2ff R14: 00007fc09a5a0300 R15: 0000000000022000
----------------
Code disassembly (best guess):
   0:	f5                   	cmc
   1:	00 00                	add    %al,(%rax)
   3:	00 e9                	add    %ch,%cl
   5:	a3 07 3b 02 0f 1f 00 	movabs %eax,0x8948001f0f023b07
   c:	48 89
   e:	f2 be f8 00 00 00    	repnz mov $0xf8,%esi
  14:	e9 93 07 3b 02       	jmpq   0x23b07ac
  19:	0f 1f 00             	nopl   (%rax)
  1c:	48 85 f6             	test   %rsi,%rsi
  1f:	0f 84 70 01 00 00    	je     0x195
  25:	49 89 f9             	mov    %rdi,%r9
  28:	41 54                	push   %r12
* 2a:	44 0f b6 c2          	movzbl %dl,%r8d <-- trapping instruction
  2e:	49 01 f1             	add    %rsi,%r9
  31:	55                   	push   %rbp
  32:	53                   	push   %rbx
  33:	0f 82 18 01 00 00    	jb     0x151
  39:	48                   	rex.W
  3a:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  3f:	ff                   	.byte 0xff