rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P16299/2:b..l P16302/1:b..l
rcu: 	(detected by 0, t=10502 jiffies, g=125749, q=715 ncpus=2)
task:syz-executor.1  state:R  running task     stack:25472 pid:16302 tgid:16300 ppid:16035  flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0xf15/0x5d00 kernel/sched/core.c:6745
 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7067
 irqentry_exit+0x36/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:rcu_read_unlock include/linux/rcupdate.h:810 [inline]
RIP: 0010:count_memcg_event_mm.part.0+0xfc/0x340 include/linux/memcontrol.h:1078
Code: 01 00 00 00 44 89 e6 48 89 df e8 3f 2f 1f 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 ad cc bb ff 48 85 db 0f 85 21 02 00 00 <e8> 6f d1 bb ff e8 8a 51 17 09 31 ff 89 c3 89 c6 e8 5f cc bb ff 85
RSP: 0018:ffffc900032e76f8 EFLAGS: 00000246
RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc9000c71b000
RDX: 0000000000040000 RSI: ffffffff81d21cd7 RDI: 0000000000000007
RBP: 0000000000000200 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000017
R13: 0000000000000000 R14: ffff888055bfc108 R15: 0000000000000000
 count_memcg_event_mm include/linux/memcontrol.h:580 [inline]
 mm_account_fault mm/memory.c:5557 [inline]
 handle_mm_fault+0x1b8/0xa00 mm/memory.c:5704
 faultin_page mm/gup.c:1290 [inline]
 __get_user_pages+0x473/0x1490 mm/gup.c:1589
 __get_user_pages_locked mm/gup.c:1857 [inline]
 __gup_longterm_locked+0x243/0x2790 mm/gup.c:2556
 pin_user_pages_remote+0xee/0x150 mm/gup.c:3616
 process_vm_rw_single_vec mm/process_vm_access.c:106 [inline]
 process_vm_rw_core.constprop.0+0x439/0xa10 mm/process_vm_access.c:216
 process_vm_rw+0x301/0x360 mm/process_vm_access.c:284
 __do_sys_process_vm_readv mm/process_vm_access.c:296 [inline]
 __se_sys_process_vm_readv mm/process_vm_access.c:292 [inline]
 __x64_sys_process_vm_readv+0xe2/0x1c0 mm/process_vm_access.c:292
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x260 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7faf87e7cee9
RSP: 002b:00007faf88bd60c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
RAX: ffffffffffffffda RBX: 00007faf87fac050 RCX: 00007faf87e7cee9
RDX: 0000000000000002 RSI: 0000000020008400 RDI: 0000000000000007
RBP: 00007faf87ec949e R08: 0000000000000286 R09: 0000000000000000
R10: 0000000020008640 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007faf87fac050 R15: 00007ffe3d46f138
 </TASK>
task:syz-executor.0  state:R  running task     stack:25248 pid:16299 tgid:16296 ppid:15983  flags:0x00004002
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0xf15/0x5d00 kernel/sched/core.c:6745
 preempt_schedule_notrace+0x62/0xe0 kernel/sched/core.c:7017
 preempt_schedule_notrace_thunk+0x1a/0x30 arch/x86/entry/thunk.S:13
 rcu_is_watching+0x8e/0xc0 kernel/rcu/tree.c:725
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x47b/0x560 kernel/locking/lockdep.c:5725
 rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 rcu_read_lock include/linux/rcupdate.h:781 [inline]
 percpu_ref_tryget_many include/linux/percpu-refcount.h:241 [inline]
 percpu_ref_tryget include/linux/percpu-refcount.h:266 [inline]
 css_tryget include/linux/cgroup_refcnt.h:45 [inline]
 css_tryget include/linux/cgroup_refcnt.h:42 [inline]
 get_mem_cgroup_from_mm+0x27e/0x4c0 mm/memcontrol.c:1270
 __mem_cgroup_charge+0x1a/0x280 mm/memcontrol.c:7511
 mem_cgroup_charge include/linux/memcontrol.h:691 [inline]
 folio_prealloc mm/memory.c:1056 [inline]
 wp_page_copy mm/memory.c:3291 [inline]
 do_wp_page+0xf80/0x3380 mm/memory.c:3683
 handle_pte_fault mm/memory.c:5396 [inline]
 __handle_mm_fault+0x2311/0x53f0 mm/memory.c:5523
 handle_mm_fault+0x476/0xa00 mm/memory.c:5688
 do_user_addr_fault+0x2e5/0xe50 arch/x86/mm/fault.c:1389
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:rep_movs_alternative+0x4a/0x70 arch/x86/lib/copy_user_64.S:71
Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
RSP: 0018:ffffc900034f7958 EFLAGS: 00050206
RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000000e80
RDX: 0000000000000000 RSI: ffff888012e7a180 RDI: 000000002032a000
RBP: 0000000000001000 R08: 0000000000000000 R09: ffffed10025cf5ff
R10: ffff888012e7afff R11: 0000000000000000 R12: 0000000000329b80
R13: ffffc900034f7d50 R14: ffff888012e7a000 R15: 0000000020329e80
 copy_user_generic arch/x86/include/asm/uaccess_64.h:110 [inline]
 raw_copy_to_user arch/x86/include/asm/uaccess_64.h:131 [inline]
 copy_to_user_iter lib/iov_iter.c:25 [inline]
 iterate_iovec include/linux/iov_iter.h:51 [inline]
 iterate_and_advance2 include/linux/iov_iter.h:247 [inline]
 iterate_and_advance include/linux/iov_iter.h:271 [inline]
 _copy_to_iter+0x4d2/0x1140 lib/iov_iter.c:185
 copy_page_to_iter lib/iov_iter.c:362 [inline]
 copy_page_to_iter+0xf1/0x180 lib/iov_iter.c:349
 process_vm_rw_pages mm/process_vm_access.c:45 [inline]
 process_vm_rw_single_vec mm/process_vm_access.c:118 [inline]
 process_vm_rw_core.constprop.0+0x5c9/0xa10 mm/process_vm_access.c:216
 process_vm_rw+0x301/0x360 mm/process_vm_access.c:284
 __do_sys_process_vm_readv mm/process_vm_access.c:296 [inline]
 __se_sys_process_vm_readv mm/process_vm_access.c:292 [inline]
 __x64_sys_process_vm_readv+0xe2/0x1c0 mm/process_vm_access.c:292
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x260 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2c5e67cee9
RSP: 002b:00007f2c5f4b30c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
RAX: ffffffffffffffda RBX: 00007f2c5e7ac050 RCX: 00007f2c5e67cee9
RDX: 0000000000000002 RSI: 0000000020008400 RDI: 0000000000000013
RBP: 00007f2c5e6c949e R08: 0000000000000286 R09: 0000000000000000
R10: 0000000020008640 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000006e R14: 00007f2c5e7ac050 R15: 00007fffba747c28
 </TASK>
rcu: rcu_preempt kthread starved for 10557 jiffies! g125749 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:27360 pid:17    tgid:17    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5408 [inline]
 __schedule+0xf15/0x5d00 kernel/sched/core.c:6745
 __schedule_loop kernel/sched/core.c:6822 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6837
 schedule_timeout+0x136/0x2a0 kernel/time/timer.c:2581
 rcu_gp_fqs_loop+0x1eb/0xb00 kernel/rcu/tree.c:2000
 rcu_gp_kthread+0x271/0x380 kernel/rcu/tree.c:2202
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 16305 Comm: syz-executor.4 Not tainted 6.9.0-syzkaller-10323-g8f6a15f095a6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:memset+0x4/0x20 arch/x86/lib/memset_64.S:32
Code: eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <eb> 2a 49 89 f9 40 88 f0 48 89 d1 f3 aa 4c 89 c8 c3 cc cc cc cc 0f
RSP: 0018:ffffc90000a18178 EFLAGS: 00000202
RAX: 0000000000000000 RBX: ffff88804da1c000 RCX: 1ffff11009b43800
RDX: 0000000000000080 RSI: 0000000000000000 RDI: ffffed1009b43800
RBP: 0000000000000400 R08: 0000000000000007 R09: 0000000000000001
R10: 0000000000000000 R11: ffff8880b93293d8 R12: ffff888015441dc0
R13: 0000000000000920 R14: 0000000000000310 R15: ffffffff8a66d00a
FS:  00007feec2c0a6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2e23b000 CR3: 000000005d132000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 000000000000000c DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <IRQ>
 kasan_unpoison+0x27/0x60 mm/kasan/shadow.c:178
 unpoison_slab_object mm/kasan/common.c:308 [inline]
 __kasan_slab_alloc+0x4e/0x90 mm/kasan/common.c:338
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3940 [inline]
 slab_alloc_node mm/slub.c:4000 [inline]
 __do_kmalloc_node mm/slub.c:4120 [inline]
 __kmalloc_noprof+0x19d/0x420 mm/slub.c:4134
 kmalloc_noprof include/linux/slab.h:664 [inline]
 kzalloc_noprof include/linux/slab.h:778 [inline]
 ieee802_11_parse_elems_full+0xea/0x15d0 net/mac80211/parse.c:880
 ieee802_11_parse_elems_crc net/mac80211/ieee80211_i.h:2330 [inline]
 ieee802_11_parse_elems net/mac80211/ieee80211_i.h:2337 [inline]
 ieee80211_inform_bss+0xfd/0x1140 net/mac80211/scan.c:79
 rdev_inform_bss net/wireless/rdev-ops.h:418 [inline]
 cfg80211_inform_single_bss_data+0x893/0x1f70 net/wireless/scan.c:2277
 cfg80211_inform_bss_data+0x205/0x39d0 net/wireless/scan.c:3101
 cfg80211_inform_bss_frame_data+0x271/0x7c0 net/wireless/scan.c:3191
 ieee80211_bss_info_update+0x311/0xab0 net/mac80211/scan.c:226
 ieee80211_scan_rx+0x47c/0xad0 net/mac80211/scan.c:340
 __ieee80211_rx_handle_packet net/mac80211/rx.c:5222 [inline]
 ieee80211_rx_list+0x1be1/0x2e90 net/mac80211/rx.c:5459
 ieee80211_rx_napi+0xdd/0x400 net/mac80211/rx.c:5482
 ieee80211_rx include/net/mac80211.h:5093 [inline]
 ieee80211_tasklet_handler+0xd6/0x130 net/mac80211/main.c:438
 tasklet_action_common.constprop.0+0x24c/0x3e0 kernel/softirq.c:785
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 kernel/locking/spinlock.c:202
Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 0a bc 7e f6 48 89 df e8 f2 38 7f f6 e8 8d 29 a8 f6 fb bf 01 00 00 00 <e8> e2 78 70 f6 65 8b 05 53 c5 16 75 85 c0 74 06 5b c3 cc cc cc cc
RSP: 0018:ffffc90003227cf0 EFLAGS: 00000202
RAX: 0000000000fb980b RBX: ffff88802978ae40 RCX: 1ffffffff1fc8069
RDX: 0000000000000000 RSI: ffffffff8b2cab60 RDI: 0000000000000001
RBP: ffff88802978b240 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff8fe445d7 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000021 R14: ffff88802978ae40 R15: ffff88802978ae40
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 get_signal+0x1e3e/0x2710 kernel/signal.c:2914
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x14a/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xdc/0x260 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7feec1e7cee7
Code: 14 25 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89
RSP: 002b:00007feec2c0a178 EFLAGS: 00000246
RAX: 00000000000000ca RBX: 00007feec1fabf88 RCX: 00007feec1e7cee9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feec1fabf88
RBP: 00007feec1fabf80 R08: 00007feec2c0a6c0 R09: 00007feec2c0a6c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007feec1fabf8c
R13: 000000000000000b R14: 00007ffee5b51660 R15: 00007ffee5b51748
 </TASK>